Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
                                                          DETAILED ACTION 
This is in response to the communication filed on 01/07/2020. Claims 1-20 are pending in the application.  Claims 1, 11 and 19 are independent. Claims 1-20 are rejected.
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 05/10/2021 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statements is being considered by the examiner.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.

4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over US 2003/0182549 A1 (hereinafter Hallin et al) in view of  US 2016/0352840 A1 (hereinafter Negron et al)
Regarding claim 1, Hallin et al teaches a method (note para.  [0021]: method of updating trusted root list; and para. [0035], [0039]), comprising:
receiving, from a server instance,  a server certificate for verifying an identity of the server instance (note, figure 2 and paragraph [0036] at  block 200, the computer system 100  browses the Internet 114 using the browser 116 stored in is memory 102. When a user attempt to carry out a secured transaction block 202) a digital certificate associated with an entity is encountered at block 204; also see para. [0033], [0037]: trusted root list of remote servers; and determining if the digital certificate has been issued from a source);
determining that the server certificate does not match at least one certificate from a client list of one or more server certificates, the client list including a local list of server certificates accessible to a client (note figure 2, paragraph [0037], [0038] at block 206, the authorizer 120 attempts to determine if the digital certificate has been issued from a trusted source, i.e., if the digital certificate can be paced back to being  issued by a trusted root verification authority. After the authorizer 120 determines the root  authority identified in the encountered digital certificate, the 
based on the server certificate not matching the one or more server certificates from the client list, providing a request for a current list of certificates to endpoint (note figure 2 and paragraph [0038], if the root authority cannot be identified in the trusted root list 122 ("No" branch, block 206), then the authorizer 120 accesses the remote server 130 via the browser 116 and the Internet 114 at block 208: Access Remote Trusted Root List);
verifying that the current list of certificates associated with the endpoint is a trusted list of server certificates associated with the server instance (note figure 2, paragraph [0039], at block 210, the authorizer 120 examines the remote trusted root list 142 to determine if the root authority if the encountered digital certificate is in the remote trusted root list 142: with paragraph [0041], If the remote trusted root list 142 is validated (“Yes” branch, block 211), then the digital certificate 144 associated with the trusted root is downloaded at block 212. The transaction then proceeds at block 214); and
based on verifying that the current list of certificates is a trusted list, generating an updated client list including the current list of certificates (note paragraph [0049] : after this procedure has occurred, the computer system 100 has only been updated to contain the digital certificate 126 of the previously untrustworthy root  authority.  the authority associated with the digital certificate 126 is encountered again, then the authority will be validated and a transaction will proceed without interruption, see also paragraph [0021], [0035]; and figure 2 is a flow diagram depicting a  methodological implementation of updating the trusted root list 122 in the computer system 100.)
Hallin et al  fails to teach expressly a call response including a server certificate; and providing a request for a current list of certificates to a discovery endpoint for validation.
However, Negron et al teaches a call response including a server certificate (note para. [0014], [0021],  [0031]: call/ request, response in auto-discovery process that presents digital certificates); and providing a request for a current list of certificates to a discovery endpoint for validation (note para. [0021],  [0052], [0054] In addition, a mapping of the digital certificate   118 to a corresponding domain can be stored in the data store 130 for access by the remote auto-discovery service  133 or the enrollment endpoint 136; see also para. [0026]:  The enrollment endpoint   136 can perform a validation   of a digital certificate   118 to determine whether it corresponds to a domain specified by an administrator when the digital certificate  118 is uploaded)
Negron et al  and Hallin et al  are analogous art because they are from the same field of controlling access to the network resources through server certificate validation. Therefore, before the time of filing of the claimed invention, it would have been obvious to a person of ordinary skill in art to modify Hallin et al  method to include features of a call response including a server certificate; and providing a request for a current list of certificates to a discovery endpoint for validation taught by Negron et al  in order to provide users with an efficient and simplified mechanism for enrollment of a client and validating a remote server utilizing an auto-discovery service (note Negron et al, para. [0010], [0014])
Regarding claim 2,  it is rejected applying as same motivation and rationale applied above rejecting claim 1, furthermore, Hallin et al teaches the method wherein verifying that the current list of certificates associated with the endpoint is a trusted list of server certificates comprises determining that a certificate used to sign the current list is included within the client list (note para. [0040]: The integrity of the remote trusted root list 144 is determined by examining the digital signature 143 of the remote trusted root list 142) Furthermore, Negron et al teaches verifying that the current list of certificates associated with the discovery endpoint (note para. [0021]: The enrollment endpoint can validate/ return device root certificates)
Regarding claim 3, it is rejected applying as same motivation and rationale applied above rejecting claim 1, furthermore, Hallin et al teaches the method further comprising:
determining that the server certificate is included within the updated client list (note para. [0040] –[0042]); and
initiating a trusted session between the client and the server instance based on determining that the server certificate is included within the updated client list (note para. [0043]: After this procedure has occurred, the computer system 100 has only been updated to contain the digital certificate 126 of the previously untrustworthy root authority. If the authority associated with the digital certificate 126 is encountered again, then the authority will be validated and a transaction will proceed without interruption; see also para.  [0041] – [0042])
Regarding claim 4, it is rejected applying as same motivation and rationale applied above rejecting claim 1, furthermore, Negron et al  teaches the method wherein providing the request for the current list comprises providing a hypertext transfer protocol secure (HTTPS) call to the discovery endpoint, and wherein the method further comprises receiving a data object in response to the HTTPS call that is cryptographically signed by the server certificate (note para. [0021]: Further, the remote auto-discovery service 133 can present multiple digital certificates 118 on the same IP address and port number, which allows multiple secure connections (e.g., HTTPS) to be served using the same IP address. The enrollment endpoint   136 can validate digital certificates 118 provided by enterprise administrators or other suitable users. Additionally, the enrollment endpoints   can return certificate policies, device root certificates etc.; see also para. [0053]: signed certificates)
Regarding claim 5, it is rejected applying as same motivation and rationale applied above rejecting claim 4, furthermore, Hallin et al teaches the method wherein the data object includes the current list of certificates (note para. [0040] –[0042]), and wherein verifying that the current list of certificates is a trusted list comprises determining that the server certificate used to cryptographically sign the received data object is included within the client list (note para. [0041] –[0043])
Regarding claim 6, it is rejected applying as same motivation and rationale applied above rejecting claim 1, furthermore, Negron et al  teaches the method wherein the client comprises a hypertext transfer protocol secure (HTTPS) client, and wherein the call response received from the server instance comprises an HTTPS call response from an HTTPS server in response to a request to initiate a session between the HTTPS client and the HTTPS server (note para. [0021])
Regarding claim 7, it is rejected applying as same motivation and rationale applied above rejecting claim 1, furthermore, Negron et al  teaches the method of claim 1, wherein the client list includes a root list of one or more X.509 v3 digital certificates owned or previously owned by the server instance, and wherein the current list includes the root list of one or more X.509 v3 digital certificates and one or more additional X.509 v3 digital certificates associated with the server instance (note para. [0022]: the digital certificates 118 can include X.509 certificates or other suitable certificates)
Regarding claim 8, it is rejected applying as same motivation and rationale applied above rejecting claim 1, furthermore, Hallin et al teaches the method wherein the client list is representative of a root list of one or more valid certificates associated with the server instance at a time that the client list was initially deployed to the client (note paragraph [0036] at  block 200, the computer system 100  browses the Internet 114 using the browser 116 stored in is memory 102. When a user attempt to carry out a secured transaction block 202) a digital certificate associated with an entity is encountered at block 204; also see para. [0033], [0037]: trusted root list of remote servers; and determining if the digital certificate has been issued from a source)
Regarding claim 9, it is rejected applying as same motivation and rationale applied above rejecting claim 8, furthermore, Hallin et al teaches the method wherein the current list includes the root list (note para. [0009], [0037]) and one or more additional server certificates uploaded to the discovery endpoint between the time that the client list was initially deployed to the client and another time associated with the client transmitting a call to the server instance, wherein the one or more additional server certificates correspond to one or more updates of the server instance (note para. [0014]: a complete trusted root list is downloaded when the website is accessed. The newly downloaded list is then checked to validate the currently encountered certificate; see also para. [0009], [0015], [0021]) Furthermore, Negron et al  teaches one or more additional server certificates uploaded to the discovery endpoint  (note para. [0026], [0035]: By validating digital certificates 118 at their upload, the remote computing environment 127 can prevent attempted HTTPS connections  from having invalid digital certificates 118. If the digital certificate 118 is validated by the enrollment endpoint  136, the enrollment endpoint   136 can manage the storage and retrieval of the digital certificate 118 from the data store 130)
Regarding claim 10, it is rejected applying as same motivation and rationale applied above rejecting claim 1, furthermore, Negron et al  teaches the method wherein the discovery endpoint and the server instance are implemented on the same server device (note para. [0015]- [0016], [0071])
Regarding claim 11, Hallin et al teaches a method, comprising:
providing, to a  (note, figure 2 and paragraph [0036] at  block 200, the computer system 100  browses the Internet 114 using the browser 116 stored in is memory 102. When a user attempt to carry out a secured transaction block 202) a digital certificate associated with an entity is encountered at block 204; also see para. [0033], [0037]: trusted root list of remote servers; and determining if the digital certificate has been issued from a source);
verifying that the current list of certificates associated is a trusted list of certificates associated with the server instance by determining that the current list of certificates received from the (note para. [0040]: The integrity of the remote trusted root list 144 is determined by examining the digital signature 143 of the remote trusted root list 142);
based on verifying that the current list of certificates is a trusted list, generating an updated client list including the current list of certificates (note paragraph [0049]: after this procedure has occurred, the computer system 100 has only been updated to contain the digital certificate 126 of the previously untrustworthy root  authority.  the authority associated with the digital certificate 126 is encountered again, then the authority will be validated and a transaction will proceed without interruption, see also paragraph [0021], [0035]; and figure 2 is a flow diagram depicting a  methodological implementation of updating the trusted root list 122 in the computer system 100.)
receiving, from the server instance, a  (note figure 2, paragraph [0039], at block 210, the authorizer 120 examines the remote trusted root list 142 to determine if the root authority if the encountered digital certificate is in the remote trusted root list 142: with paragraph [0041], If the remote trusted root list 142 is validated (“Yes” branch, block 211), then the digital certificate 144 associated with the trusted root is downloaded at block 212. The transaction then proceeds at block 214); and
based on determining that the server certificate is included within the updated client list, initiating a trusted session between the client and the server instance (note para. [0043]: After this procedure has occurred, the computer system 100 has only been updated to contain the digital certificate 126 of the previously untrustworthy root authority. If the authority associated with the digital certificate 126 is encountered again, then the authority will be validated and a transaction will proceed without interruption; see also para.  [0041] – [0042])
Hallin et al fails to teach expressly providing, to a discovery endpoint, a request for a current list of certificates associated with a server instance; determining that the current list of certificates received from the discovery endpoint has been signed by at least one server certificate included within a client list; and receiving, from the server instance, a call response including a server certificate included within the updated client list.
However, Negron et al teaches providing, to a discovery endpoint, a request for a current list of certificates associated with a server instance (note para. [0021],  [0052], [0054] In addition, a mapping of the digital certificate   118 to a corresponding domain can be stored in the data store 130 for access by the remote auto-discovery service  133 or the enrollment endpoint 136; see also para. [0026]:  The enrollment endpoint   136 can perform a validation   of a digital certificate   118 to determine whether it corresponds to a domain specified by an administrator when the digital certificate  118 is uploaded); determining that the current list of certificates received from the discovery endpoint has been signed by at least one server certificate included within a client list (note para. [0021]: The enrollment endpoint can validate/ return device root certificates; see also para. [0053]:  Determining whether the digital certificate 118 is valid can include using a public key for a certification authority to verify that the digital certificate 118 was signed by the certificate authority … the remote computing environment 127 can validate an authenticity of the digital certificate 188 using a public key for the certificate authority); and receiving, from the server instance, a call response including a server certificate included within the updated client list (note para. [0014], [0021],  [0031]: call/ request, response in auto-discovery process that presents digital certificates)
Negron et al  and Hallin et al  are analogous art because they are from the same field of controlling access to the network resources through server certificate validation. Therefore, before the time of filing of the claimed invention, it would have been obvious to a person of ordinary skill in art to modify Hallin et al  method to include features of providing, to a discovery endpoint, a request for a current list of certificates associated with a server instance; determining that the current list of certificates received from the discovery endpoint has been signed by at least one server certificate included within a client list; and receiving, from the server instance, a call response including a server certificate included within the updated client list taught by Negron et al  in order to provide users with an efficient and simplified mechanism for enrollment of a client and validating a remote server utilizing an auto-discovery service (note Negron et al, para. [0010], [0014])
Regarding claim 12, it is rejected applying as same motivation and rationale applied above rejecting claim 11, furthermore, Hallin et al teaches the method wherein the server certificate included within the call response is not included within the client list prior to generating the updated client list (note para. [0043]: After this procedure has occurred, the computer system 100 has only been updated to contain the digital certificate 126 of the previously untrustworthy root authority. If the authority associated with the digital certificate 126 is encountered again, then the authority will be validated and a transaction will proceed without interruption; see also para.  [0041] – [0042])
Regarding claim 13, it is rejected applying as same motivation and rationale applied above rejecting claim 11, furthermore Negron et al  teaches the method wherein providing the request for the current list of certificates is based on a setting of the client to passively generate and provide requests for the current list of certificates accessible to the discovery endpoint (note para. [0026], [0035]: By validating digital certificates 118 at their upload, the remote computing environment 127 can prevent attempted HTTPS connections  from having invalid digital certificates 118. If the digital certificate 118 is validated by the enrollment endpoint  136, the enrollment endpoint   136 can manage the storage and retrieval of the digital certificate 118 from the data store 130)
Regarding claim 14, it is rejected applying as same motivation and rationale applied above rejecting claim 11, furthermore , Negron et al  teaches the method, wherein providing the request for the current list comprises providing a hypertext transfer protocol secure (HTTPS) call to the discovery endpoint (note para. [0021]), and wherein the method further comprises receiving, from the discovery point, a data object in response to the HTTPS call that is cryptographically signed by a server certificate (note para. [0021]: The enrollment endpoint can validate/ return device root certificates; see also para. [0053]:  Determining whether the digital certificate 118 is valid can include using a public key for a certification authority to verify that the digital certificate 118 was signed by the certificate authority … the remote computing environment 127 can validate an authenticity of the digital certificate 188 using a public key for the certificate authority)
Regarding claim 15, it is rejected applying as same motivation and rationale applied above rejecting claim 14, furthermore, Hallin et al teaches the method wherein the data object includes the current list of certificates (note para. [0009], [0037]), and wherein verifying that the current list of certificates is a trusted list comprises determining that the server certificate used to cryptographically sign the received data object is included within the client list of one or more server certificates ( note para. [0009], [0015], [0021]) 
Regarding claim 16, it is rejected applying as same motivation and rationale applied above rejecting claim 11, furthermore , Negron et al  teaches the method wherein the client list includes a root list of one or more X.509 v3 digital certificates owned or previously owned by the server instance, and wherein the current list includes the root list of one or more X.509 v3 digital certificates and one or more additional X.509 v3 digital certificates associated with the server instance (note para. [0022]: the digital certificates 118 can include X.509 certificates or other suitable certificates)
Regarding claim 17, it is rejected applying as same motivation and rationale applied above rejecting claim 11, furthermore, Hallin et al teaches the method wherein the client list is representative of a root list of one or more valid certificates associated with the server instance at a time that the client list was initially deployed to the client (note paragraph [0036] at  block 200, the computer system 100  browses the Internet 114 using the browser 116 stored in is memory 102. When a user attempt to carry out a secured transaction block 202) a digital certificate associated with an entity is encountered at block 204; also see para. [0033], [0037]: trusted root list of remote servers; and determining if the digital certificate has been issued from a source), wherein the current list includes the root list and one or more additional server certificates uploaded to the discovery endpoint between the time that the local list was initially deployed to the client and a time associated with the client receiving the call response from the server instance ( note para. [0014]: a complete trusted root list is downloaded when the website is accessed. The newly downloaded list is then checked to validate the currently encountered certificate; see also para. [0009], [0015], [0021]) Furthermore, Negron et al  teaches one or more additional server certificates uploaded to the discovery endpoint  (note para. [0026], [0035]: By validating digital certificates 118 at their upload, the remote computing environment 127 can prevent attempted HTTPS connections  from having invalid digital certificates 118. If the digital certificate 118 is validated by the enrollment endpoint  136, the enrollment endpoint   136 can manage the storage and retrieval of the digital certificate 118 from the data store 130)
Regarding claim 18, it is rejected applying as same motivation and rationale applied above rejecting claim 11, furthermore, Negron et al  teaches the method wherein the discovery endpoint and the server instance are implemented on the same server device (note para. [0015]- [0016], [0071])
Regarding claim 19, Hallin et al teaches a system (note figure 3: computer system), comprising: 
one or more processors (note figure 3.304: processing unit; para. [0052]); 
memory  (note figure 3.306: memory, para. [0052]) in electronic communication with the one or more processors; 
instructions (note figure 3.332: program; para. [0053]) stored in the memory, the instructions being executable by the one or more processors to: 
receive, from a server instance,  a server certificate for verifying an identity of the server instance (note, figure 2 and paragraph [0036] at  block 200, the computer system 100  browses the Internet 114 using the browser 116 stored in is memory 102. When a user attempt to carry out a secured transaction block 202) a digital certificate associated with an entity is encountered at block 204; also see para. [0033], [0037]: trusted root list of remote servers; and determining if the digital certificate has been issued from a source);
determine that the server certificate does not match at least one certificate from a client list of one or more server certificates, the client list including a local list of server certificates accessible to a client (note figure 2, paragraph [0037], [0038] at block 206, the authorizer 120 attempts to determine if the digital certificate has been issued from a trusted source, i.e., if the digital certificate can be paced back to being  issued by a trusted root verification authority. After the authorizer 120 determines the root  authority identified in the encountered digital certificate, the authorizer 120 examines the trusted root list 122 to see if the root authority is listed therein);
based on the server certificate not matching the one or more server certificates from the client list, provide a request for a current list of certificates to endpoint (note figure 2 and paragraph [0038], if the root authority cannot be identified in the trusted root list 122 ("No" branch, block 206), then the authorizer 120 accesses the remote server 130 via the browser 116 and the Internet 114 at block 208: Access Remote Trusted Root List);
verify that the current list of certificates associated with the endpoint is a trusted list of server certificates associated with the server instance (note figure 2, paragraph [0039], at block 210, the authorizer 120 examines the remote trusted root list 142 to determine if the root authority if the encountered digital certificate is in the remote trusted root list 142: with paragraph [0041], If the remote trusted root list 142 is validated (“Yes” branch, block 211), then the digital certificate 144 associated with the trusted root is downloaded at block 212. The transaction then proceeds at block 214); and
based on verifying that the current list of certificates is a trusted list, generate an updated client list including the current list of certificates (note paragraph [0049] : after this procedure has occurred, the computer system 100 has only been updated to contain the digital certificate 126 of the previously untrustworthy root  authority.  the authority associated with the digital certificate 126 is encountered again, then the authority will be validated and a transaction will proceed without interruption, see also paragraph [0021], [0035]; and figure 2 is a flow diagram depicting a  methodological implementation of updating the trusted root list 122 in the computer system 100.)
Hallin et al  fails to teach expressly a call response including a server certificate; and providing a request for a current list of certificates to a discovery endpoint for validation.
However, Negron et al teaches a call response including a server certificate (note para. [0014], [0021],  [0031]: call/ request, response in auto-discovery process that presents digital certificates); and providing a request for a current list of certificates to a discovery endpoint for validation (note para. [0021],  [0052], [0054] In addition, a mapping of the digital certificate   118 to a corresponding domain can be stored in the data store 130 for access by the remote auto-discovery service  133 or the enrollment endpoint 136; see also para. [0026]:  The enrollment endpoint   136 can perform a validation   of a digital certificate   118 to determine whether it corresponds to a domain specified by an administrator when the digital certificate  118 is uploaded)
Negron et al  and Hallin et al  are analogous art because they are from the same field of controlling access to the network resources through server certificate validation. Therefore, before the time of filing of the claimed invention, it would have been obvious to a person of ordinary skill in art to modify Hallin et al  system  to include features of a call response including a server certificate; and providing a request for a current list of certificates to a discovery endpoint for validation taught by Negron et al  in order to provide users with an efficient and simplified mechanism for enrollment of a client and validating a remote server utilizing an auto-discovery service (note Negron et al, para. [0010], [0014])
Regarding claim 20, it is rejected applying as same motivation and rationale applied above rejecting claim 19, furthermore, Hallin et al teaches the system wherein the server instance and the discovery endpoint are implemented on the same server device (note para. [0015]- [0016], [0071]), and further comprising instructions being executable by the one or more processors to:
determine that the server certificate is included within the updated client list (note para. [0040] –[0042]); and
initiate a trusted session between the client and the server instance based on determining that the server certificate is included within the updated client list (note para. [0043]: After this procedure has occurred, the computer system 100 has only been updated to contain the digital certificate 126 of the previously untrustworthy root authority. If the authority associated with the digital certificate 126 is encountered again, then the authority will be validated and a transaction will proceed without interruption; see also para.  [0041] – [0042])
              Conclusion
A shortened statutory period for response to this action is set to expire in 3 (Three) months and 0 (Zero) days from the mailing date of this letter. Failure to respond within the period for response will result in ABANDOMENT of the application (see 35 U.S.C 133, M.P.E.P 710.02(b)). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHANTO ABEDIN whose telephone number is 571-272-3551.  The examiner can normally be reached on M-F from 8:30 AM to 6:30 PM. If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Jung (Jay) Kim, can be reached on 571-272-3804. The RightFax number for faxing directly to the examiner is 571-273-3551. 
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http:// www.uspto.gov/interviewpractice.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).
/SHANTO ABEDIN/               Primary Examiner, Art Unit 2494