DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Objections
Claims 1, 8, and 15 objected to because of the following informalities:  the word "if" is not positive recited word. The examiner respectfully suggests to change the word "if" to "when".  Appropriate correction is required.
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.



Claim(s) 1, 6-8, and 13-15 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by McClintock et al. (US 20170272441 hereinafter McClintock).
Re. claim 1, McClintock teaches a computer-implemented method for authenticating service requests on a communication link, the method comprising: receiving a service request from an entity (McClintock teaches an administrator 104 may access a ledger or other database, stored within the permissions management system 102 or another system configured to provide oversight of the communications and operations of the permissions management system 102 and a variety of resources, to determine what permissions grants are currently active within a target resource 106 [0027]. plurality of digital certificates that may be deployed along with a permissions grant to a particular resource [0031]. The environment uses communication links [0078] Figs. 1 and 7); responsive to the service request, obtaining the permissions data associated with the digital certificate (McClintock teaches when a permissions grant is created using the permissions management service, the entity may use a private cryptographic key of a cryptographic key pair to digitally sign the permissions grant. In some embodiments, the digitally signed permissions grant, along with a digital certificate, are delivered to the target resource where the digital certificate is stored within a public certificate store (e.g., a data store comprising one or more physical storage devices for storage of a plurality of digital certificates) for use in validating the digital signature. When a user of the resource transmits a request to perform an action, the resource may use the digital certificate to validate the digital signature the permissions grant and determine whether the user is authorized to perform the requested action [0017]. The permissions management system 102 may comprise various computing hardware resources for storing and making available these permissions grants to the various target resources and their users [0022] Figs. 1 and 7); checking the service request against the permissions data associated with the digital certificate (McClintock teaches when a user of the resource transmits a request to perform an action, the resource may use the digital certificate to validate the digital signature the permissions grant and determine whether the user is authorized to perform the requested action [0017 and 26] Figs. 1 and 7); if the service request is permitted based on the permissions data, processing the service request; and if the service  (McClintock teaches whether the user is authorized to perform the requested action. Accordingly, if the user is authorized to perform the requested action, the resource may allow the user to perform the action. Otherwise, the resource may deny the user's request [0017 and 26] Figs. 1 and 7).
Re. claim 6, McClintock teaches the computer-implemented method of Claim 1. where: the digital certificate includes the permissions data (McClintock teaches an administrator 104 may access a ledger or other database, stored within the permissions management system 102 or another system configured to provide oversight of the communications and operations of the permissions management system 102 and a variety of resources, to determine what permissions grants are currently active within a target resource 106 [0027]. plurality of digital certificates that may be deployed along with a permissions grant to a particular resource [0031] Figs. 1 and 7); and the method includes storing the permissions data for the digital certificate in a local store (McClintock teaches the digitally signed permissions grant, along with a digital certificate, are delivered to the target resource where the digital certificate is stored within a public certificate store (e.g., a data store comprising one or more physical storage devices for storage of a plurality of digital certificates) for use in validating the digital signature [0017]); and the step of obtaining the permissions data associated with the digital certificate comprises obtaining the permissions data from the local store (McClintock teaches the owner of the particular resource may be able to issue a revocation request for any existing permissions grants that may be stored within the particular resource or that may be provided by a user of the particular resource [0020]. The permissions management system 102 may comprise various computing hardware resources for storing and making available these permissions grants to the various target resources and their users [0022] Fig. 1).
Re. claim 7, McClintock teaches the computer-implemented method of Claim I. where: the step of obtaining the permissions data associated with the digital certificate comprises obtaining the (McClintock teachesWhen a permissions grant is created using the permissions management service, the entity may use a private cryptographic key of a cryptographic key pair to digitally sign the permissions grant. In some embodiments, the digitally signed permissions grant, along with a digital certificate, are delivered to the target resource where the digital certificate is stored within a public certificate store (e.g., a data store comprising one or more physical storage devices for storage of a plurality of digital certificates) for use in validating the digital signature. When a user of the resource transmits a request to perform an action, the resource may use the digital certificate to validate the digital signature the permissions grant and determine whether the user is authorized to perform the requested action [0017]. the resource is able to identify a permissions grant stored within the signed grants data store that includes a listing of one or more actions that may be performed by the user on the resource or the user has provided, with the request, a digitally signed permissions grant, the resource may access the public certificate data store to obtain 710 a corresponding digital certificate that may be used to verify the digital signature of the permissions grant. As noted above, a permissions management service may be configured to provide a target resource with a digital certificate comprising a public cryptographic key that may be used to verify the permissions grant was created by an authorized entity [0058]).
Re. claim 8, McClintock teaches a system for authenticating service requests on a communication link, the system comprising: one or more processors (McClintock teaches processors [0082]); and one or more memory devices in communication with the one or more processors (McClintock teaches processors [0082]), the memory devices having computer-readable instructions stored thereupon that, when executed by the processors, cause the processors to perform a method for authenticating service requests on a communication link (McClintock teaches a computer program comprising a plurality of instructions executable by one or more processors [0089]), the method comprising: receiving a service request from an entity through a communication link established using a digital certificate owned by the entity, where permissions data is associated with the digital certificate (McClintock teaches an administrator 104 may access a ledger or other database, stored within the permissions management system 102 or another system configured to provide oversight of the communications and operations of the permissions management system 102 and a variety of resources, to determine what permissions grants are currently active within a target resource 106 [0027]. plurality of digital certificates that may be deployed along with a permissions grant to a particular resource [0031]. The environment uses communication links [0078] Figs. 1 and 7); responsive to the service request, obtaining the permissions data associated with the digital certificate (McClintock teaches when a permissions grant is created using the permissions management service, the entity may use a private cryptographic key of a cryptographic key pair to digitally sign the permissions grant. In some embodiments, the digitally signed permissions grant, along with a digital certificate, are delivered to the target resource where the digital certificate is stored within a public certificate store (e.g., a data store comprising one or more physical storage devices for storage of a plurality of digital certificates) for use in validating the digital signature. When a user of the resource transmits a request to perform an action, the resource may use the digital certificate to validate the digital signature the permissions grant and determine whether the user is authorized to perform the requested action [0017]. The permissions management system 102 may comprise various computing hardware resources for storing and making available these permissions grants to the various target resources and their users [0022] Figs. 1 and 7); checking the service request against the permissions data associated with the digital certificate (McClintock teaches when a user of the resource transmits a request to perform an action, the resource may use the digital certificate to validate the digital signature the permissions grant and determine whether the user is authorized to perform the requested action [0017 and 26] Figs. 1 and 7); if the service request is permitted based on the permissions data, processing the service request; and if the service request is not permitted based on the permissions data, rejecting the service request (McClintock teaches whether the user is authorized to perform the requested action. Accordingly, if the user is authorized to perform the requested action, the resource may allow the user to perform the action. Otherwise, the resource may deny the user's request [0017 and 26] Figs. 1 and 7).
Re. claim 13, rejection of claim 8 is included and claim 13 is rejected with the same rationale as applied in claim 6.
Re. claim 14, rejection of claim 8 is included and claim 14 is rejected with the same rationale as applied in claim 7.
Re. claim 15, McClintock teaches a one or more computer storage media having computer executable instructions stored thereon which, when executed by one or more processors, cause the processors to execute a method for authenticating service requests on a communication link (McClintock teaches a computer program comprising a plurality of instructions executable by one or more processors [0089]), the method comprising: receiving a service request from an entity through a communication link established using a digital certificate owned by the entity, where permissions data is associated with the digital certificate (McClintock teaches an administrator 104 may access a ledger or other database, stored within the permissions management system 102 or another system configured to provide oversight of the communications and operations of the permissions management system 102 and a variety of resources, to determine what permissions grants are currently active within a target resource 106 [0027]. plurality of digital certificates that may be deployed along with a permissions grant to a particular resource [0031]. The environment uses communication links [0078] Figs. 1 and 7); responsive to the service request, obtaining the permissions data associated with the digital certificate (McClintock teaches when a permissions grant is created using the permissions management service, the entity may use a private cryptographic key of a cryptographic key pair to digitally sign the permissions grant. In some embodiments, the digitally signed permissions grant, along with a digital certificate, are delivered to the target resource where the digital certificate is stored within a public certificate store (e.g., a data store comprising one or more physical storage devices for storage of a plurality of digital certificates) for use in validating the digital signature. When a user of the resource transmits a request to perform an action, the resource may use the digital certificate to validate the digital signature the permissions grant and determine whether the user is authorized to perform the requested action [0017]. The permissions management system 102 may comprise various computing hardware resources for storing and making available these permissions grants to the various target resources and their users [0022] Figs. 1 and 7); checking the service request against the permissions data associated with the digital certificate (McClintock teaches when a user of the resource transmits a request to perform an action, the resource may use the digital certificate to validate the digital signature the permissions grant and determine whether the user is authorized to perform the requested action [0017 and 26] Figs. 1 and 7); if the service request is permitted based on the permissions data, processing the service request; and if the service request is not permitted based on the permissions data, rejecting the service request (McClintock teaches whether the user is authorized to perform the requested action. Accordingly, if the user is authorized to perform the requested action, the resource may allow the user to perform the action. Otherwise, the resource may deny the user's request [0017 and 26] Figs. 1 and 7).
Re. claim 20, rejection of claim 15 is included and claim 20 is rejected with the same rationale as applied in claim 6.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory 
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 2, 9, and 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over McClintock et al. (US 20170272441 hereinafter McClintock) in view of Arora et al. (US 20190173872 hereinafter Arora).
Re. claim 2, McClintock teaches the computer-implemented method of Claim 1, McClintock do not explicitly discloses but Arora discloses where: the digital certificate includes a blockchain address to a certificate permissions blockchain that stores the permissions data; and the step of obtaining the permissions data associated with the digital certificate comprises obtaining the permissions data from the certificate permissions blockchain using the blockchain address from the digital certificate (Arora  teaches receiving blockchain address and signed digital certificate [0069]. the sender device 110 may confirm that the sender 104 wants to participate in the proposed blockchain transaction based on the confidence level indicated by the recipient's digital certificate. the sender device 110 may automatically confirm the participation if the confidence level is at or above a predetermined threshold. Once confirmation has been made, then, in step 514, the transmitting device 324 of the sender device 110 may submit transaction data to a node in the blockchain network [0070]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Arora into the invention of (Arora [0028]).
Re. claim 9, rejection of claim 8 is included and claim 9 is rejected with the same rationale as applied in claim 2.
Re. claim 16, rejection of claim 15 is included and claim 16 is rejected with the same rationale as applied in claim 2.
Claim 3, 10, and 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over McClintock et al. (US 20170272441 hereinafter McClintock) in view of Arora et al. (US 20190173872 hereinafter Arora) and in further view of Smith et al. (US 20190036957 hereinafter Smith).
Re. claim 3, McClintock-Arora computer-implemented method of Claim 2, where the method includes: receiving modified permissions data for the digital certificate (McClintock teaches the permissions management system 102 may cause the ledger to be updated to remove the revoked permissions [0027]).
McClintock do not explicitly disclose but Arora discloses creating a new permissions data block that stores the modified permissions data (Arora teaches storing, in a memory of a processing server, a blockchain, wherein the blockchain is comprised of a plurality of blocks, each block including a block header and one or more transaction values, where each transaction value includes data related to a blockchain transaction including at least a sending address, a recipient address, and a transaction amount [0007]. The confidence level may thus represent, for instance, the likelihood that a new transaction conducted by the sender 104 will be successful and not determined to be fraudulent [0033]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Arora into the invention of (Arora [0028]).
McClintock-Arora discloses blockchain but McClintock-Arora do not explicitly disclose but Smith discloses linking the new permissions data block to a previous permissions data block of the certificate permissions blockchain (Smith teaches when appending a new block to the end of the blockchain, contents of a prior block are combined with the contents of the new block (e.g., via hashing) to link the new block with the prior block [0021]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Smith into the invention of McClintock-Arora for the purpose of any attempt to later tamper with the new block will also require tampering with the prior block, and so on, to ensure that the combined (e.g., hashed) data is correct. Such tampering can become prohibitively expensive as the length of the blockchain increases (Smith [0021]).
Re. claim 10, rejection of claim 9 is included and claim 10 is rejected with the same rationale as applied in claim 3.
Re. claim 17, rejection of claim 16 is included and claim 17 is rejected with the same rationale as applied in claim 3.
Claims 4, 5, 11, 12, 18, and 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over McClintock et al. (US 20170272441 hereinafter McClintock) in view of Sharifi Mehr (US 10454689 hereinafter Sharifi).
Re. claim 4, McClintock the computer-implemented method of Claim 1, McClintock do not explicitly discloses but Sharifi discloses where: the permissions data for the digital certificate is stored on a certificate authority for the digital certificate; and the step of obtaining the permissions data associated with the digital certificate comprises obtaining the permissions data from the certificate (Sharifi teaches a system 1400 includes a client 1402 that maintains a certificate policy store 1404. The certificate policy store 1404 includes a collection of certificate policies that determine combinations of certificate-authority signatures that permit a digital certificate to be validated. The collection of certificate policies are maintained in a database, and each certificate policy in the collection of certificate policies includes a number of data fields that specify requirements for validating a digital certificate [Col 20 lines 4-26]. assigns each certificate authority that signs a digital certificate a trust score based at least in part on the level of identity verification performed by the certificate authority (trust score interpreted as permission data, wherein determining that the certificate is invalid or valid) [Col 20 lines 26-67]. When the client 1402 receives a digital certificate, the client 1402 reads the certificate policies in the certificate policy store 1404 and evaluates the constraints defined by each certificate policy to determine whether the received digital certificate is valid [Col 21 lines 1-17]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Arora into the invention of McClintock for the purpose of verifies the identity of a party and issues a certificate signed with a private key. Certificates are occasionally updated to improve their effectiveness and mitigate newly discovered vulnerabilities (Sharifi [Col 1 lines 5-51]).
Re. claim 5, McClintock-Sharifi teaches the computer-implemented method of Claim 4. McClintock do not explicitly discloses but Sharifi discloses where the method includes: receiving modified permissions data for the digital certificate: and storing the modified permissions data for the digital certificate on the certificate authority for the digital certificate (Sharifi teaches the server 104 sends a request to a certificate authority 122, requesting an updated digital certificate 124 to replace an outdated digital certificate in the certificate store 108. In response to the request, the certificate authority 122 provides the updated digital certificate 124 to the server 104. The updated digital certificate 124 includes an issuer field 126, a subject field 128, a subject public key field 130, a list of permitted ciphers 132, and an issuer signature 134 [Col 7 lines 48-67]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Arora into the invention of McClintock for the purpose of verifies the identity of a party and issues a certificate signed with a private key. Certificates are occasionally updated to improve their effectiveness and mitigate newly discovered vulnerabilities (Sharifi [Col 1 lines 5-51]).
Re. claim 11, rejection of claim 8 is included and claim 11 is rejected with the same rationale as applied in claim 4.
Re. claim 12, rejection of claim 11 is included and claim 12 is rejected with the same rationale as applied in claim 5.
Re. claim 18, rejection of claim 15 is included and claim 18 is rejected with the same rationale as applied in claim 4.
Re. claim 19, rejection of claim 18 is included and claim 19 is rejected with the same rationale as applied in claim 5.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Brandwine et al. (US 20190068379) discloses performing privileged operations and modifying software code in computing resources, such as operating system kernels and/or hypervisors. in order to enable privileged operations to be performed and code to be securely added to or modified on the operating system (OS) kernel and/or the hypervisor.
Qiu (US 20190036712) discloses a digital certificate management for blockchain technologies. a transaction request including a digital certificate is received from a certificate authority at a node in a 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to KEVIN A AYALA whose telephone number is (571)270-3912.  The examiner can normally be reached on Monday-Thursday 8AM-5PM; Friday: Variable EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on 571-272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/K.A./Examiner, Art Unit 2436                                                                                                                                                                                                        /SHEWAYE GELAGAY/Supervisory Patent Examiner, Art Unit 2436