Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
This is in response to Application #16/281,691 filed on 02/21/2019 in which Claims 1-15 are presented for examination.

Status of Claims
Claims 1-28 are pending, of which Claims 16-28 are considered allowable via the included Examiner’s Amendment, Claims 1-15 are canceled.

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.

Authorization for this examiner’s amendment was given in a telephone interview with David Fox on March 17, 2021.
 
The application has been amended as follows:

In the Claims:

Claims 1-15: (Currently Canceled)

Claim 16: (Currently New)
A method of updating a security certificate of a safety circuit of an elevator system, the method comprising:
connecting the safety circuit with a communicator, the communicator in communication with a certification server;
sending from the communicator to the safety circuit a security certificate update request for updating the security certificate stored within the safety circuit;
the safety circuit sending a public key of the security certificate stored within the safety circuit via the communicator to the certification server;
the certification server checking whether the security certificate associated with the public key is included in a database of known security certificates and not marked as compromised;
in case the security certificate associated with the public key is included in the database of known security certificates and not marked as compromised, sending a new security certificate from the certification server via the communicator to the safety circuit and installing the new security certificate on the safety circuit;
in case the security certificate associated with the public key (i) is not included in the database of known security certificates or (ii) is marked as compromised, sending a 


Claim 17: (Currently New)
The method according to claim 16, wherein the safety circuit checks whether the security certificate update request is valid before sending the public key of the security certificate, by checking whether the security certificate update request is signed with a valid security certificate.


Claim 18: (Currently New)
The method according to claim 16, wherein the new security certificate sent from the certification server to the safety circuit includes a factory security certificate and a safety circuit security certificate signed with the factory security certificate.


Claim 19: (Currently New)
The method according to claim 18 wherein the new security certificate sent from the certification server to the safety circuit replaces the security certificate stored within the safety circuit.


Claim 20: (Currently New)
The method according to claim 19, wherein the factory security certificate is signed with a common root security certificate.


Claim 21: (Currently New)
The method according to claim 20, wherein the security certificate update request is also signed with the common root security certificate.


Claim 22: (Currently New)
The method according to claim 16, wherein the communication between the safety circuit and the communicator is encrypted.


Claim 23: (Currently New)
The method according to claim 16, wherein the communication between the communicator and the certification server is encrypted.


Claim 24: (Currently New)
A communicator for updating a security certificate stored within a safety circuit of an elevator system, the communicator comprising:
a safety circuit interface configured for exchanging data with the safety circuit of the  elevator system; and
a server interface configured for exchanging data with a certification server;
the communicator being configured for:
establishing a first data connection with the safety circuit of the elevator system via the safety circuit interface;
establishing a second data connection with the certification server via the server interface;
sending, to the safety circuit, a security certificate update request for updating the security certificate stored within the safety circuit;
receiving, from the safety circuit, a public key of the security certificate associated with the safety circuit and sending the public key of the security certificate to the certification server;
receiving, from the certification server, a new security certificate, and sending the new security certificate to the safety circuit; or
receiving, from the certification server, a message that the safety circuit is invalid;
the safety circuit installing the new security certificate;
wherein the certification server checks whether the security certificate associated with the public key is included in a database of known security certificates and not marked as compromised;
wherein the certification server sends the new security certificate to the communicator when the security certificate associated with the public key is included in the database of known security certificates and not marked as compromised; 
wherein the certification server sends the message when the security certificate associated with the public key (i) is not included in the database of known security certificates or (ii) is marked as compromised.


Claim 25: (Currently New)
The communicator according to claim 24, wherein the communicator is configured for indicating whether the safety circuit is valid or not.


Claim 26: (Currently New)
The communicator according to claim 24, wherein the communicator is a handheld device and/or comprises a display.


Claim 27: (Currently New)
The communicator according to claim 24, wherein the safety circuit interface is configured for establishing a wired or wireless data connection with the safety circuit.


Claim 28: (Currently New)
The communicator according to claim 24, wherein the server interface is configured for establishing a wired or wireless data connection with the certification server.


Reasons For Allowance
The following is an examiner’s statement of reasons for allowance:
Claims 16-28 are considered allowable.

The instant invention is directed to a method and apparatus for securely updating an elevator safety circuit security certificate.

The closest prior art, as recited, Thayer US Patent Application Publication No. 2014/0136839 and Zaidi et al. US Patent Application Publication No. 2016/0373263, are also generally directed to various aspects of securely updating a security certificate.  However, Thayer or Zaidi et al. does not teach or suggest, either singularly or in combination, the particular combination of steps or elements as recited in the independent claims 16, 24.  For example, none of the cited prior art teaches or suggests the steps of:
Regarding Claim 16:
Updating a safety circuit security certificate in an elevator, establishing a communication path between the safety circuit and a certification server via a communications device, transmitting from the communications device to the safety circuit a security certificate update request for updating the security certificate stored within the safety circuit; the safety circuit transmitting a public key of the security certificate stored within the safety circuit via the communications device to the certification server, the certification server checking whether the security certificate associated with the public key is included in a database of known security certificates and not marked as compromised, if the security certificate associated with the public key is included in the database of known security certificates and not marked as compromised, transmitting a new security certificate from the certification server via the communications device to the safety circuit and installing the new security certificate on the safety circuit, if the security certificate associated with the public key is not included in the database of known security certificates or is marked as compromised, transmitting a message from the certification server to the communications device indicating that the safety circuit is invalid.
When combined with the additional limitations found in Claim 16.

Regarding Claim 24:
Updating a safety circuit security certificate in an elevator, establishing a communication path between the safety circuit and a certification server via a communications device, transmitting from the communications device to the safety circuit a security certificate update request for updating the security certificate associated with the safety circuit; the safety circuit transmitting a public key of the security certificate associated with the safety circuit via the communications device to the certification server, the certification server checking whether the security certificate associated with the public key is included in a database of known security certificates and not marked as compromised, if the security certificate associated with the public key is included in the database of known security certificates and not marked as compromised, transmitting a new security certificate from the certification server via the communications device to the safety circuit and installing the new security certificate on the safety circuit, if the security certificate associated with the public key is not included in the database of known security certificates or is marked as compromised, transmitting a message from the certification server to the communications device indicating that the safety circuit is invalid.
When combined with the additional limitations found in Claim 24.

Therefore Claims 16-28 of the instant application are allowable over the cited prior art.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Miyazawa - US_20070005981: Miyazawa teaches the updating of security certificates within a device.
Matsuo - US_20170324567: Matsuo teaches the updating of security certificates within a device along with the generation and verification of signatures.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRADLEY HOLDER whose telephone number is 571-270-3789.  The examiner can normally be reached on Monday-Friday 10:00AM-7:00PM EST.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw, can be reached on 571-272-8878.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/BRADLEY W HOLDER/
Primary Examiner, Art Unit 2498