DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This initial written action is responding to the communication dated on 07/29/2020.
Claims 1-22 are submitted for examination.
Claims 1-22 are pending.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Priority
This application filed on July 29, 2020 claims priority of continuing application 15/184,997 filed on June 06, 2016 which claims priority of provisional application 62/180,479 filed on June 16, 2015.

Claim Objections
Claim 21 objected to because of the following informalities:  Claim 21 recites a limitation, “….when executed, further cause the computing system to, if the expected information is different than the external information for one or more digital certificates of the set of digital certificates..”. Examiner suggests replacing “if” with “in response to”. Appropriate correction is required.


Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(d):
(d) REFERENCE IN DEPENDENT FORMS.—Subject to subsection (e), a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.

The following is a quotation of pre-AIA  35 U.S.C. 112, fourth paragraph:
Subject to the following paragraph [i.e., the fifth paragraph of pre-AIA  35 U.S.C. 112], a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.



Claim 2 is rejected under 35 U.S.C. 112(d) or pre-AIA  35 U.S.C. 112, 4th paragraph, as being of improper dependent form for failing to further limit the subject matter of the claim upon which it depends, or for failing to include all the limitations of the claim upon which it depends.  Claim 2 recites a limitation “The method of claim 2…”.   Applicant may cancel the claim(s), amend the claim(s) to place the claim(s) in proper dependent form, rewrite the claim(s) in independent form, or present a sufficient showing that the dependent claim(s) complies with the statutory requirements.
For the purpose of examination Claim 2 will considered as depending on claim1.


Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 


Claims 1-7, 9-12, 15-17 and 20-22 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-14, 17-18 and 20 of U.S. Patent No. 10771260 Although the claims at issue are not identical, they are not patentably distinct from each other.
 
Instant Application 16/942,651
 
US PAT. # US 10771260 (App. # 15/184,997) 
 
 
Systems and Methods for Digital Certificate Security
 
Systems and Methods for Digital Certificate Security
 
 
 
 
 
 
1
A computer-implemented method comprising: identifying a plurality of digital certificates, individual digital certificates of the plurality of digital certificates including respective internal information; determining external information associated with the individual digital certificates including specific data regarding a cipher suite that is used for the individual digital certificates, the external information not contained within the respective digital certificate; storing the internal information and the external information for the plurality of digital certificates in a database; and running a query against the database to identify one or more vulnerable digital certificates associated with a client based on the internal information and the external information. 
1
A computer-implemented method comprising: identifying a plurality of digital certificates, individual digital certificates of the plurality of digital certificates including respective internal information; determining external information associated with the individual digital certificates, the external information not contained within the respective digital certificate, wherein the external information at least includes a configuration of a server on which an individual digital certificate is installed, and specific data regarding a cipher suite that is used for the individual digital certificates, wherein the external information is determined at different points in time; storing the internal information and the external information for the plurality of digital certificates in a database; running a query against the database to identify one or more vulnerable digital certificates associated with a client based on the internal information and the external information, wherein the query is to identify a plurality of servers or locations where a same digital certificate has been installed, and the query includes determining whether the external information has changed between the different points in time; and generating a removal request to be sent to a certificate authority to request removal of the one or more vulnerable digital certificates. 
 
2
The method of claim 2, further comprising identifying the one or more vulnerable digital certificates based on one or more differences between the external information of different digital certificates among a set of digital certificates that are associated with the client. 
2
The method of claim 1, further comprising identifying the one or more vulnerable digital certificates based on one or more differences between the external information of different digital certificates among a set of digital certificates that are associated with the client. 
 
3
The method of claim 1, wherein the external information includes one or more of: a configuration of a host server on which the digital certificate is installed; geolocation information associated with a physical location where the digital certificate is stored; a Domain Name System (DNS) name of the host server; reverse DNS data to indicate an owner of the host server; an Internet Protocol (IP) address of the host server; whether the host server allows compression to be used; a length of a validity period of the digital certificate; or timing information to indicate a date on which the determining the external information was performed. 
3
The method of claim 1, wherein the external information includes one or more of: geolocation information associated with a physical location where the digital certificate is stored; a Domain Name System (DNS) name of the host server; reverse DNS data to indicate an owner of the host server; an Internet Protocol (IP) address of the host server; whether the host server allows compression to be used; a length of a validity period of the digital certificate; or timing information to indicate a date on which the determining the external information was performed. 
 
4
The method of claim 1, wherein the external information includes geolocation information associated with a physical location where the digital certificate is stored, and wherein the running the query is to identify differences in the physical locations of different digital certificates among a set of digital certificates associated with the client. 
4
 The method of claim 1, wherein the external information includes geolocation information associated with a physical location where the digital certificate is stored, and wherein the running the query is to identify differences in the physical locations of different digital certificates among a set of digital certificates associated with the client. 
 
5
The method of claim 4, wherein the running the query is to identify digital certificates of the set of digital certificates that are located outside of a geographical boundary to identify the one or more vulnerable digital certificates. 
5
The method of claim 4, wherein the running the query is to identify digital certificates of the set of digital certificates that are located outside of a geographical boundary to identify the one or more vulnerable digital certificates. 
 
6
The method of claim 4, further comprising generating a map to indicate the physical location of the set of digital certificates. 
6
The method of claim 4, further comprising generating a map to indicate the physical location of the set of digital certificates. 
 
7
The method of claim 1, wherein the plurality of digital certificates includes substantially all digital certificates that are accessible via addressable IP address space. 
7
 The method of claim 1, wherein the plurality of digital certificates includes all digital certificates that are accessible via addressable IP address space. 
 
9
The method of claim 1, wherein the running the query includes identifying one or more digital certificates having an associated company name or domain name that is similar to a respective company name or domain name of the client.
8
The method of claim 1, wherein running the query includes identifying one or more digital certificates having an associated company name or domain name that is similar to a respective company name or domain name of the client.
 
10
The method of claim 1, wherein the internal information includes one or more of: a company name associated with the digital certificate; a domain name associated with the digital certificate; or an expiration date of the digital certificate; 
9
The method of claim 1, wherein the internal information includes one or more of: a company name associated with the digital certificate; a domain name associated with the digital certificate; an expiration date of the digital certificate; a certificate serial number; a subject key identifier; or an authority key identifier. 
 
11
The method of claim 1, wherein the one or more vulnerable digital certificates include one or more non-production digital certificates that were not intended to be publicly used. 
10
The method of claim 1, wherein the one or more vulnerable digital certificates include one or more non-production digital certificates that were not intended to be publicly used. 
 
12
The method of claim 1, further comprising displaying, to a user, the external information associated with a set of digital certificates that are associated with the client. 
11
 The method of claim 1, further comprising displaying, to a user, the external information associated with a set of digital certificates that are associated with the client. 
 
15
One or more non-transitory computer-readable media having instructions, stored thereon, that when executed by one or more processors of a computing system cause the computing system to: identify a plurality of digital certificates, individual digital certificates of the plurality of digital certificates including respective internal information; determine external information associated with the individual digital certificates including specific data regarding a cipher suite that is used for the individual digital certificates, the external information not contained within the respective digital certificate; store the internal information and the external information for the plurality of digital certificates; identify a set of digital certificates, from the plurality of digital certificates based on the stored internal information or the external information in the database, that are associated with a client; identify differences in the stored external information between respective individual digital certificates of the set of digital certificates; and present the differences in the external information to a user. 
12
One or more non-transitory computer-readable media having instructions, stored thereon, that when executed by one or more processors of a computing system cause the computing system to: identify a plurality of digital certificates, individual digital certificates of the plurality of digital certificates including respective internal information; determine external information associated with the individual digital certificates, the external information not contained within the respective digital certificate, wherein the external information at least includes a configuration of a server on which an individual digital certificate is installed, and specific data regarding a cipher suite that is used for the individual digital certificates, wherein the external information is determined at different points in time; store the internal information and the external information for the plurality of digital certificates; identify a set of digital certificates, from the plurality of digital certificates based on the stored internal information or the external information in the database, that are associated with a client; identify differences in the stored external information between respective individual digital certificates of the set of digital certificates wherein the differences include a determination whether the stored external information has changed between the different points in time; identify a plurality of servers or locations where a same digital certificate has been installed; and generate a removal request to be sent to a certificate authority to request removal of one or more vulnerable digital certificates based on the differences in the stored external information. 
 
16
The one or more media of claim 15, wherein the external information includes one or more of: a configuration of a host server on which the digital certificate is installed; geolocation information associated with a physical location where the digital certificate is stored; a Domain Name System (DNS) name of the host server; reverse DNS data to indicate an owner of the host server; an Internet Protocol (IP) address of the host server; whether the host server allows compression to be used; a length of a validity period of the digital certificate; or timing information to indicate a date on which the determining the external information was performed. 
13
 The one or more media of claim 12, wherein the external information includes one or more of: geolocation information associated with a physical location where the digital certificate is stored; a Domain Name System (DNS) name of the host server; reverse DNS data to indicate an owner of the host server; an Internet Protocol (IP) address of the host server; whether the host server allows compression to be used; a length of a validity period of the digital certificate; or timing information to indicate a date on which the determining the external information was performed. 
 
17
The one or more media of claim 15, wherein the external information includes geolocation information associated with a physical location where the respective digital certificate is stored, and wherein the instructions, when executed, further cause the system to display a map to indicate the physical location of the digital certificates of the set of digital certificates, or wherein the instructions further cause the system to identify one or more digital certificates of the set of digital certificates that are located outside a predefined geographical boundary. 
14
The one or more media of claim 12, wherein the external information includes geolocation information associated with a physical location where the respective digital certificate is stored, and wherein the instructions, when executed, further cause the system to display a map to indicate the physical location of the digital certificates of the set of digital certificates. 
 
20
One or more non-transitory computer-readable media having instructions, stored thereon, that when executed by one or more processors of a computing system cause the computing system to: identify a plurality of digital certificates, individual digital certificates of the plurality of digital certificates including respective internal information; determine external information associated with the individual digital certificates including specific data regarding a cipher suite that is used for the individual digital certificates, the external information not contained within the respective digital certificate; store the internal information and the external information for the plurality of digital certificates; identify a set of digital certificates, from the plurality of digital certificates based on the stored internal information or the external information in the database, that are associated with a client; obtain expected information to indicate expected values for the external information of the set of digital certificates; compare the expected information to the stored external information to determine whether the expected information is different than the external information for one or more digital certificates of the set of digital certificates; and indicate a result of the comparison to a user. 
17
One or more non-transitory computer-readable media having instructions, stored thereon, that when executed by one or more processors of a computing system cause the computing system to: identify a plurality of digital certificates, individual digital certificates of the plurality of digital certificates including respective internal information; determine external information associated with the individual digital certificates, the external information not contained within the respective digital certificate, wherein the external information at least includes a configuration of a server on which an individual digital certificate is installed, and specific data regarding a cipher suite that is used for the individual digital certificates, wherein the external information is determined at different points in time; store the internal information and the external information for the plurality of digital certificates; identify a set of digital certificates, from the plurality of digital certificates based on the stored internal information or the external information in the database, that are associated with a client; obtain expected information to indicate expected values for the external information of the set of digital certificates; compare the expected information to the stored external information to determine whether the expected information is different than the external information for one or more digital certificates of the set of digital certificates wherein differences include a determination whether the external information has changed between the different points in time; identify a plurality of servers or locations where a same digital certificate has been installed; and generate a removal request to be sent to a certificate authority to request removal of one or more vulnerable digital certificates based on the differences in the external information. 
 
21
The one or more media of claim 20, wherein the instructions, when executed, further cause the computing system to, if the expected information is different than the external information for one or more digital certificates of the set of digital certificates, identify the one or more digital certificates to the user. 
18
The one or more media of claim 17, wherein the instructions, when executed, further cause the computing system to, if the expected information is different than the external information for one or more digital certificates of the set of digital certificates, identify the one or more digital certificates to the user. 
 
22
The one or more media of claim 20, wherein the external information includes one or more of: a configuration of a host server on which the digital certificate is installed; a Domain Name System (DNS) name of the host server; reverse DNS data to indicate an owner of the host server; an Internet Protocol (IP) address of the host server; or whether the host server uses compression. 
20
The one or more media of claim 17, wherein the external information includes one or more of: a Domain Name System (DNS) name of the host server; reverse DNS data to indicate an owner of the host server; an Internet Protocol (IP) address of the host server; or whether the host server uses compression. 
 



Claim Rejections - 35 USC § 103

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1-5, 7, 9-10, 12, 15-17 and 20-22 are rejected under 35 U.S.C. 103 as being unpatentable over Grebennikov et al. (US PGPUB. # US 2014/0095866, hereinafter “Grebennikov”), and further in view of Rakshit et al. (US PGPUB. # US 2015/0271171, hereinafter “Rakshit”).

Regarding Claim 1, Grebennikov teaches,
A computer-implemented method comprising: 
identifying a plurality of digital certificates, (¶39, “the certificates can be received from Internet service providers (ISPs), i.e., if an ISP finds a new certificate sent to one of their devices, they can report it to the initial certificate data collection module 510”, i.e. plurality of certificates are identified) individual digital certificates of the plurality of digital certificates including respective internal information; (Fig. 6, ¶18, ¶41, “The initial information on the certificates collected by initial certificate data collection module 510 can include parameter data intrinsic to each certificate, i.e., data that is included in the content of each certificate”, ¶43) 
determining external information associated with the individual digital certificates [including specific data regarding a cipher suite that is used for the individual digital certificates], the external information not contained within the respective digital certificate; (¶41, “the initial information on the certificates can include certain extrinsic parameter data pertaining to the certificate, though not necessarily expressly part of a given certificate's content.”, i.e. extrinsic (external information is determined)) 
storing the internal information and the external information for the plurality of digital certificates in a database; (Fig. 4(505), ¶38, “the initial certificate data collection module 510 obtains information on the certificates that are encountered by sources of certificate information 515, and saves the information in database 505”) and 
running a query against the database to identify one or more vulnerable digital certificates associated with a client based on the internal information and the external information. (¶42, “the gathered certificates in the database are grouped by one or more parameters, such as the certificate's unique serial number, the name of the certificate's owner (e.g., company or website URL)”, ¶44, i.e. vulnerable certificates associated with certificate owner (client), ¶42, ¶43, i.e. abnormal (vulnerable) certificates based on intrinsic (internal) and extrinsic (external) information are stored in a database.  Thus in order to find a status of certificate a query is required to run against the database).
Grebennikov does not teach explicitly,
[determining external information associated with the individual digital certificates] including specific data regarding a cipher suite that is used for the individual digital certificates, [the external information not contained within the respective digital certificate]; 
However, Rakshit teaches,
[determining external information associated with the individual digital certificates] including specific data regarding a cipher suite that is used for the individual digital certificates, (¶7, “the step of analyzing the information that identifies the certificate statuses of the websites visited by the computing devices may include analyzing a cipher suite specified by the website's certificate”, ¶38, “the cipher suite specified by the website certificate (e.g., AES.sub.--128, RC4.sub.--124, etc.), i.e. data regarding cipher suits is determined) [the external information not contained within the respective digital certificate]; 
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Rakshit with the invention of Grebennikov.
Grebennikov teaches, collecting internal and external information of certificate to identify a vulnerable certificate. Rakshit teaches, collecting cipher suit information as an external information from a certificate. Therefore, it would have been obvious to have collecting cipher suit information as an external information from a certificate of Rakshit with  collecting internal and external information of certificate to identify a vulnerable certificate of Grebennikov to remediate issues regarding vulnerable certificate to avoid malicious attack. KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 

Regarding Claim 15, Grebennikov teaches,
One or more non-transitory computer-readable media having instructions, stored thereon, that when executed by one or more processors of a computing system cause the computing system to: 
identify a plurality of digital certificates, (¶39, “the certificates can be received from Internet service providers (ISPs), i.e., if an ISP finds a new certificate sent to one of their devices, they can report it to the initial certificate data collection module 510”, i.e. plurality of certificates are identified) individual digital certificates of the plurality of digital certificates including respective internal information; (Fig. 6, ¶18, ¶41, “The initial information on the certificates collected by initial certificate data collection module 510 can include parameter data intrinsic to each certificate, i.e., data that is included in the content of each certificate”, ¶43)
determine external information associated with the individual digital certificates [including specific data regarding a cipher suite that is used for the individual digital certificates], the external information not contained within the respective digital certificate; (¶41, “the initial information on the certificates can include certain extrinsic parameter data pertaining to the certificate, though not necessarily expressly part of a given certificate's content.”, i.e. extrinsic (external information is determined))
store the internal information and the external information for the plurality of digital certificates; (Fig. 4(505), ¶38, “the initial certificate data collection module 510 obtains information on the certificates that are encountered by sources of certificate information 515, and saves the information in database 505”)
identify a set of digital certificates, from the plurality of digital certificates based on the stored internal information or the external information in the database, that are associated with a client; (¶42, “the gathered certificates in the database are grouped by one or more parameters, such as the certificate's unique serial number, the name of the certificate's owner (e.g., company or website URL)”, ¶44, i.e. vulnerable certificates associated with certificate owner (client), ¶42, ¶43, i.e. certificates based on intrinsic (internal) and extrinsic (external) information are stored in a database), 
identify differences in the stored external information between respective individual digital certificates of the set of digital certificates; (¶84, Fig. 3, ¶34, i.e. differences are identified). 
Grebennikov does not teach explicitly,
[determine external information associated with the individual digital certificates] including specific data regarding a cipher suite that is used for the individual digital certificates, [the external information not contained within the respective digital certificate]; and 
present the differences in the external information to a user.
However, Rakshit teaches,
[determine external information associated with the individual digital certificates] including specific data regarding a cipher suite that is used for the individual digital certificates, (¶7, “the step of analyzing the information that identifies the certificate statuses of the websites visited by the computing devices may include analyzing a cipher suite specified by the website's certificate”, ¶38, “the cipher suite specified by the website certificate (e.g., AES.sub.--128, RC4.sub.--124, etc.), i.e. data regarding cipher suits is determined)  [the external information not contained within the respective digital certificate]; and 
present the differences in the external information to a user. (Fig. 3(306), ¶50-¶51, “inform another entity of an issue with the certificate status of a website”, “instructing an administrator to correctly configure) a website's certificate”, “correctly configuring (or instructing an administrator to correctly configure) a trust seal or indicator utilized by the website (by, e.g., deploying an up-to-date or correct version)”, “remediation module 108 may notify an administrator of a website that the website's certificate has been revoked, has expired, or is about to expire (i.e., the website's certificate currently falls within a renewal window)”, ¶52, i.e. provides notification to an administrator (user) regarding issues (difference in external information)).  
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Rakshit with the invention of Grebennikov.
Grebennikov teaches, collecting internal and external information of certificate to identify a vulnerable certificate. Rakshit teaches, collecting cipher suit information as an external information from a certificate. Therefore, it would have been obvious to have collecting cipher suit information as an external information from a certificate of Rakshit with  collecting internal and external information of certificate to identify a vulnerable certificate of Grebennikov to remediate issues regarding vulnerable certificate to avoid malicious attack. KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 

Regarding Claim 20, Grebennikov teaches,
One or more non-transitory computer-readable media having instructions, stored thereon, that when executed by one or more processors of a computing system cause the computing system to: 
identify a plurality of digital certificates, (¶39, “the certificates can be received from Internet service providers (ISPs), i.e., if an ISP finds a new certificate sent to one of their devices, they can report it to the initial certificate data collection module 510”, i.e. plurality of certificates are identified) individual digital certificates of the plurality of digital certificates including respective internal information; (Fig. 6, ¶18, ¶41, “The initial information on the certificates collected by initial certificate data collection module 510 can include parameter data intrinsic to each certificate, i.e., data that is included in the content of each certificate”, ¶43) 
determine external information associated with the individual digital certificates [including specific data regarding a cipher suite that is used for the individual digital certificates], the external information not contained within the respective digital certificate; (¶41, “the initial information on the certificates can include certain extrinsic parameter data pertaining to the certificate, though not necessarily expressly part of a given certificate's content.”, i.e. extrinsic (external information is determined))
store the internal information and the external information for the plurality of digital certificates; (Fig. 4(505), ¶38, “the initial certificate data collection module 510 obtains information on the certificates that are encountered by sources of certificate information 515, and saves the information in database 505”)
identify a set of digital certificates, from the plurality of digital certificates based on the stored internal information or the external information in the database, that are associated with a client; (¶42, “the gathered certificates in the database are grouped by one or more parameters, such as the certificate's unique serial number, the name of the certificate's owner (e.g., company or website URL)”, ¶44, i.e. vulnerable certificates associated with certificate owner (client), ¶42, ¶43, i.e. certificates based on intrinsic (internal) and extrinsic (external) information are stored in a database) 
obtain expected information to indicate expected values for the external information of the set of digital certificates; (Fig. 8(910, 920), ¶98)
compare the expected information to the stored external information to determine whether the expected information is different than the external information for one or more digital certificates of the set of digital certificates; (Fig. 8(930, 940), ¶99). 
Grebennikov does not teach explicitly,
[determine external information associated with the individual digital certificates] including specific data regarding a cipher suite that is used for the individual digital certificates, [the external information not contained within the respective digital certificate]; and 
indicate a result of the comparison to a user.
However, Rakshit teaches,
[determine external information associated with the individual digital certificates] including specific data regarding a cipher suite that is used for the individual digital certificates, (¶7, “the step of analyzing the information that identifies the certificate statuses of the websites visited by the computing devices may include analyzing a cipher suite specified by the website's certificate”, ¶38, “the cipher suite specified by the website certificate (e.g., AES.sub.--128, RC4.sub.--124, etc.), i.e. data regarding cipher suits is determined)  [the external information not contained within the respective digital certificate]; and 
indicate a result of the comparison to a user. (Fig. 3(306), ¶50-¶51, “inform another entity of an issue with the certificate status of a website”, “instructing an administrator to correctly configure) a website's certificate”, “correctly configuring (or instructing an administrator to correctly configure) a trust seal or indicator utilized by the website (by, e.g., deploying an up-to-date or correct version)”, “remediation module 108 may notify an administrator of a website that the website's certificate has been revoked, has expired, or is about to expire (i.e., the website's certificate currently falls within a renewal window)”, ¶52, i.e. provides notification to an administrator (user) regarding issues (difference in external information)).
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Rakshit with the invention of Grebennikov.
Grebennikov teaches, collecting internal and external information of certificate to identify a vulnerable certificate. Rakshit teaches, collecting cipher suit information as an external information from a certificate. Therefore, it would have been obvious to have collecting cipher suit information as an external information from a certificate of Rakshit with  collecting internal and external information of certificate to identify a vulnerable certificate of Grebennikov to remediate issues regarding vulnerable certificate to avoid KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 

Regarding Claim 2, rejection of Claim 1 is included and for the same motivation Grebennikov teaches,
The method of claim 2, further comprising identifying the one or more vulnerable digital certificates based on one or more differences between the external information of different digital certificates among a set of digital certificates that are associated with the client. (¶43-¶45).

Regarding Claim 3, rejection of Claim 1 is included and for the same motivation Grebennikov teaches,
The method of claim 1, wherein the external information includes one or more of
a configuration of a host server on which the digital certificate is installed;
geolocation information associated with a physical location where the digital certificate is stored; (¶42, “In a related embodiment, certificates can be grouped by a combination of attributes, such as according to the certificate owner and the geographical distribution of certificates from that owner”, ¶49, “geographical location between older and newer certificates of a known company or URL address”, i.e. geolocation information is associated with a physical location)
a Domain Name System (DNS) name of the host server; 
reverse DNS data to indicate an owner of the host server; 
an Internet Protocol (IP) address of the host server; 
whether the host server allows compression to be used; 
a length of a validity period of the digital certificate; or 
timing information to indicate a date on which the determining the external information was performed.

Regarding Claim 4, rejection of Claim 1 is included and for the same motivation Grebennikov teaches,
The method of claim 1, wherein the external information includes geolocation information associated with a physical location where the digital certificate is stored, (¶42, “In a related embodiment, certificates can be grouped by a combination of attributes, such as according to the certificate owner and the geographical distribution of certificates from that owner”, i.e. geolocation is associated with owner (physical location)) and wherein the running the query is to identify differences in the physical locations of different digital certificates among a set of digital certificates associated with the client. (¶46, ¶49, “geographical location between older and newer certificates of a known company or URL address”).

Referring to Claims 5 and 16:
Regarding Claim 5, rejection of Claim 4 is included and for the same motivation Grebennikov teaches,
The method of claim 4, wherein the running the query is to identify digital certificates of the set of digital certificates that are located outside of a geographical boundary to identify the one or more vulnerable digital certificates. (¶44, “if a certificate in question purporting to be owned by company A was reported by an information source located in southeast Asia, while a majority of previously-issued certificates corresponding to company A were reported by information sources located in western Europe, then the certificate can be deemed suspicious”).

Regarding Claim 16, rejection of Claim 15 is included and Claim 16 is rejected with the same rationale as applied against Claim 5 above. 

Regarding Claim 7, rejection of Claim 1 is included and for the same motivation Grebennikov teaches,
The method of claim 1, wherein the plurality of digital certificates includes substantially all digital certificates that are accessible via addressable IP address space. (¶40).

Regarding Claim 9, rejection of Claim 1 is included and for the same motivation Grebennikov teaches,
The method of claim 1, wherein the running the query includes identifying one or more digital certificates having an associated company name or domain name that is similar to a respective company name or domain name of the client. (¶96-¶98).

Regarding Claim 10, rejection of Claim 1 is included and for the same motivation Grebennikov teaches,
The method of claim 1, wherein the internal information includes one or more of a company name associated with the digital certificate; (¶25, “the website 130 sends back its public key certificate containing information on the holder of the certificate, for example, contact data, company name, URL address, i.e. company name is associated with the certificate)
 a domain name associated with the digital certificate; or 
an expiration date of the digital certificate;

Regarding Claim 12, rejection of Claim 1 is included and for the same motivation Grebennikov does not teach explicitly,
The method of claim 1, further comprising displaying, to a user, the external information associated with a set of digital certificates that are associated with the client.
However, Rakshit teaches,
The method of claim 1, further comprising displaying, to a user, the external information associated with a set of digital certificates that are associated with the client. (¶51-¶52).

Regarding Claim 17, rejection of Claim 15 is included and for the same motivation Grebennikov teaches,
The one or more media of claim 15, wherein the external information includes geolocation information associated with a physical location where the respective digital certificate is stored, (¶42, “In a related embodiment, certificates can be grouped by a combination of attributes, such as according to the certificate owner and the geographical distribution of certificates from that owner”, ¶49, “geographical location between older and newer certificates of a known company or URL address”, i.e. geolocation information is associated with a physical location) and wherein the instructions, when executed, further cause the system to display a map to indicate the physical location of the digital certificates of the set of digital certificates, or wherein the instructions further cause the system to identify one or more digital certificates of the set of digital certificates that are located outside a predefined geographical boundary. (¶44, “if a certificate in question purporting to be owned by company A was reported by an information source located in southeast Asia, while a majority of previously-issued certificates corresponding to company A were reported by information sources located in western Europe, then the certificate can be deemed suspicious”, Examiner submits that there is an “or” condition between claim limitation. No need to provide a citation for other limitation).

Regarding Claim 21, rejection of Claim 20 is included and for the same motivation Grebennikov teaches,
The one or more media of claim 20, wherein the instructions, when executed, further cause the computing system to, if the expected information is different than the external information for one or more digital certificates of the set of digital certificates, (Fig. 8(930, 940), ¶99) [identify the one or more digital certificates to the user].
Grebennikov does not teach explicitly,
The one or more media of claim 20, [wherein the instructions, when executed, further cause the computing system to, if the expected information is different than the external information for one or more digital certificates of the set of digital certificates], identify the one or more digital certificates to the user.
However, Rakshit teaches,
The one or more media of claim 20, [wherein the instructions, when executed, further cause the computing system to, if the expected information is different than the external information for one or more digital certificates of the set of digital certificates], identify the one or more digital certificates to the user. (Fig. 3(306), ¶50-¶51, “inform another entity of an issue with the certificate status of a website”, “instructing an administrator to correctly configure) a website's certificate”, “correctly configuring (or instructing an administrator to correctly configure) a trust seal or indicator utilized by the website (by, e.g., deploying an up-to-date or correct version)”, “remediation module 108 may notify an administrator of a website that the website's certificate has been revoked, has expired, or is about to expire (i.e., the website's certificate currently falls within a renewal window)”, ¶52, i.e. provides notification to an administrator (user) regarding issues (difference in external information)).

Regarding Claim 22, rejection of Claim 20 is included and for the same motivation Grebennikov does not teach explicitly,
The one or more media of claim 20, wherein the external information includes one or more of:
a configuration of a host server on which the digital certificate is installed; 
a Domain Name System (DNS) name of the host server; 
reverse DNS data to indicate an owner of the host server; 
an Internet Protocol (IP) address of the host server; or 
whether the host server uses compression.
However, Rakshit teaches,
a configuration of a host server on which the digital certificate is installed; 
a Domain Name System (DNS) name of the host server; (¶37, “certificate status information may identify a website's domain name and/or Internet Protocol (IP) address”)
reverse DNS data to indicate an owner of the host server; 
an Internet Protocol (IP) address of the host server;  (¶37, “certificate status information may identify a website's domain name and/or Internet Protocol (IP) address”) or 
whether the host server uses compression.

Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over Grebennikov et al. (US PGPUB. # US 2014/0095866, hereinafter “Grebennikov”), and further in view of Rakshit et al. (US PGPUB. # US 2015/0271171, hereinafter “Rakshit”), and further in view of Timothy G. Nye (US PGPUB. # US 2009/0070290, hereinafter “Nye”).

Regarding Claim 6, rejection of Claim 4 is included and combination of Grebennikov and Rakshit does not teach explicitly,
The method of claim 4, further comprising generating a map to indicate the physical location of the set of digital certificates.
However, Nye teaches,
The method of claim 4, further comprising generating a map to indicate the physical location of the set of digital certificates. (Fig. 10, ¶87).
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Nye with the invention of Grebennikov in view of Rakshit.
Grebennikov in view of Rakshit teaches, collecting internal and external information of certificate to identify a vulnerable certificate and collecting cipher suit information as an external information from a certificate. Nye teaches, displaying certificate on a map. Therefore, it would have been obvious to have displaying certificate on a map of Nye into the teachings of Grebennikov in view of Rakshit to locate the physical location of a certificate on a map using friendly user interface. KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 

Claims 8 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Grebennikov et al. (US PGPUB. # US 2014/0095866, hereinafter “Grebennikov”), and further in view of Rakshit et al. (US PGPUB. # US 2015/0271171, hereinafter “Rakshit”), and further in view of Vaid et al. (US PGPUB. # US 2015/0256345, hereinafter “Vaid”).
Regarding Claim 8, rejection of Claim 1 is included and combination of Grebennikov and Rakshit does not teach explicitly,
The method of claim 1, further comprising generating a removal request to be sent to a certificate authority to request removal of the one or more vulnerable digital certificates.
However, Vaid teaches,
The method of claim 1, further comprising generating a removal request to be sent to a certificate authority to request removal of the one or more vulnerable digital certificates. (¶20, Fig. 4(402, 406), ¶41).
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Vaid with the invention of Grebennikov in view of Rakshit.
Grebennikov in view of Rakshit teaches, collecting internal and external information of certificate to identify a vulnerable certificate and collecting cipher suit information as an external information from a certificate. Vaid teaches, request to certificate authority to KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 

Regarding Claim 18, rejection of Claim 15 is included and Grebennikov teaches, 
The one or more media of claim 15, wherein the instructions, when executed, further cause the computing system to: 
identify a vulnerable digital certificate based on the identified differences in the stored external information; (¶43, i.e. one or more vulnerable digital certificates are detected) and 
combination of Grebennikov and Rakshit does not teach explicitly,
generate a removal request to be sent to a certificate authority to request removal of the vulnerable digital certificate.
However, Vaid teaches,
generate a removal request to be sent to a certificate authority to request removal of the vulnerable digital certificate. (¶20, Fig. 4(402, 406), ¶41).
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
.
Grebennikov in view of Rakshit teaches, collecting internal and external information of certificate to identify a vulnerable certificate and collecting cipher suit information as an external information from a certificate. Vaid teaches, request to certificate authority to remove a compromised certificate. Therefore, it would have been obvious to have requesting to certificate authority to remove a compromised certificate of Vaid into the teachings of Grebennikov in view of Rakshit to identify and remove compromised certificate. KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 


Claim 11 is rejected under 35 U.S.C. 103 as being unpatentable over Grebennikov et al. (US PGPUB. # US 2014/0095866, hereinafter “Grebennikov”), and further in view of Rakshit et al. (US PGPUB. # US 2015/0271171, hereinafter “Rakshit”), and further in view of Stephen John Gallagher (US PGPUB. # US 2016/0173286, hereinafter “Gallagher”).

Regarding Claim 11, rejection of Claim 1 is included and combination of Grebennikov and Rakshit does not teach explicitly,
The method of claim 1, wherein the one or more vulnerable digital certificates include one or more non-production digital certificates that were not intended to be publicly used.
However, Gallagher teaches,
The method of claim 1, wherein the one or more vulnerable digital certificates include one or more non-production digital certificates that were not intended to be publicly used. (¶16, ¶21, ¶22, i.e. generated and used non-production certificate).
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Gallagher with the invention of Grebennikov in view of Rakshit.
Grebennikov in view of Rakshit teaches, collecting internal and external information of certificate to identify a vulnerable certificate and collecting cipher suit information as an external information from a certificate. Gallagher teaches a non-production certificate. Therefore, it would have been obvious to have a non-production certificate of Gallagher into the teachings of Grebennikov in view of Rakshit to identify compromised non-production certificates. KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 


Claims 13 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Grebennikov et al. (US PGPUB. # US 2014/0095866, hereinafter “Grebennikov”), and further in view of Rakshit et al. (US PGPUB. # US 2015/0271171, hereinafter “Rakshit”), and further in view of Eric Jason Brandwine (US PAT. # US 9,374,244, hereinafter “Brandwine”).

Regarding Claim 13, rejection of Claim 1 is included and combination of Grebennikov and Rakshit does not teach explicitly,
The method of claim 1, wherein the determining the external information includes determining the external information at different points in time, and wherein the running the query includes determining whether the external information has changed between the different points in time.
However, Brandwine teaches,
The method of claim 1, wherein the determining the external information includes determining the external information at different points in time, (Fig. 13(1308), CL(36), LN(8-23), i.e. historical DNS information indicated as determining external information at different points in time) and wherein the running the query includes determining whether the external information has changed between the different points in time. (Fig. 13(1310), CL(36), LN(24-32)).
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
.
Grebennikov in view of Rakshit teaches, collecting internal and external information of certificate to identify a vulnerable certificate and collecting cipher suit information as an external information from a certificate. Brandwine teaches determining whether external information regarding a certificate has changed over the time. Therefore, it would have been obvious to have determining whether external information regarding a certificate has changed over the time of Brandwine into the teachings of Grebennikov in view of Rakshit to determine if the certificate has expired, weak cryptographic algorithm. KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 

Regarding Claim 19, rejection of Claim 15 is included and combination of Grebennikov and Rakshit does not teach explicitly,
The one or more media of claim 15, wherein the instructions, when executed, cause the computing system to: 
determine the external information for the individual digital certificates at different points in time, 
determine that the external information for a first digital certificate has changed over time; and 
indicate to the user that the external information for the first digital certificate has changed over time.
However, Brandwine teaches,
determine the external information for the individual digital certificates at different points in time, (Fig. 13(1308), CL(36), LN(8-23), i.e. historical DNS information indicated as determining external information at different points in time)
determine that the external information for a first digital certificate has changed over time; (Fig. 13(1310), CL(36), LN(24-32)) and 
indicate to the user that the external information for the first digital certificate has changed over time. (Fig. 7(706), CL(13), LN(55-60), Fig. 12(1210), CL(33), LN(33-43), Fig. 12(1216), CL(34), LN(40)).
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Brandwine with the invention of Grebennikov in view of Rakshit.
Grebennikov in view of Rakshit teaches, collecting internal and external information of certificate to identify a vulnerable certificate and collecting cipher suit information as an external information from a certificate. Brandwine teaches determining whether external information regarding a certificate has changed over the time. Therefore, it would have been obvious to have determining whether external information regarding a certificate has changed over the time of Brandwine into the teachings of Grebennikov in view of Rakshit to determine if the certificate has expired, weak KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 

Claim 14 is rejected under 35 U.S.C. 103 as being unpatentable over Grebennikov et al. (US PGPUB. # US 2014/0095866, hereinafter “Grebennikov”), and further in view of Rakshit et al. (US PGPUB. # US 2015/0271171, hereinafter “Rakshit”), and further in view of Novack et al. (US PGPUB. # US 2006/0095923, hereinafter “Novack”).

Regarding Claim 14, rejection of Claim 1 is included and combination of Grebennikov and Rakshit does not teach explicitly,
The method of claim 1, wherein the running the query is to identify a plurality of servers or locations where a same digital certificate has been installed.
However, Novack teaches,
The method of claim 1, wherein the running the query is to identify a plurality of servers or locations where a same digital certificate has been installed. (¶65, “the servers for a particular geographic area should not all be taken out of service at the same time, even if the transaction tools (e.g., digital certificates) installed on the servers all expire at the same time”, i.e. identical digital certificates are installed on same geographic locations). 
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
.
Grebennikov in view of Rakshit teaches, collecting internal and external information of certificate to identify a vulnerable certificate and collecting cipher suit information as an external information from a certificate. Novack teaches determining identical certificates installed in same geographic location. Therefore, it would have been obvious to have determining identical certificates installed in same geographic location of Novack into the teachings of Grebennikov in view of Rakshit to identify fraudulent certificate.  KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.  Refer to PTO-892, Notice of References Cited for a listing of analogous art.
Boniface et al. (US PAT. # US 8,719,908) discloses, a digital certificate management system configured to consolidate information related to digital certificates across enterprise systems. In some implementations, the system may be configured to automate recurring harvesting of digital certificate information from current and/or future enterprise systems associated with one or more companies. The system may be configured to standardize the digital certificate information in a centralized database. The system may be configured to identify owners associated with individual digital 
Janjua et al. (US PGPUB. # US 2014/0283054) discloses, a computing device analyzes digital certificates received from various different sites (e.g., accessed via the Internet or other network) in order to automatically detect fraudulent digital certificates. The computing device maintains a record of the digital certificates it receives from these various different sites. A certificate screening service operating remotely from the computing device also accesses these various different sites and maintains a record of the digital certificates that the service receives from these sites. In response to a request to access a target site the computing device receives a current digital certificate from the target site. The computing device determines whether the current digital certificate is genuine or fraudulent based on one or more of previously received digital certificates for the target site, confirmation certificates received from the certificate screening service, and additional characteristics of the digital certificates and/or the target site.
Zhizhang Zhou (US PGPUB. # US 2015/0341353) discloses, a digital certificate of a user is collected. A digest computation of a collecting result of the digital certificate is performed to generate a digital certificate digest of the user. The digital certificate digest is cached. In response to an operation of the user, a service request containing the cached digital certificate digest is transmitted to a service server such that when a service corresponding to the service request is a service for which the digital certificate 
Jason Allen Sabin (US PGPUB. # US 2016/0277193) discloses, a Certificate detectors scan a network for certificate resource information and send the information to a certificate database. A correlation engine extracts and correlates this information. A ranker uses the information about the certificates and certificate authorities to generate and provide a security score and/or ranking. A requester may view the certificate ranking and/or and certificate authority ranking after passing a domain validation authorization. An Internet browser may obtain a security score and/or ranking for a certificate authority and, based on this information, may determine to trust or not trust some or all certificates issued by that certificate authority or to require corroborating evidence before trusting a certificate. 
Veladanda et al. (US PAT. # US 9,692,640) discloses, configuring a server to establish a secure network communication session. An application monitors one or more resource utilization metrics of the server. Upon determining that at least one of the monitored resource metrics satisfies a specified condition, an optimization algorithm is selected based on the resource metrics and a configuration of the server. The optimization algorithm determines an updated configuration of the server while maintaining the security at par or better. The selected optimization algorithm is 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DARSHAN I DHRUV whose telephone number is (571)272-4316.  The examiner can normally be reached on M-F 9:00 AM-5:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 571-272-8878.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/DARSHAN I DHRUV/          Primary Examiner, Art Unit 2498