DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
This is a reply to the application filed on 06/03/2019, in which, claim(s) 1-20 are pending. Claim(s) 1, 10 and 20 are independent.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 05/18/2020, has been reviewed. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the examiner is considering the information disclosure statement.

Drawings
The drawings filed on 06/03/2019 are accepted by The Examiner.

Specification
Applicant is reminded of the proper language and format for an abstract of the disclosure.
The abstract should be in narrative form and generally limited to a single paragraph on a separate sheet within the range of 50 to 150 words in length. The abstract should describe the disclosure sufficiently to assist readers in deciding whether there is a need for consulting the full patent text for details.
The language should be clear and concise and should not repeat information given in the title. It should avoid using phrases which can be implied, such as, “The 
The abstract of the disclosure is objected to because it contains more than 150 words (i.e. 151 words). Correction is required.  See MPEP § 608.01(b).

Claim Objections
Claims 1, 10 and 20, are objected to because of the following informalities:  
Claim 1 (line 7), claim 10 (line 10) and claim 20 (line 10) recite “policy ID data”. Examiner suggests to spell out the acronym “ID” when it is mentioned the very first time in the claims.
Claim 20 (line 7) limitation “generating the signed token” should be “generating a signed token” since the term “signed token” is mentioned the very first time in the claim.
Appropriate correction is required.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 10-19 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter. 
Claim 10 recites “A system” in the preamble and "a transceiver” and “processor”, in the claim body. As recited in the body of the claim, the claimed system lacks a structural component because the processor and the transceiver can be implemented as software only, e.g. a “virtual” transceiver. Therefore, Claim 10 is directed to non-statutory subject matter for lack of a hardware component. The Examiner respectfully suggests that the claim be further amended to positively recite at least one hardware element within the body of the claim to make the claim statutory subject matter under 35 U.S.C. 101 such as “a hardware processor” or “a hardware transceiver”.
Claims 11-19 don't cure the deficiency of Claim 10 and are rejected under 35 U.S.C. 101 for their dependency upon Claim 10.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Claims 1-8, 10-17, and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Stuart A. Hoggan (US 2013/0311771 A1) in view of Sahraei et al. (US 2019/0052621 A1), both are cited by the applicant in the 05/18/2020 IDS.
Regarding Claim 1, Hoggan discloses A method of providing a certificate for a computing process ([0006], “FIG. 1 illustrates a certificate provisioning system…when provisioning a device 16 with a certificate”), comprising: 
establishing a first trust relationship between the computing process and a central authority separate from the computing process ([0017], “the authenticate subscriber request”, [0019], “a trusted relationship has been established”), the establishing comprising: 
authenticating, by at least one processor of the central authority, the computing process, the authenticating including providing a token to the computing process ([0017], “assess whether the authenticate subscriber request was transmitted through an access point 22 having an address within a range of trusted addresses. The range of trusted addresses may correspond with access points 22 or other communication mediums associate with the MSO 14 that are trusted or otherwise known to be valid for use with the subscriber”, [0019], “the device 16 may transmit a certain security token request 48 to the RA 28. The security token request may include the assertion provided by the MSO. The RA 28 may assess the assertion to determine whether the MSO 14 associated therewith or other identifying characteristics of the assertion. The RA 28 may then rely on this assessment to determine whether a trusted relationship has been established of the type sufficient to warrant issuing a security token to be used in subsequently requesting a certificate”); 
receiving, by the at least one processor, a request for the certificate from the computing process, the request including the token ([0025], “The application can send a certificate request to the RA API with the security token using an OAuth”); 
determining, by the at least one processor, that the computing process is eligible for the certificate according to a policy ([0019], “issue different security tokens depending on the identified MSO 14 or other permissions associated with issuing security tokens according to permissions (i.e. policies) specified within the assertion or otherwise associated with the identified MSO 14”, [0021], “Upon receipt of the security token, the device 16 may transmit a certificate request”); and 
validating, by the at least one processor, the token ([0025], “The API can validate the security token”); 
in response to the establishing, obtaining, by the at least one processor, the certificate, the certificate being signed by a third party certificate authority with which the central authority has a second trust relationship separate from the first trust relationship ([0002], “A digital certificate… signed by a trusted entity (e.g., a third-party certificate provider)” as a separate second trust relationship, [0025], “The CA can issue the certificate and sends it to the API. The API can respond to the application request with the certificate”); and 
providing, by the at least one processor, the certificate to the computing process ([0025], “The API can respond to the application request with the certificate”, “The application can install the certificate in the device”).  
Hoggan does not explicitly teach but Sahraei teaches
the token is a signed token ([0025], “signs the access token”); policy ID data policy associated with the system identifier”); a policy that associates the certificate with the policy ID data ([0024], “to read the client Distinguished Name (DN) of the certificate…query the retrieved security policy for membership of the client DN”, i.e. a policy associated with the certificate, [0029], “security policy associated with the system identifier”),
Hoggan and Sahraei are analogous art as they are in the same field of endeavor of information security. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to request a certificate, the request including a token (as disclosed by Hoggan) where the token is a signed token and the request also includes the policy ID data (as taught by Sahraei). The motivation/suggestion would have been for automating security controls between computer networks (Sahraei, [0006]).

Regarding Claims 2 and 11, the combined teaching of Hoggan and Sahraei teaches determining that the computing process complies with an access policy (Hoggan, [0017], “assess whether the authenticate subscriber request was transmitted through an access point 22 having an address within a range of trusted addresses. The range of trusted addresses may correspond with access points 22 or other communication mediums associate with the MSO 14 that are trusted or otherwise known to be valid for use with the subscriber” as determining if complies with an access policy); 
in response to determining that the computing process complies with the access policy, generating the signed token (Hoggan, [0018], “a response message assertion in the event the two-factor authentication process or other authentication process is successfully”, [0019], “the device 16 may transmit a certain security token request 48 to the RA 28. The security token request may include the assertion provided by the MSO. The RA 28 may assess the assertion to determine whether the MSO 14 associated therewith or other identifying characteristics of the assertion. The RA 28 may then rely on this assessment to determine whether a trusted relationship has been established of the type sufficient to warrant issuing a security token to be used in subsequently requesting a certificate”, Sahraei, [0025], “signs the access token”); and 
sending the signed token to the computing process (Hoggan, [0020], “In the event there is a sufficient relationship, the RA 28 may issue a security token response 50 having the security token”, Sahraei, [0025], “signs the access token”).

Regarding Claims 3 and 12, the combined teaching of Hoggan and Sahraei teaches wherein the determining includes: 
identifying the policy or the certificate from the policy ID data (Sahraei, [0024], “to read the client Distinguished Name (DN) of the certificate…query the retrieved security policy for membership of the client DN”, i.e. a policy associated with the certificate, [0029], “security policy associated with the system identifier”); and 
determining that the signed token grants permission to obtain the certificate according to the policy (Hoggan, [0019], “issue different security tokens depending on the identified MSO 14 or other permissions associated with issuing security tokens according to permissions (i.e. policies) specified within the assertion or associated with the identified MSO 14”, [0021], “Upon receipt of the security token, the device 16 may transmit a certificate request”, Sahraei, [0025], “signs the access token”).  

Regarding Claims 4 and 13, the combined teaching of Hoggan and Sahraei teaches wherein the validating includes validating the signed token using a public key associated with a signing computer that signed the signed token (Sahraei, [0025], “signs the access token”, [0026], “The information may include the API policies and public keys… to validate the access token”).

Regarding Claims 5 and 19, the combined teaching of Hoggan and Sahraei teaches establishing, by the at least one processor, the second trust relationship with the third party certificate authority prior to the obtaining (Hoggan, [0002], “A digital certificate… signed by a trusted entity (e.g., a third-party certificate provider)” as a separate second trust relationship, [0025], “The CA can issue the certificate”).

Regarding Claims 6 and 15, the combined teaching of Hoggan and Sahraei teaches wherein the obtaining includes sending a request for the certificate to the third party certificate authority (Hoggan, [0002], “A digital certificate… signed by a trusted entity (e.g., a third-party certificate provider)”, [0025], “The application can send a certificate request”, “The CA can issue the certificate”).

Regarding Claim 7, the combined teaching of Hoggan and Sahraei teaches
wherein: the central authority includes a certificate manager configured to perform the determining, validating, obtaining, and providing (Hoggan, [0014], “The centralized certificate provisioning service 12 is shown to be comprised of … a certification authority (CA) 30”); and 
the at least one processor includes at least two processors, one of the at least two processors performing the authenticating, and another of the at least two processors providing the certificate manager (Hoggan, [0014], “The centralized certificate provisioning service 12 is shown to be comprised of a registration authority (RA) 28 and a certification authority (CA) 30”).  

Regarding Claims 8 and 17, the combined teaching of Hoggan and Sahraei teaches registering, by the at least one processor, the computing process, the registering comprising establishing the central authority as an authentication and access authority for the computing process (Hoggan, [0014], “The centralized certificate provisioning service 12 is shown to be comprised of a registration authority (RA) 28 and a certification authority (CA) 30”).

Regarding Claim 10, Hoggan discloses A system for providing a certificate for a computing process ([0006], “FIG. 1 illustrates a certificate provisioning system…when provisioning a device 16 with a certificate”), comprising: 
at least one processor ([0007], “instructions which, when executed by a processor”), the at least one processor being configured to perform processing comprising: 
establishing a first trust relationship between the computing process and the at least one processor ([0017], “the authenticate subscriber request”, [0019], “a trusted relationship has been established”), the establishing comprising:    
authenticating the computing process, the authenticating including providing a token to the computing process ([0017], “assess whether the authenticate subscriber request was transmitted through an access point 22 having an address within a range of trusted addresses. The range of trusted addresses may correspond with access points 22 or other communication mediums associate with the MSO 14 that are trusted or otherwise known to be valid for use with the subscriber”, [0019], “the device 16 may transmit a certain security token request 48 to the RA 28. The security token request may include the assertion provided by the MSO. The RA 28 may assess the assertion to determine whether the MSO 14 associated therewith or other identifying characteristics of the assertion. The RA 28 may then rely on this assessment to determine whether a trusted relationship has been established of the type sufficient to warrant issuing a security token to be used in subsequently requesting a certificate”); 
receiving a request for the certificate from the computing process, the request including the token ([0025], “The application can send a certificate request to the RA API with the security token using an OAuth”); 
determining that the computing process is eligible for the certificate according to a policy ([0019], “issue different security tokens depending on the identified MSO 14 or other permissions associated with issuing security tokens according to permissions (i.e. policies) specified within the assertion or otherwise associated with the identified MSO 14”, [0021], “Upon receipt of the security token, the device 16 may transmit a certificate request”); and 
validating the token ([0025], “The API can validate the security token”); 
in response to the establishing, obtaining the certificate, the certificate being signed by a third party certificate authority with which the at least one processor has a second trust relationship separate from the first trust relationship ([0002], “A digital certificate… signed by a trusted entity (e.g., a third-party certificate provider)” as a separate second trust relationship, [0025], “The CA can issue the certificate and sends it to the API. The API can respond to the application request with the certificate”); and 
providing, by the transceiver, the certificate to the computing process ([0025], “The API can respond to the application request with the certificate”, “The application can install the certificate in the device”).  
Hoggan does not explicitly teach but Sahraei teaches
a transceiver configured to communicate with a computing process; and by the transceiver ([0054], “a wireless data transceiver”); the token is a signed token ([0025], “signs the access token”); policy ID data ([0029], “security policy associated with the system identifier”); a policy that associates the certificate with the policy ID data ([0024], “to read the client Distinguished Name (DN) of the certificate…query the retrieved security policy for membership of the client DN”, i.e. a policy associated with the certificate, [0029], “security policy associated with the system identifier”);
Hoggan and Sahraei are analogous art as they are in the same field of endeavor of information security. It would have been obvious to one of ordinary skill in the art 

Regarding Claim 14, the combined teaching of Hoggan and Sahraei teaches wherein the signing computer includes the at least one processor (Sahraei, [0025], “signs the access token”, [0006], “using one or more security control (SC) computing devices that include at least one processor”).  

Regarding Claim 16, the combined teaching of Hoggan and Sahraei teaches wherein the at least one processor includes at least two processors, one of the at least two processors performing the authenticating, and another of the at least two processors performing the determining, validating, obtaining, and providing (Hoggan, [0014], “The centralized certificate provisioning service 12 is shown to be comprised of a registration authority (RA) 28 and a certification authority (CA) 30”).  

Regarding Claim 20, Hoggan discloses A method of providing a certificate for a client device ([0006], “FIG. 1 illustrates a certificate provisioning system…when provisioning a (client) device 16 with a certificate”), comprising: 
authenticating, by at least one processor of a central authority separate from the client device, the client device to thereby establish a first trust relationship ([0017], “the authenticate subscriber request”, [0019], “a trusted relationship has been established”), the authenticating including: 
determining that the client device complies with an access policy ([0017], “assess whether the authenticate subscriber request was transmitted through an access point 22 having an address within a range of trusted addresses. The range of trusted addresses may correspond with access points 22 or other communication mediums associate with the MSO 14 that are trusted or otherwise known to be valid for use with the subscriber” as determining if the client device complies with an access policy), in response to determining that the client device complies with the access policy, generating the token ([0018], “a response message 46 with an assertion in the event the two-factor authentication process or other authentication process is successfully”, [0019], “the device 16 may transmit a certain security token request 48 to the RA 28. The security token request may include the assertion provided by the MSO. The RA 28 may assess the assertion to determine whether the MSO 14 associated therewith or other identifying characteristics of the assertion. The RA 28 may then rely on this assessment to determine whether a trusted relationship has been established of the type sufficient to warrant issuing a security token to be used in subsequently requesting a certificate”), and 
sending the token to the client device ([0020], “In the event there is a sufficient relationship, the RA 28 may issue a security token response 50 having the security token”); 
receiving, by the at least one processor, a request for the certificate from the client device, the request including the token ([0025], “The application can send a certificate request to the RA API with the security token using an OAuth”);    
determining, by the at least one processor, that the client device is eligible for the certificate according to a policy ([0019], “issue different security tokens depending on the identified MSO 14 or other permissions associated with issuing security tokens according to permissions (i.e. policies) specified within the assertion or otherwise associated with the identified MSO 14”, [0021], “Upon receipt of the security token, the device 16 may transmit a certificate request”); 
validating, by the at least one processor, the token ([0025], “The API can validate the security token”); 
in response to the determining and the validating, obtaining, by the at least one processor, the certificate, the certificate being signed by a third party certificate authority with which the at least one processor has a second trust relationship separate from the first trust relationship ([0002], “A digital certificate… signed by a trusted entity (e.g., a third-party certificate provider)” as a separate second trust relationship, [0025], “The CA can issue the certificate and sends it to the API. The API can respond to the application request with the certificate”); and 
providing, by the at least one processor, the certificate to the client device ([0025], “The API can respond to the application request with the certificate”, “The application can install the certificate in the device”).
Hoggan does not explicitly teach but Sahraei teaches
the token is a signed token ([0025], “signs the access token”); policy ID data ([0029], “security policy associated with the system identifier”); a policy that associates the certificate with the policy ID data ([0024], “to read the client certificate…query the retrieved security policy for membership of the client DN”, i.e. a policy associated with the certificate, [0029], “security policy associated with the system identifier”);
Hoggan and Sahraei are analogous art as they are in the same field of endeavor of information security. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to request a certificate, the request including a token (as disclosed by Hoggan) where the token is a signed token and the request also includes the policy ID data (as taught by Sahraei). The motivation/suggestion would have been for automating security controls between computer networks (Sahraei, [0006]).

Claims 9 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Stuart A. Hoggan (US 2013/0311771 A1) in view of Sahraei et al. (US 2019/0052621 A1) further in view of Timothy Mossbarger (US 2014/0136838 A1).
Regarding Claims 9 and 18, the combined teaching of Hoggan and Sahraei does not explicitly teach but Mossbarger teaches establishing, by the at least one processor, the policy, wherein establishing the policy includes generating the policy ID and associating at least one certificate with the policy ID ([0251], “establish a new policy”, [0011], “certificate comprising a unique identifier and a policy, wherein the policy comprises one or more other unique identifiers”).
Hoggan and Sahraei and Mossbarger are analogous art as they are in the same field of endeavor of information security. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to request a 

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHENG-FENG HUANG whose telephone number is (571)272-6186.  The examiner can normally be reached on Monday-Friday: 9 am - 5 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni A Shiferaw can be reached on (571) 272-3867.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-






/CHENG-FENG HUANG/Primary Examiner, Art Unit 2497