DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is in response to the application 16/747792 filed on 01/21/2020.
Claims 1-20 have been examined and are pending in this application. 

Information Disclosure Statement
The information disclosure statement (IDS), submitted on 05/06/2020, is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

Claims 1-7 are interpreted under 35 U.S.C. 112(f) or Pre-AIA  35 U.S.C. 112, sixth paragraph, as reciting means-plus functions.


As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a
rebuttable presumption that the claim limitation is to be treated in accordance with 35
U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim
limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth
paragraph, is rebutted when the claim limitation recites sufficient structure, material, or
acts to entirely perform the recited function. 

Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitation(s) is/are: “a proxy system [] configured to determine,” “a certificate expiration monitor [] configured to generate,” “data processing system is configured to receive,” “the proxy system is configured to receive,” and “the proxy system is configured to determine” recited in claims 1-7.
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person.


This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Goeringer et al. (“Goeringer,” US 2020/0059372), published on February 20, 2020, in view of LLOYD et al. (“Lloyd,” US 2016/0315777), published on October 27, 2016.

Regarding claim 1: Goeringer discloses a system for data processing, comprising:
a plurality of data processing systems, each associated with 5a user (Goeringer: ¶0069 one or more electronic or computing devices. Such devices typically include a processor, processing device, or controller [...] and/or any other circuit or processing device capable of executing the functions); 
a proxy system operating on a processor and configured to determine whether an expiration associated with the anchor certificate for each data processing system is within a predetermined time of expiration (Goeringer: ¶0045 in the case of a PKI Subscriber already having a valid (but expiring) Certificate, system 100 is enabled to not only automatically renew the expiring Certificate, but also to issue the renewed Certificate issued online at nearly the same security level as used to protect keys for the expiring Certificate [...] the renewal Certificate is issued prior to expiration of the expiring Certificate; ¶0046 the proactive management alerts may be further enhanced through leveraging of custom extensions, such as "use before", "use after", or other custom extensions that enable proactive management of the timing of Certificate renewals prior to expiration); and
10a certificate expiration monitor operating on the processor and configured to generate a certificate signing request in response to the determination that the expiration associated with the anchor certificate for each data processing system is within the predetermined time of expiration (Goeringer: ¶0042 at step S120, subscriber 106 submits a Certificate Signing Request (CSR, e.g., a message conveying a request to have a Certificate issued) to RA 104 for approval thereby).
Goeringer does not explicitly disclose data processing systems having an anchor certificate.
However, Lloyd discloses data processing systems having an anchor certificate (Lloyd: ¶0054 company A's trust anchor 610 (e.g., its root certificate authority) [...] company B's trust anchor 620 (e.g., its root certificate authority)).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate teaching of Lloyd with the system and method of Goeringer to include data processing systems having an anchor certificate to provide user with a means for allowing trust anchor certificates to autonomously handle pushed certificates, cross-signing with new chains, and a transition between old and new certificate chains and trust anchors (Lloyd: ¶0015).

Regarding claim 2: Goeringer in view of Lloyd discloses the system of claim 1.
Lloyd further discloses wherein each data processing system is configured to receive a new anchor certificate and to replace a previous anchor certificate with the new anchor certificate (Lloyd: ¶0041 end entities 230 and other devices can periodically (e.g., once a day, week, etc.) poll for third party certificate authority 240 (also known as a caRepository endpoint) for replacement (or updated) certificates; ¶0044 a trust anchor may need to be replaced. To replace a certificate that identifies root certificate authority 210 (e.g., a trust anchor), root certificate authority 210 can send a PKCS #10 file to request three certificates from third party certificate authority 240).
The motivation is the same that of claim 1 above.

20 Regarding claim 3: Goeringer in view of Lloyd discloses the system of claim 1.
Lloyd further discloses wherein the proxy system is configured to receive a new anchor certificate for each data processing system and to replace a previous anchor certificate with the new anchor certificate (Lloyd: ¶0018 intermediate certificate authorities can be updated using standard RFC 5280 extensions; ¶0031 intermediate certificate authority 220 can refer to its parent, using what is sometimes referred to as a cascade update process. In such a process, root certificate authority 210 can perform a root certificate update algorithm, after which an intermediate certificate authority 220 can pull an updated certificate from root certificate authority 210).
The motivation is the same that of claim 1 above.

25Regarding claim 4: Goeringer in view of Lloyd discloses the system of claim 1.
Lloyd further discloses wherein the proxy system is configured to determine a validity of the anchor certificate for each data processing system (Lloyd: ¶0033 intermediate certificate authority 220 can update its certificate, or change certificates that it has previously issued [...] intermediate certificate authority 220 can reissue all certificates that are associated with it, and re-sign them as required).
The motivation is the same that of claim 1 above.

Regarding claim 5: Goeringer in view of Lloyd discloses the system of claim 1.
Goeringer further discloses wherein the proxy system is configured to determine a validity of the anchor certificate for each data processing system in accordance with RFC 5280 Internet X.509 Public Key Infrastructure Certificate (Goeringer: ¶0029 existing Certificate processes that leverage existing RFC 5280-compliant processes (i.e., according to Internet X.509 Public Key Infrastructure Certificate).

Regarding claim 6: Goeringer in view of Lloyd discloses the system of claim 1.
Goeringer further discloses wherein the proxy system is configured to determine a validity of the anchor certificate for each data processing system in accordance with RFC 5280 Internet X.509 Public Key Infrastructure Certificate and a Certificate 10Revocation List (CRL) Profile (Goeringer: ¶0029 the present embodiments are fully compatible with existing Certificate processes that leverage existing RFC 5280-compliant processes (i.e., according to Internet X.509 Public Key Infrastructure Certificate and CRL Profile).

Regarding claim 7: Goeringer in view of Lloyd discloses the system of claim 4.
Lloyd further discloses wherein the proxy system is configured to receive a new anchor certificate for each data processing system and to replace a previous anchor certificate 15with the new anchor certificate after determining the validity of the anchor certificate (Lloyd: ¶0018 intermediate certificate authorities can be updated using standard RFC 5280 extensions; ¶0031 root certificate authority 210 can perform a root certificate update algorithm, after which an intermediate certificate authority 220 can pull an updated certificate from root certificate authority 210; ¶0061 security policies might mandate that end entity certificates are replaced once a week, month, year, etc.).
The motivation is the same that of claim 1 above.

Regarding claim 8: Goeringer discloses a method for data processing, comprising:
a plurality of data processing systems, wherein each data processing system is 5associated with a user (Goeringer: ¶0069 one or more electronic or computing devices. Such devices typically include a processor, processing device, or controller [...] and/or any other circuit or processing device capable of executing the functions);
determining with a proxy system operating on a processor whether an expiration associated with the anchor certificate for each data processing system is within a predetermined time of expiration (Goeringer: ¶0045 in the case of a PKI Subscriber already having a valid (but expiring) Certificate, system 100 is enabled to not only automatically renew the expiring Certificate, but also to issue the renewed Certificate issued online at nearly the same security level as used to protect keys for the expiring Certificate [...] the renewal Certificate is issued prior to expiration of the expiring Certificate; ¶0046 the proactive management alerts may be further enhanced through leveraging of custom extensions, such as "use before", "use after", or other custom extensions that enable proactive management of the timing of Certificate renewals prior to expiration); and
10generating a certificate signing request with a certificate expiration monitor operating on the processor in response to the determination that the expiration associated with the anchor certificate for each data processing system is within the predetermined time of expiration (Goeringer: ¶0042 at step S120, subscriber 106 submits a Certificate Signing Request (CSR, e.g., a message conveying a request to have a Certificate issued) to RA 104 for approval thereby).
Goeringer does disclose one or more electronic or computing devices but does not explicitly disclose receiving an anchor certificate from each of a plurality of data processing systems.
However, Lloyd discloses receiving an anchor certificate from each of a plurality of data processing systems (Lloyd: ¶0056 the certificates are signed at the root level, and Company A can sign and push out intermediate certificates for Company B).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate teaching of Lloyd with the system and method of Goeringer to include receiving an anchor certificate from each of a plurality of data processing systems to provide user with a means for allowing trust anchor certificates to autonomously handle pushed certificates, cross-signing with new chains, and a transition between old and new certificate chains and trust anchors (Lloyd: ¶0015).

Regarding claim 9: Goeringer in view of Lloyd discloses the method of claim 8.
Lloyd further discloses receiving a new anchor certificate with each data processing system (Lloyd: ¶0041 end entities 230 and other devices can periodically (e.g., once a day, week, etc.) poll for third party certificate authority 240 (also known as a caRepository endpoint) for replacement (or updated) certificates); and
replacing with each data processing system a previous anchor 20certificate with the new anchor certificate (Lloyd: ¶0044 a trust anchor may need to be replaced. To replace a certificate that identifies root certificate authority 210 (e.g., a trust anchor), root certificate authority 210 can send a PKCS #10 file to request three certificates from third party certificate authority 240).
The motivation is the same that of claim 8 above.
  
Regarding claim 10: Goeringer in view of Lloyd discloses the method of claim 8.
Lloyd further discloses receiving a new anchor certificate for each data processing system using the proxy system; and 25replacing a previous anchor certificate with the new anchor certificate (Lloyd: ¶0018 intermediate certificate authorities can be updated using standard RFC 5280 extensions; ¶0031 intermediate certificate authority 220 can refer to its parent, using what is sometimes referred to as a cascade update process. In such a process, root certificate authority 210 can perform a root certificate update algorithm, after which an intermediate certificate authority 220 can pull an updated certificate from root certificate authority 210).
The motivation is the same that of claim 8 above.
 
Regarding claim 11: Goeringer in view of Lloyd discloses the method of claim 8.
Lloyd further discloses determining a validity of the anchor certificate for each data processing system 30using the proxy system (Lloyd: ¶0033 intermediate certificate authority 220 can update its certificate, or change certificates that it has previously issued [...] intermediate certificate authority 220 can reissue all certificates that are associated with it, and re-sign them as required).
The motivation is the same that of claim 8 above.

Regarding claim 12: Goeringer in view of Lloyd discloses the method of claim 8.
Goeringer further discloses determining a validity of the anchor certificate for each data processing system using the proxy system in accordance with RFC 5280 Internet X.509 Public Key Infrastructure Certificate (Goeringer: ¶0029 existing Certificate processes that leverage existing RFC 5280-compliant processes (i.e., according to Internet X.509 Public Key Infrastructure Certificate).

Regarding claim 13: Goeringer in view of Lloyd discloses the method of claim 8.
Goeringer further discloses determining a validity of the anchor certificate for each data processing system wherein the proxy system in accordance with RFC 5280 Internet X.509 Public Key Infrastructure Certificate and a Certificate Revocation 10List (CRL) Profile (Goeringer: ¶0029 the present embodiments are fully compatible with existing Certificate processes that leverage existing RFC 5280-compliant processes (i.e., according to Internet X.509 Public Key Infrastructure Certificate and CRL Profile).

Regarding claim 14: Goeringer in view of Lloyd discloses the method of claim 11.
Lloyd further discloses receiving a new anchor certificate for each data processing system with the proxy system and replacing a previous anchor certificate with the 15new anchor certificate after determining the validity of the anchor certificate (Lloyd: ¶0018 intermediate certificate authorities can be updated using standard RFC 5280 extensions; ¶0031 root certificate authority 210 can perform a root certificate update algorithm, after which an intermediate certificate authority 220 can pull an updated certificate from root certificate authority 210; ¶0061 security policies might mandate that end entity certificates are replaced once a week, month, year, etc.).
The motivation is the same that of claim 8 above.  

Regarding claim 15: Goeringer discloses a data memory device storing algorithmic instructions that cause a processor to perform the steps of:
a plurality of data processing systems, wherein each data processing system is 5associated with a user (Goeringer: ¶0069 one or more electronic or computing devices. Such devices typically include a processor, processing device, or controller [...] and/or any other circuit or processing device capable of executing the functions);
determining with a proxy system operating on a processor whether an expiration associated with the anchor certificate for each data processing system is within a predetermined time of expiration (Goeringer: ¶0045 in the case of a PKI Subscriber already having a valid (but expiring) Certificate, system 100 is enabled to not only automatically renew the expiring Certificate, but also to issue the renewed Certificate issued online at nearly the same security level as used to protect keys for the expiring Certificate [...] the renewal Certificate is issued prior to expiration of the expiring Certificate; ¶0046 the proactive management alerts may be further enhanced through leveraging of custom extensions, such as "use before", "use after", or other custom extensions that enable proactive management of the timing of Certificate renewals prior to expiration); and
10generating a certificate signing request with a certificate expiration monitor operating on the processor in response to the determination that the expiration associated with the anchor certificate for each data processing system is within the predetermined time of expiration (Goeringer: ¶0042 at step S120, subscriber 106 submits a Certificate Signing Request (CSR, e.g., a message conveying a request to have a Certificate issued) to RA 104 for approval thereby).
Goeringer does disclose one or more electronic or computing devices but does not explicitly disclose receiving an anchor certificate from each of a plurality of data processing systems.
However, Lloyd discloses receiving an anchor certificate from each of a plurality of data processing systems (Lloyd: ¶0056 the certificates are signed at the root level, and Company A can sign and push out intermediate certificates for Company B).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate teaching of Lloyd with the system and method of Goeringer to include receiving an anchor certificate from each of a plurality of data processing systems to provide user with a means for allowing trust anchor certificates to autonomously handle pushed certificates, cross-signing with new chains, and a transition between old and new certificate chains and trust anchors (Lloyd: ¶0015).

Regarding claim 16: Goeringer in view of Lloyd discloses the data memory device of claim 15.
Lloyd further discloses the algorithmic instructions further comprise receiving a new anchor certificate with each data processing system (Lloyd: ¶0041 end entities 230 and other devices can periodically (e.g., once a day, week, etc.) poll for third party certificate authority 240 (also known as a caRepository endpoint) for replacement (or updated) certificates); and
20replacing with each data processing system a previous anchor certificate with the new anchor certificate (Lloyd: ¶0044 a trust anchor may need to be replaced. To replace a certificate that identifies root certificate authority 210 (e.g., a trust anchor), root certificate authority 210 can send a PKCS #10 file to request three certificates from third party certificate authority 240).
The motivation is the same that of claim 15 above.

Regarding claim 17: Goeringer in view of Lloyd discloses the data memory device of claim 15.
Lloyd further discloses the algorithmic instructions further comprise  25receiving a new anchor certificate for each data processing system using the proxy system; and replacing a previous anchor certificate with the new anchor certificate (Lloyd: ¶0018 intermediate certificate authorities can be updated using standard RFC 5280 extensions; ¶0031 intermediate certificate authority 220 can refer to its parent, using what is sometimes referred to as a cascade update process. In such a process, root certificate authority 210 can perform a root certificate update algorithm, after which an intermediate certificate authority 220 can pull an updated certificate from root certificate authority 210).
The motivation is the same that of claim 15 above.  

Regarding claim 18: Goeringer in view of Lloyd discloses the data memory device of claim 15.
Lloyd further discloses wherein the algorithmic instructions further comprise determining a validity of the anchor certificate for each data processing system using the proxy system (Lloyd: ¶0033 intermediate certificate authority 220 can update its certificate, or change certificates that it has previously issued [...] intermediate certificate authority 220 can reissue all certificates that are associated with it, and re-sign them as required).
The motivation is the same that of claim 15 above.

Regarding claim 19: Goeringer in view of Lloyd discloses the data memory device of claim 15.
Goeringer further discloses wherein the algorithmic instructions further comprise determining a validity of the anchor certificate for each data processing system using the proxy system in accordance with RFC 5280 Internet X.509 Public 10Key Infrastructure Certificate (Goeringer: ¶0029 existing Certificate processes that leverage existing RFC 5280-compliant processes (i.e., according to Internet X.509 Public Key Infrastructure Certificate).

Regarding claim 20: Goeringer in view of Lloyd discloses the data memory device of claim 15.
Goeringer further discloses wherein the algorithmic instructions further comprise determining a validity of the anchor certificate for each data processing system wherein 15the proxy system in accordance with RFC 5280 Internet X.509 Public Key Infrastructure Certificate and a Certificate Revocation List (CRL) Profile (Goeringer: ¶0029 the present embodiments are fully compatible with existing Certificate processes that leverage existing RFC 5280-compliant processes (i.e., according to Internet X.509 Public Key Infrastructure Certificate and CRL Profile).


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Fahimeh Mohammadi whose telephone number is (571)270-7857. The examiner can normally be reached Monday - Friday 9:00 - 5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on 5712705002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/FAHIMEH MOHAMMADI/    Examiner, Art Unit 2439