DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In communications filed on 11/23/2022. Claims 1-9 are amended. Claims 1-9 are pending in this examination.
 In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.   This examination is in response to US Patent Application No. 16/331,581.
Examiner Note
Applicant’s amendment to independent claims obviates previously raised claims 1-8 U.S.C .112(b), second paragraph rejection and 112(f) claim interpretation. 

Response to Argument
Applicant’s arguments with respect to independent claims  for newly added limitation have been considered but are moot because the arguments do not apply to any of the references being used in the current rejection.

Claim Rejections - 35 USC § 103
Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

Claims 1-4, and 6-9 are rejected under 35 U.S.C. 103 as being unpatentable over of US Patent No. 2017/0012968 issued to FENG et al (“FENG”)( filed in IDS 03/08/2019) and in view of US Patent No. 2011/0264917 issued to Barthelemy et al (“Barthelemy”) and further in view of  EP1582024B1 issued to John Noerenberg and further in view of  (US2004/0123098) issued to Chen and further in view of  US(2009/0198997) issued to John Yeap
Regarding claim 1 , FENG discloses a network function virtualization system comprising: a memory storing program instructions; at least one processor configured to execute the program instructions stored in the memory to [Abstract, The invention discloses a network function virtualization-based certificate configuration method, apparatus, and system], 
receives a request to a certificate of at least one of data exchanging parties [¶10, receiving, by the virtualized network management entity, an instantiation request sent by a network operation and management entity, where the instantiation request includes the initial credential information of the virtualized network function entity], and [¶14, the initial credential information includes but is not limited to a certificate, a pre-shared key, a token and/or a password], and [¶31, when the initial credential information includes a certificate], and [¶40]; and 
verify the certificate using the public key information corresponding to the certificate [¶40, Optionally, the obtaining, by the virtualized network function entity, from a certificate authority by using the initial credential information, a formal certificate issued by a network operator of the virtualized network function entity includes: [¶41, sending, by the virtualized network function entity, a certificate request message to the certificate authority, where the certificate request message includes a third public key and the initial credential, so that the certificate authority verifies the received certificate request message by using the initial credential; and when the verification succeeds, signs the third public key by using a private key corresponding to a root certificate or an intermediate certificate of the network operator, to 
verifying, by the virtualized network function entity, the certificate response message, and when the verification succeeds, obtaining the formal certificate issued by the network operator].
	 Feng does not explicitly disclose: stores the public key information in public key information storage, extracts public key information of the first private key information
However,  Barthelemy discloses this limitation as:  [¶44,  the generation of the public key K.sub.p of the signatory, this key being generated, according to the cryptography scheme used, either by the signatory alone, or by the trusted third party with the aid of elements that have been transmitted to him by the signatory], and [¶148,  The server of the trusted third party stores the public key (n, e) and the private exponent d.sub.c of the trusted third party which are associated with the identity I of the signatory].
Examiner Note: Noerenberg also discloses this limitation as: [¶16, Verifier device 120 comprises a receiver 122 to receive communications from user device 110, a storage medium 124 to store the received communications and a processor 126 to authenticate a communication. Storage medium 124 may also implement an authentication database to store the public keys transmitted from user device 110. More particularly, receiver 122 receives the public key and creates the authentication database stored in storage medium 124], and [¶28, The second private key is associated with the first private key and therefore, the second public key is associated with the first public key. The public keys are stored in the authentication database of storage medium 124. Here, one public key is stored as the primary public key that is active while the other public 
	stored in the hardware-based isolated secure execution environment, in response to-a the request [¶4, Private key protection remains in most cases a genuine technical challenge, and to date the only solutions considered to be reliable are those using secure specific hardware means for private key storage, such as for example a chip card, a secure USB key, or a secure memory card].
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of FENG with the teaching Barthelemy in order to implement a method of digital signature using a public-key multi-signature scheme and involving a trusted third party server with the aim of protecting the private key of the signatory [Barthelemy, ¶1, Abstract]
  FENG, Barthelemy, and Noerenberg do not explicitly disclose, however, Chen   discloses generates  first private key information using single second private key information [¶67] generating a second private and public key for a second party wherein the second private key is derived from the first private key and second public key; and], and [12. A method of enabling verification of an association between parties, the method comprising: generating a first private key and public key for a first party; generating a second private and public key for a second party wherein the second private key is derived from the first private key and second public key], and [¶118].

 Even though  FENG discloses generates  first private key information which differ from certificate to certificate as:[¶113,  It should be noted that, the public key used by the newly installed VNFC instance to apply for a certificate may be determined in the manner of generating, by the newly installed VNFC instance, a private-public key pair, or when an NFVI instantiates the newly installed VNFC instance, generating a private-public key pair and injecting the private-public key pair into the newly installed VNFC instance], and [ ¶¶110- 125], and [¶209,  The certificate application representation message further includes POP information, where the POP information is obtained by the newly installed VNFC instance using a private key in a private-public key pair to sign a private key POP signing key field], and [¶318,  Optionally, the private-public key pair used by the newly installed VNFC instance is obtained in the manner of generating, by the newly installed VNFC instance, the private-public key pair, or generating, by an NFVI, the private-public key pair and injecting the private-public key pair into the newly installed VNFC instance].
However, FENG, Barthelemy, Noerenberg, and Chen do not explicitly disclose and Yeap discloses generates  first private key information which differ from certificate to certificate as: [¶13,  For example, a user typically has to perform the following steps to be able to receive The Certificate Authority also generates a public/private-key pair and associates it with the certificate of the requestor].
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of   FENG, Barthelemy, Noerenberg, and Chen with the teaching Yeap in order for a  private-public-key pair provide for encryption for message confidentiality, and advantageously also provides for other security functionality including verification of message integrity and authentication of sender and recipient[ Yeap, ¶48].
Regarding claim 2,   FENG, Barthelemy, Noerenberg, and Yeap do not explicitly disclose, however, Chen discloses generates  first private key information using single second private key information [¶67] generating a second private and public key for a second party wherein the second private key is derived from the first private key and second public key; and], and [12. A method of enabling verification of an association between parties, the method comprising: generating a first private key and public key for a first party; generating a second private and public key for a second party wherein the second private key is derived from the first private key and second public key], and [¶118].


FENG, Noerenberg, Chen, and Yeap with the teaching Barthelemy stored in the hardware-based isolated secure execution environment when the predetermined condition is satisfied [¶4,… Private key protection remains in most cases a genuine technical challenge, and to date the only solutions considered to be reliable are those using secure specific hardware means for private key storage, such as for example a chip card, a secure USB key, or a secure memory card…], and [¶¶21-22
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of  FENG, Noerenberg, Chen, and Yeap with the teaching Barthelemy in order to implement a method of digital signature using a public-key multi-signature scheme and involving a trusted third party server with the aim of protecting the private key of the signatory [Barthelemy, ¶1, Abstract]
Regarding claim 3, FENG , Barthelemy, Noerenberg, and Yeap do not explicitly disclose. However, Chen  discloses generates the first private key information using the second private key information, trusted third party private key information and the unique attributes  [¶67] generating a second private and public key for a second party wherein 
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of   FENG, Barthelemy, and Noerenberg with the teaching Chen in order to to verifying an association between two parties by cryptographic techniques; in particular, but not exclusively, the present invention relates to a method and apparatus for enabling the verification, and/or for verifying, an association between a lower-level trusted authority and a higher-level trusted authority in a hierarchy of trusted authorities by using elliptic curve cryptography[ Chen, ¶1].
Regarding claim 4, FENG , Barthelemy, Chen, and Yeap dos not explicitly disclose. However, Noerenberg wherein the private key generator is selected and used by the user based on  a security requirement [Claim 3, creating the new private key using a previous private key and the system parameter based on the counter value; and using the new private key for authentication ].1
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of FENG , Barthelemy, Chen, and Yeap  with the teaching of Noerenberg in order to implement cryptosystems and more particularly to generation and replacement of keys for cryptosystems [Noerenberg, ¶1].
Regarding claim 6, FENG, Noerenberg , Chen and Yeap do not explicitly disclose. However, Barthelemy  discloses verify at least one selected from the group consisting of a PKI certificate, VNF Package and the Trusted third party private key information for authentication [¶59, Ultimately, in the method according to the invention, the signatory makes use of a first private key K.sub.s stored in enciphered form with the aid of a password or of a PIN code.  By virtue of this private key K.sub.s, the signatory can pre-sign a message.  The server of the trusted third party makes use of a second key of a private nature K.sub.c allowing him to verify the messages pre-signed by the signatory with the aid of K.sub.s, and then, to complete the signature process, in such a way that the message pre-signed with K.sub.s and then with K.sub.c can be verified with the aid of the public key K.sub.p alone.  This public key K.sub.p may be freely distributed, typically in the form of a digital certificate].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of FENG, Noerenberg , Chen and Yeap with the teaching Barthelemy in order to implement a method of digital signature using a public-key multi-signature scheme and involving a trusted third party server with the aim of protecting the private key of the signatory [Barthelemy, ¶1, Abstract].
Regarding claim 7, FENG disclose verify a scaling triggered request from a component of the network function virtualization system [¶9, Based on the first aspect, in a first implementation manner, the obtaining, by a virtualized network management entity, initial credential information of a virtualized network function entity includes: [¶10,  receiving, by the virtualized network management entity, an instantiation request( equated to scaling triggered request) sent by a network operation and management entity, where the instantiation request 
entity, a certificate request message to the certificate authority…].
Regarding claim 8, FENG discloses verify a VNFC failure request or VNFC failure service state [¶121,  In the embodiments, the network operation and management entity includes but is not limited to an operation support system (Operation support system, OSS) or an element management system (Element Management System, EMS), where the EMS mainly performs conventional FCAPS functions for the VNF, and the FCAPS functions include fault management (Fault Management), configuration management (Configuration Management), accounting management (Accounting Management), performance management (Performance Management), and security management (Security Management)], and [¶21, the virtualized network function entity includes a virtualized network function unit VNF or a virtualized network function component VNFC]. 
Regarding claim 9, this claim is interpreted and rejected for the same rational set forth in claim 1.

Claim  rejected under 35 U.S.C. 103 as being unpatentable over of US Patent No. 2017/0012968 issued to FENG et al (“FENG”) (filed in IDS 03/08/2019) and in view of US Patent No. 2011/0264917 issued to Barthelemy et al (“Barthelemy”) and further in view of EP1582024B1 issued to John Noerenberg and further in view of  (US2004/0123098) issued to Chen and further in view of  US(2009/0198997) issued to John Yeap and  further in view of US Patent No. 7,103,911 issued to Spies et al (“Spies”).
Regarding claim 5, FENG , Barthelemy, Noerenberg, Chen , and Yeap do not explicitly disclose. However, Spies discloses wherein the second private key information is distributed to service providers through a secure channel [Col. 11 lines 27-44, regardless of how the IBE private key generator 16 determines that the recipient is authorized to obtain the IBE private key, the private key should be provided to the recipient for use in decrypting the message.  Any suitable technique may be used to provide the IBE private key to the recipient.  For example, the private key may be transmitted to the recipient in an email or other suitable message… A secure communications channel may be used for electronic communications between the IBE private key generator 16 and the recipient's equipment 12…. The private key may also be distributed by mail or courier (e.g., on a computer-readable medium such as a computer disk or memory chip)].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of FENG , Barthelemy, Noerenberg, Chen , and Yeap with the teaching of Spies in order to use them to update the private keys when the user desire to update their private keys when the private keys expire on a regular bases [Spies, Col.24 lines 7-24].
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Rose(US8259947)[  (11) In one embodiment, a method for authentication in a public cryptographic system comprises creating a first private key and corresponding first public key. A second private key associated with the first private key and a second public key corresponding to the second private key are also created. The second private key is output once such that it can be re-created and the second public key is output when outputting the first public key. The first private key is used for authentication. The method further comprises re-creating the second private key; and using the second private key for authentication], and (17) In yet another embodiment, an apparatus for authentication in a public cryptographic system may comprise means for creating a first private key and 
Nan(US2011/0173452) [ [¶21] According to the present invention, a method of generating a compound type combined public key is provided, including the following steps: a key management center generating an identity private key (isk) of an entity based on the entity identity and combined matrix; combining the system private key (ssk) uniformly defined by the system and the identity private key (isk) to generate a first-order combined private key (csk'), writing the first-order combined private key (csk') into an ID certificate, distributing to users; and allowing individual entities to self-define updating private key (usk), to have a second combination with the first-order combined private key to generate a second-order combined private key (csk'')].
Iwamura(US2006/00477966)[ Abstract,  data-processing system and method for controlling synthesizing digital-signature information. The system and method include holding first private-key information, inputting second private-key information, generating third private-key information based on the first private-key information and the second private-key information], and [9. A registration authority device arranged to generate the second private-key information used for a data-processing device according to claim 1, the registration authority device comprising: a database arranged to hold the first private-key information held in the hold unit provided in the data-processing device for registration; a unit arranged to acquire the first private-key information for the data-processing device for registration by referring to the database, where a registration request is transmitted via a network, generate the second private-key information according to a predetermined algorithm, and generate public-key information that corresponds to the third private-key information generated based on the first private-key information and the second private-key information; and a transmission unit arranged to transmit the generated second private-key information and public-key information to a request source].
Kurani(US10970684)  [1. A method of receiving deposited math based currency (“MBC”) at a financial institution, the method comprising: storing, by an MBC transaction processor of a plurality of processors, a plurality of private and public key pairs in a pooled database; receiving, by an account balance processor of the of the plurality of processors, a deposit request from a customer via a customer computing device, the deposit request including a customer private key for an amount of MBC; communicating, by the account balance processor, the customer private key to the MBC transaction processor of the plurality of processors, wherein the MBC transaction processor is communicably coupled to the account balance processor; creating, by the MBC transaction processor, a first private and public key pair; transferring, by the MBC transaction processor, a first transaction in the amount of MBC to the created first private and public key pair from the customer by signing a transaction request with the customer private key; associating, by an overlay ledger, the amount of MBC with an account of the customer of the overlay ledger; tracking, by the overlay ledger, an association of an amount of MBC with each of a plurality of MBC accounts of a plurality of customers; updating, by the account balance processor, the overlay ledger by the amount of MBC; and in response to transferring the first transaction, storing, by the MBC transaction 
CN1736055B (read the entire document, Apparatus and method for replacing a cryptographic key).
WO2007048967A2 (read the entire document, method for renewing cryptographic keys).
CA2798531C (read the entire document, Identity-based encryption system).
Burmester (US8793496), [see FIGS. 4A, 4B and claim1, updating private keys].
Robinson (US7747851) [certificate and distribution via license files].
Asanoma(US2003/0056099)[ [ read entire document, private key generator, updating key].
Yoon(US20130322621)[private key generation apparatus, see Abstract and FIGS 3 and 4].
YUJI(US2016/0028549)[ predetermined period, updating, private key generator].
CHU (US2012/0017086) [Information security transmission system, ¶22].
Froels(US2014/0219448)[ ¶10, A second key pair including a second public key and a second private key is allocated to the server device.  The method includes: storing, at the identity module, the first private key, the first public key and a first signature, the first signature being based on signing the first public key using the second private key; generating the identity information and a second signature, the second signature being based on signing the identity information using the first private key].
Falk (US10, 630,473) [Determination of a device-specific private key for an                       asymmetrical cryptographic method on a device, claim 6]. 
Kresina (US2004/0006701) [Method and apparatus for authentication of recorded                         audio, ¶30].
Nix(US2015/0095648)[¶110, module 101 may record a first private key 112 used for creating a digital signature and a second private key 112 for decryption using asymmetric ciphering algorithms 141a. ].   
                                                                                                                                                                                         Applicants are encouraged to take advantage of the After Final Consideration Pilot 2.0 (AFCP 2.0) which authorizes non-production time for consideration of responses filed after a final rejection. The purpose of the pilot is to compact prosecution of the case. The request must include 1) A signed AFCP request form (PTO/SB/434 or equivalent) that includes a statement that applicant is requesting consideration under the AFCP; 2) An amendment to at least one independent claim that does not broaden the scope of the independent claim in any aspect; and 3) A statement that applicant is willing and available to participate in any interview initiated by the examiner concerning the present 
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
                                                                                                                                                                                                       
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHAHRIAR ZARRINEH whose telephone number is (571)272-1207. The examiner can normally be reached Monday-Friday, 8:30am-5:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge Ortiz-Criado can be reached on 571-272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SHAHRIAR ZARRINEH/Examiner, Art Unit 2496