DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office action is in response to the communication filed on 01/14/2021.
Claims 1-20 are pending for consideration.

Claim Objections
Claims 13-20 are objected to because of the following informalities:
	Regarding claims 13-20, the claims recite a limitation “BC network”.  It should be “blockchain (BC) network”.
	Appropriate corrections are required.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-2, 4-5, and 7-8 are rejected under 35 U.S.C. 103 as being unpatentable over Kubilay et al. (NPL U: "CertLedger: A New PKI Model with Certificate Transparency Based on Blockchain", October 1st 2018, pages 1-17, downloaded from the Internet on 06/27/2022, URL: https://arxiv.org/pdf/1806.03914.pdf, hereinafter Kubilay) in view of Ahmed et al., (NPL V: "Turning trust around: Smart Contract_assisted Public Key Infrastructure”, 2018, pages 1-8, download from the Internet on 06/27/2022, URL: https://media.voog.com/0000/0042/0957/files/IEEE_TrustCom-18_paper_267.pdf, hereinafter Ahmed).	Regarding claim 1, Kubilay teaches a method comprising:
	receiving, by a network device, a transaction in a distributed ledger of a blockchain network (page 6, section 2, blockchain network is a decentralized peer-to-peer (P2P) network composed of full nodes and light nodes, full nodes store a copy of the blockchain, validate, and propagate new transactions and blocks across the network while light nodes store only block headers. All nodes can create transactions to change the state of the blockchain. New blocks of the transactions are collectively validated and appended to the existing chain according to a distributed consensus mechanism, the trust should be distributed
in such a way that a single log operator could not be able to control the log itself. Therefore, a decentralized public log mechanism is required which is synchronously updated only upon a consensus of its clients; page 8, section 3.3; page 9, Adding a new TLS certificate, Upon generation of a new TLS certificate, Domain Owners and CAs add it to the Domain State Object as follows; creates a new transaction comprising the new TLS certificate), wherein the network device is one of a plurality of network devices participating in the blockchain network (page 6, section 2 (1-3), a decentralized public log mechanism is required which is synchronously updated only upon a consensus of its clients, all nodes can create transactions to change the state of the blockchain. New blocks of the transactions are collectively validated and appended to the existing chain according to a distributed consensus mechanism; page 8, section 3.1, CertLedger Entities, Underlying Blockchain Entities (Miners, and Full Nodes); see also page 9; see also page 13, section 5.1 and section 5.2 pages 13 and 14) and wherein the transaction comprises page 6, section 2, public variability is required, then the transactions of the blockchain must also be public; a decentralized public log mechanism is required which is synchronously updated only upon a consensus of its clients. Once the consensus is achieved, the log should be updated and could not be reverted anymore; TLS certificates generated by the trusted CAs are appended to the log; page 8, Adding a new Trusted CA Certificate, they generate a transaction comprising the CA certificate; page 9, Adding a new TLS certificate; creates a new transaction comprising the new TLS certificate; page 12, management of Trusted CA root certificates and public keys of logs; page 13, section 5.1, TLS certificate which uses 256 bits of EC public key);
	verifying, using a smart contract (page 8, Adding a new Trusted CA Certificate; page 9, Smart contract code in the Domain State Object validates the certificate; see also page 7, Domain state object, smart contract validates a TLS certificate while adding to the CertLedger with following sample flow), whether:
		the new public key certificate is valid (page 8, Smart contract code in the Trusted CAs State Object verifies the signature of the transaction, and makes all the necessary checks on the CA Certificate; page 7, Check whether the certificate is in its validity period. Check whether the certificate is compliant to the TLS certificate profile. Check whether the certificate is signed by one of the CA certificates in Trusted CAs State Object; see also page 9); and
		the new public key certificate is different from a previously recorded public key certificate in the distributed ledger (page 7, Check whether the certificate has already been added, CertLedger is a PKI architecture to validate, store
and revoke TLS certificates and manage Trusted CA certificates on a public blockchain); and
	in response to successful verification by at least a predefined number of network devices of the plurality of network devices, recording, by each of the network devices, the transaction in the distributed ledger (Kubilay page 5, CertLedger uses a blockchain based public log to validate, store, and revoke TLS certificates; page 7, Store the new TLS Certificate in the Domain State Object; page 8, section 3.3, Upon successful validation of the CA certificate it is added to the Trusted CAs State Object as a trusted certificate; page 6, new blocks of the transactions are collectively validated and appended to the existing chain according to a distributed consensus mechanism, synchronously updated only upon a consensus of its clients, once the consensus is achieved, the log should be updated and could not be reverted anymore; see also page 9; [Examiner remark: using blockchain network and consensus mechanism, it is understood by ordinary skill in the art that blockchain architecture requires a consensus from plural of nodes of the  blockchain network before committing a transaction to a ledger of each node]; see also page 6, there are several consensus mechanisms used in blockchain networks, e.g., Practical Byzantine Fault Tolerance algorithm (Practical BFT) [38] (which is utilized in HyperLedger Fabric [39]), Delegated BFT [40] (which is utilized in Neo [41]), Proof-of-Work (PoW) (which is utilized in Bitcoin [29], Ethereum [42]), Ripple [43] (which is utilized in Ripple [44]), and Proof-of-Stake (PoS) [45] (which is utilized in Cardano [46], PeerCoin [47]); page 13, CertLedger is maintained in a P2P network upon consensus of its clients. Every full node CertLedger Client have a copy of the log and do not have a dependency to verify the TLS certificates).
	Although Kubilay teaches wherein the transaction comprises a new public key certificate, Kubilay does not explicitly disclose wherein the transaction comprises location information of a new public key certificate.  On the other hand, Ahmed teaches instead of providing data directly, a link to the data can be used instead (Ahmed page 6, data can be stored in an external storage such as InterPlenetary File System (IPFS) [20]. For such cases, the link to the data and the integrity hash are only stored in the blockchain).	It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Ahmed, which teaches to use a link to data in place of data into the teaching of Kubilay who teaches a transaction having a certificate to result in the limitations of the claimed invention.
	One of ordinary skilled would be motivated to do so as incorporating Ahmed’s teaching would help reduce cost of blockchain transaction (Ahmed page 6, bottom left). In addition, both references teach features that are directed to analogous art, such as, using blockchain and smart contract for managing public key infrastructure. This close relation between both references highly suggests an expectation of success when combined.	
Regarding claim 2, Kubilay in view of Ahmed teaches the method of claim 1, comprising:
	generating, by an authoritative network device (Kubilay page 8 section 3.3, CertLedger Board audits the CA, they generate a transaction comprising the CA certificate, CertLedger Board is a trusted organization who manages Trusted CAs State Object; see also page 9;), the transaction in the distributed ledger (Kubilay page 8 section 3.3, CertLedger Board audits the CA, they generate a transaction comprising the CA certificate; see also page 9;), wherein the authoritative network device belongs to the plurality of network devices (Kubilay  page 8 section 3.1 Entities, CertLedger Board; see also page 9; see also Kubilay page 6 section 2, and Kubilay page 13, section 5.1 and section 5.2 pages 13 and 14).
	Regarding claim 4, Kubilay in view of Ahmed teaches the method of claim 2, comprising:
	receiving, by the authoritative network device, the new public key certificate from an administrator (Kubilay page 9, Adding a new TLS certificate: As in the conventional PKI architecture, upon application of a Domain Owner, CA performs the relevant verifications according to its policy and issues the TLS certificate, upon generation of a new TLS certificate, Domain Owners and CAs add it to the Domain State Object as follows, Domain Owner/CA creates a new transaction
comprising the new TLS certificate and signs); and
	Kubilay page 9, Domain Owner/CA creates a new transaction
comprising the new TLS certificate and signs, upon a successful validation,
the new TLS certificate is added to the Domain State Object; Kubilay page 7, CertLedger is a PKI architecture to validate, store and revoke TLS certificates and manage Trusted CA certificates on a public blockchain, Domain State Object stores and manages the states of all TLS certificates).	Although Kubilay teaches generating the transaction in the distributed ledger where the transaction includes a public key certificate (Kubilay page 9 and Kubilay  page 7), Kubilay does not explicitly disclose storing, by the authoritative network device, the new public key certificate in an Inter Planetary File System (IPFS) prior to generating the transaction in the distributed ledger.  On the other hand, Ahmed teaches instead of providing data directly, storing data in an external storage and a link to the data can be provided instead (Ahmed page 6, data can be stored in an external storage such as InterPlenetary File System (IPFS) [20]. For such cases, the link to the data and the integrity hash are only stored in the blockchain).	It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Ahmed, which teaches to use a link to data in place of data into the teaching of Kubilay who teaches a transaction having a certificate to result in the limitations of the claimed invention.
	One of ordinary skilled would be motivated to do so as incorporating Ahmed’s teaching would help reduce cost of blockchain transaction (Ahmed page 6, bottom left). In addition, both references teach features that are directed to analogous art, such as, using blockchain and smart contract for managing public key infrastructure. This close relation between both references highly suggests an expectation of success when combined.

	Regarding claim 5, Kubilay in view of Ahmed teaches the method of claim 1.	Kubilay teaches the new public key certificate and the transaction having the new public key certificate (Kubilay page 9, Adding a new TLS certificate: As in the conventional PKI architecture, upon application of a Domain Owner, Domain Owner/CA creates a new transaction comprising the new TLS certificate and signs, CA performs the relevant verifications according to its policy and issues the TLS certificate).	However, Kubilay does not explicitly disclose: wherein the location information of the new public key certificate comprises an IPFS link corresponding to the new public key certificate.	On the other hand, Ahmed teaches instead of providing data directly, storing data in an external storage and a link to the data can be provided instead (Ahmed page 6, data can be stored in an external storage such as InterPlenetary File System (IPFS) [20]. For such cases, the link to the data and the integrity hash are only stored in the blockchain).	It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Ahmed, which teaches to use a link to data in place of data into the teaching of Kubilay, which teaches storing a certificate in a transaction, so that the certificate is stored and a link is used in the transaction instead, to result in the limitations of the claimed invention.
	One of ordinary skilled would be motivated to do so as incorporating Ahmed’s teaching would help reduce cost of blockchain transaction (Ahmed page 6, bottom left). In addition, both references teach features that are directed to analogous art, such as, using blockchain and smart contract for managing public key infrastructure. This close relation between both references highly suggests an expectation of success when combined.	Regarding claim 7, Kubilay in view of Ahmed teaches the method of claim 1, wherein verifying comprises verifying, using the smart contract, whether a source that has generated the transaction is a valid source (Kubilay page 7, its smart contract validates a TLS certificate while adding to the CertLedger, check whether the certificate is signed by one of the CA certificates in Trusted CAs State Object; page 9, Domain Owner/CA creates a new transaction comprising the new TLS certificate and signs).

	Regarding claim 8, Kubilay in view of Ahmed teaches the method of claim 1, comprising:
	retrieving, by each of the network devices, Kubilay page 5, CertLedger uses a blockchain based public log to validate, store, and revoke TLS certificates; page 9, Domain Owner/CA creates a new transaction comprising the new TLS certificate and signs it … TLS certificate is added to the Domain State Object; Kubilay page 7, Domain State Object stores and manages the states of all TLS certificates, smart contract validates a TLS certificate while adding to the CertLedger; [Examiner remark: in block chain, nodes of the blockchain, when executing smart contract for consensus, each node retrieves the transaction and validate its data using the smart contract.  Since the data is the certificate, each node would need to retrieve the certificate to perform validation disclosed in page 7 section 3 of Kubilay]).	obtaining, by each of the network devices, the new public key certificate Kubilay page 5, CertLedger uses a blockchain based public log to validate, store, and revoke TLS certificates; Kubilay page 7 section 3; Kubilay page 9, section “Adding a new TLS certificate”); and
	storing, by each of the network devices, the new public key certificate (Kubilay page 5, CertLedger uses a blockchain based public log to validate, store, and revoke TLS certificates; Kubilay page 7, its smart contract validates a TLS certificate while adding to the CertLedger).	Kubilay discloses the retrieving of the new public key certificate, but Kubilay does not explicitly disclose the retrieving of the location information of the new public key certificate and the obtaining of the new public key certificate using the location information.	On the other hand, Ahmed teaches data can be provided directly, or instead of providing data directly, storing data in an external storage and a link to the data can be provided instead (Ahmed page 6, data can be stored in an external storage such as InterPlenetary File System (IPFS) [20]. For such cases, the link to the data and the integrity hash are only stored in the blockchain).	It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Ahmed, which teaches to use a link to data in place of data to provide the data, into the teaching of Kubilay, to result in the limitations of the claimed invention.
	One of ordinary skilled would be motivated to do so as incorporating Ahmed’s teaching would help reduce cost of blockchain transaction (Ahmed page 6, bottom left). In addition, both references teach features that are directed to analogous art, such as, using blockchain and smart contract for managing public key infrastructure. This close relation between both references highly suggests an expectation of success when combined.
Claim 3 is rejected under 35 U.S.C. 103 as being unpatentable over Kubilay in view of Ahmed and further in view of Parimi; Balaji et al. (US 20200403996 A1, hereinafter Parimi).
	Regarding claim 3, Kubilay in view of Ahmed teaches the method of claim 2.	Kubilay in view of Ahmed does not explicitly disclose the following limitation that Parimi teaches: wherein the authoritative network device provides a cloud-based service in the network ([0020] The authorization systems 110 store data on behalf of enterprises. In one embodiment, the authorization systems 110 remotely host infrastructures. For example, an authorization system can be a service provider such as AMAZON WEB SERVICES, MICROSOFT AZURE, or GOOGLE CLOUD PLATFORM. In another embodiment, at least some of the authorization systems 110 are implemented locally at an enterprise).
	It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Parimi, which teaches an authorization system providing cloud service into the teaching of Kubilay in view of Ahmed to result in the limitations of the claimed invention.
	One of ordinary skilled would be motivated to do so as incorporating Parimi’s teaching would help improve scalability and availability by utilizing cloud infrastructure and further help with additional business coupled with authorization service. In addition, both references teach features that are directed to analogous art such as security and distributed computing. This close relation between both references highly suggests an expectation of success when combined.

Claims 6, 13-14, and 16-19 are rejected under 35 U.S.C. 103 as being unpatentable over Kubilay in view of Ahmed and further in view of Kuramoto; Annie C. et al. (US 20180034646 A1, hereinafter Kuramoto).	Regarding claim 6, Kubilay in view of Ahmed teaches the method of claim 1, wherein verifying whether the new public key certificate is valid comprises verifying whether:
	the new public key certificate has a valid expiry date (Kubilay page 7, Check whether the certificate is in its validity period);	Although Kubilay teaches the validating of the new public key certificate, Kubilay does not explicitly disclose the verifying of the new public key certificate comprises verifying the new public key certificate has not been revoked.  On the other hand, Kubilay discloses a valid TLS certificate is a certificate that is not revoked (Kubilay page 14 section 6).  Kubilay further discloses CertLedger provides proof for the existence and revocation status for all the TLS certificates (Kubilay page 14 section 6).	It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Kubilay, which teaches a valid certificate needs to have its status not revoked, into the teaching of Kubilay in view of Ahmed which teaches validating a new public key certificate, to result in the limitation verifying of the new public key certificate comprises verifying the new public key certificate has not been revoked.
	One of ordinary skilled would be motivated to do so as incorporating Kubilay’s teaching of validating a new certificate’s revocation status would help ensure security of the system and integrity of issued certificates.	Kubilay in view of Ahmed teaches the new public key certificate and the validation of the new public key certificate in each of the network devices.  Kubilay   further teaches the renewal of certificate (Kubilay page 9, before the expiration of his
TLS certificate, the Domain Owner receives anew TLS certificate from the CA with overlapping dates, so that the latter becomes active before the expiration of the former). However, Kubilay in view of Ahmed does not explicitly disclose a common name (CN) of the new public key certificate matches a CN of a previously deployed public key certificate in each of the network devices.	On the other hand, Kuramoto teaches to validate a renewed certificate common name against an original certificate common name (Kuramoto ¶80, validates the renewed certificate by assuring that (1) the renewed certificate's valid start date is newer than the original certificate's start date (2) the common name (IP Address) is the same and the original certificate's common name). 	It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Kuramoto, which teaches to validate a renewed certificate common name against an original certificate common name into the teaching of Kubilay in view of Ahmed which teaches validating a new certificate in each of network devices, to result in the limitations of the claimed invention.
	One of ordinary skilled would be motivated to do so as incorporating Kuramoto’s teaching would help teach the details of certification renewal that Kubilay discloses. In addition, both references teach features that are directed to analogous art, such as, digital certificate generations. This close relation between both references highly suggests an expectation of success when combined.	Regarding claim 13, Kubilay teaches a BC network comprising:
	a plurality of network devices deployed in a network and participating in the BC network (Kubilay page 5, CertLedger uses a blockchain based public log to validate, store, and revoke TLS certificates);	each of the network devices comprising a processor and a machine-readable medium storing instructions that, when executed by the processor, cause the processor (Kubilay page 5, blockchain based public log to validate, store, and revoke TLS certificates; [Examiner remark: each node in the blockchain that validates certificate would need to have instructions, processor and memory to perform the task]) to:
		receive a transaction in the distributed ledger (Kubilay page 5, blockchain; Kubilay page 9, Domain Owner/CA creates a new transaction comprising the new TLS certificate and signs, Smart contract code in the Domain State Object validates the certificate; see also page 7, Domain state object, smart contract validates a TLS certificate while adding to the CertLedger with following sample flow), wherein the transaction comprises Kubilay page 9, creates a new transaction comprising the new TLS certificate);
		verify, using a smart contract (Kubilay page 5, blockchain based public log to validate TLS certificates), whether:
			the new public key certificate has a valid expiry date (Kubilay page 7, Check whether the certificate is in its validity period);			the new public key certificate is different from a previously recorded public key certificate in the distributed ledger (page 7, Check whether the certificate has already been added, CertLedger is a PKI architecture to validate, store
and revoke TLS certificates and manage Trusted CA certificates on a public blockchain); and
		in response to successful verification, provide a consent to record the transaction in the distributed ledger (page 7, Store the new TLS Certificate in the Domain State Object; page 8, section 3.3, Upon successful validation of the CA certificate it is added to the Trusted CAs State Object as a trusted certificate; page 6, new blocks of the transactions are collectively validated and appended to the existing chain according to a distributed consensus mechanism, synchronously updated only upon a consensus of its clients, once the consensus is achieved, the log should be updated and could not be reverted anymore; see also page 9).	Although Kubilay teaches the validating of the new public key certificate, Kubilay does not explicitly disclose the verifying of the new public key certificate comprises verifying the new public key certificate has not been revoked.  On the other hand, Kubilay discloses a valid TLS certificate is a certificate that is not revoked (Kubilay page 14 section 6).  Kubilay further discloses CertLedger provides proof for the existence and revocation status for all the TLS certificates (Kubilay page 14 section 6).	It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Kubilay, which teaches a valid certificate needs to have its status not revoked, into the teaching of Kubilay which teaches validating a new public key certificate, to result in the limitation verifying of the new public key certificate comprises verifying the new public key certificate has not been revoked.
	One of ordinary skilled would be motivated to do so as incorporating Kubilay’s teaching of validating a new certificate’s revocation status would help ensure security of the system and integrity of issued certificates.	Although Kubilay teaches the transaction comprises a new public key certificate, Kubilay does not explicitly disclose wherein the transaction comprises location information of a new public key certificate.  On the other hand, Ahmed teaches instead of providing data directly, a link to the data can be used instead (Ahmed page 6, data can be stored in an external storage such as InterPlenetary File System (IPFS) [20]. For such cases, the link to the data and the integrity hash are only stored in the blockchain).	It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Ahmed, which teaches to use a link to data in place of data into the teaching of Kubilay who teaches a transaction having a certificate to result in the limitations of the claimed invention.
	One of ordinary skilled would be motivated to do so as incorporating Ahmed’s teaching would help reduce cost of blockchain transaction (Ahmed page 6, bottom left). In addition, both references teach features that are directed to analogous art, such as, using blockchain and smart contract for managing public key infrastructure. This close relation between both references highly suggests an expectation of success when combined.	Kubilay in view of Ahmed teaches the new public key certificate and the validation of the new public key certificate in each of the network devices.  Kubilay   further teaches the renewal of certificate (Kubilay page 9, before the expiration of his
TLS certificate, the Domain Owner receives anew TLS certificate from the CA with overlapping dates, so that the latter becomes active before the expiration of the former). However, Kubilay in view of Ahmed does not explicitly disclose a common name (CN) of the new public key certificate matches a CN of a previously deployed public key certificate in each of the network devices.	On the other hand, Kuramoto teaches to validate a renewed certificate common name against an original certificate common name (Kuramoto ¶80, validates the renewed certificate by assuring that (1) the renewed certificate's valid start date is newer than the original certificate's start date (2) the common name (IP Address) is the same and the original certificate's common name). 	It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Kuramoto, which teaches to validate a renewed certificate common name against an original certificate common name into the teaching of Kubilay in view of Ahmed which teaches validating a new certificate in each of network devices, to result in the limitations of the claimed invention.
	One of ordinary skilled would be motivated to do so as incorporating Kuramoto’s teaching would help teach the details of certification renewal that Kubilay discloses. In addition, both references teach features that are directed to analogous art, such as, digital certificate generations. This close relation between both references highly suggests an expectation of success when combined.	Regarding claim 14, Kubilay in view of Ahmed and Kuramoto teaches the BC network of claim 13, wherein the plurality of network devices comprises an authoritative network device that generates the transaction (Kubilay page 8 section 3.3, CertLedger Board audits the CA, they generate a transaction comprising the CA certificate, CertLedger Board is a trusted organization who manages Trusted CAs State Object; Kubilay page 8 section 3.3, CertLedger Board audits the CA, they generate a transaction comprising the CA certificate; Kubilay  page 8 section 3.1 Entities, CertLedger Board; see also Kubilay page 6 section 2, and Kubilay page 13, section 5.1 and section 5.2 pages 13 and 14; see also page 9).
	Regarding claim 16, Kubilay in view of Ahmed and Kuramoto teaches the BC network of claim 13 (see discussion above).	Kubilay teaches the new public key certificate and the transaction having the new public key certificate (Kubilay page 9, Adding a new TLS certificate: As in the conventional PKI architecture, upon application of a Domain Owner, Domain Owner/CA creates a new transaction comprising the new TLS certificate and signs, CA performs the relevant verifications according to its policy and issues the TLS certificate).	However, Kubilay does not explicitly disclose: wherein the location information of the new public key certificate comprises an IPFS link corresponding to the new public key certificate stored in an IPFS..	On the other hand, Ahmed teaches instead of providing data directly, storing data in an external storage and a link to the data can be provided instead (Ahmed page 6, data can be stored in an external storage such as InterPlenetary File System (IPFS) [20]. For such cases, the link to the data and the integrity hash are only stored in the blockchain).	It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Ahmed, which teaches to use a link to data in place of data into the teaching of Kubilay, which teaches storing a certificate in a transaction, so that the certificate is stored and a link is used in the transaction instead, to result in the limitations of the claimed invention.
	One of ordinary skilled would be motivated to do so as incorporating Ahmed’s teaching would help reduce cost of blockchain transaction (Ahmed page 6, bottom left). In addition, both references teach features that are directed to analogous art, such as, using blockchain and smart contract for managing public key infrastructure. This close relation between both references highly suggests an expectation of success when combined.	Regarding claim 17, Kubilay in view of Ahmed and Kuramoto teaches the BC network of claim 13, wherein the instructions, when executed by the processor, cause the processor to:
	verify, using the smart contract, whether a source that has generated the transaction is a valid source (Kubilay page 7, its smart contract validates a TLS certificate while adding to the CertLedger, check whether the certificate is signed by one of the CA certificates in Trusted CAs State Object; page 9, Domain Owner/CA creates a new transaction comprising the new TLS certificate and signs).		Regarding claim 18, Kubilay in view of Ahmed and Kuramoto teaches the BC network of claim 13, wherein instructions, when executed by the processor, cause the processor to:
	in response to at least a predefined number of network devices providing consent to record the transaction, record the transaction in the distributed ledger (Kubilay page 5, CertLedger uses a blockchain based public log to validate, store, and revoke TLS certificates; page 7, Store the new TLS Certificate in the Domain State Object; page 8, section 3.3, Upon successful validation of the CA certificate it is added to the Trusted CAs State Object as a trusted certificate; page 6, new blocks of the transactions are collectively validated and appended to the existing chain according to a distributed consensus mechanism, synchronously updated only upon a consensus of its clients, once the consensus is achieved, the log should be updated and could not be reverted anymore; see also page 9; [Examiner remark: using blockchain network and consensus mechanism, it is understood by ordinary skill in the art that blockchain architecture requires a consensus from plural of nodes of the  blockchain network before committing a transaction to a ledger of each node]; see also page 6, there are several consensus mechanisms used in blockchain networks, e.g., Practical Byzantine Fault Tolerance algorithm (Practical BFT) [38] (which is utilized in HyperLedger Fabric [39]), Delegated BFT [40] (which is utilized in Neo [41]), Proof-of-Work (PoW) (which is utilized in Bitcoin [29], Ethereum [42]), Ripple [43] (which is utilized in Ripple [44]), and Proof-of-Stake (PoS) [45] (which is utilized in Cardano [46], PeerCoin [47]); page 13, CertLedger is maintained in a P2P network upon consensus of its clients. Every full node CertLedger Client have a copy of the log and do not have a dependency to verify the TLS certificates).	Regarding claim 19, Kubilay in view of Ahmed and Kuramoto teaches the BC network of claim 18 (see discussion above), wherein the instructions, when executed by the processor, cause the processor to:
	retrieve Kubilay page 5, CertLedger uses a blockchain based public log to validate, store, and revoke TLS certificates; page 9, Domain Owner/CA creates a new transaction comprising the new TLS certificate and signs it … TLS certificate is added to the Domain State Object; Kubilay page 7, Domain State Object stores and manages the states of all TLS certificates, smart contract validates a TLS certificate while adding to the CertLedger; [Examiner remark: in block chain, nodes of the blockchain, when executing smart contract for consensus, each node retrieves the transaction and validate its data using the smart contract.  Since the data is the certificate, each node would need to retrieve the certificate to perform validation disclosed in page 7 section 3 of Kubilay]);
	obtain the new public key certificate Kubilay page 5, CertLedger uses a blockchain based public log to validate, store, and revoke TLS certificates; Kubilay page 7 section 3; Kubilay page 9, section “Adding a new TLS certificate”); and
	store the new public key certificate (Kubilay page 5, CertLedger uses a blockchain based public log to validate, store, and revoke TLS certificates; Kubilay page 7, its smart contract validates a TLS certificate while adding to the CertLedger).	Kubilay discloses the retrieving of the new public key certificate, but Kubilay does not explicitly disclose the retrieving of the location information of the new public key certificate and the obtaining of the new public key certificate using the location information.	On the other hand, Ahmed teaches data can be provided directly, or instead of providing data directly, storing data in an external storage and a link to the data can be provided instead (Ahmed page 6, data can be stored in an external storage such as InterPlenetary File System (IPFS) [20]. For such cases, the link to the data and the integrity hash are only stored in the blockchain).	It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Ahmed, which teaches to use a link to data in place of data to provide the data, into the teaching of Kubilay, to result in the limitations of the claimed invention.
	One of ordinary skilled would be motivated to do so as incorporating Ahmed’s teaching would help reduce cost of blockchain transaction (Ahmed page 6, bottom left). In addition, both references teach features that are directed to analogous art, such as, using blockchain and smart contract for managing public key infrastructure. This close relation between both references highly suggests an expectation of success when combined.
Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over Kubilay in view of Ahmed and further in view of Gladwin; S. Christopher et al. (US 20120290878 A1, hereinafter Gladwin).	Regarding claim 9, Kubilay in view of Ahmed teaches the method of claim 1.	However, Kubilay in view of Ahmed does not explicitly disclose the following limitation that Gladwin teaches: wherein the new public key certificate comprises a root certificate authority (CA) certificate or an intermediate certificate (Gladwin¶122, signed certificate to include a corresponding certificate authority public key; ¶124, the root certificate authority 194 generates a signed certificate 222 to include one or more of a public key of root certificate authority … and a signed certificate signature over at least a portion of the signed certificate 222; Gladwin ¶125, sends the certificate signing request 224 to the root certificate authority 194. The root certificate authority 194 validates certificate signing request 224. When the certificate signing request 224 is valid, the root certificate authority 194 generates a signed certificate 226 to include one or more of a public key of root certificate authority … and a signed certificate signature).
	It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Gladwin, which teaches a signed certificate including a public key of root certificate and the signed certificate signature, into the teaching of Kubilay in view of Ahmed to result in the limitations of the claimed invention.
	One of ordinary skilled would be motivated to do so as incorporating Gladwin’s teaching would help teaching the details of signing a certificate that Kubilay teaches (Kubilay page 9, near the bottom left and top right). In addition, both references teach features that are directed to analogous art, such as, digital certificate. This close relation between both references highly suggests an expectation of success when combined.

Claim 10 is rejected under 35 U.S.C. 103 as being unpatentable over Kubilay in view of Ahmed and further in view of Sobel; William E. (US 8656490 B1, hereinafter Sobel) and Ih; Ronald H. et al. (US 20200021447 A1, hereinafter Ronald).
	Regarding claim 10, Kubilay in view of Ahmed teaches the method of claim 1.	Although Kubilay in view of Ahmed teaches distributing digital certificates in the distributed ledger, Kubilay in view of Ahmed does not explicitly disclose the following limitation that Sobel teaches:
	requesting, by a fig. 1, element 102; see also fig. 3 element 302 and fig. 4 element 402 and col. 4 lines 21-28), to obtain a latest public key certificate (col. 7 lines 27-43, DNS engine may generate a request for the host's digital certificate);
	in response to the request to obtain the latest public key certificate, receiving, by the col. 7 lines 44-55, the host 110 may return a text record that contains a digital certificate similar to that shown in FIG. 3. Alternatively, host 110 may return a URL where the requested digital certificate can be accessed);
	obtaining, by the col. 7 lines 44-55, DNS engine should generate and send a follow-up request to retrieve the digital certificate at the URL; col. 7 lines 56-64, determine the legitimacy of digital certificates by examining some or all the contents thereof, by comparing the digital certificates with certificates stored in digital certificate/IP address mapping memory); and
	storing, by the col. 6, lines 11-23, DNS module can determine the legitimacy of different types of digital certificates, and digital certificates of differing types may be stored in digital certificate/IP address mapping memory 306 for subsequent comparison; col. 9, lines 21-32, certificate mapping module 430 will map the matching certificate map to the associated IP address; col. 10 lines 52-61, the verification module 420 may store the digital certificate within memory 306 if the certificate is not already stored therein).	It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Sobel, which teaches to request for a public certificate, download and store the certificate using a provided link into the teaching of Kubilay in view of Ahmed to result in the aforementioned limitations of the claimed invention.
	One of ordinary skilled would be motivated to do so as incorporating Sobel’s teaching would help saving processing and expense of using the blockchain for delivering the certificate. In addition, both references teach features that are directed to analogous art such as digital certificate. This close relation between both references highly suggests an expectation of success when combined.
	Although Kubilay in view of Ahmed and Sobel’s teaching is readily applied for a new device in non-provisioned state, to request a certificate by a device and applied onto the distributing of certificate over blockchain network, Kubilay in view of Ahmed and Sobel does not explicitly disclose that the request device for certificate is in non-provisioned state.  On the other hand, Ronald teaches requests a latest certificate in non-provisioned state for a new device (¶66, register a new client, request a new subCA certificate (and keypair), assign a subCA to a new client).	It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Ronald, which teaches the device is in non-provisioned state is making a request for a latest certificate into the teaching of Kubilay in view of Ahmed and Sobel to result in the aforementioned limitations of the claimed invention.
	One of ordinary skilled would be motivated to do so as incorporating Ronald’s teaching would merely be a substitution of one device with another device with a high chance of success. In addition, both references teach features that are directed to analogous art such as digital certificate. This close relation between both references highly suggests an expectation of success when combined.
Claims 11 is rejected under 35 U.S.C. 103 as being unpatentable over Kubilay in view of Ahmed, Sobel, Ronald and further in view of Marks; Kevin Thomas et al. (US 20200084097 A1, hereinafter Marks).
	Regarding claim 11, Kubilay in view of Ahmed, Sobel and Ronald teaches the method of claim 10.	Although the combination of Kubilay in view of Ahmed, Sobel and Ronald teaches a distributed ledger and new network device, the combination does not disclose the following limitations that Marks teaches:	requesting, by the network device, in the distributed ledger to obtain provisioning information (¶49, client devices in the network sending configuration profile requests),  wherein the provisioning information includes information of a configuration device (¶49, responds with a configuration profile response (e.g., a DHCP response) that includes a blockchain address included in a blockchain … network of blockchain devices), which is subsequently used to establish communications with the configuration device to obtain configuration setting information (¶49, generate a blockchain transaction directed to the blockchain address and including an identifier for the client, and broadcast that blockchain transaction to a blockchain network of blockchain devices. The blockchain devices receiving that broadcast blockchain transaction will operate to validate that transaction and access a smart contract included in the blockchain, and then execute that smart contract to determine whether the client device that broadcast that blockchain transaction is authorized to receive a configuration profile. If the execution of the smart contract indicates that the client device may receive the configuration profile, the blockchain device may cause a configuration profile token to be released to a configuration file system, which will in turn provide a configuration profile to the client device); and
	in response to the request to obtain provisioning information (¶49, client devices in the network sending configuration profile requests (e.g., DHCP requests) to a configuration server system, which responds with a configuration profile response (e.g., a DHCP response) that includes a blockchain address), receiving, by the network device (¶49, which responds with a configuration profile response (e.g., a DHCP response) that includes a blockchain address), the provisioning information (¶49, responds with a configuration profile response (e.g., a DHCP response) that includes a blockchain address).	Marks discloses responding to the client by providing a profile data with an address, but not explicitly disclosing providing the profile data to the client device with the address via the distributed ledger.	Marks further discloses to provide configuration profile to the client device via the distributed ledger (¶47, the configuration server system 300 may broadcast the blockchain transaction 900 to cause the configuration profile to be provided to the client device 400).	It would have been obvious to a person of ordinary skill in the art to use Marks’ teaching of using the distributed ledger to broadcast the configuration profile to the client device and further use Marks’ teaching of having the configuration profile with the blockchain address when broadcast via the distributed ledger to result in the limitation “the provisioning information from the distributed ledger”.	One of ordinary skilled would be motivated to do so as it is merely selecting from a finite known combinations of options that Marks teaches with high expectation of success.	It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Marks, which teaches using blockchain and smart contract to distribute provisioning information to a device into the teaching of Kubilay in view of Ahmed, Sobel and Ronald which teaches a new device requesting provisioning information to result in the limitations of the claimed invention.
	One of ordinary skilled would be motivated to do so as incorporating Marks’ teaching would help providing reliable method of distributing provisioning data to a new device using blockchain technology. In addition, both references teach features that are directed to analogous art, such as, blockchain. This close relation between both references highly suggests an expectation of success when combined.

Claim 12 is rejected under 35 U.S.C. 103 as being unpatentable over Kubilay in view of Ahmed, Sobel, Ronald and Marks and and further in view of RAKSHIT; Sarbajit K. (US 20210364648 A1, hereinafter Sarbajit).
	Regarding claim 12, Kubilay in view of Ahmed, Sobel, Ronald and Marks teaches the method of claim 11, comprising:
	in response to the request to obtain provisioning information from the new network device, executing, by an authoritative network device that belongs to the plurality of network devices, a smart contract to determine the provisioning information for the new network device (Marks ¶45-49).	Although the combination of Kubilay in view of Ahmed, Sobel, Ronald and Marks teaches the provisioning information including address of a blockchain of devices, the combination does not explicitly disclose that the determining of the provision information is based on one or more load- balancing features.	On the other hand, Sarbajit teaches determining of a device is based on one or more load-balancing features using smart contract (Sarbajit [0045] The selection of the device to which to transfer the data can include determining between (i) transmitting the data from the satellite directly to the ground station (e.g. 104) and (ii) transferring the data to the another satellite (e.g. 110, 112). The blockchain ledger can record presence of atmospheric obstacles to data transmission from the satellite and the ability of the satellite to transmit data to various ground stations of the collection of ground stations based on the presence of atmospheric obstacles and pursuant to smart contract term(s); ¶47, selection can be further based on a smart contract term dictating load sharing that is to be followed by the constellation of satellites and the collection of ground stations in transmitting data therebetween. In this manner, the smart contracts could contemplate a load sharing scheme by which data transmissions are load-balanced, particularly during times of heavy demand. Even if no obstructions to communication to a nearest ground station are present, it might be desired, according to the terms in the smart contracts, for a satellite to hop the data to another satellite and/or other ground station to help balance the overall workload among the satellites and/or ground stations).	It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Sarbajit, which teaches using smart contract to select a device using load-balancing technique into the teaching of Kubilay in view of Ahmed, Sobel, Ronald and Marks to result in the limitations of the claimed invention.
	One of ordinary skilled would be motivated to do so as incorporating Sarbajit’s teaching would help providing improve performance and reliability by using load balancing technique. In addition, both references teach features that are directed to analogous art, such as, blockchain. This close relation between both references highly suggests an expectation of success when combined.

Claim 15 is rejected under 35 U.S.C. 103 as being unpatentable over Kubilay in view of Ahmed and Kuramoto and further in view of Parimi; Balaji et al. (US 20200403996 A1, hereinafter Parimi).	Regarding claim 15, Kubilay in view of Ahmed and Kuramoto teaches the BC network of claim 14.	Kubilay in view of Ahmed and Kuramoto does not explicitly disclose the following limitation that Parimi teaches: wherein the authoritative network device provides a cloud-based service in the network ([0020] The authorization systems 110 store data on behalf of enterprises. In one embodiment, the authorization systems 110 remotely host infrastructures. For example, an authorization system can be a service provider such as AMAZON WEB SERVICES, MICROSOFT AZURE, or GOOGLE CLOUD PLATFORM. In another embodiment, at least some of the authorization systems 110 are implemented locally at an enterprise).
	It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Parimi, which teaches an authorization system providing cloud service into the teaching of Kubilay in view of Ahmed and Kuramoto to result in the limitations of the claimed invention.
	One of ordinary skilled would be motivated to do so as incorporating Parimi’s teaching would help improve scalability and availability by utilizing cloud infrastructure and further help with additional business coupled with authorization service. In addition, both references teach features that are directed to analogous art such as security and distributed computing. This close relation between both references highly suggests an expectation of success when combined.

Claim 20 is rejected under 35 U.S.C. 103 as being unpatentable over Kubilay in view of Ahmed and Kuramoto and further in view of Gladwin; S. Christopher et al. (US 20120290878 A1, hereinafter Gladwin).	Regarding claim 20, Kubilay in view of Ahmed and Kuramoto teaches BC network of claim 13.	However, Kubilay in view of Ahmed and Kuramoto does not explicitly disclose the following limitation that Gladwin teaches: wherein the new public key certificate comprises a root certificate authority (CA) certificate or an intermediate certificate (Gladwin¶122, signed certificate to include a corresponding certificate authority public key; ¶124, the root certificate authority 194 generates a signed certificate 222 to include one or more of a public key of root certificate authority … and a signed certificate signature over at least a portion of the signed certificate 222; Gladwin ¶125, sends the certificate signing request 224 to the root certificate authority 194. The root certificate authority 194 validates certificate signing request 224. When the certificate signing request 224 is valid, the root certificate authority 194 generates a signed certificate 226 to include one or more of a public key of root certificate authority … and a signed certificate signature).
	It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Gladwin, which teaches a signed certificate including a public key of root certificate and the signed certificate signature, into the teaching of Kubilay in view of Ahmed and Kuramoto to result in the limitations of the claimed invention.
	One of ordinary skilled would be motivated to do so as incorporating Gladwin’s teaching would help teaching the details of signing a certificate that Kubilay teaches (Kubilay page 9, near the bottom left and top right). In addition, both references teach features that are directed to analogous art, such as, digital certificate. This close relation between both references highly suggests an expectation of success when combined.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
US 20190173873 A1 - configure a link and transmit it to a user device, such that accessing the link will once again cause transmission of identity-linked information to the user certificate system, such as by a carrier through header enrichment.
US 20180063076 A1 - the address may be supplied as an HTTP(S) address of a text and/or graphical link. A selectable icon may be added on top of the supplied content, e.g. in the corner of a supplied image. On selection, the selectable icon may instruct a network request to the configuration server. The selectable icon may be added by the server device or the intermediate network device.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Vy Huy Ho whose telephone number is (571) 272-3261.  The examiner can normally be reached on Monday - Friday 7:30 am-5:30 pm.
	Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
	If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni A. Shiferaw can be reached on (571) 272-3867.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
	Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/V.H.H/
Examiner, Art Unit 2497
/IZUNNA OKEKE/Primary Examiner, Art Unit 2497