DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is in response to Application No. 17/038,116 filed on 09/30/2020.
Claims 1-20 have been examined and are pending in this application.
Claim Interpretations
The following is a quotation of 35 U.S.C. 112(f):

(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

 	The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
  	This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.   Such claim limitation(s) are: “a bloom filter evaluation module configured to receive”, “a false positive comparison module configured to receive”, and “a control module configured to permit communication” in claims 1-10, “a certificate revocation module configured to generate”, “a false positive module configured to generate”, “the bloom filter evaluation module configured is to determine” in claims 11-13, and “a certificate revocation module configured to generate” and “a control module configured to” in claims 14-20.
Because these claim limitation(s) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, they are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Claim(s) 1-7, and 9-13 are rejected under 35 U.S.C. 103 as being unpatentable over Cebe et al. (US 2020/0366667; Hereinafter “Cebe”) in view of Doi et al. (US 2014/0373118; Hereinafter “Doi”).
Regarding claim 1, Cebe teaches a first Internet of things (loT) device comprising: a memory configured to store a bloom filter set including an array of bits representing entries in a certificate revocation list (Cebe: Para. [0019], As a result, when processing certificates, a certificate's revocation status must be checked before it is accepted. A certificate revocation list (CRL) is a commonly used method for certificate revocation schemes that keeps a list of serial numbers and revocation dates for revoked certificates. The status of a certificate can be determined by checking whether it is in the CRL or not. Para. [0030], Therefore, the most recent version of the CRL or delta CRLs is/are made available to all the potential nodes that will be using it. In the case of AMI, these CRLs need to be accessible by all the smart meters.), and 
a transceiver configured to receive from a second loT device a message, wherein the message includes a certificate (Cebe: Para. [0033], In traditional CRL approaches, when a smart meter presents its certificate to the recipient meter, that meter needs to verify that the presented certificate is not in the CRL.); 
Cebe does not explicitly teach a false positive set including a list of certificate entries falsely identified by the bloom filter set as being revoked; a bloom filter evaluation module configured to receive the bloom filter set from a back office station and determine whether an identifier associated with the certificate is deemed to be in the bloom filter set; a false positive comparison module configured to receive the false positive set from the back office station and determine whether the identifier is in the false positive set; and a control module configured to permit communication between the first loT device and the second loT device based on whether the identifier is deemed to be in the bloom filter set and whether the identifier is in the false positive set.
In an analogous art, Doi teaches a false positive set including a list of certificate entries falsely identified by the bloom filter set as being revoked (Doi: Para. [0131], Here, the false-positive certificate list can also be formed using the Bloom filter. The false-positive certificate list formed using the Bloom filter is referred to as Bloom-filter false-positive certificate list. Not the false-positive certificate list but the Bloom-filter false-positive certificate list is distributed to each device in the network. Para. [0134], Para. [0129]); 
a bloom filter evaluation module configured to receive the bloom filter set from a back office station and determine whether an identifier associated with the certificate is deemed to be in the bloom filter set (Doi: Para. [0069], Para. [0073]-[0074]. The communication unit 214 receives the Bloom-filter certificate revocation list generated by the server apparatus directly from the server apparatus or via another device, and transmits the list to the Bloom-filter certificate revocation list storage 211. Para. [0132], The device that receives the participation request tests a session certificate that becomes positive with reference to the Bloom-filter certificate revocation list, on the basis of the Bloom-filter false-positive certificate list.); 
a false positive comparison module configured to receive the false positive set from the back office station and determine whether the identifier is in the false positive set (Doi: Para. [0134], Para. [0139], Para. [0129], In a case where the presented session certificate is determined as positive, the device that receives the reparticipation request then tests whether the presented session certificate is included in the false-positive certificate list. Para. [0138], [0060]); and 
a control module configured to permit communication between the first loT device and the second loT device based on whether the identifier is deemed to be in the bloom filter set and whether the identifier is in the false positive set (Doi: Para. [0138], Note that, in a case where the presented session certificate is included therein (or is determined as positive), the network participation receiver 212 may once reject the connection to the network, of the device that makes the participation request, and may permit the participation thereof when a request with the session certificate after the update is received thereafter. Alternatively, the network participation receiver 212 may stand by until a new session certificate is installed by the certificate authority and a participation request with the session certificate after the update is received again. Para. [0075]).
It would have been obvious to a person having ordinary skill in the art, before the effective filing date of the claimed invention, to combine the teachings of Doi with the system and method of Cebe to include a false positive set including a list of certificate entries falsely identified by the bloom filter set as being revoked; a bloom filter evaluation module configured to receive the bloom filter set from a back office station and determine whether an identifier associated with the certificate is deemed to be in the bloom filter set; a false positive comparison module configured to receive the false positive set from the back office station and determine whether the identifier is in the false positive set; and a control module configured to permit communication between the first loT device and the second loT device based on whether the identifier is deemed to be in the bloom filter set and whether the identifier is in the false positive set because this functionality enables reduction of the load utilized by server resources (Doi: Para. [0005]). 
Regarding claim 2, Cebe, in combination with Doi, teaches the first loT device of claim 1, wherein the control module is configured to, in response to the identifier being deemed to not be in the bloom filter set, permit communication between the first loT device and the second loT device (Doi: Para. [0074], The network participation receiver 212 tests a session certificate presented by the device that makes the participation request, on the basis of the Bloom-filter certificate revocation list in the Bloom-filter certificate revocation list storage 211, and determines whether the session certificate is positive or negative. Para. [0075], In a case where the session certificate is determined as positive, the network controller 213 determines to reject the participation of the device that makes the participation request, and notifies the device that the participation is rejected. On the other hand, in a case where the session certificate is determined as not positive (as negative), the network controller 213 permits the participation of the device, and performs processing for connecting the device to the network. Para. [0138]).
Regarding claim 3, Cebe, in combination with Doi, teaches the first loT device of claim 1, wherein the control module is configured to, in response to the identifier being in the false positive set, permit communication between the first loT device and the second loT device (Doi: Para. [0138], If the presented session certificate is not included therein (or is determined as not positive), the network participation receiver 212 rejects connection of the device that makes the participation request. Note that, in a case where the presented session certificate is included therein (or is determined as positive), the network participation receiver 212 may once reject the connection to the network, of the device that makes the participation request, and may permit the participation thereof when a request with the session certificate after the update is received thereafter. Alternatively, the network participation receiver 212 may stand by until a new session certificate is installed by the certificate authority and a participation request with the session certificate after the update is received again.).
Regarding claim 4, Cebe, in combination with Doi, teaches the first loT device of claim 1, wherein the control module is configured to, in response to the identifier being deemed to be in the bloom filter set and not be in the false positive set, add the identifier to a potential false positive list and at least temporarily ignore communication from the second loT device (Doi: Para. [0138], Note that, in a case where the presented session certificate is included therein (or is determined as positive), the network participation receiver 212 may once reject the connection to the network, of the device that makes the participation request, and may permit the participation thereof when a request with the session certificate after the update is received thereafter. Alternatively, the network participation receiver 212 may stand by until a new session certificate is installed by the certificate authority and a participation request with the session certificate after the update is received again.).
Regarding claim 5, Cebe, in combination with Doi, teaches the first loT device of claim 4, wherein the control module is configured to: transmit the potential false positive list to the back office station (Doi: Para. [0132]); and receive at least one of an updated version of the bloom filter set or an updated version of the false positive set (Doi: Para. [0134], The false-positive certificate manager 118 distributes the false-positive certificate list (or the Bloom-filter false-positive certificate list) after the update to each device via the communication unit 117.).
Regarding claim 6, Cebe, in combination with Doi, teaches the first loT device of claim 5, wherein the control module is configured to determine whether to communicate with the second loT device based on at least one of the updated version of the bloom filter set or the updated version of the false positive set (Doi: Para. [0135], In a case of receiving a notification that a device included in the false-positive certificate list makes a participation request, if a session certificate of the device is included in the false-positive certificate list, the device certificate manager 116 reinstalls a valid session certificate. If the valid session certificate is successfully installed, the false-positive certificate manager 118 deletes the corresponding session certificate (the session certificate determined as false-positive) from the false-positive certificate list (or updates the Bloom-filter false-positive certificate list).).
Regarding claim 7, Cebe, in combination with Doi, teaches the first loT device of claim 1, wherein the false positive set includes identifiers of certificates not in the certificate revocation list (Doi: Para. [0117]-[0118], For example, in the example of FIG. 4, in a case where the identified index is 3, the session certificates C2 and C3 associated with the index 3 are first identified. Subsequently, whether C2 and C3 are revoked (are registered in the certificate revocation list) is tested. Assuming that only the session certificate C2 is revoked, the session certificate C3 is detected.) but in one or more potential false positive lists generated by the first loT device, the second loT device, or one or more other loT devices (Doi: Para. [0128], In view of the above, in the present embodiment, a false-positive certificate list is prepared as a list for distinguishing whether the presented session certificate is actually positive or false-positive. In a case where there is a device having a session certificate that becomes false-positive and where the session certificate of the device is yet to be updated, the session certificate before the update (the session certificate determined as false-positive) is listed in this false-positive certificate list.).
Regarding claim 9, Cebe, in combination with Doi, teaches the first loT device of claim 1, wherein the bloom filter evaluation module comprises a bloom filter and is configured to, using the bloom filter, determine whether an identifier associated with the certificate is deemed to be in the bloom filter set (Doi: Para. [0058], the Bloom-filter certificate revocation list manager 111 generates a Bloom filter, which may be called "Bloom-filter certificate revocation list (BF-CRL)" from the certificate revocation list according to a Bloom filter algorithm, and holds the Bloom-filter certificate revocation list. Para. [0060], the new revocation manager 114 tests whether any of session certificates that are not revoked currently (that are not registered in the certificate revocation list) becomes false-positive as a result of newly registering the revoked certificate into the Bloom-filter certificate revocation list.).
Regarding claim 10, Cebe, in combination with Doi, teaches the first loT device of claim 1, wherein: the bloom filter evaluation module comprises a bloom filter (Doi: Para. [0058], the Bloom-filter certificate revocation list manager 111 generates a Bloom filter, which may be called "Bloom-filter certificate revocation list (BF-CRL)" from the certificate revocation list according to a Bloom filter algorithm, and holds the Bloom-filter certificate revocation list.); 
the bloom filter comprises a plurality of hash functions; the plurality of hash functions determine respective bit locations in the array of bits for the identifier (Doi: Para. [0027], The Bloom filter is a filter for probabilistically testing whether or not given data (element) d is contained in a data set X (i.e., a member of a data set X), through an application of a hash function. Para. [0036]); and 
the bloom filter evaluation module determines the identifier to be in the bloom filter when all bits at the bit locations of the array of bits are set to 1 (Doi: Para. [0036]-[0043], Para. [0040], (d) Set 1 to the idx.sup.th bit in the bit sequence F (in a case where the idx.sup.th bit is already 1, the bit value is held at 1 without any change). Para. [0043], In short, for each element "xi" in the input data set X, the hash value "idx" is obtained from each of the "k" hash functions, and 1 is set to the idx.sup.th bit in the bit sequence F (in a case where the idx.sup.th bit is already 1, the bit value is held at 1 without any change), whereby the Bloom filter is generated. Para. [0120]).
Regarding claim 11, Cebe, in combination with Doi, teaches a system comprising: the first loT device of claim 1; and the back office station comprises a first bloom filter, wherein the first bloom filter is configured to generate the first bloom filter set based on the entries in the certificate revocation list (Doi: Para. [0058], the Bloom-filter certificate revocation list manager 111 generates a Bloom filter, which may be called "Bloom-filter certificate revocation list (BF-CRL)" from the certificate revocation list according to a Bloom filter algorithm, and holds the Bloom-filter certificate revocation list.).
Regarding claim 12, Cebe, in combination with Doi, teaches the system of claim 11, wherein: the back office station comprises: a memory configured to store the certificate revocation list, the bloom filter set, and the false positive set (Doi: Fig. 1-2, Fig. 6, Para. [0058], the Bloom-filter certificate revocation list manager 111 generates a Bloom filter, which may be called "Bloom-filter certificate revocation list (BF-CRL)" from the certificate revocation list according to a Bloom filter algorithm, and holds the Bloom-filter certificate revocation list. Para. [0060], Note that the new revocation manager 114 may create and manage a list of session certificates determined as false-positive (false-positive certificate list). The false-positive certificate list may be used to test whether any of the session certificates becomes false-positive.); a certificate revocation module configured to generate and store in the memory the certificate revocation list (Doi: Fig. 1-2, Fig. 6, Para. [0058], the Bloom-filter certificate revocation list manager 111 generates a Bloom filter, which may be called "Bloom-filter certificate revocation list (BF-CRL)" from the certificate revocation list according to a Bloom filter algorithm, and holds the Bloom-filter certificate revocation list.); and 
a false positive module configured to generate the false positive set based on a first potential false positive list received from the first loT device or another loT device (Doi: Para. [0128], In view of the above, in the present embodiment, a false-positive certificate list is prepared as a list for distinguishing whether the presented session certificate is actually positive or false-positive. In a case where there is a device having a session certificate that becomes false-positive and where the session certificate of the device is yet to be updated, the session certificate before the update (the session certificate determined as false-positive) is listed in this false-positive certificate list. Para. [0117]-[0188]).
Regarding claim 13, Cebe, in combination with Doi, teaches the system of claim 11, wherein: the bloom filter evaluation module comprises a second bloom filter; the second bloom filter is configured similarly or the same as the first bloom filter; and the bloom filter evaluation module is configured to determine if the identifier is in the bloom filter set using the second bloom filter (Doi: Para. [0058], The Bloom-filter certificate revocation list manager 111 holds a certificate revocation list that is a list of revoked certificates. Moreover, the Bloom-filter certificate revocation list manager 111 generates a Bloom filter, which may be called "Bloom-filter certificate revocation list (BF-CRL)" from the certificate revocation list according to a Bloom filter algorithm, and holds the Bloom-filter certificate revocation list. Para. [0059], Each time a revoked certificate newly occurs, the certificate revocation list is updated by adding the revoked certificate to the certificate revocation list, and the Bloom-filter certificate revocation list is also updated. For this update, the revoked certificate that is newly revoked may be reflected in the Bloom-filter certificate revocation list at that time (difference update), and the Bloom-filter certificate revocation list may be regenerated from the entire certificate revocation list after the addition. Para. [0060]).
Doi teaches a first bloom filter and utilizing the first bloom filter to determine whether a certificate identifier is present within a data set. Although Doi doesn’t explicitly teach a second bloom filter that is configured similarly or the same as the first bloom filter, the mere duplication of claim elements, such as a second bloom filter that is configured the same as the first bloom filter and performs the same functions, has no patentable significance unless a new and unexpected result is produced (In re Harza, 274 F.2d 669, 124 USPQ 378 (CCPA 1960)). (See MPEP 2144.04 VI. B. [R-10.2019])


Claim(s) 8 is rejected under 35 U.S.C. 103 as being unpatentable over Cebe et al. (US 2020/0366667; Hereinafter “Cebe”) in view of Doi et al. (US 2014/0373118; Hereinafter “Doi”) in view of Locketz (US 2020/0396061).
Regarding claim 8, Cebe, in combination with Doi, teaches the first loT device of claim 1. Cebe, in combination with Doi, does not explicitly teach wherein the control module is implemented as a vehicle-to-vehicle communication module of a vehicle.  
In an analogous art, Locketz teaches wherein the control module is implemented as a vehicle-to-vehicle communication module of a vehicle (Locketz: Para. [0089], In some implementations, the certificate management service 604 may be a V2X certificate management service. Para. [0090], Para. [0091], In some embodiments, the network edge 602 can use a bloom filter data structure, as discussed above, to determine if computerized devices 606 are to receive device updates from the certificate management service 604.)
It would have been obvious to a person having ordinary skill in the art, before the effective filing date of the claimed invention, to combine the teachings of Locketz with the system and method of Cebe and Doi to include wherein the control module is implemented as a vehicle-to-vehicle communication module of a vehicle because this functionality enables certificate management for vehicle to vehicle communications (Locketz: Para. [0002]). 

Claim(s) 14-20 are rejected under 35 U.S.C. 103 as being unpatentable over Locketz (US 2020/0396061) in view of Doi et al. (US 2014/0373118; Hereinafter “Doi”) .
Regarding claim 14, Locketz teaches a back office station comprising: a memory configured to store a certificate revocation list, a bloom filter set, wherein the certificates revocation list includes a revoked certificate of a first Internet of Thing (loT) device (Locketz: Para. [0045], the campaign management service 108 can transmit 126 the bloom filter data structure to a bloom filter device 114 via a message server 116. For example, the message server 116 can enable synchronously or asynchronously providing 128 the bloom filter data structure to the bloom filter device 114. In some examples, the network edge 102 can begin running or executing a campaign 130 by storing a cached copy of the bloom filter data structure in the bloom filter device 114 or the device management server 104. Thus, the network edge 102 can begin to process device update requests following the initialization of the bloom filter data structure by storing the bloom filter data structure within the network edge 102.); 
a certificate revocation module configured to generate and store in the memory the certificate revocation list (Locketz: Para. [0043], The data structure can include a bloom filter data structure, a linked list, a multi-dimensional array, or any other data structure that may be used to quickly identify devices 106 and/or requests 134 that are included in or correspond to the campaign, (e.g., devices that are in the list or set of device identifiers from the campaign initiation request). Para. [0046]);  
a bloom filter module comprising a bloom filter and configured to generate the bloom filter set based on the certificate revocation list using the bloom filter, wherein the bloom filter set is an array of bits representative of the certificate revocation list (Locketz: Para. [0070], The device management server can query the bloom filter data structure stored locally or in a separate bloom filter device to determine either that the computerized device is not a member of the campaign or that the computerized device may be a member of the campaign, subject to a possible, low-probability, false positive.).
Locketz does not explicitly teach a false positive set; a false positive module configured to generate the false positive set based on a first potential false positive list received from a second loT device, wherein the false positive set includes identifiers associated with certificates not in the certificate revocation list but in one or more potential false positive lists, wherein the one or more false positive lists includes the first potential false positive list, and wherein the false positive set includes an identifier of a third loT device; and a control module configured to transmit the bloom filter set and the false positive set to the second loT device to prevent communication with the first loT device and permit communication with the third loT device.
In an analogous art, Doi teaches a back office station comprising: a memory configured to store a false positive set (Doi: Para. [0060], Note that the new revocation manager 114 may create and manage a list of session certificates determined as false-positive (false-positive certificate list). The false-positive certificate list may be used to test whether any of the session certificates becomes false-positive.); 
a false positive module configured to generate the false positive set based on a first potential false positive list received from a second loT device, wherein the false positive set includes identifiers associated with certificates not in the certificate revocation list but in one or more potential false positive lists (Doi: Para. [0117]-[0118], For example, in the example of FIG. 4, in a case where the identified index is 3, the session certificates C2 and C3 associated with the index 3 are first identified. Subsequently, whether C2 and C3 are revoked (are registered in the certificate revocation list) is tested. Assuming that only the session certificate C2 is revoked, the session certificate C3 is detected.), wherein the one or more false positive lists includes the first potential false positive list, and wherein the false positive set includes an identifier of a third loT device (Doi: Para. [0128], In view of the above, in the present embodiment, a false-positive certificate list is prepared as a list for distinguishing whether the presented session certificate is actually positive or false-positive. In a case where there is a device having a session certificate that becomes false-positive and where the session certificate of the device is yet to be updated, the session certificate before the update (the session certificate determined as false-positive) is listed in this false-positive certificate list.); and 
a control module configured to transmit the bloom filter set and the false positive set to the second loT device to prevent communication with the first loT device (Doi: Para. [0137], A false-positive certificate list storage 215 is newly added. The false-positive certificate list storage 215 acquires the false-positive certificate list (or the Bloom-filter false-positive certificate list) distributed by the server apparatus (certificate authority) via the communication unit 214, and stores the list therein.) and permit communication with the third loT device (Doi: Para. [0135], In a case of receiving a notification that a device included in the false-positive certificate list makes a participation request, if a session certificate of the device is included in the false-positive certificate list, the device certificate manager 116 reinstalls a valid session certificate. If the valid session certificate is successfully installed, the false-positive certificate manager 118 deletes the corresponding session certificate (the session certificate determined as false-positive) from the false-positive certificate list (or updates the Bloom-filter false-positive certificate list).).
It would have been obvious to a person having ordinary skill in the art, before the effective filing date of the claimed invention, to combine the teachings of Locketz with the system and method of Doi to include a false positive set; a false positive module configured to generate the false positive set based on a first potential false positive list received from a second loT device, wherein the false positive set includes identifiers associated with certificates not in the certificate revocation list but in one or more potential false positive lists, wherein the one or more false positive lists includes the first potential false positive list, and wherein the false positive set includes an identifier of a third loT device; and a control module configured to transmit the bloom filter set and the false positive set to the second loT device to prevent communication with the first loT device and permit communication with the third loT device because this functionality enables certificate management for vehicle to vehicle communications (Locketz: Para. [0002]).
Regarding claim 15, Locketz, in combination with Doi, teaches the back office station of claim 14, wherein the control module operates in: a first state to initialize the bloom filter set and distribute the bloom filter set to at least the second loT device and the third loT device (Doi: Para. [0069], Moreover, if the Bloom-filter certificate revocation list manager 111 generates or updates the Bloom-filter certificate revocation list, the communication unit 117 distributes the list to the device. To a device that exists outside of the communicable range, the communication unit 117 distributes the session certificate and the list, via the device that exists in the communicable range.); 
a second state, while the bloom filter set exists and the false positive set is an empty set, update the false positive set based on the first potential false positive list and distribute the false positive set to at least the second loT device and the third loT device (Doi: Para. [0128], In view of the above, in the present embodiment, a false-positive certificate list is prepared as a list for distinguishing whether the presented session certificate is actually positive or false-positive. In a case where there is a device having a session certificate that becomes false-positive and where the session certificate of the device is yet to be updated, the session certificate before the update (the session certificate determined as false-positive) is listed in this false-positive certificate list. The false-positive certificate list is distributed to each device (node) in the network.); 
a third state, while the bloom filter set exists and the false positive set is not an empty set, update the false positive set based on the first potential false positive list and distribute the false positive set to at least the second loT device and the third loT device (Doi: Para. [0129]-[0130], Para. [0131], Here, the false-positive certificate list can also be formed using the Bloom filter. The false-positive certificate list formed using the Bloom filter is referred to as Bloom-filter false-positive certificate list. Not the false-positive certificate list but the Bloom-filter false-positive certificate list is distributed to each device in the network.); and 
a fourth state to update the bloom filter set and the false positive set and distribute the updated bloom filter set and the updated false positive set to at least the second loT device and the third loT device (Doi: Para. [0132], In a case where the session certificate is actually positive (is included in the (non-Bloom-filter) false-positive certificate list), the certificate authority tries to update the session certificate of the participation requesting device. In other case (in a case of false-positive), the certificate authority does not update the session certificate. Para. [0134], The false-positive certificate manager 118 distributes the false-positive certificate list (or the Bloom-filter false-positive certificate list) after the update to each device via the communication unit 117. Para. [0139], generate a Bloom filter from a set of the invalidated data; and distribute the Bloom filter to each communication apparatus, and each communication apparatus tests validity of data presented by another communication apparatus with the use of the Bloom filter.).
Regarding claim 16, Locketz, in combination with Doi, teaches the back office station of claim 14, wherein: the certificate revocation module is configured to update the certificate revocation list; and the bloom filter module is configured to periodically update the bloom filter set based on the updated certificate revocation list (Doi: Para. [0023], In a case where the certificate authority revokes a certain session certificate and updates a Bloom filter of a certificate revocation list, another valid session certificate may be possibly treated as revoked by the Bloom filter after the update, due to false-positive. Para. [0085]).
Regarding claim 17, Locketz, in combination with Doi, teaches the back office station of claim 14, wherein, for each entry in the first potential false positive list, the control module is configured to: check if the entry is in the bloom filter set and the certificate revocation list (Doi: Para. [0117]-[0118], For example, in the example of FIG. 4, in a case where the identified index is 3, the session certificates C2 and C3 associated with the index 3 are first identified. Subsequently, whether C2 and C3 are revoked (are registered in the certificate revocation list) is tested. Assuming that only the session certificate C2 is revoked, the session certificate C3 is detected. Para. [0128]); and in response to the entry being in the bloom filter set and not in the certificate revocation list, update the false positive set to include the entry (Doi: Para. [0128], In view of the above, in the present embodiment, a false-positive certificate list is prepared as a list for distinguishing whether the presented session certificate is actually positive or false-positive. In a case where there is a device having a session certificate that becomes false-positive and where the session certificate of the device is yet to be updated, the session certificate before the update (the session certificate determined as false-positive) is listed in this false-positive certificate list. The false-positive certificate list is distributed to each device (node) in the network.).
Regarding claim 18, Locketz, in combination with Doi, teaches the back office station of claim 14, wherein the control module is configured to, in response to receiving a new entry for the certificate revocation list, update the bloom filter set based on the new entry and remove the new entry from the false positive set (Doi: Para. [0128], Note that, after a newly created valid session certificate is successfully installed, the session certificate may be deleted from the false-positive certificate list. Para. [0032], The device that receives the participation request tests a session certificate that becomes positive with reference to the Bloom-filter certificate revocation list, on the basis of the Bloom-filter false-positive certificate list. In a case where the test result is positive, the device that receives the participation request notifies the certificate authority to that effect. The certificate authority that receives the notification determines whether the session certificate of the device is actually positive, on the basis of the (non-Bloom-filter) false-positive certificate list.).
Regarding claim 19, Locketz, in combination with Doi, teaches the back office station of claim 14, wherein: the bloom filter comprises a plurality of hash functions (Doi: Para. [0027], The Bloom filter is a filter for probabilistically testing whether or not given data (element) d is contained in a data set X (i.e., a member of a data set X), through an application of a hash function. Para. [0036]); 
the plurality of hash functions are each configured to determine bit locations in the array of bits based on entries in the certificate revocation list (Doi: Para. [0058], the Bloom-filter certificate revocation list manager 111 generates a Bloom filter, which may be called "Bloom-filter certificate revocation list (BF-CRL)" from the certificate revocation list according to a Bloom filter algorithm, and holds the Bloom-filter certificate revocation list.); and 
the bloom filter module is configured to set bits at the bit locations to 1 based on outputs of the plurality of hash functions (Doi: Para. [0036]-[0043], Para. [0040], (d) Set 1 to the idx.sup.th bit in the bit sequence F (in a case where the idx.sup.th bit is already 1, the bit value is held at 1 without any change). Para. [0043], In short, for each element "xi" in the input data set X, the hash value "idx" is obtained from each of the "k" hash functions, and 1 is set to the idx.sup.th bit in the bit sequence F (in a case where the idx.sup.th bit is already 1, the bit value is held at 1 without any change), whereby the Bloom filter is generated. Para. [0120]).
Regarding claim 20, Locketz, in combination with Doi, teaches the back office station of claim 19, the bloom filter module is configured to: identify bit locations in the array of bits for an identifier of a certificate of the third loT device (Doi: Para. [0034], 1. A bit sequence F having the length "m" is prepared, and 0 is set to every bit. Para. [0043]-[0050], Para. [0051], the data d is inputted to each of the "k" hash functions. If all the bits corresponding to the respective outputs "idx" of the hash functions are 1, positive is returned. If at least any one of the bits corresponding to the respective outputs "idx" of the hash functions is 0, negative is returned.); and 
determine whether the identifier of the certificate of the third loT device is in the bloom filter set based on the identified bit locations in the array of bits for the identifier (Doi: Para. [0058], The Bloom-filter certificate revocation list manager 111 holds a certificate revocation list that is a list of revoked certificates. Moreover, the Bloom-filter certificate revocation list manager 111 generates a Bloom filter, which may be called "Bloom-filter certificate revocation list (BF-CRL)" from the certificate revocation list according to a Bloom filter algorithm, and holds the Bloom-filter certificate revocation list. Para. [0061], The session certificate is a byte sequence or a bit sequence that is calculated according to a certain algorithm on the basis of a random number generated by a random number generator. The certificate issuing unit 113 tests whether the newly issued session certificate is positive with reference to the Bloom-filter certificate revocation list managed by the Bloom-filter certificate revocation list manager 111. Para. [0074]); and 
communicate with the third loT device in response to the identifier of the certificate of the third loT device not being in the bloom filter set (Doi: Para. [0075], On the other hand, in a case where the session certificate is determined as not positive (as negative), the network controller 213 permits the participation of the device, and performs processing for connecting the device to the network. That is, the network controller 213 sets a communication path with the device, and also makes relay settings as needed.).
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Nelson Giddins whose telephone number is (571)272-7993.  The examiner can normally be reached on Monday - Friday, 9:00 AM - 5:00 PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached at (571) 272-4063.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/NELSON S. GIDDINS/            Primary Examiner, Art Unit 2437