DETAILED ACTION

1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
 
 2.	The Office action is in response to the patent application filed on January 11, 2021.  The application contains 15 claims, wherein claim 1 has been canceled.  Claims 2-15 are directed to a method, and a computer-readable storage media for partitioning certificate revocation lists.  Claims 2-15 are pending.

Priority
3.	The instant application is a division of application No. 15/851,562, filed on Dec. 21, 2017, which is a continuation of application No. 14/874,310, filed on Oct. 2, 2015.
The independent claims 2, and 9 of the instant application recite the limitation “updating the threshold period of time based at least in part on a number of digital certificates including the first CRL address;”, which are not disclosed in the parent application No. 14/874,310.  Therefore, the priority date for the limitations related to the updated threshold period of time are the filing date of the application: January 11, 2021. 

Claim Rejections - 35 USC § 103

4.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

5.	Claims 2-15 are rejected under 35 U.S.C. 103 as being unpatentable over Van Oorschot et al. (U.S. 5,699,431), hereinafter “Oorschot”, in view of Parkinson et al. (U.S. 2008/0126378 A1), hereinafter “Parkinson”, further in view of Kim et al. (U.S. 2017/0060960 A1), hereinafter “Kim”.
Referring to claims 2,  9:
	 	Oorschot teaches:
                      A computer implemented method for managing certificate revocation list (CRL) size by distributing digital certificates issued by a certificate authority (CA) across a plurality of different CRLs based on a time at which the digital certificates are generated, the method comprising (see Oorschot, fig. 5): 
           generating over a first period of time, using one or more computing devices associated with the CA, a first plurality of digital certificates, wherein each of the first plurality of digital certificates includes a first CRL address, wherein the first CRL address indicates a location of a first CRL, and wherein the first CRL is configured to include a first list of revoked digital certificates that identifies one or more of the first plurality of digital certificate that were generated during the first period of time (see Oorschot, fig. 6, on the right, ‘assign certificate to specific CRL segment [i.e., the first period of time, where ‘the specific CRL segment’ corresponding to the first CRL ]’, ‘some time later’, ‘issue new CRL segment’; col. 3, lines 29-41 ‘Different (possibly non-disjoint) subsets of the set of all certificates issued by one certification authority are assigned to different CRLs, by assigning to each certificate one or more CRL segments, the location of which (referred to as a CRL distribution point) is specified in the particular certificate [i.e., where the CRL distribution point of the first CRL corresponding to the fist CRL address ].  A distribution point is a location which may serve as a readable data store (e.g. an entry in the directory), designated to contain a CRL segment.  The segment associated with a particular certificate is designated to contain the revocation entry for that certificate (and possibly also for other certificates) should that certificate (ever) be revoked…each certificate may be associated with a distinct distribution point [i.e., each of the first plurality of digital certificates includes a firs CRL address ]’);
          determining, using the one or more computing devices, to stop generating digital certificates that include the first CRL address based at least in part on the first period of time corresponding to a certain period of time, wherein the first CRL is active for assignment of digital certificates during the first period of time and inactive for assignment of digital certificates during other periods of time (see Oorschot, fig. 6, on the right, ‘assign certificate to specific CRL segment’, ‘some time later [i.e., a certain period of time (the first period of time): an hour, a day, a week, etc. ]’, ‘issue new CRL segment [i.e., determining to stop generating digital certificates that include the first CRL address ]’);
            based on the determining to stop generating certificates that include the first CRL address, generating over a second period of time that is different from the first period of time, using the one or more computing devices, a second plurality of digital certificates, wherein each of the second plurality of digital certificates includes a second CRL address, wherein the second CRL address indicates a location of a second CRL, wherein the second CRL is configured to include a second list of revoked digital certificates that identifies one or more of the second plurality of digital certificates that were generated during the second period of time (see Oorschot, fig. 6, on the right, ‘assign certificate to specific CRL’, ‘some time later [i.e., the second period of time ]’, ‘issue new CRL segment [i.e., where the ‘new CRL segment’ corresponding to the second CRL ]’; col. 3, lines 29-41 ‘Different (possibly non-disjoint) subsets of the set of all certificates issued by one certification authority are assigned to different CRLs, by assigning to each certificate one or more CRL segments, the location of which (referred to as a CRL distribution point) is specified in the particular certificate [i.e., where the CRL distribution point of the second CRL corresponding to the second CRL address ].  A distribution point is a location which may serve as a readable data store (e.g. an entry in the directory), designated to contain a CRL segment.  The segment associated with a particular certificate is designated to contain the revocation entry for that certificate (and possibly also for other certificates) should that certificate (ever) be revoked…each certificate may be associated with a distinct distribution point [i.e., each of the first plurality of digital certificates includes a second CRL address ]’); 
              and determining, using the one or more computing devices, to stop generating digital certificates that include the second CRL address based at least in part on the second period of time corresponding to the certain period of time, wherein the second  CRL is active for assignment of digital certificates during the second period of time and inactive for assignment of digital certificates during other periods of time (see Oorschot, fig. 6, on the right, ‘assign certificate to specific CRL segment’, ‘some time later [i.e., a certain period of time: an hour, a day, a week, etc. ]’, ‘issue new CRL segment [i.e., determining to stop generating digital certificates that include the first CRL address ]’), 
               wherein in response to revocation of a first digital certificate of the first plurality of digital certificates, an indication of the first digital certificate is added to the first list of revoked digital certificates of the first CRL based at least in part on the time at which the first digital certificate was generated (see Oorschot, fig. 6, on the right, ‘assign certificate to specific CRL segment [i.e., during the first period of time ]’, ‘some time later’, ‘issue new CRL segment’; col. 3, lines 29-41 ‘...  A distribution point is a location which may serve as a readable data store (e.g. an entry in the directory), designated to contain a CRL segment.  The segment associated with a particular certificate is designated to contain the revocation entry for that certificate (and possibly also for other certificates) should that certificate (ever) be revoked [i.e., where ‘the segment (the specific CRL segment)’ corresponding to the first list of revoked digital certificates of the first CRL based on the time ] …each certificate may be associated with a distinct distribution point [i.e., each of the first plurality of digital certificates includes a firs CRL address ]’), and
               wherein in response to revocation of a second digital certificate of the second plurality of digital certificates, an indication of the second digital certificate is added to the second list of revoked digital certificates of the second CRL based at least in part on the time at which the second digital certificate was generated (see Oorschot, fig. 6, on the right, ‘assign certificate to specific CRL segment [i.e., during the first period of time ]’, ‘some time later’, ‘issue new CRL segment’; col. 3, lines 29-41 ‘…A distribution point is a location which may serve as a readable data store (e.g. an entry in the directory), designated to contain a CRL segment.  The segment associated with a particular certificate is designated to contain the revocation entry for that certificate (and possibly also for other certificates) should that certificate (ever) be revoked [i.e., where ‘the segment (new CRL segment)’ corresponding to the second list of revoked digital certificates of the first CRL based on the time ] …each certificate may be associated with a distinct distribution point [i.e., each of the first plurality of digital certificates includes a firs CRL address ]’).
           Oorschot suggests the second period of time (see Oorschot, fig. 6, on the right, ‘assign certificate to specific CRL segment [i.e., during the first period of time ]’, ‘some time later [i.e., the second period of time ]’, ‘issue new CRL segment’). However, Oorschot does not elaborate on the second period of time.
	Oorschot discloses a certain period of time (see Oorschot, fig. 6, on the right, ‘assign certificate to specific CRL segment [i.e., during the first period of time ]’, ‘some time later [i.e., a certain period of time (the first period of time): an hour, a day, a week, etc. ]’, ‘issue new CRL segment’). However, Oorschot does not disclose a threshold period of time, and does not disclose updating the threshold period of time based on a number of digital certificated including the first CRL address.
		Parkinson discloses the second period of time (see Parkinson, fig. 6, 602 ‘time to generate new CRL?’).
	           It would have been obvious to one of the ordinary skilled in the art, before the effective filing date of the claimed invention, to apply the teaching of Parkinson into the system of Oorschot to apply the second period of time.  Oorschot teaches “a new method for managing lists of revoked certificates (certificate revocation lists), by partitioning them into smaller segments thereby allowing the maximum potential size of any one segment to be kept arbitrarily small, and allowing efficient processing of lists according to revocation reasons.” (see Oorschot, col. 1, line 8). Therefore, Parkinson’s teaching could enhance the system of Oorschot,  because  Parkinson teaches "providing a compressed certificate revocation list (CRL) in a public key infrastructure (PKI) environment.” (see Parkinson, [0002]).   
	 	Kim discloses the threshold period of time, and further discloses updating the threshold period of time in response to analyzing the log data (see Kim, [0049] ‘The input processing unit may modify the dwell time threshold in response to, for example, analyzing the log data.’).
           It would have been obvious to one of the ordinary skilled in the art, before the effective filing date of the claimed invention, to apply the teaching of Kim into the system of Oorschot to use the threshold period of time, and to update the threshold period of time based on a number of digital certificates including the first CRL address.  Oorschot teaches “a new method for managing lists of revoked certificates (certificate revocation lists), by partitioning them into smaller segments thereby allowing the maximum potential size of any one segment to be kept arbitrarily small, and allowing efficient processing of lists according to revocation reasons.” (see Oorschot, col. 1, line 8). Therefore, Kim’s teaching could enhance the system of Oorschot,  because  Kim discloses "The dwell time threshold may then be changed to correspond to the determined average dwell time.” (see Kim, [0049]), 
Referring to claims 3, 10:
	 	Oorschot, Parkinson, and Kim further disclose:
		revoking, using the one or more computing devices, a second digital certificate of the first plurality of digital certificates, wherein said revoking includes updating the first list of revoked digital certificates of the first CRL to include an indication of the second digital certificate of the first plurality of digital certificate (see Oorschot, col. 2, line 3 ‘the CRL is updated at regular intervals (e.g. daily or weekly). In Addition, Parkinson, [0045] ‘The CRL 210 further contains a last update field 213 and a next update field 214.’).
Referring to claims 4, 11:
	 	Oorschot, Parkinson, and Kim further disclose:
		wherein the CA is associated with a plurality of CRLs that includes the first CRL, wherein over the first period of time the first CRL is active for assignment of digital certificates and during the first period of time all other CRLs of the plurality of CRL are inactive for assignment of digital certificates (see Oorschot, fig. 6, on the right, ‘assign certificate to specific CRL segment [i.e., the first CRL ]’; col. 3, lines 29-41 ‘Different (possibly non-disjoint) subsets of the set of all certificates issued by one certification authority are assigned to different CRLs, by assigning to each certificate one or more CRL segments, the location of which (referred to as a CRL distribution point) is specified in the particular certificate [i.e., during the first period of time the first CRL is active for assignment, all other CRLs are inactive ].  … each certificate may be associated with a distinct distribution point [i.e., during the first period of time the first CRL is active for assignment, all other CRLs are inactive ]’).
Referring to claims 5, 12:
	 	Oorschot, Parkinson, and Kim further disclose:
		wherein the second CRL is created after an expiration of the first period of time (see Oorschot, fig. 6, on the right, ‘assign certificate to specific CRL segment [i.e., the first CRL is active for assignment during the first period of time ]’, ‘some time later [i.e., after an expiration of the first period of time ]’, ‘issue new CRL segment [i.e., the second CRL is created]’).
Referring to claims 6, 13:
	 	Oorschot, Parkinson, and Kim further disclose:
		wherein the CA is associated with a plurality of CRLs that includes the first CRL and the second CRL, wherein over the second period of time the second CRL is active for assignment of digital certificates and during the second period of time all other CRLs of the plurality of CRL are inactive for assignment of digital certificates (see Oorschot, fig. 6, on the right, ‘assign certificate to specific CRL segment [i.e., the first CRL , the first CRL is active during the first period or time ]’, ‘some time later [i.e., the first period of time expires, and the second period of time starts ]’, ‘issue new CRL segment [i.e., the second CRL, during the second period or time, the second CRL is active, the first CRL is inactive ]’).
Referring to claims 7, 14:
	 	Oorschot, Parkinson, and Kim further disclose:
           wherein said generating the first plurality of digital certificates comprises assigning the first CRL address to each of the first plurality of digital certificates, wherein said generating the second plurality of digital certificates comprises assigning the second CRL address to each of the second plurality of digital certificates (see Oorschot, fig. 6, on the right, ‘assign certificate to specific CRL segment [i.e., the first CRL, assigning the first CRL address to the first plurality of digital certificates ]’, ‘some time later’, ‘issue new CRL segment [i.e., the second CRL, assigning the second CRL address to the second plurality of digital certificates ]’; col. 3, lines 29-41 ‘Different (possibly non-disjoint) subsets of the set of all certificates issued by one certification authority are assigned to different CRLs, by assigning to each certificate one or more CRL segments, the location of which (referred to as a CRL distribution point) is specified in the particular certificate [i.e., where the CRL distribution point of the first CRL corresponding to the CRL address, where the CRL distribution point of the second CRL corresponding the second CRL address ].  … each certificate may be associated with a distinct distribution point’).
Referring to claims 8, 15:
	 	Oorschot, Parkinson, and Kim further disclose:
           wherein the second period of time occurs after an expiration of the first period of time (see Oorschot, fig. 6, on the right, ‘assign certificate to specific CRL segment [i.e., the first CRL, and assigning the first CRL address to the first plurality of digital certificates ]’, ‘some time later [i.e., the first period of time expires, and the second period of time starts ]’, ‘issue new CRL segment [i.e., the second CRL, and assigning the second CRL address to the second plurality of digital certificates ]’). 
 
Conclusion

7.	The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure.
(a)	Goulart; Valerie et al. (US 9940660 B2) disclose Add items from previous orders;
(b)	IGNATCHENKO; Sergey (US 20140006788 A1) disclose secure key storage systems, methods and apparatuses;
(c)	Gabrielson; Jacob Adam (US 10454899 B1) disclose Controlling firewall ports in virtualized environments through public key cryptography;
(d)	Andrews; Richard F. et al. (US 10404681 B2) disclose Accelerating OCSP responses via content delivery network collaboration;
(e)	SCHEXNAYDRE; MICHAEL J. et al. (US 20180248705 A1) disclose acceleration of online certificate status checking with an internet hinting service;
(f)	GUNTI; Mukund et al. (US 20170005808 A1) disclose automated provisioning of certificates;
(g)	KHELLO; Robert et al. (US 20160261596 A1) disclose WI-FI integration for non-sim devices.

 	8.       Any inquiry concerning this communication or earlier communications from the examiner should be directed to Peiliang Pan whose telephone number is (571) 272-5987.  The examiner can normally be reached on Monday-Friday 8:00 am - 5:00 pm EST.
          If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on (571) 272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
           Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/PEILIANG PAN/Examiner, Art Unit 2492   

/SALEH NAJJAR/Supervisory Patent Examiner, Art Unit 2492