Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .



DETAILED ACTION
This action is in response to the Amendment filed on 01/06/2022.
Claims 1-22 are under examination.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 4, 7-10, 13-14, 17, 20 and 22 are rejected under 35 U.S.C. 103 as being unpatentable over Ben-Shalom et al. (US 2013/0339740 A1) and Ganapathy et al. (US 2016/0035159 A1).
Regarding claim 1, Ben-Shalom et al. discloses: A computer implemented method comprising: receiving a first digital certificate from a target device [par. 0039, “client device 102 may provide a multi-factor client identity certificate to server 106”], wherein the first digital certificate corresponds to a pairing of a target user and the target device [par. 0021, “Multi-factor certificate 108 may be a digital file that binds or associates a first factor, such as an identity of client device 102, with a second factor, such as an identity of a user”]; verifying the first digital certificate [par. 0040, “server 106 may validate the multi-factor certificate received from client device 102”, par. 0025, “multi-factor certificate authentication logic 112 may enable server 106 to verify the legitimacy of multi-factor certificate 108 by querying certificate authority 110”]; the method performed programmatically by one or more computing systems under control of executable program code [par. 0060].
Ben-Shalom et al. does not explicitly disclose determining one or more actions based at least partly on the verification of the first digital certificate; and causing performance of the one or more actions by a remote reacting device with respect to the pairing of the target user and the target device, wherein the performance of the one or more actions is responsive to the remote reacting device detecting the target device.
However Ganapathy et al. teaches determining one or more actions based at least partly on the verification of the first digital certificate [par. 0026, “the onboarded mobile device (e.g., Client.sub.M 149) with the application can be used as physical identity proof to activate the physical access control device (e.g., access control device 160). Note that, the validated user network identity proof (e.g., user certificate 170) can be used to activate the physical access control device 160 irrespective of whether or not the physical access control device 160 has network connectivity”]; and causing performance of the one or more actions by a remote reacting device with respect to the pairing of the target user and the target device, wherein the performance of the one or more actions is responsive to the remote reacting device detecting the target device [par. 0022, “an onboarding process can provision a unique user certificate 170 in mobile device, such as Client.sub.M 149... The user certificate obtained from the onboarding process allows the mobile device to connect to a Service Set Identifier (SSID) associated with a company's WLAN. Once the mobile device is connected to the WLAN, the mobile device will be able to access any network resources of the WLAN as governed by a set of preconfigured network access control policies. The access control policies generally specify which user certificate has what level of access to various network resources in the WLAN”, par. 0025, “user certificate 170 is used also as a physical identity proof to allow the certificate holder, e.g., Client.sub.M 149, access to the physical resource, which is controlled by access control device 160. Two primary components can be used to use the user's validated network identity in the form of unique certificate as physical identity proof. Techniques described herein use a short range low power wireless technology, such as Near Field Communication (NFC). Although only NFC has been mentioned, it can be replaced with any equivalent short range wireless technology capable of detecting and transferring data between two devices upon close proximity, for example, Bluetooth Low Energy (BLE) technology. The first component is an application running on the mobile device, e.g., Client.sub.M 149, which can use the onboarded unique certificate. The application is NFC-enabled and thus can detect an NFC peer's presence and communicate with the NFC peer. The second component is a physical access control device (e.g., access control device 160) which is also NFC-enabled”].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Ganapathy et al. into the teaching of Ben-Shalom et al. with the motivation for using mobile devices with validated user network identity as physical identity proof as taught by Ganapathy et al. [Ganapathy et al.: abs.].
Regarding claim 4, the rejection of claim 1 is incorporated.
Ben-Shalom et al. further discloses wherein verifying the first digital certificate comprises verifying a signature associated with a certificate authority that issued the first digital certificate [par. 0041, “server 106 may rely on the digital signature of the certificate authority, which is included in the multi-factor certificate, to trust that the multiple factors or multiple identities associated with client device 102 have been certified or sanctioned by the certificate authority. Server 106 may also rely on a digital signature of the certificate authority to trust that the multiple factors or multiple identities are authorized to be associated with the cryptographic key or code sent from client device 102”].
Regarding claim 7, the rejection of claim 1 is incorporated.
Ben-Shalom et al. further discloses communicating with the target computing device based at least in part on the first digital certificate [see fig. 4].
Regarding claim 8, it recites limitations similar to claim 1. The reason for the rejection of claim 1 is incorporated herein.
Regarding claim 9, the rejection of claim 8 is incorporated.
[see fig. 4, par. 0024].
Regarding claim 10, the rejection of claim 8 is incorporated.
Ben-Shalom et al. further discloses causing the performance of the one or more actions comprises authorizing one or more computing devices to be operated by the target user [par. 0024, “Server 106 may be configured to require multi-factor authentication for requests, accesses, or transactions received from client device 102. As discussed above, server 106 may be configured to establish a connection with client device 102 to provide client device 102 with remote access to information stored on server 106, or engage in a transaction with server 106”].
Regarding claim 13, it recites limitations similar to claim 4. The reason for the rejection of claim 4 is incorporated herein.
Regarding claim 14, it recites limitations similar to claim 1. The reason for the rejection of claim 1 is incorporated herein. Ben-Shalom et al. further discloses an electronic data repository storing digital certificates associated with particular user-device pairings [par. 0066, “an apparatus may include a network interface; memory; and a processor communicatively coupled to the network interface and to the memory. The processor may be configured to store a multi-factor digital security certificate in the memory. The certificate may include a number of factors and a cryptographic key. A first of the number of factors may include an identifier of the apparatus and a second of the number of factors may include an identifier of a user of the apparatus”].
Regarding claim 17, it recites limitations similar to claim 4. The reason for the rejection of claim 4 is incorporated herein.
Regarding claim 20, it recites limitations similar to claim 7. The reason for the rejection of claim 7 is incorporated herein.
Regarding claim 22, the rejection of claim 8 is incorporated.
Ganapathy et al. further teaches the target computing device and the reacting computing device are remotely located from the one or more computer systems [see fig. 1, fig. 2A, fig. 2B].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Ganapathy et al. into the teaching of Ben-Shalom et al. with the motivation for using mobile devices with validated user network identity as physical identity proof as taught by Ganapathy et al. [Ganapathy et al.: abs.].

Claims 2-3, 11-12 and 15-16 are rejected under 35 U.S.C. 103 as being unpatentable over Ben-Shalom et al. (US 2013/0339740 A1) and Ganapathy et al. (US 2016/0035159 A1) as applied to claims 1, 4, 7-10, 13-14, 17, 20 and 22 above, and further in view of Hinton (US 2010/0083347 A1).
Regarding claim 2, the rejection of claim 1 is incorporated.
Ben-Shalom et al. and Gast discloses verifying the first digital certificate.

However Hinton teaches the first digital certificate includes at least one of an expiration time or expiration condition [par. 0008, “The CA also assigns parameters for the validity of the certificate. These parameters include the certificate's issuance date and expiration date, and many other attributes”, par. 0015, “the certificate may be invalid when an expiration date of the certificate has passed”].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Hinton into the teaching of Ben-Shalom et al. and Ganapathy et al. with the motivation for verifying and enforcing certificate use  as taught by Hinton [Hinton: abs.].
Regarding claim 3, the rejection of claim 2 is incorporated.
Hinton further teaches wherein verifying the first digital certificate comprises verifying whether the certificate has expired in accordance with the expiration time or expiration condition [par. 0015, “the certificate may be invalid when an expiration date of the certificate has passed, the expiration date of the certificate is more than a predetermined period old at the time of validating”].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Hinton into the teaching of Ben-Shalom et al. and Ganapathy et al. with the motivation for verifying and enforcing certificate use  as taught by Hinton [Hinton: abs.].
Regarding claim 11, it recites limitations similar to claim 2. The reason for the rejection of claim 2 is incorporated herein.
Regarding claim 12, it recites limitations similar to claim 3. The reason for the rejection of claim 3 is incorporated herein.
Regarding claim 15, it recites limitations similar to claim 2. The reason for the rejection of claim 2 is incorporated herein.
Regarding claim 16, it recites limitations similar to claim 3. The reason for the rejection of claim 3 is incorporated herein.

Claims 5-6 and 18-19 are rejected under 35 U.S.C. 103 as being unpatentable over Ben-Shalom et al. (US 2013/0339740 A1) and Ganapathy et al. (US 2016/0035159 A1) as applied to claims 1, 4, 7-10, 13-14, 17, 20 and 22 above, and further in view of Koster (US 2017/0104749 A1).
Regarding claim 5, the rejection of claim 1 is incorporated.
Ben-Shalom et al. and Ganapathy et al. discloses verifying the first digital certificate.
Ben-Shalom et al. and Ganapathy et al. do not explicitly disclose requesting for a second digital certificate from the target computing device in response to a failed verification of the first digital certificate.
However Koster teaches requesting for a second digital certificate from the target computing device in response to a failed verification of the first digital certificate [claim 1, “…in response to a negative evaluation of the buffer period to the current date, restricting the Certificate provided with the request and blocking at least a portion of network access to the user device”, claim 7, “wherein blocking at least a portion of the network access includes directing the User Device to a re-enrolment site to request a new Certificate”, claim 8, claim 9].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Koster into the teaching of Ben-Shalom et al. and Ganapathy et al. with the motivation of managing Certificate based secure network access based on a Certificate having a buffer period prior to expiration as taught by Koster [Koster: par. 0026].
Regarding claim 6, the rejection of claim 5 is incorporated.
Ben-Shalom et al. and Ganapathy et al. discloses digital certificate corresponds to the pairing of the target user and the target device.
Koster teaches requesting for a second digital certificate from the target computing device [claim 1, “…in response to a negative evaluation of the buffer period to the current date, restricting the Certificate provided with the request and blocking at least a portion of network access to the user device”, claim 7, “wherein blocking at least a portion of the network access includes directing the User Device to a re-enrolment site to request a new Certificate”, claim 8, claim 9].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Koster into the teaching of Ben-Shalom et al. and Ganapathy et al. to have the second digital certificate corresponds to the pairing of the target user and the target device with the motivation of managing Certificate [Koster: par. 0026].
Regarding claim 18, it recites limitations similar to claim 5. The reason for the rejection of claim 5 is incorporated herein.
Regarding claim 19, it recites limitations similar to claim 6. The reason for the rejection of claim 6 is incorporated herein.

Claim 21 is rejected under 35 U.S.C. 103 as being unpatentable over Ben-Shalom et al. (US 2013/0339740 A1) and Ganapathy et al. (US 2016/0035159 A1) as applied to claims 1, 4, 7-10, 13-14, 17, 20 and 22 above, and further in view of Lazaridis et al. (US 2014/0141750 A1).
Regarding claim 21, the rejection of claim 1 is incorporated.
Ben-Shalom et al. and Ganapathy et al. discloses verifying the first digital certificate.
Ben-Shalom et al. and Ganapathy et al. do not explicitly disclose the first digital certificate is issued by a certificate authority implemented on the target device.
However Lazaridis et al. teaches the first digital certificate is issued by a certificate authority implemented on the target device [par. 0081, “ the devices 402a, 402b can be the mobile devices”, par. 0096, “the first device 402a and the second device 402b each obtain certificate data from the certificate authority 430. The certificate data can include one or more digital certificates issued by the certificate authority 430. One or both of the devices 402a, 402b may receive the certificate data by a wired or wireless connection to another device, over a network, or otherwise. In some implementations, one of the devices 402a, 402b can act as the certificate authority 430. Accordingly, a certificate may be obtained by accessing the certificate from a local memory, generating the certificate locally on the device, or in another manner”, abs, methods, systems, and computer programs for trusted communication among mobile devices].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Lazaridis et al. into the teaching of Ben-Shalom et al. and Ganapathy et al. with the motivation such that one or more devices owned or managed by the same entity may be configured to perform the duties of a certificate authority for a subset of other devices under control of the same entity as taught by Lazaridis et al. [Lazaridis et al.: par. 0098].



Response to Arguments
Applicant’s arguments, filed on 01/06/2022, with respect to rejection under 35 USC § 103 have been considered but are moot in view of the new ground(s) of rejection.



Conclusion
The prior art made of record and not relied upon is considered pertinent to Applicant’s disclosure:
US 20080022103 A1		System and Method for Provisioning Device Certificates
US 20150249540 A1		PASSWORD-LESS AUTHENTICATION SERVICE
US 20160142215 A1		METHOD AND APPARATUS FOR MANAGING CERTIFICATES
US 20080244706 A1		Method of and System For Generating an Authorized Domain
US 20160381006 A1		DISTRIBUTING AN AUTHENTICATION KEY TO AN APPLICATION INSTALLATION
US 20020029337 A1		Method for securely using digital signatures in a commercial cryptographic system
US 20140181894 A1		TRUSTED CONTAINER

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to JASON CHIANG whose telephone number is (571)270-3393.  The examiner can normally be reached on 9 AM TO 6 PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571) 272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/JASON CHIANG/Primary Examiner, Art Unit 2431