Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
This action is in response to the correspondence filed 06/06/2019.
Claims 1-20 are presented for examination.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1, 3-7, 15 and 17-20 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by US 2017/0230355 to Su et al. (hereinafter Su).
As to claims 1 and 15, Su teaches a mobile device that implements multi-certificate pinning, the mobile device comprising: a memory component (FIG. 2, Memory 214); a network communication interface that is in communication with a remote server (FIG. 2, Communication Interface 212 and paragraph 55, communication from user device to server); and a microprocessor, coupled to the memory component and the network communication interface (FIG. 2, Processing Circuitry 210 and paragraph 41, wherein the processing circuitry can include one or more microprocessors), the (paragraphs 39 and 55, user device requests a set of public key certificates for a server, wherein, for example, the set of certificates include a first and a second certificate), wherein the first certificate has a first expiration and the second certificate has a second expiration different from the first expiration (paragraphs 10 and 39, the first and second public key certificates have expiration dates that are subsequent to each other); executing an application on the mobile device by using the first certificate to make a connection to the server (paragraphs 55-57, communications between the user device and the server based on the current/first public key certificate); and prior to or upon an expiration of the first certificate, switching to the second certificate wherein the application now uses the second certificate to make the connection to the remote server (paragraphs 10 and 39, prior to the first expiration date determines if the current public key certificate matches the second public key certificate … discard the first public key certificate on or after the first expiration date … seamlessly transitions from using the first public key certificate to using the second public key certificate of Server 104(1) for the purpose of certificate pinning).
As to claims 3 and 17, Su teaches wherein the microprocessor is further configured to perform the step of: updating the application to contain a first certificate hash and a second certificate hash (paragraph 32, wherein each one of the certificates are compared and an output of a hash algorithm is used to compare hashes).
As to claims 4 and 18, Su teaches wherein the microprocessor is further configured to perform the step of: creating a third certificate in advance to the expiration of the first certificate (paragraphs 39 and 55, receiving the set of public key certificates for a server, wherein the set of certificates include a plurality of certificates therefore including a third certificate and at that time the first certificate is not expired)
As to claims 5 and 19, Su teaches wherein the first certificate corresponds to a first URL (paragraphs 26 and 37, certificates associated with a particular domain name that includes a given one of the Servers 104 may, for example, identify an online resource, such as a Web site and/or online service, that is provided by that server).
As to claims 6 and 20, Su teaches wherein the second certificate corresponds to a second URL (paragraphs 26 and 37, certificates associated with a particular domain name that includes a given one of the Servers 104 may, for example, identify an online resource, such as a Web site and/or online service, that is provided by that server).
As to claim 7, Su teaches wherein the mobile device comprises an Internet of Things (IoT) device (paragraph 21, User Device 100 may consist of or include any specific type of computer or computer system, including but not limited to a desktop computer, laptop computer, or tablet computer, or a computerized handheld device such as a smartphone or personal digital assistant, interpreted as IoT devices as IoT is merely the interconnection via the internet of computing devices embedded in everyday objects, enabling them to send and receive data).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.

3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 2 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over US 2011/0113239 to Fu et al. (hereinafter Fu).
As to claims 2 and 16, Su does not explicitly teach wherein the microprocessor is further configured to perform the step of: renewing the first certificate to a valid state.
However, Fu teaches renewing the first certificate to a valid state (paragraph 20, renewal of expired certificates).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify the teachings of Su to include the method of renewing expired certificates as taught by Fu in order to continue operations between the application and service with the convenience of using the same key pair and functions of the original certificate (paragraph 20).


Claims 8 and 10-14 are rejected under 35 U.S.C. 103 as being unpatentable over Su in view of US 2016/0063466 to Sheridan et al. (hereinafter Sheridan).
As to claim 8, Su teaches a mobile device that implements multi-certificate pinning, the mobile device comprising: a memory component (FIG. 2, Memory 214); a network communication interface that is in communication with a remote server (FIG. 2, Communication Interface 212 and paragraph 55, communication from user device to server); and a microprocessor, coupled to the memory component and the network communication interface (FIG. 2, Processing Circuitry 210 and paragraph 41, wherein the processing circuitry can include one or more microprocessors), the microprocessor configured to (paragraphs 39 and 55, user device requests a set of public key certificates for a server, the set at least including a first certificate); receiving a second certificate in advance of an expiration of the first certificate (paragraphs 39 and 55, receiving the set of public key certificates for a server, wherein the set of certificates include a plurality of certificates therefore including a second certificate and at that time the first certificate is not expired); updating at least one application executing on the mobile device to contain the first 18PATENTAttorney Docket No.: 72167.001731certificate and the second certificate (paragraphs 26 and 28, updating the user agent with the first and second certificates); and receiving a third certificate in advance of the expiration of the first certificate (paragraphs 39 and 55, receiving the set of public key certificates for a server, wherein the set of certificates include a plurality of certificates therefore including a third certificate and at that time the first certificate is not expired).
Su does not explicitly teach upon expiration of the first certificate; updating the at least one application executing on the mobile device to contain the second certificate and the third certificate.
However, Sheridan teaches upon expiration of the first certificate (paragraph 58, certificate may have expired); updating the at least one application executing on the mobile device to contain the second certificate and the third certificate (paragraph 65, digital wallet application receives and stores a new backup digital certificate, wherein the initial or first certificate was the primary certificate, the second was the first backup certificate and the third is the new back up certificate).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify the teachings of Su to include the method of updating the application with the third certificate as taught by Sheridan in order to allow continued communication of the application with the server for a desired amount of time, therefore eliminating pauses or outages while preserving a secure communication means (paragraphs 4 and 13).
As to claim 10, Su teaches wherein the microprocessor is further configured to perform the step of: updating the application to contain a first certificate hash and a second certificate hash (paragraph 32, wherein each one of the certificates are compared and an output of a hash algorithm is used to compare hashes).
As to claim 11, Su teaches wherein the microprocessor is further configured to perform the step of: creating a fourth certificate in advance to the expiration of the first certificate (paragraphs 39 and 55, receiving the set of public key certificates for a server, wherein the set of certificates include a plurality of certificates therefore including a fourth certificate and at that time the first certificate is not expired).
As to claim 12, Su teaches wherein the first certificate corresponds to a first URL (paragraphs 26 and 37, certificates associated with a particular domain name that includes a given one of the Servers 104 may, for example, identify an online resource, such as a Web site and/or online service, that is provided by that server).
As to claim 13, Su teaches wherein the second certificate corresponds to a second URL (paragraphs 26 and 37, certificates associated with a particular domain name that includes a given one of the Servers 104 may, for example, identify an online resource, such as a Web site and/or online service, that is provided by that server).
As to claim 14, Su teaches wherein the mobile device comprises an Internet of Things (IoT) device (paragraph 21, User Device 100 may consist of or include any specific type of computer or computer system, including but not limited to a desktop computer, laptop computer, or tablet computer, or a computerized handheld device such as a smartphone or personal digital assistant, interpreted as IoT devices as IoT is merely the interconnection via the internet of computing devices embedded in everyday objects, enabling them to send and receive data).

Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over Su in view of Sheridan in view of Fu.
As to claim 9, Su and Sheridan do not explicitly teach wherein the microprocessor is further configured to perform the step of: renewing the first certificate to a valid state.
However, Fu teaches renewing the first certificate to a valid state (paragraph 20, renewal of expired certificates).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify the teachings of Su and Sheridan to include the method of renewing expired certificates as taught by Fu in order to continue operations between the application and service with the convenience of using the same key pair and functions of the original certificate (paragraph 20).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MALCOLM CRIBBS whose telephone number is (571)270-1566.  The examiner can normally be reached on Monday-Friday 930a-330p; 430p-630p.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Hadi Armouche can be reached on (571)270-3618.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


MALCOLM . CRIBBS
Examiner
Art Unit 2497



/MALCOLM CRIBBS/Primary Examiner, Art Unit 2497