DETAILED ACTION
1. 	This Non-Final Office Action is in response to application filed on 02/13/2020.  	Claims 1-13 are being considered on the merits. 	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
Drawings
2. 	The drawings filed on 02/13/2020 are accepted. 
Information Disclosure Statement
3.	The information disclosure statements (IDS) submitted on 02/13/2020 and 12/08/2021 have been considered. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, initialed and dated copies of the Applicant’s IDS forms 1449 filed on 02/13/2020 and 12/08/2021 are attached to this office action. 
Claim Objections
4.	Claim 13 objected to because of the following informalities:  Claim 13 recites “a computer program product (non-transitory computer readable medium having instructions, which, when executed by a processor, performs the steps of the method as claimed in claim 1”. Examiner suggests replacing the “(“with, for example, “comprising,”. Appropriate correction is required.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(d):
(d) REFERENCE IN DEPENDENT FORMS.—Subject to subsection (e), a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.

The following is a quotation of pre-AIA  35 U.S.C. 112, fourth paragraph:


5.	Claims 11 and 13 are rejected under 35 U.S.C. 112(d) or pre-AIA  35 U.S.C. 112, 4th paragraph, as being of improper dependent form for failing to further limit the subject matter of the claim upon which it depends, or for failing to include all the limitations of the claim upon which it depends. Claims 11 and 13 are structured as an independent claims however both claims include the limitation to “perform the steps of the method as claimed in claim 1” Claim limitations do not further limit the subject matter of claim 1 upon which they depend. Applicant may cancel the claims, amend the claims) to place the claims in proper dependent form, rewrite the claims in independent form, or present a sufficient showing that the dependent claims complies with the statutory requirements.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


6.	Claims 1-13 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea, without significantly more.
             Independent claim 1, which is illustrative of the all independent claims and analyzing as the following:
         Step 1: Statutory Category? (is the claim(s) directed to a process, machine, manufacture or composition of matter?). Yes. The claims recite a method and, therefore, is a process.
           Step 2A - Prong 1: Judicial Exception Recited? (is the claim(s) recited a judicial exception (an abstract idea enumerated in the 2019 PEG, a law of nature, or a natural phenomenon). Yes. The claim recites the  ascertaining machine-readable facts…, characterizing parameters …, and replacing a certificate, which is  directed to performance of the limitation in mind. Thus, if a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation in the mind, then it falls within the “Mental Processes” grouping of abstract ideas. Accordingly, the claim recites an abstract idea. 
             Step 2A - Prong 2: Integrated into a Practical Application? (is the claim(s) recited additional elements that integrate the exception into a practical application of the exception). No. This judicial exception is not integrated into a practical application. The claim recites the additional limitations “generating a second manufacturer certificate comprising at least the explicitly characterizing device-related parameter of the first certificate and a public key of the device” and “replacing the first manufacturer certificate with the second manufacturer certificate in the device” (recited in claim 1), which are recited at a high level of generality (i.e., as a general means of collecting and storing data), which is a form of insignificant extra-solution activity. Accordingly, even in combination, these additional elements do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea. Accordingly, the claim is directed to an abstract idea. 
                     Step 2B: Claim provides an Inventive Concept? (is the claim(s) recited additional elements that amount to an inventive concept (aka “significantly more”) than the recited judicial exception). No.  Under the 2019 PEG, a conclusion that an additional element is insignificant extra-solution activity in Step 2A should be re-evaluated in Step 2B. Here, the limitations “generating a second manufacturer certificate comprising at least the explicitly characterizing device-related parameter of the first certificate and a public key of the device” and “replacing the first manufacturer certificate with the second manufacturer certificate in the device” (recited in claim 1) were considered to be extra-solution activity in Step 2A, and thus they are re-evaluated in Step 2B to determine if they are more than what is well-understood, routine, conventional activity in the field. The limitations of “generating a second manufacturer certificate comprising at least the explicitly characterizing device-related parameter of the first certificate and a public key of the device” and “replacing the first manufacturer certificate with the second manufacturer certificate in the device” (recited in claim 1) is well-understood, routine, conventional activity as claimed here and do not providing any improvements to the computer functionality, improvements to the interface, they are just merely used as general means for collecting and transmitting information, they do not amount to an inventive concept. 
  	The Berkheimer Memorandum mandates that an additional element (or combination of elements) is not well-understood, routine or conventional unless the examiner finds, and expressly supports a rejection in writing with, one or more of the following: 
           (1) a citation to an express statement in the specification or to a statement made by an applicant during prosecution that demonstrates the well-understood, routine, conventional nature of the additional element(s); 
           (2) a citation to one or more of the court decisions discussed in MPEP § 2106.05(d)(II) as noting the well-understood, routine, conventional nature of the additional element(s); 
           (3) a citation to a publication that demonstrates the well-understood, routine, conventional nature of the additional element(s); or 
           (4) a statement that the examiner is taking official notice of the well-understood, routine, conventional nature of the additional element(s), which satisfies the requirements set forth in MPEP § 2144.03. 
            In this case, the present Specification described in page 7, paragraph 34 of using general-purpose computer and available commercial products to perform the method. Thus, the applicant provides (1) a citation to an express statement in the specification or to a statement made by an applicant during prosecution that demonstrates the well-understood, routine, conventional nature of the additional elements. 
the claim is not patent eligible.

                The dependent claims do not add limitations that meaningfully limit the abstract idea.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.



7.	Claims 1-13 are rejected under 35 U.S.C. 103 as being unpatentable over US Pub No. US 2016/0057134 A1 to Falk, (hereinafter, “Falk”), as disclosed in IDS submitted on 02/13/2020 in view of US Pub. No. US 2015/0365241 A1 to Vlot, (hereinafter, “Vlot”).

As per claims 1, 11 and 13, Falk teaches a method, a system having a security function based on a public key infrastructure and a computer program product, respectively, including a non-transitory computer readable storage medium having instructions, which executed by a processor, performs the steps comprising at least one trusted device database, at least one certification authority and at least one device for securely replacing a first manufacturer certificate, already introduced into a device, with a second manufacturer certificate, comprising: 
(Falk, para. [0047] “The automation device 41 contains a configuration-dependent device certificate 55 having device-specific configuration data. The automation device 41 uses said certificate to be authenticated with respect to an authentication server, for example, via a network connection or to transmit measured values to a recording server or other automation devices in the automation system.” And para. [0048] “a plurality of predefined configuration-specific device certificates 55 are present on the automation device 41 and are stored in the program memory 49, for example. Depending on the current device configuration stored in the configuration memory 50, for example, the device certificate 55 corresponding to the configuration is selected and is used for communication with other automation devices or authentication partners.”). 
- generating a second manufacturer certificate comprising at least the explicitly characterizing device-related parameter of the first certificate and a public key of the device (Falk, para. [0039] “the automation device automatically determines an updated device certificate comprising the device-specific configuration data corresponding to the changed configuration” [0057] “FIG. 5 shows another embodiment 80 of the method, in which the issuing unit 87 is in the form of an independent registration unit 82 and a separate certification unit 83 and is not integrated in the automation device 81. If a change in the configuration is determined in the automation device 81, the automation device 81 requests an updated device certificate from the issuing unit 87 using a request message 84. The request message 84 contains the name of the automation device, the current, i.e. changed, device-specific configuration data and a public key.”); and 
- replacing the first manufacturer certificate with the second manufacturer certificate in the device (Falk, [0042] “The request message is verified for the updated device certificate in step 24. If the verification is successful, the issuing unit issues an updated device certificate with the aid of authentication credentials of the issuing unit. The updated device certificate is transmitted to the automation device in step 27 and is stored there in step 18.” And para. [0043] “the previous device certificate is revoked if an updated device certificate is requested or used.” And para. [0053] “An issuer of the certificate from the issuing unit 57 may be the manufacturer of the automation device 41, for example. It is likewise possible for the certificate from the issuing unit 57 to be replaced with a special certificate from an operator.”).
Falk teaches all the limitations of claims 1, 11 and 13 above, however fails to explicitly teach but Vlot teaches:
and uniquely identifies the device from a trusted device database (Vlot, para. [0046] “The trust authority server 105 is operated by a trust authority that also manages the root certificates Ri or by an organization that provides revocation information for revoking root certificates Ri on behalf of the trust authority. The trust authority may use the secret key to create digital signatures and/or other encrypted data. In particular, the trust authority may act as a certification authority for issuing digital certificates that can be validated using the root certificates Ri (i.e. for issuing digital certificates including digital signatures which can be decrypted the public keys included in the root certificates). Thus, it is the trust authority which issues the digital certificates of the second level of a hierarchical tree structure of digital certificates, which contains a root certificate Ri as the root node.” And para. [0047] “In addition to the public key, the root certificates Ri may comprise management information which may include for each root certificate Ri an identification of the root certificate Ri and possibly further information, such as e.g. information identifying the trust authority.”)
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Vlot’s revocation of a root certificate (Vlot, para. [0007]).
As per claim 2, the combination of Falk and Vlot teach the method as claimed in claim 1, wherein the specific device-related parameter is a unique serial number of the device (Falk, para. [0053] “The keys of the issuing unit 57 may be directly tied to the identity of the automation device 41. For this purpose, the common name of the device certificate 55 from the issuing unit 56 may contain specific information relating to the automation device 41, for example its serial number. An issuer of the certificate from the issuing unit 57 may be the manufacturer of the automation device 41, for example. It is likewise possible for the certificate from the issuing unit 57 to be replaced with a special certificate from an operator.”).
As per claim 3, the combination of Falk and Vlot teach the method as claimed in claim 1, wherein the second manufacturer certificate is introduced into the device during a change of configuration of the device, or while an operative certificate is being updated (Falk, para. [0039] “If the automation device determines such a change in the configuration, the automation device automatically determines an updated device certificate comprising the device-specific configuration data corresponding to the changed configuration in method step 4. During subsequent communication with other automation devices or other authentication partners, for example, see method step 5, messages are transmitted in a manner protected by the updated device certificate. Updated device certificates can be determined and used on the basis of the current configuration. A seamless sequence of the device configurations used can therefore be understood without interruption as far as the original configuration of the automation device using the chain of certificates and can be provided for further evaluation.”).
As per claim 4, the combination of Falk and Vlot teach the method as claimed in claim 1, wherein a certificate serial number of the second manufacturer certificate and/or a validity period of the second manufacturer certificate, is generated independently of the corresponding parameters of the first certificate (Falk, para. [0057] “FIG. 5 shows another embodiment 80 of the method, in which the issuing unit 87 is in the form of an independent registration unit 82 and a separate certification unit 83 and is not integrated in the automation device 81. If a change in the configuration is determined in the automation device 81, the automation device 81 requests an updated device certificate from the issuing unit 87 using a request message 84. The request message 84 contains the name of the automation device, the current, i.e. changed, device-specific configuration data and a public key.”).
As per claim 5, the combination of Falk and Vlot teach the method as claimed in claim 1, wherein the trusted device database is used to ascertain devices to which a first manufacturer certificate has been issued by a compromised first certification authority and the first manufacturer certificate is replaced in the ascertained devices by a second manufacturer certificate generated by a second certification authority (Vlot, para. [0046] “The trust authority server 105 is operated by a trust authority that also manages the root certificates Ri or by an organization that provides revocation information for revoking root certificates Ri on behalf of the trust authority. The trust authority may use the secret key to create digital signatures and/or other encrypted data. In particular, the trust authority may act as a certification authority for issuing digital certificates that can be validated using the root certificates Ri (i.e. for issuing digital certificates including digital signatures which can be decrypted the public keys included in the root certificates). Thus, it is the trust authority which issues the digital certificates of the second level of a hierarchical tree structure of digital certificates, which contains a root certificate Ri as the root node.” And para. [0047] “In addition to the public key, the root certificates Ri may comprise management information which may include for each root certificate Ri an identification of the root certificate Ri and possibly further information, such as e.g. information identifying the trust authority.”)
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Vlot’s revocation of a root certificate into Falk’s method for updating a digital device certificate, with a motivation for revoking a root certificate securely stored in a device such that a new root certificate can be securely taken into use within the device (Vlot, para. [0007]).
As per claim 6, the combination of Falk and Vlot teach the method as claimed in claim 1, wherein at least one further device-related parameter of the first certificate is ascertained and transferred to the second manufacturer certificate as a parameter (Falk, para. [0047] “The automation device 41 contains a configuration-dependent device certificate 55 having device-specific configuration data. The automation device 41 uses said certificate to be authenticated with respect to an authentication server, for example, via a network connection or to transmit measured values to a recording server or other automation devices in the automation system.” [0048] “a plurality of predefined configuration-specific device certificates 55 are present on the automation device 41 and are stored in the program memory 49, for example. Depending on the current device configuration stored in the configuration memory 50, for example, the device certificate 55 corresponding to the configuration is selected and is used for communication with other automation devices or authentication partners.”).
Falk teaches the limitations of claim 6 above, however fails to explicitly teach the trusted device database but Vlot teaches:
(Vlot, para. [0046] “The trust authority server 105 is operated by a trust authority that also manages the root certificates Ri or by an organization that provides revocation information for revoking root certificates Ri on behalf of the trust authority. The trust authority may use the secret key to create digital signatures and/or other encrypted data. In particular, the trust authority may act as a certification authority for issuing digital certificates that can be validated using the root certificates Ri (i.e. for issuing digital certificates including digital signatures which can be decrypted the public keys included in the root certificates). Thus, it is the trust authority which issues the digital certificates of the second level of a hierarchical tree structure of digital certificates, which contains a root certificate Ri as the root node.” And para. [0047] “In addition to the public key, the root certificates Ri may comprise management information which may include for each root certificate Ri an identification of the root certificate Ri and possibly further information, such as e.g. information identifying the trust authority.”)
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Vlot’s revocation of a root certificate into Falk’s method for updating a digital device certificate, with a motivation for revoking a root certificate securely stored in a device such that a new root certificate can be securely taken into use within the device (Vlot, para. [0007]).
As per claim 7, the combination of Falk and Vlot teach the method as claimed in claim 1, wherein a second certification authority generates the second manufacturer certificate and signs the second manufacturer certificate using a private key of the second certification authority, and the second manufacturer certificate is transmitted with a certificate of the second certification authority to the device, and the device accepts the second manufacturer certificate as a new manufacturer certificate (Falk, para. [0056] “This embodiment has the advantage that the separation unit 63 provides logical software partitions which are separate from one another and are in the form of the separate memory units 61, 62. This ensures that the memory unit 62 having functions for controlling the operation of the automation device 41 cannot access a private key of the issuing unit 57 included in the memory unit 61.” And para. [0057] “FIG. 5 shows another embodiment 80 of the method, in which the issuing unit 87 is in the form of an independent registration unit 82 and a separate certification unit 83 and is not integrated in the automation device 81. If a change in the configuration is determined in the automation device 81, the automation device 81 requests an updated device certificate from the issuing unit 87 using a request message 84. The request message 84 contains the name of the automation device, the current, i.e. changed, device-specific configuration data and a public key.” And para. [0058] “The request message 84 may be protected using a checksum 85, for example. The registration unit 82 receives the request message, checks it and forwards it to the certification authority 83. After the request message 84 has been received, the certification authority 83 issues a corresponding device certificate 86 and transmits the latter back to the automation device 81. In this case, the certificate 86 is protected by a signature 87 of the certification authority 83.”).
As per claim 8, the combination of Falk and Vlot teach the method as claimed in claim 1, wherein the first certification authority generates the second manufacturer certificate and signs the second manufacturer certificate using a private key of the first certification authority, and the second manufacturer certificate is accepted in the device as a new manufacturer certificate (Vlot, para. [0056] “When a new root certificate Ri is “activated”, the trust authority no longer issues digital signatures created using the secret key pertaining to the root certificate R(i−1) in the previous rank, but uses the secret key pertaining to the new root certificate Ri for creating digital signatures. Further, the trust authority preferably issues new digital certificates for replacing the digital certificates stored in the user device 101, which are validated using the revoked root certificate R(i−1). Such new digital certificates may then be provided to the user device 101 in a suitable way. In particular, the may be sent via the data network connecting the user device 101 and the trust authority server 105.”).
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Vlot’s revocation of a root certificate into Falk’s method for updating a digital device certificate, with a motivation to securely update a root certificate (Vlot, para. [0007]).
As per claim 9, the combination of Falk and Vlot teach the method as claimed in claim 1, wherein the public key of the device in the first manufacturer certificate is transferred to the second manufacturer certificate as a public key (Falk, para. [0040] “FIG. 2 shows the sequence 10 for determining an updated device certificate using an issuing unit for certificates which operates, for example, as a certification authority in a security infrastructure with public keys (PKI security infrastructure). In this case, an updated device certificate is requested from an issuing unit by generating a request message. In this case, the request message is protected, for example, by a previous device certificate associated with device-specific configuration data relating to the automation device before the change in the configuration.” And para. [0057] “FIG. 5 shows another embodiment 80 of the method, in which the issuing unit 87 is in the form of an independent registration unit 82 and a separate certification unit 83 and is not integrated in the automation device 81. If a change in the configuration is determined in the automation device 81, the automation device 81 requests an updated device certificate from the issuing unit 87 using a request message 84. The request message 84 contains the name of the automation device, the current, i.e. changed, device-specific configuration data and a public key.”).
As per claim 10, the combination of Falk and Vlot teach the method as claimed in claim 1, wherein a second public key different than the public key of the first manufacturer certificate is (Falk, para. [0044] “The plurality of previous or updated device certificates may each have the same device key or the same device key pair. However, it is likewise possible for the plurality of previous or updated device certificates to each have different device keys or different device key pairs.”).
As per claim 12, the combination of Falk and Vlot teach the system as claimed in claim 11, which is a part of an industrial installation (Falk, para. [0038] “FIG. 1 shows a general sequence 1 of updating a digital device certificate in an automation device. The sequence begins in method step 3 with a change in the configuration of the automation device. Such a change in the configuration can be effected, for example, by a firmware exchange, a feature activation or the activation of a country code, by means of which a country-specific operating mode is selected. Changes in the configuration of a user-definable configuration or a user-definable security configuration are likewise possible. A change in the configuration is also caused, for example, by resetting to an initial state. A change in the configuration is also possible by means of non-user-definable configurations initiated by a manufacturer or a service employee, for example.”).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
US 20150256345 A1 – Revocation of root certificates.
US 20150236851 A1 – Updating CA public key, UE and CA.

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s acting supervisor, Kristine Kincaid can be reached on (571) 272-4063. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/ZOHA PIYADEHGHIBI TAFAGHODI/Examiner, Art Unit 2437           
                                                                                                                                                                                             /ALI S ABYANEH/Primary Examiner, Art Unit 2437