AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
This is in response to applicant’s Amendment filed on 12/15/2021 to Application #16/482,463 filed on 07/31/2019 in which Claims 1-34 are pending.

Status of Claims
Claims 1-34 are pending, of which Claims 1-2, 4-13, 15-23, 25-34 are allowable via Examiner’s Amendment, Claims 3, 14, 24 are canceled.

Applicant’s Most Recent Claim Set of 12/15/2021
Applicant’s most recent claim set of 12/15/2021 is considered to be the latest claim set under consideration by the examiner.

112(f) Interpretation
All previous claim interpretations by the examiner under 112(f) have been addressed by claim amendments and are hereby removed.


EXAMINER’S AMENDMENT


Authorization for this examiner’s amendment was given in a telephone interview with Daniel Lent on January 28, 2022.
 
The application has been amended as follows:

In the Claims:

Claim 1: (Currently Amended)
A method for managing a digital certificate, comprising:
negotiating, by a digital certificate requesting device, with a digital certificate issuing device by using an acquired authorization code, to establish a security data channel and generate a security key, wherein the security key comprises at least a data communication key;
transmitting, by the digital certificate requesting device, a digital certificate management request message to the digital certificate issuing device through the security data channel, wherein the digital certificate management request message is encrypted with the data communication key;
receiving the digital certificate management request message by the digital certificate issuing device, and transmitting, by the digital certificate issuing device, a digital certificate 
receiving the digital certificate management response message by the digital certificate requesting device through the security data channel; and
processing the digital certificate management response message by the digital certificate requesting device, to obtain a processing result,
wherein the digital certificate management request message carries certificate request data, the digital certificate management response message carries certificate response data, the certificate request data comprises certificate request information, a signature algorithm identifier and a signature value, the certificate request information comprises information of a version, a name of a holder, a public key of the holder and an extension,
the digital certificate management request message is encrypted with the data communication key in a way that the digital certificate management request message is encrypted with the data communication key in the security data channel, and
the digital certificate management response message is encrypted with the data communication key in a way that the digital certificate management response message is encrypted with the data communication key in the security data channel.


Claim 3: (Currently Canceled)


Claim 4: (Currently Amended)
The method according to claim 1, wherein the security key further comprises a data session key, 
the digital certificate management request message is encrypted with the data communication key in a further way that the certificate request data carried in the digital certificate management request message is encrypted with the data session key before the digital certificate management request message is encrypted with the data communication key in the security data channel, and wherein
the certificate request information further comprises information of a serial number, a name of an issuer and a valid period.


Claim 12: (Currently Amended)
A digital certificate requesting device, comprising:
a processor, configured to perform computer instructions; and
a memory storing the computer instructions, the computer instructions comprising:
a security data channel establishing instruction configured to negotiate with a digital certificate issuing device by using an acquired authorization code, to establish a security data channel and generate a security key, wherein the security key comprises a data communication key; 
an encrypting instruction configured to encrypt a digital certificate management request message with the data communication key;
a transmitting instruction configured to transmit the digital certificate management request message to the digital certificate issuing device through the security data channel, wherein the digital certificate management request message is encrypted with the data communication key;
a receiving instruction configured to receive a digital certificate management response message from the digital certificate issuing device through the security data channel, wherein the digital certificate management response message is encrypted with the data communication key; and
a processing instruction configured to process the digital certificate management response message, to obtain a processing result,
wherein 
the digital certificate management request message transmitted through the transmitting instruction carries certificate request data, wherein the certificate request data comprises certificate request information, a signature algorithm identifier and a signature value, and the certificate request information comprises information of a version, a name of a holder, a public key of the holder and an extension, and 
the encrypting instruction is configured to encrypt the digital certificate management request message with the data communication key in the security data channel.


Claim 14: (Currently Canceled)


Claim 15: (Currently Amended)
The device according to claim 12, wherein
the encrypting instruction is further configured to encrypt, in a case that the security key further comprises a data session key, the certificate request data carried in the digital certificate management request message with the data session key before the digital certificate management request message is encrypted with the data communication key in the security data channel, and wherein
the certificate request information further comprises information of a serial number, a name of an issuer and a valid period.


Claim 21: (Currently Amended)
A digital certificate requesting device, comprising:
a memory; and
one or more programs stored in the memory, wherein the one or more programs comprises instructions which, when executed by one or more processors, cause the one or more processors to perform steps of:
negotiating with a digital certificate issuing device by using an acquired authorization code, to establish a security data channel and generate a security key, wherein the security key comprises at least a data communication key;
encrypting a digital certificate management request message with the data communication key; 
transmitting the digital certificate management request message to the digital certificate issuing device through the security data channel, wherein the digital certificate management request message is encrypted with the data communication key; 
receiving a digital certificate management response message from the digital certificate issuing device through the security data channel, wherein the digital certificate management response message is encrypted with the data communication key; and 
processing the digital certificate management response message to obtain a processing result,
wherein 
the digital certificate management request message transmitted through the transmitting instruction carries certificate request data, wherein the certificate request data comprises certificate request information, a signature algorithm identifier and a signature value, and the certificate request information comprises information of a version, a name of a holder, a public key of the holder and an extension, and 
the encrypting instruction is configured to encrypt the digital certificate management request message with the data communication key in the security data channel.


Claim 22: (Currently Amended)
A digital certificate issuing device, comprising:
a processor, configured to perform computer instructions; and
a memory storing the computer instructions, the computer instructions comprising:
a security data channel establishing instruction configured to negotiate with a digital certificate requesting device by using an authorization code, to establish a security data channel and generate a security key, wherein the security key comprises at least a data communication key; 
a receiving instruction configured to receive a digital certificate management request message transmitted from the digital certificate requesting device through the security data channel, wherein the digital certificate management request message is encrypted with the data communication key;
a processing instruction configured to process the received digital certificate management request message and generate a digital certificate management response message;
an encrypting instruction configured to encrypt the digital certificate management response message with the data communication key; and
a transmitting instruction configured to transmit the digital certificate management response message to the digital certificate requesting device through the security data channel, wherein the digital certificate management response message is encrypted with the data communication key,
wherein 
the digital certificate management response message transmitted through the transmitting instruction carries certificate response data, and
the encrypting instruction is further configured to encrypt the digital certificate management response message with the data communication key in the security data channel, and wherein 
the certificate request data carried in the digital certificate management request message received by the receiving instruction comprises certificate request information, a signature algorithm identifier and a signature value, and the certificate request information comprises information of a version, a name of a holder, a public key of the holder and an extension.


Claim 24: (Currently Canceled)


Claim 25: (Currently Amended)
The device according to claim 22, wherein 
the encrypting instruction is further configured to encrypt, in a case that the security key further comprises a data session key, the certificate response data carried in the digital certificate management response message with the data session key before the digital certificate management response message is encrypted with the data communication key in the security data channel, and wherein
the certificate request information further comprises information of a serial number, a name of an issuer and a valid period.


Claim 30: (Currently Amended)
A digital certificate issuing device, comprising:
a memory; and 
one or more programs stored in the memory, wherein the one or more programs comprises instructions which, when executed by one or more processors, cause the one or more processors to perform steps of:
negotiating with a digital certificate requesting device by using an authorization code, to establish a security data channel and generate a security key, wherein the security key comprises a data communication key; 
receiving a digital certificate management request message transmitted from the digital certificate requesting device through the security data channel, wherein the digital certificate management request message is encrypted with the data communication key; 
processing the received digital certificate management request message and generating a digital certificate management response message;
encrypting the digital certificate management response message with the data communication key; and 
transmitting the digital certificate management response message to the digital certificate requesting device through the security data channel, wherein the digital certificate management response message is encrypted with the data communication key,
wherein 
the digital certificate management response message transmitted through the transmitting instruction carries certificate response data, and
the encrypting instruction is further configured to encrypt the digital certificate management response message with the data communication key in the security data channel, and wherein
the certificate request data carried in the digital certificate management request message received by the receiving instruction comprises certificate request information, a signature algorithm identifier and a signature value, and the certificate request information comprises information of a version, a name of a holder, a public key of the holder and an extension.


Reasons For Allowance
The following is an examiner’s statement of reasons for allowance:
Claims 1-2, 4-13, 15-23, 25-34 are considered allowable.

The instant invention is directed to a method and devices for the secure management and secure distribution of digital certificates.

The closest prior art, as recited, Le Saint US Patent Application Publication 2005/0138386 and Aronov et al. US Patent Application Publication 2018/0159845, are also generally directed to various aspects of providing the secure management and secure distribution of digital certificates.  However, Le Saint or Aronov et al. does not teach or suggest, either singularly or in combination, the particular combination of steps or elements as recited in the independent claim(s) 1, 12, 21, 22, 30.  For example, none of the cited prior art teaches or suggests the steps of:
Regarding Claim 1:
receiving a digital certificate management request message by a digital certificate issuing device, transmitting, by the digital certificate issuing device, a digital certificate management response message to a digital certificate requesting device through a security data channel, with the digital certificate management response message encrypted with the data communication key, receiving the digital certificate management response message by the digital certificate requesting device through the security data channel, processing the digital certificate management response message by the digital certificate requesting device, resulting in a processing result, the digital certificate management request message carrying certificate request data, the digital certificate management response message carrying certificate response data, the certificate request data including certificate request information, a signature algorithm identifier and a signature value, the certificate request information further including a version, a name of a holder, a public key of the holder and an extension, the digital certificate management request message encrypted with a data communication key in the security data channel, the digital certificate management response message encrypted with the data communication key in the security data channel
When combined with the additional limitations found in Claim 1.

Regarding Claim 12:
an encrypting instruction encrypting a digital certificate management request message with a data communication key, a transmitting instruction transmitting the digital certificate management request message to a digital certificate issuing device through a security data channel, the digital certificate management request message encrypted with the data communication key, a receiving instruction receiving a digital certificate management response message from the digital certificate issuing device through the security data channel, the digital certificate management response message encrypted with the data communication key, a processing instruction processing the digital certificate management response message, resulting in a processing result, the digital certificate management request message transmitted by the transmitting instruction carrying certificate request data, the certificate request data including certificate request information, a signature algorithm identifier and a signature value, the certificate request information further including information of a version, a name of a holder, a public key of the holder and an extension, the encrypting instruction encrypting the digital certificate management request message utilizing the data communication key in the security data channel
When combined with the additional limitations found in Claim 12.

Regarding Claim 21:
encrypting a digital certificate management request message using a data communication key, transmitting the digital certificate management request message to a digital certificate issuing device through a security data channel, wherein the digital certificate management request message is encrypted utilizing the data communication key, receiving a digital certificate management response message from the digital certificate issuing device over the security data channel, the digital certificate management response message encrypted with the data communication key, processing the digital certificate management response message resulting in a processing result, the digital certificate management request message transmitted by the transmitting instruction carrying certificate request data, the certificate request data including certificate request information, a signature algorithm identifier and a signature value, the certificate request information further including information of a version, a name of a holder, a public key of the holder and an extension, the encrypting instruction encrypting the digital certificate management request message utilizing the data communication key in the security data channel
When combined with the additional limitations found in Claim 21.

Regarding Claim 22:
a receiving instruction receiving a digital certificate management request message transmitted from a digital certificate requesting device through a security data channel, the digital certificate management request message encrypted with a data communication key, a processing instruction processing the received digital certificate management request message and generating a digital certificate management response message, an encrypting instruction encrypting the digital certificate management response message utilizing the data communication key, a transmitting instruction transmitting the digital certificate management response message to the digital certificate requesting device over the security data channel, the digital certificate management response message encrypted with the data communication key, the digital certificate management response message transmitted over the transmitting instruction carries certificate response data, the encrypting instruction encrypting the digital certificate management response message utiizing the data communication key in the security data channel, the certificate request data included in the digital certificate management request message received by the receiving instruction includes certificate request information, a signature algorithm identifier and a signature value, the certificate request information including information of a version, a name of a holder, a public key of the holder and an extension
When combined with the additional limitations found in Claim 22.

Regarding Claim 30:
receiving a digital certificate management request message from a digital certificate requesting device over a security data channel, the digital certificate management request message encrypted utilizing a data communication key, processing the received digital certificate management request message and generating a digital certificate management response message, encrypting the digital certificate management response message with the data communication key, transmitting the digital certificate management response message to the digital certificate requesting device over the security data channel, the digital certificate management response message encrypted with the data communication key, the digital certificate management response message transmitted by the transmitting instruction carrying certificate response data, the encrypting instruction encrypting the digital certificate management response message utilizing the data communication key over the security data channel, the certificate request data carried in the digital certificate management request message received by the receiving instruction includes certificate request information, a signature algorithm identifier and a signature value, the certificate request information further including information of a version, a name of a holder, a public key of the holder and an extension
When combined with the additional limitations found in Claim 30.

Therefore Claims 1-2, 4-13, 15-23, 25-34 of the instant application are allowable over the cited prior art.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Kim et al - US_20080082818: Kim et al teaches authenticating an authentication entity using a certificate signed by a symmetric key.
Wenocur et al - US_20020165912: Wenocur et al teaches providing security for communication of electronic messages.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRADLEY HOLDER whose telephone number is 571-270-3789.  The examiner can normally be reached on Monday-Friday 10:00AM-7:00PM EST.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw, can be reached on 571-272-8878.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/BRADLEY W HOLDER/
Primary Examiner, Art Unit 2498