Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION

Status of Claims
Claims 1-21 are presented for examination.  Claims 1-14, 17-19 are subject to examination. Claims 15-16, 20, 21 are withdrawn.

A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 4/26/21 has been entered.





Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-7, 17-19 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claims 1, 19, recites the limitation “the same application component instance”.  There is insufficient antecedent basis for this limitation in the claim.
Claims 1, 17, 19, recites the limitation “the application”.  There is insufficient antecedent basis for this limitation in the claim.
Claims 1, 19, recites the limitation “the public key or private key of the key pair”.  There is insufficient antecedent basis for this limitation in the claim.
Claims 1, 19, recites, requesting a one-time use credential, the one-time use credential being limited to a single use in requesting a second identity credential, which is indefinite for failing to particularly point out and distinctly claim the subject matter. What is claimed is by the claimed invention is contrarily, which is also requesting a dynamically-created second identity credential (another) using the one-time credential. 
Claims 1, 17 and 19 and dependent claims of claims 1, 17 and 19 are also subject to same rejections. Hence, claims 1-7, 17-19 are subject to 35 U.S.C. 112 second paragraph rejections.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claim(s) 1, 4, is/are rejected under 35 U.S.C. 103 as being unpatentable over Leonard 8,261061 in view of Bernsen 20180375870 and Meier 2019/0197231.
Referring to claim(s) 1, Leonard discloses a method carried out by a computing device, the method comprising; requesting a credential for an application component using a unique application component identifier and wherein the request is for a public key and private key pair (obtaining a key pair comprising a public key and a private key, claim 1), requesting a dynamically-created second identity credential for the same application component of the application using a request signed using at least one of the public key or private key of the key pair of the credential submitting a request for a certificate based on the key pair, receiving the dynamically-created second identity credential (receive issued certificate, col., 11, lines 1-2, col., 2, lines 8-18); and using the dynamically-created second identity credential in a cryptographic function by the application component (securing communications based on the certificate, col., 2, lines 8-18). Leonard does not specifically mention about, which is well-known in the art, which Bernsen discloses 
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Leonard to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well known use of one/single time use credential for a single use. The one/single time use credential would enable access to a resource using the credential. The one/single time use credential would not be enable access to the same resource after the first access. This would ensure that the same credential cannot be used again in order to secure the resource, para 59.
Leonard and Bernsen do not specifically mention about, which is well-known in the art, which Meier discloses application component instance using a unique application component instance identifier (uaii, para 46, 71, 96). Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Liu to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well known use of application instance identifier. A dedicated application instance and its identifier would be assigned for an assigned task. The dedicated/unique application instance would perform the assigned task and the dedicated/unique application instance would be referred with an identifier regarding the task, para 46, 71, 96.

Referring to claim(s) 4, Meier also discloses a unique identifier that uniquely identifies the application component, para 59, certificate request having UUID of application instance, para 59, 71.

Claim(s) 17, 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Liu et al. 20190312720 in view of Prickett et al., 2018/0176023 and Androulaki et al., 20170141928.
Referring to claim(s) 17, Liu discloses a computing device comprising: memory that stores executable instructions; a processor, operatively coupled to execute the executable instructions and based the execution: a method carried out by a computing device, the method comprising; requesting a credential (figure 7, first step), a credential as a first identity credential for an application component 
([0065] In this embodiment, when an injection key acquisition instruction is detected, a temporary key pair is generated, and the locally stored private key in the random key pair is used to perform signature on the public key in the temporary key pair so as to acquire the temporary key signature, and the acquired first identity authentication certificate and the temporary key signature are sent to the remote injection server)
requesting a dynamically-created second identity credential (the second identity authentication certificate) for the application component of the application using a request signed based on the one-time use credential and receiving the dynamically-created second identity credential (based on temporary/first identity authentication certificate, sending it by the device to a server, the second identity authentication certificate is returned by the remote injection server according to the temporary key signature and the first identity authentication certificate, para 65)
using the dynamically-created second identity credential (the second identity authentication certificate) in a cryptographic function by the application component (verification of manufacture information, etc., in the second identity authentication certificate for secure communication using the second identity authentication certificate, the safety of transmission of the secret key of the certificate is guaranteed for authentication, para 96, 97).
Liu does not specifically mention about, which is well-known in the art, which Prickett discloses, application component instance (unique applicant instance, para 22, certificate request having UUID of application instance, para 73). Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Liu to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well known use of application instance. A dedicated application instance would be assigned for an assigned task. The dedicated/unique application instance would perform the assigned task and the dedicated/unique application instance would be referred with an identifier regarding the task, para 22, 73. 
one-time use credential (certificate, step 104, figure 1). Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Liu to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well known use of one/single time use credential. The one/single time use credential would enable access to a resource using the credential. The one/single time use credential would not be enable access to the same resource after the first access. This would ensure that the same credential cannot be used again in order to secure the resource, para 3, figure 1. 

Referring to claim(s) 18, Prickett also discloses a unique identifier that uniquely identifies the application component, para 22, certificate request having UUID of application instance, para 73).

Claim(s) 19, is/are rejected under 35 U.S.C. 103 as being unpatentable over Leonard in view of Bernsen, Meier and Zimmermann et al., 2018/000688.
Referring to claim(s) 19, Leonard discloses a method carried out by a computing device, the method comprising; one or more computing devices comprising: memory that stores executable instructions; at least one processor, operatively coupled to execute the executable instructions and based the execution: requesting a credential for an application component using a unique application component identifier and wherein the request is for a public key and private key pair (obtaining a key pair comprising a public key and a private key, claim 1), requesting a dynamically-created second identity credential for the same application component of the application using a request signed using at least one of the public key or private key of the key pair of the credential submitting a request for a certificate based on the key pair, receiving the dynamically-created second identity credential (receive issued certificate, 
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Leonard to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well known use of one/single time use credential for a single use. The one/single time use credential would enable access to a resource using the credential. The one/single time use credential would not be enable access to the same resource after the first access. This would ensure that the same credential cannot be used again in order to secure the resource, para 59.
Leonard and Bernsen do not specifically mention about, which is well-known in the art, which Meier discloses application component instance using a unique application component instance identifier (uaii, para 46, 71, 96). Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Liu to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well known use of application instance identifier. A dedicated application instance and its identifier would be assigned for an assigned task. The dedicated/unique application instance would perform the assigned task and the dedicated/unique application instance would be referred with an identifier regarding the task, para 46, 71, 96.
Leonard, Meier and Bernsen do not disclose, which Zimmermann discloses, a virtualization engine for use by a container that contains the application component instance, virtualization engine with the container having the software component, para 40, figure 2, 260, certificate, para 36). Therefore, it 
Virtualization is the process of creating a software-based, or virtual, representation of something, such as virtual applications, servers, storage and networks. It is the single most effective way to reduce IT expenses while boosting efficiency and agility for all size businesses. A virtualization engine is the concept of giving a holistic view of all the resources in the entire network infrastructure. The holistic view is independent of the physical data storage devices and their geographic location. A container is a virtual runtime environment that runs on top of a single operating system (OS) kernel and emulates an operating system rather than the underlying hardware. A container engine is a managed environment for deploying containerized applications. The use of virtualization engine and a container would enable most effective way to reduce IT expenses while boosting efficiency, para 40, 36.

Claim(s) 8, 9, 12, 13 is/are rejected under 35 U.S.C. 103 as being unpatentable over Liu in view of Prickett, Androulaki and Reno et al., 2019/0146816.
Referring to claim(s) 8, Liu discloses a method carried out by one or more computing devices, the method comprising: requesting a credential as a first identity credential for an application component using a unique identifier associated with the application component; receiving a cryptographically generated credential as the first identity credential for the application component based on the unique identifier, in response to the request; and providing the cryptographically generated credential (please refer to claim 1 for the respective citations of Liu for these limitations).

 Liu and Prickett do not specifically mention about, which is well-known in the art, which Androulaki discloses, requesting a one-time use credential (certificate, step 104, figure 1). Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Liu to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well known use of one/single time use credential. The one/single time use credential would enable access to a resource using the credential. The one/single time use credential would not be enable access to the same resource after the first access. This would ensure that the same credential cannot be used again in order to secure the resource, para 3, figure 1. Liu, Prickett and Androulaki do not disclose, which Reno discloses, a virtualization engine (para 35) for use by a container that contains the application component (para, 30, 35). Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Liu to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well known use of virtualization engine and a container. One of ordinary skilled in the art would readily know that,


Referring to claim(s) 9, Liu also discloses wherein the cryptographic function is an authentication operation (verification of manufacture information, etc., in the second identity authentication certificate for secure communication using the second identity authentication certificate, the safety of transmission of the secret key of the second identity authentication certificate is guaranteed for authentication, para 96, 97). 

Referring to claim(s) 10, Prickett also discloses wherein the request includes information that uniquely identifies the application component instance (certificate request having UUID of application instance, para 73). 

Referring to claim(s) 12, Androulaki also discloses wherein the one-time use credential and the created second identity credential each comprise a PKI certificate produced by a certificate authority, 206, fig., 2).

Referring to claim(s) 13, Androulaki discloses one-time use credential (certificate, step 104, figure 1). Liu also discloses wherein a device receives the generated credential for the application component and passes the generated credential for the application component to an entity that makes the first identity credential available to the application component, para 96, 97. Reno also discloses, a virtualization engine (para 35) for use by a container that contains the application component (para, 30, 35).  

Referring to claim(s) 14, Androulaki discloses one-time use credential (certificate, step 104, figure 1). Liu also discloses requesting a dynamically-created second identity credential for the application component using a certificate-signing request signed based on the credential; receiving the dynamically-created second identity credential; and using the dynamically-created second identity credential in a cryptographic function (please refer to claim 1 for the respective citations of Liu for these limitations).

Claim(s) 11, is/are rejected under 35 U.S.C. 103 as being unpatentable over Liu in view of Prickett, Androulaki, Reno and Clish et al., 9467297.
Referring to claim(s) 11, Liu, Prickett, Reno and Androulaki do not disclose, which Clish discloses, wherein the application component interacts with an industrial sensor (claim 1, along with a certificate). Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Liu to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well known use of industrial sensor. 

In the industrial automation, sensors play a vital part to make the products intellectual and exceptionally automatic. The industrial sensor would be in communication with the application component and would provide information regarding the signal(s), claim 1.  

Claim(s) 2, is/are rejected under 35 U.S.C. 103 as being unpatentable over Leonard in view of Bernsen, Meier and Liu.
Referring to claim(s) 2, Bernsen, Meier, Leonard do not disclose, which Liu disclose wherein the cryptographic function is an authentication operation (verification of manufacture information, etc., in the second identity authentication certificate for secure communication using the second identity authentication certificate, the safety of transmission of the secret key of the second identity authentication certificate is guaranteed for authentication, para 96, 97). Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Leonard to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well known use of authentication operation. The authentication would guarantee that transmission of secure information is implemented for secure access of secure data. The secure communication would utilize authentication information for verification of provided information prior to access to secure data, para 96, 97.  

Claim(s) 6, is/are rejected under 35 U.S.C. 103 as being unpatentable over Leonard in view of Bernsen, Meier and Androulaki.
Referring to claim(s) 6, Bernsen, Meier, Leonard do not disclose, which Androulaki disclose wherein the one-time use credential and the created second identity credential each comprise a PKI certificate produced by a certificate authority, 206, fig., 2). Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Leonard to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well known PKI certificates. One of ordinary skilled in the art would readily know what PKI certificate is.
.  

Claim(s) 3, is/are rejected under 35 U.S.C. 103 as being unpatentable over Leonard in view of Bernsen, Meier and Marcovecchio et al., 20130160134.
Referring to claim(s) 3, Leonard, Bernsen, Meier and do not disclose, which Marcovecchio discloses, wherein the request for the created first identity credential is sent by an application manager, (application manager with certificate authority, para 65, pki para 82). Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Leonard to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well known use of application manager. A dedicated application manager would manage an assigned task. The dedicated application manager would perform communication with other entities and would perform request for information using an identifier for security, para 65, 82. 

Claim(s) 5, is/are rejected under 35 U.S.C. 103 as being unpatentable over Leonard in view of Bernsen, Meier and Clish et al., 9467297.
Referring to claim(s) 5, Leonard, Bernsen, Meier do not disclose, which Clish discloses, wherein the application component interacts with an industrial sensor (claim 1, along with a certificate). Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Leonard to implement these 
One of ordinary skilled in the art would readily know that, in simple terms, Industrial Automation Sensors are input devices which provide an output (signal) with respect to a specific physical quantity (input). Sensors used in Automation: 
In the industrial automation, sensors play a vital part to make the products intellectual and exceptionally automatic. The industrial sensor would be in communication with the application component and would provide information regarding the signal(s), claim 1.  

Response to Arguments
Applicant's arguments with respect to claim 1 has been considered but are moot in view of the new ground(s) of rejection. 

Conclusion
Applicant is reminded for compact prosecution (rather delayed prosecution).  For example, “dynamically-created second identity credential” is not similar to a method step in which a particular entity indeed dynamically creates a credential for identification. There is no dynamically creating method step in the claimed invention.
Applicant amended claims 1 and 19 with additional limitations, in response to the prior art rejections. However, the Applicant chose not to amend other independent claims with the same additional limitations.
Mere arguments would not overcome the rejections (what the claimed subject matter accomplishes is accomplished by the cited art, and the cited art provides many alternatives). Please see above rejections.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HARESH PATEL whose telephone number is (571)272-3973.  The examiner can normally be reached on M-F 9-5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on 5712723862.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/HARESH N PATEL/Primary Examiner, Art Unit 2493