Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Detail Action
This office action is response to the application 17/021,232 filed on 09/15/2020. Claims 1-18 are pending in this communication.

Priority
This application claims priority from US provisional application 62/990,089 03/16/2020. Priority date has been accepted. 

Examiner’s Note
The examiner is requesting the applicant’s representative to provide direct phone number and email address in next communication, which will be very helpful to advance the prosecution.
The Examiner used figures, paragraph and line numbers from the instant application’s pre-grant publication or pdf copy of allowance. In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
italicized are claims; the text that are in bold are reference citations (with some obvious exception); the text is neither italicized nor bolded are by the examiner.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1, 5, 6 & 8 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by YANG; Xiangying, Pub. No.: US 2017/0279619 A1.

Regarding Claim 1, YANG anticipated a non-transitory storage medium storing instructions readable and executable by an electronic processor of a first entity to cause the first entity {Fig. 1A, 2A, 2 (for architecture of referenced entities) & claim 12, “a processor, wherein the memory includes instructions that when executed by the processor cause the server apparatus to publish a plurality of certificate revocation lists (CRLs) by performing operations”} to:
store an issuer digital certificate published by a certificate authority (CA) {Fig. 2 element 130 – ‘CA’, element 140 – ‘root CA’} and a first entity {element 120 – ‘delivery server’} digital certificate {Fig. 1A element 123} signed by the issuer certificate {[0040], “OCSP is an … IETF protocol specified by RFC 6960. OCSP stapling (see IETF RFC 6066) is an extension of OCSP. OCSP stapling allows the presenter of a certificate to provide a timestamped OCSP response signed by a CA to the party seeking the certificate. An eUICC or SE can use OCSP stapling as a trust verification technique in order to reduce or eliminate storage of trusted certificates (public keys) and/or CRLs”};
store an old issuer digital certificate published by the CA prior to publication of the issuer digital certificate and an old first entity digital certificate signed by the old issuer digital certificate {Fig. 8 &  [0110], “The new hash value does not immediately overwrite an old hash value. In some embodiments, there is a transition period or overlapping time period during which both the old and new public key—private key pairs of the CA 130 or of the eSIM server 180, and thus both the old and new certificates, of the CA 130 or of the eSIM server 180 are valid”};
attempt to initiate a secure communication session {[0011], “An eUICC housed in a device trusts the device as a transport pathway. For example, this includes trusting the device to deliver to the eUICC, for example, an SMS message from a server requesting establishment of a hypertext transport protocol, secure (HTTPS) connection between the server and the eUICC”} with a second entity {Fig. 2 element 100 – ‘device / EUICC’} via an electronic network {[0084], “FIG. 2 illustrates an exemplary network system 200. … The CA 130, the delivery server 120, the delivery server 160, and/or the root CA 140, for example, can communicate with the eUICC 100 through the Internet 240”} by operations including receiving a second entity digital certificate from the second entity via the electronic network {[0110], “At Action 11, the eUICC 100, in some embodiments, performs an authentication check on the signature part 504 of a certificate received in the message 803} and sending either the first entity digital certificate or the old first entity digital certificate to the second entity via the electronic network {[0110], “there is a transition period or overlapping time period during which both the old and new public key—private key pairs of the CA 130 or of the eSIM server 180, and thus both the old and new certificates, of the CA 130 or of the eSIM server 180 are valid”} based on which of the issuer digital certificate or the old issuer digital certificate is effective {Fig. 10 elements 1014, 1016 & [0121], “At 1012 of FIG. 10, a device receives public key information from a delivery server. At 1014, the device checks for expiration of the public key information. At 1016, the device updates CRL sequence state as described with respect to FIG. 7 and/or a pinning table as described”} to authenticate the second entity digital certificate received from the second entity {[0110], “The authentication check can be based on the public key of the root CA 140, which has not changed at the time the new certificate for the CA 130 or for the eSIM server 180 are published”}; and
conduct the secure communication session with the second entity via the electronic network only if the attempt to initiate the secure communication session is successful {[0110], “The eUICC 100 can, based on successful authentication, then update the pinning table 108 with respect to the row or data portion associated with the CA 130 or with the eSIM server 180”}.

Regarding Claim 5, YANG anticipated all the features of claim 1 and further discloses
at a first entity cadence, determine whether a new issuer digital certificate different from the issuer digital certificate has been published by the CA {[0016], “If the device determines that the time information value in the eUICC is becoming stale, old, or out-of-date} and if so then:
generate a public/private key pair at the first entity {[0004], “A user may store a copy of a certificate, where the certificate holds the name of a given party (user identity). The public key recorded in the certificate can be used to check the signature on a message signed using a PKI private key of the given party”}, construct a certificate signing request (CSR) including a public key of the public/private key pair and signed using the private key of the public/private key pair, and receive a new first entity digital certificate from the CA in response to transmitting the CSR to the CA {[0013], “The extension information portion thus is signed over, along with the other data part information, by the CA signing operation that creates the digital signature, which is the signature part of the CRL. … a field containing a value of a sequence number or timestamp of a most recent, or last, CRL that included a new list”};
update the old issuer digital certificate to include the issuer digital certificate and update the old first entity digital certificate to include the first entity digital certificate {[0060], “The device or eUICC can perform a hash computation on the newly obtained certificate and determine if an update to the trusted list in the eUICC should take place. In this way, the eUICC can rewrite the pinning policy in the trusted list based on the latest certificate or public key. [0061], “Certificate pinning, includes maintaining a list of trusted server common names, as written in certificates”}; and

Regarding claim 6, claim 6 is claim to a system using the non-transitory storage medium of claim 1. Therefore, claim 6 is rejected for the reasons set forth for claim 1.

Regarding claim 8, claim 8 is a dependent claim of claim 6, claim 8 is claim to system using the non-transitory storage medium of claim 5. Therefore, claim 8 is rejected for the reasons set forth for claim 5.

Claims 2, 3, 7 & 12 are rejected under AIA  35 U.S.C. 103 as being unpatentable over YANG; Xiangying, Pub. No.: US 2017/0279619 A1 in view of ENOKIDA; Tomoaki, Pub. No.: US 2004/0243805 A1.

Regarding Claim 2, YANG anticipates all the features of claim 1 and YANG however does not explicitly disclose
wherein the attempt to initiate the secure communication session includes attempting to authenticate the second entity digital certificate using the issuer digital certificate and one of:
(i) responsive to successful authentication of the second entity digital certificate using the issuer digital certificate, sending the first entity digital certificate signed by the issuer digital certificate to the second entity via the electronic network 
or
(ii) responsive to unsuccessful authentication of the second entity digital certificate using the issuer digital certificate, attempting to authenticate the second entity digital certificate using the old issuer digital certificate and responsive to successful authentication of the second entity digital certificate using the old issuer digital certificate sending the old first entity digital certificate signed by the old issuer digital certificate to the second entity via the electronic network.
In an analogous reference ENOKIDA discloses
wherein the attempt to initiate the secure communication session includes attempting to authenticate the second entity digital certificate using the issuer digital certificate {{[0031], “a digital certificate management system includes: a client and server system in which a digital certificate is used for mutual authentication so as to establish communication between a server and a client, and data transmission is performed there between with the use of a path established through the authentication; and a digital certificate management apparatus communicatable with the client and the server”}
 and one of:
(i) responsive to successful authentication {Fig. 4 ‘success response’ between elements S17, S26 & [0211], “… client apparatus 40 which created it and the server apparatus 30 which has the server private key. When the processing results in success until then, a response indicating that the authentication results in success is returned to the client apparatus 40 in Step S26”} of the second entity {Fig. 4 element – ‘client apparatus’} digital certificate using the issuer digital certificate, sending the first entity {Fig. 4 element – ‘server apparatus’} digital certificate signed by the issuer digital certificate to the second entity via the electronic network {[0010] In order to perform the authentication, it is necessary to previously stores the root key, and this root key is stored in a form of a root key certificate having a digital signature attached thereto by the CA, as shown in FIG. 538. This root key certificate is in a self-signing type such that the digital signature can be decode with the use of a public key which is included in the same certificate”} 
or
(ii) responsive to unsuccessful authentication of the second entity digital certificate using the issuer digital certificate, attempting to authenticate the second entity digital certificate using the old issuer digital certificate and responsive to successful authentication of the second entity digital certificate using the old issuer digital certificate sending the old first entity digital certificate signed by the old issuer digital certificate to the second entity via the electronic network.
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify YANG’s technique of ‘managing digital certificate transition from old/ expiring/expired certificate to new/ updated certificate’ to ‘manage digital certificate authentication between a client and server with a certification authority’, as taught by ENOKIDA, in order to keep valid digital certificates. The motivation is - digital certificates are the credentials that facilitate the verification of identities between users in a transaction. Much as a passport certifies one's identity as a citizen of a country, the purpose of a digital certificate is to establish the identity of users within the ecosystem where the certificate serves two primary functions: The certificate authenticates the identity of the server; and. The certificate binds a key pair to that server.


Regarding Claim 3, YANG anticipates all the features of claim 1. However, YANG does not explicitly disclose
wherein the secure communication session is a mutual Transport Layer Security (TLS) secure communication session. 
In an analogous reference ENOKIDA discloses
wherein the secure communication session is a mutual Transport Layer Security (TLS) secure communication session {[0036], “the authentication performed between the client and the server may preferably be authentication according to an SSL or TLS protocol; and the server certificate may preferably be a public key certificate for the server”}
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify YANG’s technique of ‘managing digital certificate transition from old/ expiring/expired certificate to new/ updated certificate’ for ‘using TLS secured session between client & server’ by ENOKIDA, ‘to determine peer node authenticity’. The motivation is preventing tampering and eavesdropping in an authentication session between a client server pair. TLS encryption prevents malicious actors from interposing itself 

Regarding claim 7, claim 7 is a dependent claim of claim 6, claim 7 is claim to system using the non-transitory storage medium of claim 2. Therefore, claim 7 is rejected for the reasons set forth for claim 2.

Regarding claim 12, claim 12 is a dependent claim of claim 6, claim 12 is claim to system using the non-transitory storage medium of claim 3. Therefore, claim 12 is rejected for the reasons set forth for claim 3.

Claims 4 & 13 are rejected under AIA  35 U.S.C. 103 as being unpatentable over YANG; Xiangying, Pub. No.: US 2017/0279619 A1 in view of WEI; Yudi, Pub. No.: US 2019/0272219 A1 and further in view of DRUSCHEL; Peter, Pub. No.: US 2012/0110338 A1).

Regarding Claim 4, YANG anticipates all the features of claim 1. However, YANG does not explicitly disclose wherein:
the conducting of the secure communication session with the second entity via the electronic network includes receiving incremental backup data for the second entity via the secure communication session; and the instructions are readable and executable by the electronic processor of the first entity to further cause the first entity to update a backup of data of the second entity with the incremental backup data for the second entity received via the secure communication session.
In an analogous reference WEI discloses
the conducting of the secure communication session with the second entity via the electronic network includes receiving … [additive] backup data for the second entity via the secure communication session; and the instructions are readable and executable by the electronic processor of the first entity to further cause the first entity to update a backup of data of the second entity with the … [additive] backup data for the second entity received via the secure communication session {[0096], “a data backup unit 10, for forming a first host machine A and a second host machine B into a storage peer pair, such that read and write requests of a virtual machine of the first host machine A are backed up in the second host machine B. Correspondingly, the read and write requests of the virtual machine of the second host machine B are also backed up on the first host machine A. The virtual machines of the first host machine A and the second host machine B are independent mutually, but the virtual machine data is backed up mutually, so as to prevent the first host machine A and the second host machine B from going down or functioning improperly due to other failures, and avoid the interruption of service provided by the virtual machine since the virtual machine cannot quickly recover”. Examiner’s note: peer devices are mutually backing up each other’s data}.
In another analogous reference DRUSCHEL discloses
… incremental backup data {[0010], “Storage leases may be used in combination with backup applications. Embodiments of the invention may be used with these types of incremental backup applications by storing the snapshots under a storage lease for the snapshot's retention period (e.g., daily snapshots kept for a week, weekly snapshots kept for a months, etc.)” … [0063], “Security certificates may also be generated for other purposes, including providing proof of storage commitment in environments where multiple parties from mutually distrusting administrative domains need to interact, such as peer-to-peer storage systems or cloud storage”} …
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify YANG’s technique of ‘managing digital certificate transition from old/ expiring/expired certificate to new/ updated certificate’ for ‘peer devices are mutually backing up each other’s data’ by WEI and applying incremental backup of data in a certain predetermined period’ by DRUSCHEL in order for a deterministic data backup. The motivation is - the storage leases provide an extra level of protection for snapshots from software errors, operator mistakes, malware and other system intrusions. Other applications of storage leases include peer-to-peer data storage and mutually storing each other’s data to avoid failure or compromise in central cloud backup storage.

Regarding claim 13, claim 13 is a dependent claim of claim 6, claim 13 is claim to system using the non-transitory storage medium of claim 4. Therefore, claim 13 is rejected for the reasons set forth for claim 4. WEI further discloses “the second entity includes a file system” {WEI: “[0051]-[0055]”. Examiner’s note: a configuration file in a computer system cannot be saved or retrieved or operated without a file system holding the configuration file which may be in the application or in the embedded OS};

Reason for allowance
Independent method claim 14 and its dependent claims 15-18 are allowed.
Claims 9-11 will be allowable if written in independent form with base system claim 6. For allowability, the independent non-transitory storage medium of claim 1 is required to be in same scope with equivalent limitations of claims 9-11 as proposed for amended system claim 6. 

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to QUAZI FAROOQUI whose telephone number is (571) 270-1034. The examiner can normally be reached on M-F 8:30AM-5:00PM. If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Ashok B. Patel can be reached on 571-272-3972. The fax phone number for Examiner Farooqui assigned is 571-270-2034.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-flee). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


Primary Examiner, Art Unit 2491