DETAILED ACTION
This office action is in response to the application filed on 07/17/2019.
Claims 1-20 are pending.
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statements filed 7/17/2019 and 10/19/2020 have been placed in the application file and the information referred to therein has been considered.

Drawings
The drawings filed on July 17, 2019 are accepted by the Examiner.

Claim Objections
Claims 2-4, 6-8 and 17-20 are objected to because of the following informalities:  
Claim 4:
In lines 4-5 and 7-8, “a corresponding digital certificate” should be read as – the corresponding digital certificate --;

Claim 6:
In lines 4-5 and 7-8, “a corresponding digital certificate” should be read as – the corresponding digital certificate --;

In lines 4-5 and 7-8, “a corresponding digital certificate” should be read as – the corresponding digital certificate --;

Claim 19:
In lines 4-5 and 7-8, “a corresponding digital certificate” should be read as – the corresponding digital certificate --;

Claims 2-3, 8, and 17-18:
Claim 2 recites the limitation "the digital certificates" in line 7;
Claim 3 recite the limitation "the digital certificates” in line 5 and line 7;
Claim 8 recites the limitation "the individual digital certificates" in line 4, and "the digital certificates" in line 6;
Claim 10 recites the limitation “the corresponding digital certificate” in line 14;
Claim 12 recites the limitation “the corresponding digital certificate” in line 2;
Claim 17 recites the limitation "the identified digital certificates" in line 11; and
Claim 18 recites the limitation "the digital certificates" in line 5 and “the obtained digital certificates” in line 7;
There are insufficient antecedent basis for these limitation in the claims.
Claim 20 depends on the objected claim 17 and inherently has the same issue. 
Appropriate correction is required.


Examiner’s Notes
Examiner cites particular columns and line numbers in the references as applied to the claims below for the convenience of the applicant. Although the specified citations are representative of the teachings in the art and are applied to the specific limitations within the individual claim, other passages and figures may apply as well. It is respectfully requested that, in preparing responses, the applicant fully consider the references in entirely as potentially teaching all or part of the claimed invention, as well as the context of the passage as taught by the prior art or disclosed by the examiner.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 1-4, 9, 10-13, and 17-19 are rejected under 35 U.S.C. 103 as being unpatentable over Goldman (Oliver Goldman, US 2013/0167136A1) in view of  
With respect to claim 1, 10, and 17, Goldman discloses:
A device (i.e., “computer 108” and “data processing apparatus” with processor/memory – paragraph [0081-84]) and a method for [certificate management in a segregated] network (i.e., “communication network” – paragraph [0086]) having one or more servers operatively coupled to one another (i.e., Fig.1), the method comprising: 
receiving, at the [segregated] network, executable instructions of a software application (i.e., “installer 210” and “deployment package 206” – see fig.2 and step 401, Fig.4) and a reference table (i.e., “Descriptor”/“software element descriptors” – Fig.2:202-204 and Fig.4, step 410) associated with the software application the reference table containing entries individually identifying a reference object (i.e., “software elements”) in the software application (see paragraph [0027], “The descriptors 202 and 204 can include the names of the files that are needed to install each software element of the software program”); and 
upon receiving the reference table, at the [segregated] network, 
identifying, for each of the reference objects identified in the reference table, [a corresponding digital certificate] in the [segregated] network (see Fig.4, step 420 and paragraph [0034], “The installer 210 can first determine that the software elements corresponding to the software element descriptors 202 and 204 are local on the target device.”); 
[generating a mapping table having entries individually identifying one of the reference objects of the software application and the identified corresponding digital certificate]; and 
deploying/transmitting the software application to one or more of the servers in the [segregated] network [along with the generated mapping table] (i.e., “modified deployment manifest”; see paragraph [0003], “The application deployment system deploys the application using the modified deployment manifest..”), wherein the software application is configured to identify one of the reference objects [and locate the corresponding digital certificate from one of the entries in the generated mapping table] based on the identified one of the reference objects (see, Fig.4, step 430 – “Initiate installation of the software program on the target device using the software elements” and paragraph [0034], “The installer 210 gathers the software elements that are local 220 and gathers the files for each of the software elements and copies all of them into a staging directory”). 
Goldman does not explicitly disclose certificate management by generating a mapping table having entries individually identifying one of the reference objects of the software application and the identified corresponding digital certificate, and deploying by locating the corresponding digital certificate from one of the entries in the generated mapping table.
However, Gatto discloses the certification management by generating a mapping table (i.e., “Code signed companion software component” table with mapping file name with certificate – see Fig.20) having entries individually identifying one of the reference objects of the software application and the identified corresponding digital certificate (i.e., see Fig.20 and paragraph [0008], “allocate an individual PKI certificate to each executable software component and each of its versions, binding the PKI certificate to the executable software and associating a distinctive policy for each PKI certificate”), and deploying by locating the corresponding digital certificate from one of the entries in the generated mapping table (i.e., paragraph [0014], “Code signed software components may be packaged…into a MSI Microsoft installation package (MSI=Microsoft Software Installation).  An MSI package is an executable component that in turn receives a distinctive certificate bound to its content by a code signing operation.  Only the software component version that has successfully passed the regulatory certification process may be allowed to run by enforcing an unrestricted policy to the associated certificate”).
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to incorporate Gatto’s certificate management into Goldman’s software deployment. One would have been motivated to do so to enforce the policy by using the authenticated certificate as suggested by Gatto (i.e., paragraph [0014], “Only the software component version that has successfully passed the regulatory certification process may be allowed to run by enforcing an unrestricted policy to the associated certificate”).
Goldman as modified discloses deploying software application (i.e., “Deployment package”) in different networks (i.e., paragraph [0086], “Examples of communication networks include a local area network ("LAN") and a wide area network ("WAN"), an 
Erez discloses the segregated network (i.e., “secured network”, “secured unidirectional network”, see paragraph [0020] and [0022]). Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to incorporate the invention of Erez into Glodman and Gatto. One would have been motivated to do so to guarantee information security as suggested by Erez (i.e., paragraph [022], “allowing data to travel only in one direction through the unidirectional network segment, used in guaranteeing information security”).


With respect to claim 2, Goldman as modified by Gatto discloses: 
wherein receiving the executable instructions of the software application and the reference table includes receiving the executable instructions of the software application and the reference table via [a unidirectional connection between the segregated network and an external computing environment] (i.e., Goldman, Fig.1 and Fig.4, step 410), and 
wherein deploying the software application in the segregated network includes deploying the software application in the segregated network with the generated mapping table (i.e., Gatto: Fig.20 – mapping table) [without-20-Attorney Docket No. 406834-US-NP transmitting any data of the digital certificates from the segregated network to the external computing environment].  
the unidirectional connection between the segregated network and an external computing environment (i.e., “secured unidirectional network”, see paragraph [0020] and [0022]). 
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to further incorporate the invention of Erez into Glodman and Gatto. One would have been motivated to do so to guarantee information security as suggested by Erez (i.e., paragraph [022], “allowing data to travel only in one direction through the unidirectional network segment, used in guaranteeing information security”).

With respect to claims 3, 11-12 and 18, Goldman as modified discloses:
 receiving, at the segregated network, a list of the reference objects prior to receiving the executable instructions of the software application (i.e., paragraph [0034], “The installer 210 can acquire the software elements form installed runtime or the installed image” and “staging directory” – paragraph [0036]); and 
Gatto further discloses:
in response to receiving the list of the reference objects, 
obtaining, independently in the segregated network, the digital certificates individually corresponding to one of the reference objects (i.e., see Fig.20 and paragraph [0008], “allocate an individual PKI certificate to each executable software component and each of its versions, binding the PKI certificate to the executable software and associating a distinctive policy for each PKI certificate”); and 
storing the obtained digital certificates and corresponding reference objects as reference records in a datastore (i.e., Fig.20 – “code signed companion software component” stored in “client computer”, see paragraph [0149]) in the segregated network; and 
wherein identifying the corresponding digital certificate includes identifying the corresponding digital certificate based on the reference records in the datastore (i.e., Fig.20, item 2002 – “file name”, item 2008 – “certificate”).  
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to further combined Goldman, Gatto and Erez to perform certificate management in the segregation network for the purpose as addressed above in claims 1, 10 and 17.

With respect to claims 4, 13 and 19, Goldman as modified discloses 
wherein identifying the corresponding digital certificate includes, for each of the reference objects identified in the reference table: 
determining whether a datastore in the segregated network contains a reference record identifying the each of the reference objects (i.e., see Goldman “descriptors” – see item202) and 
Gotta also discloses a corresponding digital certificate (i.e., see Gotta, “PKI certificate”); and in response to determining that the datastore contains a reference record identifying the each of the reference objects and a corresponding digital certificate (notes: the corresponding digital certification has to be obtained from provider, e.g., “certificated authority”), associating the corresponding digital certificate with the each of the reference objects (i.e., see Gatto- Fig.20 and paragraph [0008], “allocate an individual PKI certificate to each executable software component and each of its versions, binding the PKI certificate to the executable software and associating a distinctive policy for each PKI certificate”).  
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to further incorporate Gatto into Goldman for the purpose as addressed in claims 1, 10 and 17.

With respect to claim 9: Gatto discloses:
upon receiving the reference table, at the segregated network, 
obtaining, from a certificate authority, a digital certificate for each of the reference objects in the reference table; and associating the obtained digital certificate with the each of the reference objects in the reference table (i.e., see Fig.20 and paragraph [0008], “allocate an individual PKI certificate to each executable software component and each of its versions, binding the PKI certificate to the executable software and associating a distinctive policy for each PKI certificate”).  
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to do so for the same purpose as addressed in claims 1, 10 and 17 above.

Claims 5, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Goldman, Gatto, and Erez as applied in claims 1 and 17 above, and further in view of Steiner (Steiner et al., US 2015/0222602A1)
With respect to claims 5 and 20: Goldman as modified does not explicit disclose, however, Steiner discloses:
wherein identifying the corresponding digital certificate includes, for each of the reference objects identified in the reference table: 
determining whether a datastore in the segregated network contains a reference record identifying the each of the reference objects and a corresponding digital certificate (i.e., paragraph [0058], “The authentication module 248 may verify and/or authenticate the digital signatures from the received messages from the access points 102 based at least in part on the public keys and/or digital certificates received from the ToF security server 106”); and 
in response to determining that the datastore does not contain (i.e., “digital certificate does not exist”) a reference record identifying the each of the reference objects and a corresponding digital certificate (i.e., paragraph [[0058], “the authentication module 248 may determine a public key and/or digital certificate does not exist on the user device 108 to be used for authentication and/or verification”), 
obtaining, from a certificate authority (i.e., “ToF security server”), a corresponding digital certificate of the each of the reference objects (i.e., “may communicate with the ToF security server 106 to obtain the public key and/or digital certificate” – see paragraph [0088]); and 
associating the obtained digital certificate with the each of the reference objects (i.e., “The authentication module 248 may verify and/or authenticate the digital signatures from the received messages from the access points 102 based at least in part on the public keys and/or digital certificates received from the ToF security server 106” – see paragraph [0058]). 
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to further incorporate the teachings of Steiner into Goldman, Gotta and Erez. One would have been motivated to do so to provide/obtain the certificate for the verification purpose as suggested by Steiner (i.e., “The authentication module 248 may verify and/or authenticate the digital signatures from the received messages from the access points 102 based at least in part on the public keys and/or digital certificates received” –see paragraph [0058]).
 
Claims 6 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Goldman, Gatto, and Erez as applied in claims 1 and 10 above, and further in view of Agarwal (Agarwal et al, US 20170228412A1)
With respect to claim 6: Goldman as modified does not explicitly disclose followings, however, Agarwal discloses:
determining whether a datastore in the segregated network contains a reference record identifying the each of the reference objects  (i.e., “File system object”) and a corresponding digital certificate (i.e., “certificate”) (see, “Receiving a Request to Access a File System Object”, “Identifying a Certificate Associated with the File System Object: - see Fig.4, steps 402-404); and 
in response to determining that the datastore contains a reference record identifying the each of the reference objects and a corresponding digital certificate, determining, whether the corresponding digital certificate is still valid (i.e., Fig.4, step 406 – Determining the Validity of the Certificate->Valid); and in response to determining that the corresponding digital certificate is still valid, associating the corresponding digital certificate with the each of the reference objects (i.e., Fig.4, step 410 – “Providing access to the File system Object”).  
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to further incorporate Agarwal into the combination of Goldman, Tatto and Erez. One would have been motivated to do so to provide validity of the certificate as suggested by Agarwal (i.e., Abstract, “to indicate whether the file system object is valid at a point in time”.

With respect to claim 14: 
Goldman as modified by Gatto discloses generating a mapping table as in claim 10 above  (i.e., “Code signed companion software component” table with mapping file name with certificate – see Fig.20) 
However, Goldman as modified does not explicitly disclose followings, however, Agarwal discloses:
determining, whether the corresponding digital certificate is still valid (i.e., Fig.4, step 406 – Determining the Validity of the Certificate->Valid); and 
in response to determining that the corresponding digital certificate is still valid, associating the corresponding digital certificate with the each of the reference objects (i.e., Fig.4, step 410 – “Providing access to the File system Object”).
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to further incorporate Agarwal into the combination of Goldman, Tatto and Erez. One would have been motivated to do so to provide validity of the certificate as suggested by Agarwal (i.e., Abstract, “to indicate whether the file system object is valid at a point in time”.)


Claims 7-8 and 15-16 are rejected under 35 U.S.C. 103 as being unpatentable over Goldman, Gatto, and Erez as applied in claims 1 and 10 above, and further in view of Fu (Fu et al, US 2015/0121078A1)
With respect to claims 7 and 15, Goldman as modified does not explicitly disclose followings, however, Fu discloses:
determining whether a datastore in the segregated network contains a reference record identifying the each of the reference objects and a corresponding digital certificate  (see, paragraph [0035], “the CSR may include the name of the entity…requesting the certificate…In step 70, a certificate may be obtained from a CA”; See paragraph [0066], “Secure Communications module 137 may provide functionality to determine if one or more security certificates such as SSL/TLS/https certificates associated with an application have expired and/or are about to expire”); and 
in response to determining that the datastore contains a reference record identifying the each of the reference objects and a corresponding digital certificate (i.e., not valid – “expired”, see paragraph [0066], “an application-related database maintained by System Manager 120 may be queried to determine expired certificates”), 
determining, whether the corresponding digital certificate is still valid (see, paragraph [0039], “check the certificate root against a list of trusted CAs and verify that the certificate is unexpired and unrevoked”, and paragraph [0066], “Secure Communications module 137 may provide functionality to determine if one or more security certificates such as SSL/TLS/https certificates associated with an application have expired and/or are about to expire”); and 
in response to determining that the corresponding digital certificate is not valid (i.e., “expired”), 
obtaining, from a certificate authority, a new digital certificate for the each of the reference objects (i.e., Fig.2, step 70 – “Obtain Certificate” and paragraph [0036], “In step 70 a certificate may be obtained from a CA”; Also see paragraph [0066],  “may alert an entity associated with the TLS/SSL/https to renew and/or obtain a new certificate”); and 
associating (i.e., install”) the obtained new digital certificate with the each of the reference objects (i.e., Fig.2, step 80paragraph [0036],“In step 80, the SSL/TLS certificate obtained in step 700 may be installed on Server…”).  

.  
With respect to claims 8 and 16: Goldman as modified by Gotta discloses:
subsequent to deploying the software application to the one or more of the servers in the segregated network (see, Fig.4, step 430 – “Initiate installation of the software program on the target device using the software elements” and paragraph [0034], “The installer 210 gathers the software elements that are local 220 and gathers the files for each of the software elements and copies all of them into a staging directory”), but does not explicitly disclose followings, 
however, Fu discloses:
determining whether the individual digital certificates in the mapping table are still valid (see, paragraph [0066], “Secure Communications module 137 may provide functionality to determine if one or more security certificates such as SSL/TLS/https certificates associated with an application have expired and/or are about to expire”) and in response to determining that one of the digital certificates in the mapping table is not valid (i.e., not valid – “expired”, 
obtaining, from a certificate authority, a new digital certificate for the corresponding reference object in the mapping table (i.e., Fig.2, step 70 – “Obtain Certificate” and paragraph [0036], “In step 70 a certificate may be obtained from a CA”; Also see paragraph [0066],  “may alert an entity associated with the TLS/SSL/https to renew and/or obtain a new certificate”); and 
updating the mapping table with the new digital certificate without modification to the executable instructions of the software application (i.e., Fig.2, step 80paragraph [0036],“In step 80, the SSL/TLS certificate obtained in step 700 may be installed on Server…”).  
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to further incorporate Fu the implementation of certificate determination and renew feature into Goldman, Gatto, and Erez. One would have been motivated to do so to dynamically determine an expiry date associated with the certification and dynamically obtain a new certification for secure communication s for cloud-based application as suggested by Fu (see paragraph [0013], “the secure communication…to dynamically determine an expiry date associated with the wildcard security certification…”). 

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure
Danile Jahner (US20180083937A1) discloses a method for software deployment based on the credential management in cloud-based environment;
Brain Batke (US20130167136A1) discloses a method for using signature/creating a certification  for installing firmware;
Marcel Andrew Levy (20180262347A1) discloses a method for digital certificate usage monitoring;
Brick EKSTEN (US20180329693A1) discloses a method for distributing software components associated with digital certificate.. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZHENG WEI whose telephone number is (571)270-1059 and Fax number is (571) 270-2059.  The examiner can normally be reached on M-F 9:00AM-5:00PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Hyung S. Sough can be reached on 571-272-6799.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Any inquiry of a general nature of relating to the status of this application or proceeding should be directed to the TC 2100 Group receptionist whose telephone number is 571- 272-1000.

/Z.W/Examiner, Art Unit 2192                                                                                                                                                                                                        
/S. Sough/SPE, Art Unit 2192