DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Election/Restrictions
Applicant's election with traverse of Group I, claims 1-4 in the reply filed on 04/15/2022 is acknowledged.  The traversal is on the ground(s) that the subject matter of all claims is sufficiently related that a thorough search for the subject matter of any one Group of claims would encompass a search for the subject matter of the remaining claims. That the search and examination of the entire application could be made without serious burden.  
This is not found persuasive because the inventios as claimed do not encompass overlapping subject matter due to their different limitations and there is nothing of record to show them to be obvious variants, (e.g., login of group I is not obvious from secure connection of Group II and accessing the newest posts of groups III, and vice versa. The inventions have acquired a separate status in the art in view of their different classification. The inventions have acquired a separate status in the art due to their recognized divergent subject matter. The inventions require a different field of search (e.g., searching different classes/subclasses or electronic resources, or employing different search strategies or search queries). As shown that different field of classification, Group I would be classified in H04L29/0823. Group II would be classified in H04L29/06326. Group III would be classified in H04L67/06.
The requirement is still deemed proper and is therefore made FINAL.

Claims 5-15 are withdrawn from further consideration pursuant to 37 CFR 1.142(b), as being drawn to a nonelected invention, there being no allowable generic or linking claim. Applicant timely traversed the restriction (election) requirement in the reply filed on 04/15/2022.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-4 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Re. claim 1 recites “hashing the received signed certificate to obtain a hash value, and verifying the hash value using a hash value of the signed certificate from the cloud server”. The broadest reasonable interpretation of the claim requires the functional language that an element must somehow shows where the signed certificate is transmitted to, what is performing the hash value, and what is verifying the hash house. There is no structure of performing the hashing nor verifying the hash value. Also, there is no indication where the signed certificate is coming from. For example, receiving the signed certificate from the cloud server or the hub.  
The boundaries of the functional language is unclear because the claim does not provide a discernable boundary on what performs the function. The recited function does not follow from the structure recited in the claim, i.e., if the app computer device or hub computer or a third party are performing these functions. For the purpose of Examination, it is interpreted as having two hash values from the same entity being matched. Thus, one of ordinary skill in the art would not be able to draw a clear boundary between what is and is not covered by the claim.

Re. claim 4 recites “verifying the hash value is performed by comparing, by the app computer device, the hash value of the signed certificate received from the cloud server and the hash value of the signed certificate obtained by the hashing of the signed certificate”, claim 4 does show an element performing the functional language of performing the verification. However, The broadest reasonable interpretation of the claim requires the functional language that an element must somehow shows where the signed certificate is transmitted to and what is performing the hash value. There is structure of performing the hashing. Also, there is no indication where the signed certificate is coming from. For example, receiving the signed certificate from the cloud server or the hub.  
The boundaries of the functional language is unclear because the claim does not provide a discernable boundary on what performs the function. The recited function does not follow from the structure recited in the claim, i.e., if the app computer device or hub computer or a third party are performing the hash value. For the purpose of Examination, it is interpreted as having two hash values from the same entity being matched. Thus, one of ordinary skill in the art would not be able to draw a clear boundary between what is and is not covered by the claim.

Claims 2-3 fall together accordingly as they do not cure the deficiencies of claim 1.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1 and 3 are rejected under 35 U.S.C. 103 as being unpatentable over Hughes (US 20190074982) in view of Zhu et al. (US 20070113096, hereinafter Zhu).

Re. claim 1, Hughes discloses a method performing an initial login procedure for a network, the method comprising: generating, by a hub computer, a certificate signing request and a corresponding private key for each of a hub certificate and a login certificate (Hughes discloses a client device (as “hub computer”) generates public and private key pair along with CSR (certificate signing request) [0204-0206]); 
generating a combined file of the login certificate authority and the private key (Hughes discloses create key material (public certificate and private key) and distribute them securely to users (in PKCS #12 packages or USB security token) [0076]); 
initiating, by a hub computer, a secure server using the login certificate authority (Hughes discloses submit the self-signed CSR to the IRP server (“as secure server”) [0207]), and transmitting a request for a new login to a cloud server (Hughes discloses for each CSR retrieved from the IRP server 805, the automated RA/CA process  (as “cloud server”) 807 does an automatic review based on a pre-approved authentication template [0208]. A user with no certificate launches an application on the device, initiates a transaction to request for a new certificate [0202]. CRA/CA signs the certificate [0210]. The user does an UPA logon to the (local domain) IRP server to apply for her new certificate [0309], transmitting a new certificate for the user to have access); 
connecting, by an app computer device, to the hub computer, and receiving the signed certificate from the hub computer (Hughes discloses SCEP is used primarily for routers to obtain IPsec digital certificates, which are used for mutual strong authentication in node to node connections using Ipse [0057]. Returns the singed certificate back to the client device 803 [0212]. The user's client device 1503 then displays the certificate status in a user interface of the user's client device 1503 displayed on a display connected to the user's client device [0316], connecting device with device and receive the signed certificate); 
and transmitting, from the app computer device, a request for login to the hub computer, and receiving the login certificate from the hub computer to login (Hughes discloses she enters her user information, and clicks an Enroll button in a user interface of the user's client device 803 to request for her certificate [0203]. Returns the singed certificate back to the client device 803 does a link of the signed certificate with the corresponding private key in a certificate storage accessible to the user's client device 803. completion of retrieval of the signed certificate is notified to the user 801 through a user interface on the user's client device [0212]. The user does an UPA logon to the (local domain) IRP server to apply for her new certificate, which she subsequently uses to do SCA logon for her other PKI transactions [0309]).
Although Hughes discloses signed certificate with private key [0206]. Generating signed certificate cloud server and sending to secure server [0212], Hughes does not explicitly teach but Zhu teaches signing, by a hub computer, the certificate signing request of the login certificate with a generated self-signed login certificate authority (Zhu teaches ACS 104 issues individualized ACS-signed certificates [0022]. a peer 102 generates a peer-signed certificate 208 [0034]), 
generating, at the cloud server, a signed certificate, and transmitting the signed certificate to the hub computer (Zhu teaches k.sub.ACS is the ACS's private key used to sign certificates issued by ACS 104 to peers 102 [0054]); 
hashing the received signed certificate to obtain a hash value, and verifying the hash value using a hash value of the signed certificate from the cloud server (Zhu teaches the two versions of the first tracking hash value (c) do match (as determined at block 620), then the integrity verification is successful [0071]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by Hughes to include signing, by a hub computer, the certificate signing request of the login certificate with a generated self-signed login certificate authority; generating, at the cloud server, a signed certificate, and transmitting the signed certificate to the hub computer; hashing the received signed certificate to obtain a hash value, and verifying the hash value using a hash value of the signed certificate from the cloud server as disclosed by Zhu. One of ordinary skill in the art would have been motivated for the purpose of verification and integrity (Zhu [0071]).
Re. claim 3, the combination of Hughes-Zhu teach the method according to claim 1, further comprising storing the signed certificate and the login certificate, by the cloud server (Hughes discloses RA/CA retrieves the CSR which leads to sign certificate 0208-0211]. the client device 803 does a link of the signed certificate with the corresponding private key in a certificate storage accessible to the user's client device 803 [0212]. One or more digital certificate stored in the database [0342]), with data of the hub computer, the data of the hub computer including an internet protocol address (Hughes discloses IP address of the device [0355]) and a port of the hub computer (Hughes teaches TCP port 443 (i.e. IANA assigned port number for HTTPS) [0159] [0358]), a hub name (Hughes teaches  the domain of the client device 1503 of the user 1501 [0311] [0353]).
 Hughes does not explicitly teach but Zhu teaches a hash value of a secret generated by the hub computer (Zhu discloses hash value of secret peer key [0061], and a hash value of the signed certificate (Zhu discloses the first tracking hash value (c) may be signed to generate a peer signed certificate [0062]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by Hughes to include hash values of information as disclosed by Zhu. One of ordinary skill in the art would have been motivated for the purpose of verification and integrity (Zhu [0071]).

Claim 2 is rejected under 35 U.S.C. 103 as being unpatentable over Hughes (US 20190074982) in view of Zhu et al. (US 20070113096, hereinafter Zhu) and in further view of Brouchier (US 20190075099, Brouchier).

Re. claim 2, the combination of Hughes-Zhu teach the method according to claim 1, Zhu further comprising: stopping, by the hub computer, listening for new connections using the login certificate authority (Zhu teaches IM 110 stores ACS-signed certificate 202 having the individualized certification value (C.sub.ACS) along with the peer public key (K.sub.p) in local secure storage. IM 110 then sends an acknowledgment to ACS 104 to close the individualization session [0058]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by Hughes to include stopping, by the hub computer, listening for new connections using the login certificate authority as disclosed by Zhu. One of ordinary skill in the art would have been motivated for the purpose of deters users from illegally uploading any copyrighted materials to the P2P network and dramatically reduces the amount of copyrighted materials that are shared through the P2P network (Zhu [0015]).
The combination of Hughes-Zhu do not explicitly teach but initiating, by the hub computer, listening for new connections with the app computer device using the signed certificate received from the cloud server (Brouvhier teaches the client 701 may desire to establish a secure connection 725 with server 703. the data connection 725 may be established using a certificate that was signed and issued by the server 703 [0113]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by the combination of Hughes-Zhu to include initiating, by the hub computer, listening for new connections with the app computer device using the signed certificate received from the cloud server as disclosed by Brouchier. One of ordinary skill in the art would have been motivated for the purpose of  securing data, preventing malicious entity to intercept and use data in malicious ways (Brouchier [0002]).

Claim 4 is rejected under 35 U.S.C. 103 as being unpatentable over Hughes (US 20190074982) in view of Zhu et al. (US 20070113096, hereinafter Zhu) and in further view of Sama (US 20130254875).

Re. claim 4, the combination of Hughes-Zhu teach the method according to claim 1, further comprising: an inputted secret displayed to the user at the hub computer to the hub computer as a part of a request for login to the hub computer (Hughes discloses she enters her user ID & password credentials and clicks on a Logon button at a step 202 through the client device 203 [0170]. the user's client device 1503 then displays the certificate status in a user interface of the user's client device 1503 displayed on a display connected to the user's client device [0316]); and receiving, by the app computer device, the login certificate and private key to establish the login (Hughes discloses the client device 803 does a link of the signed certificate with the corresponding private key in a certificate storage accessible to the user's client device 803. Completion of retrieval of the signed certificate is notified to the user 801 through a user interface on the user's client device 803 [0212]).
Hughes does not explicitly teach but Zhu teaches verifying the hash value is performed by comparing, by the app computer device, the hash value of the signed certificate received from the cloud server and the hash value of the signed certificate obtained by the hashing of the signed certificate (Zhu teaches the two versions of the first tracking hash value (c) do match (as determined at block 620), then the integrity verification is successful [0071]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by Hughes to include hash values of information as disclosed by Zhu. One of ordinary skill in the art would have been motivated for the purpose of verification and integrity (Zhu [0071]).
Although Zhu disclsoes matching hash values, the combination of Hughes-Zhu do not explicitly teach but Sama teaches when the hash value received from the cloud server matches the hash value of the signed certificate obtained by the hashing of the signed certificate, transmitting, by the app computer device, a part of a request for login to the hub computer (Sama teaches perform a hash operation on the received password and perform a match between the hashed received password and the retrieved hashed valid password. In response to an exact match, authentication server 120 may determine that the login request is authentic (i.e., the identity of the user is verified) and may grant the user access to the resource [0034]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by the combination of Hughes-Zhu to include when the hash value received from the cloud server matches the hash value of the signed certificate obtained by the hashing of the signed certificate, transmitting, by the app computer device, a part of a request for login to the hub computer as disclosed by Zhu. One of ordinary skill in the art would have been motivated for the purpose of authenticating the login request to gain access (Sama [0034]).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Fukuda et al. (US 20210297862) discloses check validity of the login request by verifying the electronic signature included in the login request using the electronic certificate of the user in a case where the login request is received from the user device, and permit the user device to use the intermediate service and transmits an access request to the service providing server in a case where the login request is confirmed to be valid.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KEVIN A AYALA whose telephone number is (571)270-3912. The examiner can normally be reached Monday-Thursday 8AM-5PM; Friday: Variable EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge Ortiz-Criado can be reached on 571-272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/K.A./Examiner, Art Unit 2496   
                                                                                                                                                                                                     /JORGE L ORTIZ CRIADO/Supervisory Patent Examiner, Art Unit 2496