DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This action is in response to the filing dated 06/28/2019. Claims 1-19 have been filed.

Priority
According to the Application Data Sheet, no priority has been claimed.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 06/28/2019, 02/03/2021 and 09/30/2021 are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Abstract Idea Analysis
Per 2019 Revised PEG for Electrical Arts:

Step 1) 
Claims 1, 10 and 19 are directed to one of the four categories of invention and therefore are subject matter eligible.

Step 2A: prong one) 
The method of claim 1, the apparatus of claim 10 and the CRM of claim 19 do not recite any limitation that may reasonably be construed as abstract because they don’t fall under any of the groupings of abstract idea defined in 2019 Revised PEG. In light of the specification, the claimed limitations are performed by a specialized computer/circuit/processor, i.e., special purpose computer-implemented instructions, for receiving digital certificates and verifying the received digital certificates to allow or disallow their usage. 
Therefore at the conclusion of Step 2A: prong one, claims 1-19 are determined as “patent eligible”.

Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  
Such claim limitation(s) are: 
When the certificate verifier is implemented by a logic circuit,
“a request generator to generate and transmit a certificate signing request (CSR)”, in claim 10.
OR
When the request generator is implemented by a logic circuit,
“a certificate verifier to evaluate a digital certificate received in response to the CSR, wherein the certificate verifier is configured to: 
determine whether the digital certificate is valid; 
when the digital certificate is valid, allow use of the digital certificate by the apparatus; and 
when the digital certificate is invalid, prohibit use of the digital certificate by the apparatus to protect the apparatus against negative impacts to functionality of the apparatus caused by the invalid digital certificate”, in claim 10,
“…the certificate verifier is configured to, when the digital certificate is invalid, notify a host of the invalidity, wherein the host is configured to track expiration dates of digital certificates”, in claim 11,
“…the certificate verifier is configured to determine the validity of the digital certificate by determining whether the digital certificate is based on an undesired encryption function”, in claim 13,
“…the certificate verifier is configured to determine the validity of the digital certificate by determining a size of a key associated with the digital certificate”, in claim 15,
“…the certificate verifier is configured to determine the validity of the digital certificate by determining whether a validity period of the digital certificate matches a time of the apparatus”, in claim 16, 
“…the certificate verifier is configured to determine the validity of the digital certificate by determining whether the digital certificate is a match with a private key of an asymmetric encryption scheme”, in claim 17, and 
“…rejecting the digital certificate and prohibiting storage of the digital certificate on the device”, in claim 18.

Because these claim limitation(s) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, they are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.

If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.

Examiner’s Note on Intended Use 
Per claims 1 and 10, “to continue operations despite receiving the invalid digital certificate” and “to protect the apparatus against negative impacts to functionality of the apparatus caused by the invalid digital certificate” respectively, are construed as intended use limitations. As such, if the prior art structure is capable of performing the intended use, then it anticipates the claimed intended use limitation. 
For examination, the intended use functional recitations have been considered but they carry less patentable weight. Positive recitations of the respective limitations are required for full patentable weight. 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

1.	Claims 1-3, 8, 10-12, 17 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Miyazawa, US2007/0005981A1 in view of Wyatt, US2017/0346853A1.

Per claim 1, Miyazawa discloses a method for use in a device configured to communicate using digital certificates, the method comprising: 
in response to a request, receiving a digital certificate for use in secure communications between the device and another device (When the print server 10 receives a CSR create request and CSR parameters from the administration PC 20, the print server 10 creates a CSR based on the received CSR parameters and transmits the CSR to the administration PC 20 – Miyazawa: par. 0099 – Note: Fig. 8).
Miyazawa is not relied to explicitly disclose but Wyatt discloses evaluating, using a logic circuit, the digital certificate to determine a validity of the digital certificate (a CSP (operating in any of modes (1), (2), or (3)) observes the server certificate chain information that is part of a TLS handshake protocol for a DESTHOST.  The CSP may determine, according to a policy 318 having a common use certificate checking qualifier, whether the certificate chain used matches one of the certificates used in an historical store of certificate information by DESTHOST, or matches certificate information for DESTHOST obtained by the CSP requesting current certificate information for DESTHOST from security server 320… policy 318 with a root level CA qualifier and a geographic coverage qualifier may be used by a CSP to determine whether a DESTHOST certificate or certificate chain observed in making a network connection to a destination host is allowed by the policy or not – Wyatt: par. 0210 and 0214); 
when the digital certificate is valid, allowing use of the digital certificate by the device (there may be user settings, or one or more administered policies … [that] specify … whitelists of certificates that are allowed to be used on a device – Wyatt: par. 0142-0143); and 
when the digital certificate is invalid, prohibiting use of the digital certificate by the device to enable the device to continue operations despite receiving the invalid digital certificate (If the policy does not allow for the combination of root level CA and the DESTHOST certificate, the CSP takes one or more actions, such as: displaying a warning on computing device 200, providing an option to disconnect the network connection, blocking or disallowing the network connection, providing a user of computing device 200 an option to continue using the network connection, switching to a different network connection, and sending anomaly information to security server 320 – Wyatt: par. 0214 – Note: blacklists of certificates that are not allowed to be used on a device (even though they are installed in the device's trusted certificate store)).
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Miyazawa in view of Wyatt to include evaluating, using a logic circuit, the digital certificate to determine a validity of the digital certificate; when the digital certificate is valid, allowing use of the digital certificate by the device; and when the digital certificate is invalid, prohibiting use of the digital certificate by the device to enable the device to continue operations despite receiving the invalid digital certificate.
One of ordinary skill in the art would have been motivated because it would allow “to ensure that a computing device is configured according to a policy that prevents or reduces the threat of a Man in The Middle (MITM) attack” and “to be able to detect the possibility or actuality of a MITM attacker, and to respond with warnings to a computing device or user or enterprise console or administrator, or to block insecure communications” – Wyatt: par. 0004.

Per claim 10, Miyazawa discloses an apparatus comprising: 
a request generator to generate and transmit a certificate signing request (CSR) (When the print server 10 receives a CSR create request and CSR parameters from the administration PC 20, the print server 10 creates a CSR based on the received CSR parameters and transmits the CSR to the administration PC 20 – Miyazawa: par. 0099 – Note: Fig. 8). 
Miyazawa is not relied to explicitly disclose but Wyatt discloses a certificate verifier to evaluate a digital certificate received in response to the CSR, wherein the certificate verifier is configured to: determine whether the digital certificate is valid (a CSP (operating in any of modes (1), (2), or (3)) observes the server certificate chain information that is part of a TLS handshake protocol for a DESTHOST.  The CSP may determine, according to a policy 318 having a common use certificate checking qualifier, whether the certificate chain used matches one of the certificates used in an historical store of certificate information by DESTHOST, or matches certificate information for DESTHOST obtained by the CSP requesting current certificate information for DESTHOST from security server 320… policy 318 with a root level CA qualifier and a geographic coverage qualifier may be used by a CSP to determine whether a DESTHOST certificate or certificate chain observed in making a network connection to a destination host is allowed by the policy or not – Wyatt: par. 0210 and 0214); 
when the digital certificate is valid, allow use of the digital certificate by the apparatus (there may be user settings, or one or more administered policies … specify one or more of: whitelists of certificates that are allowed to be used on a device – Wyatt: par. 0142-0143); and 
when the digital certificate is invalid, prohibit use of the digital certificate by the apparatus to protect the apparatus against negative impacts to functionality of the apparatus caused by the invalid digital certificate (If the policy does not allow for the combination of root level CA and the DESTHOST certificate, the CSP takes one or more actions, such as: displaying a warning on computing device 200, providing an option to disconnect the network connection, blocking or disallowing the network connection, providing a user of computing device 200 an option to continue using the network connection, switching to a different network connection, and sending anomaly information to security server 320 – Wyatt: par. 0214 – Note: blacklists of certificates that are not allowed to be used on a device (even though they are installed in the device's trusted certificate store)), wherein at least one of the request generator and the certificate verifier is implemented by a logic circuit  (In an embodiment, CSP 310 may perform all the processing for such a service entirely on computing device 200.  In an embodiment, the CSP may offload the processing for such a service to security server 320, by sending all or a portion of the SSL intercepted data to security server 320.  In this embodiment, the CSP may receive a response message from the server indicating a disposition of the connection or content, e.g., should it be allowed or blocked, should the user or a remote administrator be warned, etc. – Wyatt: par. 0125).
Therefore, claim 10 is rejected based on the same analysis and motivation to combine as set forth in the rejection of claim 1 above. 

Per claim 19, Miyazawa discloses a machine-readable storage device comprising instructions that, when executed, cause a machine to at least: 
in response to a request, receive a digital certificate for use in secure communications between the device and another device (When the print server 10 receives a CSR create request and CSR parameters from the administration PC 20, the print server 10 creates a CSR based on the received CSR parameters and transmits the CSR to the administration PC 20 – Miyazawa: par. 0099 – Note: Fig. 8).  
evaluate, using a logic circuit, the digital certificate to determine a validity of the digital certificate (a CSP (operating in any of modes (1), (2), or (3)) observes the server certificate chain information that is part of a TLS handshake protocol for a DESTHOST.  The CSP may determine, according to a policy 318 having a common use certificate checking qualifier, whether the certificate chain used matches one of the certificates used in an historical store of certificate information by DESTHOST, or matches certificate information for DESTHOST obtained by the CSP requesting current certificate information for DESTHOST from security server 320… policy 318 with a root level CA qualifier and a geographic coverage qualifier may be used by a CSP to determine whether a DESTHOST certificate or certificate chain observed in making a network connection to a destination host is allowed by the policy or not – Wyatt: par. 0210 and 0214); 
when the digital certificate is valid, allow use of the digital certificate by the device (there may be user settings, or one or more administered policies … specify one or more of: whitelists of certificates that are allowed to be used on a device – Wyatt: par. 0142-0143); and 
when the digital certificate is invalid, prevent use of the digital certificate by the device (If the policy does not allow for the combination of root level CA and the DESTHOST certificate, the CSP takes one or more actions, such as: displaying a warning on computing device 200, providing an option to disconnect the network connection, blocking or disallowing the network connection, providing a user of computing device 200 an option to continue using the network connection, switching to a different network connection, and sending anomaly information to security server 320 – Wyatt: par. 0214 – Note: blacklists of certificates that are not allowed to be used on a device (even though they are installed in the device's trusted certificate store)).
Therefore, claim 10 is rejected based on the same analysis and motivation to combine as set forth in the rejection of claim 1 above. 

Per claims 2 and 11, Miyazawa-Wyatt discloses features of claims 1 and 10, further comprising, when the digital certificate is invalid, notifying a host of the invalidity, wherein the host is configured to track expiration dates of digital certificates (CSP 310 may inspect the certificates for anomalies (such as invalid values in certificate fields, or expired certificates) and may interrogate locally cached or remote certificate revocation list information.  In an embodiment, anomalies in certificates may be reported to security server 320, and CSP 310 may display a warning on computing device 200, or break the network connection, or a combination thereof – Wyatt: par. 0188).
The same motivation to modify Miyazawa in view of Wyatt applied to claim 1 above applies here.

Per claims 3 and 12, Miyazawa-Wyatt discloses features of claims 1 and 10, wherein the digital certificate includes a public key of an asymmetric encryption scheme (Electronic signature using public key method is generated by encrypting a hash value object data using a private key, so a public key corresponding to the private key is necessary to verify the electronic signature. Because the public key itself does not contain information of the key holder, a reliable third-party issues a public key certificate which attests that the public key contained in the certificate belongs to the person noted in the certificate.  Here, the reliable third-party that issues a certificate is called a certificate authority (CA) – Miyazawa: par. 0006 – Note: public key certificate by definition uses an asymmetric encryption scheme).

Per claims 8 and 17, Miyazawa-Wyatt discloses features of claims 1 and 10, wherein determining the validity of the digital certificate comprises determining whether the digital certificate is a match with a private key of an asymmetric encryption scheme (The server certificate 10c is a public key certificate which verifies that the server private key 10p corresponds to identification information, such as IP address a host name, FQDN (Fully Qualified Domain Name) of the print server 10… the client PC 30 receives a server certificate 10c from the print server 10, a confirm process of the identity of the print server 10 by verifying an electronic signature of the server certificate 10c using the CA certificate 40c stored in the storage unit 38 (in particular, a public key of CA 40) is executed – Miyazawa: par. 0069 and 0091).

2.	Claims 4-5 and 13-14 are rejected under 35 U.S.C. 103 as being unpatentable over Miyazawa, US2007/0005981A1 in view of Wyatt, US2017/0346853A1 as applied to claims 1 and 10 above, and further in view of Popoveniuc, US10,454,690B1.

Per claims 4 and 13, Miyazawa-Wyatt discloses features of claims 1 and 10.
Miyazawa or Wyatt is not relied on to disclose but Popoveniuc discloses wherein determining the validity of the digital certificate comprises determining whether the digital certificate is based on an undesired encryption function (if the digital certificate 104 utilizes an encryption algorithm that is outdated or has been compromised, the certificate authority 106 can then determine not to update the usage information (e.g., extend the validity range).  The certificate authority 106, client computer system 108, or other entity may perform a check of the digital certificate 104 to determine if the usage information should be updated to extend the use of the digital certificate – Popoveniuc: col. 6, lines 9-17).
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Miyazawa-Wyatt further in view of Popoveniuc to include wherein determining the validity of the digital certificate comprises determining whether the digital certificate is based on an undesired encryption function.
One of ordinary skill in the art would have been motivated because it would allow to verify “the information contained in the digital certificate by verifying the signatures in the chain of trust and by verifying that the certificate is still valid” – Popoveniuc: col. 2, lines 30-37.

Per claims 5 and 14, Miyazawa-Wyatt-Popoveniuc discloses features of claims 4 and 13, wherein the undesired encryption function is a type of hash function (Electronic signature using public key method is generated by encrypting a hash value object data using a private key, so a public key corresponding to the private key is necessary to verify the electronic signature – Miyazawa: par. 0006).
In the alternative where Miyazawa does not anticipate “wherein the undesired encryption function is a type of hash function”, Popoveniuc discloses wherein the undesired encryption function is a type of hash function (The certificate signature algorithm 430 is an identifier that identifies an algorithm used to generate the certificate signature 432…The certificate signature 432 is generated by the entity identified by the subject name 414, using a private key associated with the subject public key information 416 – Popoveniuc: col. 10, lines 63-67 and col. 11, lines 1-3 – Note: a signature algorithm is equivalent to a hash function, wherein only a private key associated with the subject public key information produces the desired/valid signature).
The same motivation to modify Miyazawa-Wyatt further in view of Popoveniuc applied to claim 4 above applies here.

3.	Claims 6-7 and 15-16 are rejected under 35 U.S.C. 103 as being unpatentable over Miyazawa, US2007/0005981A1 in view of Wyatt, US2017/0346853A1 as applied to claims 1 and 10 above, and further in view of Nix, US2020/0162247A1 (provisional: 62/767,585 is being relied for priority date support).

Per claims 6 and 15, Miyazawa-Wyatt discloses features of claims 1 and 10.
 Miyazawa or Wyatt is not relied on to disclose but Nix (provisional) discloses wherein determining the validity of the digital certificate comprises determining a size of a key associated with the digital certificate (Certificate authority (CA) public key 131 can be utilized by TRE 113 to verify digital signatures received where the digital signature was generated and signed with a CA private key, such as a certificate for a server. CA public key parameters 104a’ can specify the parameters for using the CA public key 131, where parameters 104a’ can be a subset of the parameters 104 supported by cryptographic algorithms 141. Exemplary parameters 104 are depicted and described in connection with Figure 4 below, such as specifying a key length, digital signature algorithm 141d and secure hash algorithm 141c to utilize, etc. – Nix (provisional): page 46, lines 10-17 – Note: Tamper resistant element (TRE) 113 can comprise a tamper resistant element that comprises a silicon enclave within a tamper resistant chip such as a “system on chip” as depicted in Figure 1b. TRE 113 can include a primary platform (PP) 101… TRE 113 and PP 101 can support a variety of applications… Each of the applications can be operated by a firmware 106 running within TRE 113 on PP 101 – See pages 14-15).
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Miyazawa-Wyatt further in view of Nix to include wherein determining the validity of the digital certificate comprises determining whether the digital certificate is based on an undesired encryption function.
One of ordinary skill in the art would have been motivated because it would allow “to securely receive updated firmware in order to support currently evolving standards and features for the operation of a primary platform or SSP and supported applications” – Nix (provisional): page 3, lines 24-26.

Per claims 7 and 16, Miyazawa-Wyatt discloses features of claims 1 and 10.
Miyazawa or Wyatt is not relied on to disclose but Nix (provisional) discloses wherein determining the validity of the digital certificate comprises determining whether a validity period of the digital certificate matches a time of the apparatus (The timing of processor 113b and data bus 109d can be driven by a clock… A seed 128b for random number generator 128 could comprise a plurality of data from within TRE 113 appended together in order to accumulate information entropy.  To acquire the seed 128, TRE 113 could collect a plurality of transducer 113z measurements or states, radio 113z measurements, clock times or values for CPU 113b, RAM 113e or memory 109g states, etc. In exemplary embodiments, random number generator 128 can include a secure hash algorithm operating on the random number seed…Random number generator 128 could also be used to derive PM keys for TRE in support of the operation of a firmware 106, where firmware 106 could conduct cryptographic operations for an application on device 102 – Nix (provisional): page 40, lines 1-8 and page 42, lines 23-33).
The same motivation to modify Miyazawa-Wyatt further in view of Nix applied to claim 6 above applies here.

4.	Claims 9 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Miyazawa, US2007/0005981A1 in view of Wyatt, US2017/0346853A1 as applied to claims 1 and 10 above, and further in view of Adams, US2007/02600874A1.
	
Per claims 9 and 18, Miyazawa-Wyatt discloses features of claims 1 and 10.
Miyazawa or Wyatt is not relied on to disclose but Adams discloses wherein prohibiting use of the digital certificate by the device includes rejecting the digital certificate and prohibiting storage of the digital certificate on the device (In an example implementation of a second type, instead of temporarily downloading all of the certificates located in the search to the computing device in the first instance, only certain data needed to generate the list of certificates located in the search may be initially downloaded to the computing device…Only after the user selects one or more specific certificates from the list are any certificates downloaded (i.e. the user-selected ones) to the computing device for storage… Without first knowing the status of any given certificate identified in a list of search results, a user may unknowingly select a revoked or expired certificate from the list to be downloaded to the computing device. To prevent this occurrence, each certificate located in the search and not stored on the computing device might be, at least temporarily, downloaded to the computing device in its entirety.  This would facilitate a determination of each certificate's status at the computing device so that the user can be informed prior to selecting certificates to be stored for future use – Adams: par. 0003-0004).
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Miyazawa-Wyatt further in view of Adams to include wherein prohibiting use of the digital certificate by the device includes rejecting the digital certificate and prohibiting storage of the digital certificate on the device.
One of ordinary skill in the art would have been motivated because it would allow “facilitate a determination of each certificate's status at the computing device so that the user can be informed prior to selecting certificates to be stored for future use” – Adams: 0004.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Thornton (US2005/0076201A1) discloses a certificate renewal system including facilities for automating certificate signing, wherein as expiring certificates are identified, they may be presented to an administrator for renewal.  If it is desired to continue use of particular certificates or servers, an administrator may select those for certificate renewal.  A new certificate signing request is generated, either locally or remotely, for example at the server to receive the certificate.  If a CSR is generated locally, the generation uses the identity of the destination server.  If desired, the CSR may then be sent to a CSR for signing.  Alternatively, if a root or intermediate root certificate is to be used and is available locally, the renewal system may sign and issue the certificate.
Kim (US9641344B1) discloses identity certificates commonly used to verify the identity of an end entity.  For example, a service may use a certificate to verify the identity of end entity, wherein a certificate may be used to generate an authenticated and secure communication channel between an end entity and a service via a service node without the use of shared keys or user ID/password entry. A device management system 1110 provides a Wi-Fi settings profile and the identity certificate to the end entity for it to establish a Wi-Fi connection to a Wi-Fi AP 1130.  The Wi-Fi AP 1130 validates the cryptographically-obscured MAC address stored in the certificate's subject alternative name field with the Wi-Fi AP 1130 from the Wi-Fi settings profile.  If the two MAC address values match, the identity of the end entity is validated.

Fu (US2011/0113239A1) discloses a certificate manager implements a customizable profile framework to apply policies for incoming certificate requests and to control input request types and output certificate types using a profile framework renewal module.  The profile framework, also referred to as an enrollment profile framework, is used to approve and issue certificates according to the selected profile, and is implemented by the profile framework renewal module.  There are two main types of certificate profiles in the profile framework--enrollment request profiles and renewal request profiles.  Enrollment is the process for requesting and receiving an issued certificate.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to AREZOO SHERKAT whose telephone number is (571)272-8533. The examiner can normally be reached Monday - Friday 8:30-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jung Kim can be reached on 571 - 272 - 3804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/AREZOO SHERKAT/            Examiner, Art Unit 2494