DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 03/01/2022 has been entered.
 
Response to Arguments
In response to 35 USC 103, filed 01/25/2022, to independent claims 1, 8, and 15 and along with their respective dependent claims, regarding limitations “receiving a service request from a client entity through a communication link established using a digital client certificate owned by the client entity, where permissions data is associated with the digital client certificate”.	
Applicant’s argument have been considered but are moot, because the newly recited amendment does not rely on the newly recited reference being applied to the prior rejection of record or any teaching or matter specifically challenged in the argument.

In response to applicant's argument that the references fail to show certain features of applicant’s invention, it is noted that the features upon which applicant relies (i.e., the permissions with the client can be modified by changing the permissions associated with the client certificate) are not recited in the rejected claim(s).  Although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims.  See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993).

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.



Claim(s) 1, 6-8, and 13-15 are rejected under 35 U.S.C. 103 as being unpatentable over McClintock et al. (US 20170272441, hereinafter McClintock) in view of Kumar et al. (US 20160277446, hereinafter Kumar).

Re. claim 1, McClintock discloses a computer-implemented method for authenticating service requests on a communication link (McClintock discloses the permissions management system 102 or another system configured to provide oversight of the communications and operations of the permissions management system 102 and a variety of resources, to determine what permissions grants are currently active within a target resource 106 [0027]. The environment uses communication links [0078]), the method comprising: responsive to the service request, obtaining the permissions data associated with the digital certificate (McClintock discloses when a permissions grant is created using the permissions management service, the entity may use a private cryptographic key of a cryptographic key pair to digitally sign the permissions grant. In some embodiments, the digitally signed permissions grant, along with a digital certificate, are delivered to the target resource where the digital certificate is stored within a public certificate store (e.g., a data store comprising one or more physical storage devices for storage of a plurality of digital certificates) for use in validating the digital signature. When a user of the resource transmits a request to perform an action, the resource may use the digital certificate to validate the digital signature the permissions grant and determine whether the user is authorized to perform the requested action [0017]. The permissions management system 102 may comprise various computing hardware resources for storing and making available these permissions grants to the various target resources and their users [0022] Figs. 1 and 7); checking the service request against the permissions data associated with the digital certificate (McClintock discloses when a user of the resource transmits a request to perform an action, the resource may use the digital certificate to validate the digital signature the permissions grant and determine whether the user is authorized to perform the requested action [0017 and 26] Figs. 1 and 7); if the service request is permitted based on the permissions data, processing the service request; and if the service request is not permitted based on the permissions data, rejecting the service request (McClintock discloses whether the user is authorized to perform the requested action. Accordingly, if the user is authorized to perform the requested action, the resource may allow the user to perform the action. Otherwise, the resource may deny the user's request [0017 and 26] Figs. 1 and 7).
Although McClintock discloses receiving a service request from an entity, through a communication link using digital certificate, digital certificate along with permission data (McClintock please see [17, 27, 31-32, 51, and 58]). 
However, McClintock do not explicitly teach but Kumar teaches receiving a service request from a client entity through a communication link established using a digital client certificate owned by the client entity (Kumar teaches a client computer node (“client”) establishes a session with a server computer node (“server”) [0047].  a client that makes a request to a service is assigned a unique port number on the client's node, so return packets from the service can be uniquely addressed to the client that made the request [0049-0050]. Sending the client 400 the SSL version, supported ciphers, session specific data, etc., this hello message also includes the server certificate, a mutual authentication request (effectively requesting the client certificate), and optionally a key exchange. At this point, authentication begins, thus concluding what is considered the initial handshake [0060]. if the authenticator 504 successfully authenticates the client 400, then the process continues to steps 610 and 612. Specifically, at step 610, the edge router 406 routes client data packets using information in the client certificate, and, at step 612, the receiving node/application server 402 applies policies from the client certificate as appropriate [0067]. Figures 4 and 6), where permissions data is associated with the digital client certificate (Kumar teaches the client's digital certificate has additional information, such as information identifying the identity of the client, and policies/permissions of that specific client when accessing certain devices in the local network of the routing network device [0025] [0026] [0073] Figures 4 and 6).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by McClintock to include client certificate and where permissions data is associated with the digital client certificate as disclosed by Kumar. One of ordinary skill in the art would have been motivated for the purpose of allowing access and enabling the client to have a prescribed set of privileges. (Kumar [0073]).

Re. claim 6, the combination of McClintock-Kumar teach the computer-implemented method of Claim 1. where: the digital certificate includes the permissions data (McClintock discloses an administrator 104 may access a ledger or other database, stored within the permissions management system 102 or another system configured to provide oversight of the communications and operations of the permissions management system 102 and a variety of resources, to determine what permissions grants are currently active within a target resource 106 [0027]. plurality of digital certificates that may be deployed along with a permissions grant to a particular resource [0031] Figs. 1 and 7); and the method includes storing the permissions data for the digital certificate in a local store (McClintock discloses the digitally signed permissions grant, along with a digital certificate, are delivered to the target resource where the digital certificate is stored within a public certificate store (e.g., a data store comprising one or more physical storage devices for storage of a plurality of digital certificates) for use in validating the digital signature [0017]); and the step of obtaining the permissions data associated with the digital certificate comprises obtaining the permissions data from the local store (McClintock discloses the owner of the particular resource may be able to issue a revocation request for any existing permissions grants that may be stored within the particular resource or that may be provided by a user of the particular resource [0020]. The permissions management system 102 may comprise various computing hardware resources for storing and making available these permissions grants to the various target resources and their users [0022] Fig. 1).
Although McClintock discloses digital certificate includes the permissions data ([0027] [0031]), McClintock do not explicitly teach but Kumar teaches the digital client certificate includes the permissions data (Kumar teaches the client's digital certificate has additional information, such as information identifying the identity of the client, and policies/permissions of that specific client when accessing certain devices in the local network of the routing network device [0025] [0026] [0073] Figures 4 and 6).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by Kumar to include client certificate and where permissions data is associated with the digital client certificate as disclosed by Kumar. One of ordinary skill in the art would have been motivated for the purpose of allowing access and enabling the client to have a prescribed set of privileges. (Kumar [0073]).

Re. claim 7, the combination of McClintock-Kumar teach the computer-implemented method of Claim I, Although McClintock discloses digital certificate includes the permissions data ([0027] [0031] [0058]), McClintock do not explicitly teach but Kumar teaches where: the step of obtaining the permissions data associated with the digital client certificate comprises obtaining the permissions data associated with the digital certificate when authenticating the communication link established using the digital certificate owned by the entity (Kumar teaches the client's digital certificate has additional information, such as information identifying the identity of the client, and policies/permissions of that specific client when accessing certain devices in the local network of the routing network device [0025]. after validating/authenticating the client, the network device routes client packets within its local network (e.g., its local area network) as a function of the client information in the client digital certificate. The client only has certain privileges on those pre-selected network devices based upon the policy information within the client certificate [0026] [0061][0073] Figures 4 and 6).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by Kumar to include client certificate and where permissions data is associated with the digital client certificate as disclosed by Kumar. One of ordinary skill in the art would have been motivated for the purpose of allowing access and enabling the client to have a prescribed set of privileges. (Kumar [0073]).


Re. claim 8, McClintock discloses a system for authenticating service requests on a communication link, the system comprising: one or more processors (McClintock discloses processors [0082]); and one or more memory devices in communication with the one or more processors (McClintock discloses processors [0082]), the memory devices having computer-readable instructions stored thereupon that, when executed by the processors, cause the processors to perform a method for authenticating service requests on a communication link (McClintock discloses a computer program comprising a plurality of instructions executable by one or more processors [0089]), the method comprising: responsive to the service request, obtaining the permissions data associated with the digital certificate (McClintock teaches when a permissions grant is created using the permissions management service, the entity may use a private cryptographic key of a cryptographic key pair to digitally sign the permissions grant. In some embodiments, the digitally signed permissions grant, along with a digital certificate, are delivered to the target resource where the digital certificate is stored within a public certificate store (e.g., a data store comprising one or more physical storage devices for storage of a plurality of digital certificates) for use in validating the digital signature. When a user of the resource transmits a request to perform an action, the resource may use the digital certificate to validate the digital signature the permissions grant and determine whether the user is authorized to perform the requested action [0017]. The permissions management system 102 may comprise various computing hardware resources for storing and making available these permissions grants to the various target resources and their users [0022] Figs. 1 and 7); checking the service request against the permissions data associated with the digital certificate (McClintock discloses when a user of the resource transmits a request to perform an action, the resource may use the digital certificate to validate the digital signature the permissions grant and determine whether the user is authorized to perform the requested action [0017 and 26] Figs. 1 and 7); if the service request is permitted based on the permissions data, processing the service request; and if the service request is not permitted based on the permissions data, rejecting the service request (McClintock discloses whether the user is authorized to perform the requested action. Accordingly, if the user is authorized to perform the requested action, the resource may allow the user to perform the action. Otherwise, the resource may deny the user's request [0017 and 26] Figs. 1 and 7).
Although McClintock discloses receiving a service request from an entity, through a communication link using digital certificate, digital certificate along with permission data (McClintock please see [17, 27, 31-32, 51, and 58]). 
However, McClintock do not explicitly teach but Kumar teaches receiving a service request from an entity through a communication link established using a digital certificate owned by the entity (Kumar teaches a client computer node (“client”) establishes a session with a server computer node (“server”) [0047].  a client that makes a request to a service is assigned a unique port number on the client's node, so return packets from the service can be uniquely addressed to the client that made the request [0049-0050]. Sending the client 400 the SSL version, supported ciphers, session specific data, etc., this hello message also includes the server certificate, a mutual authentication request (effectively requesting the client certificate), and optionally a key exchange. At this point, authentication begins, thus concluding what is considered the initial handshake [0060]. if the authenticator 504 successfully authenticates the client 400, then the process continues to steps 610 and 612. Specifically, at step 610, the edge router 406 routes client data packets using information in the client certificate, and, at step 612, the receiving node/application server 402 applies policies from the client certificate as appropriate [0067]. Figures 4 and 6), where permissions data is associated with the digital certificate (Kumar teaches the client's digital certificate has additional information, such as information identifying the identity of the client, and policies/permissions of that specific client when accessing certain devices in the local network of the routing network device [0025] [0026] [0073] Figures 4 and 6).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by McClintock to include client certificate and where permissions data is associated with the digital client certificate as disclosed by Kumar. One of ordinary skill in the art would have been motivated for the purpose of allowing access and enabling the client to have a prescribed set of privileges. (Kumar [0073]).

Re. claim 13, rejection of claim 8 is included and claim 13 is rejected with the same rationale as applied in claim 6.

Re. claim 14, rejection of claim 8 is included and claim 14 is rejected with the same rationale as applied in claim 7.

Re. claim 15, McClintock discloses a one or more computer storage media having computer executable instructions stored thereon which, when executed by one or more processors, cause the processors to execute a method for authenticating service requests on a communication link (McClintock discloses a computer program comprising a plurality of instructions executable by one or more processors [0089]), the method comprising: responsive to the service request, obtaining the permissions data associated with the digital certificate (McClintock discloses when a permissions grant is created using the permissions management service, the entity may use a private cryptographic key of a cryptographic key pair to digitally sign the permissions grant. In some embodiments, the digitally signed permissions grant, along with a digital certificate, are delivered to the target resource where the digital certificate is stored within a public certificate store (e.g., a data store comprising one or more physical storage devices for storage of a plurality of digital certificates) for use in validating the digital signature. When a user of the resource transmits a request to perform an action, the resource may use the digital certificate to validate the digital signature the permissions grant and determine whether the user is authorized to perform the requested action [0017]. The permissions management system 102 may comprise various computing hardware resources for storing and making available these permissions grants to the various target resources and their users [0022] Figs. 1 and 7); checking the service request against the permissions data associated with the digital certificate (McClintock discloses when a user of the resource transmits a request to perform an action, the resource may use the digital certificate to validate the digital signature the permissions grant and determine whether the user is authorized to perform the requested action [0017 and 26] Figs. 1 and 7); if the service request is permitted based on the permissions data, processing the service request; and if the service request is not permitted based on the permissions data, rejecting the service request (McClintock discloses whether the user is authorized to perform the requested action. Accordingly, if the user is authorized to perform the requested action, the resource may allow the user to perform the action. Otherwise, the resource may deny the user's request [0017 and 26] Figs. 1 and 7).
Although McClintock discloses receiving a service request from an entity, through a communication link using digital certificate, digital certificate along with permission data (McClintock please see [17, 27, 31-32, 51, and 58]). 
However, McClintock do not explicitly teach but Kumar teaches receiving a service request from an entity through a communication link established using a digital certificate owned by the entity (Kumar teaches a client computer node (“client”) establishes a session with a server computer node (“server”) [0047].  a client that makes a request to a service is assigned a unique port number on the client's node, so return packets from the service can be uniquely addressed to the client that made the request [0049-0050]. Sending the client 400 the SSL version, supported ciphers, session specific data, etc., this hello message also includes the server certificate, a mutual authentication request (effectively requesting the client certificate), and optionally a key exchange. At this point, authentication begins, thus concluding what is considered the initial handshake [0060]. if the authenticator 504 successfully authenticates the client 400, then the process continues to steps 610 and 612. Specifically, at step 610, the edge router 406 routes client data packets using information in the client certificate, and, at step 612, the receiving node/application server 402 applies policies from the client certificate as appropriate [0067]. Figures 4 and 6), where permissions data is associated with the digital certificate (Kumar teaches the client's digital certificate has additional information, such as information identifying the identity of the client, and policies/permissions of that specific client when accessing certain devices in the local network of the routing network device [0025] [0026] [0073] Figures 4 and 6).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by McClintock to include client certificate and where permissions data is associated with the digital client certificate as disclosed by Kumar. One of ordinary skill in the art would have been motivated for the purpose of allowing access and enabling the client to have a prescribed set of privileges. (Kumar [0073]).

Re. claim 20, rejection of claim 15 is included and claim 20 is rejected with the same rationale as applied in claim 6.

Claims 2, 9, and 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over McClintock et al. (US 20170272441, hereinafter McClintock), Kumar et al. (US 20160277446, hereinafter Kumar), and in further view of Arora et al. (US 20190173872, hereinafter Arora).

Re. claim 2, the combination of McClintock-Kumar teach the computer-implemented method of Claim 1, the combination of McClintock-Kumar do not explicitly teach but Arora teaches where: the digital client certificate includes a blockchain address to a certificate permissions blockchain that stores the permissions data; and the step of obtaining the permissions data associated with the digital client certificate comprises obtaining the permissions data from the certificate permissions blockchain using the blockchain address from the digital certificate (Arora teaches receiving blockchain address and signed digital certificate [0069]. the sender device 110 may confirm that the sender 104 wants to participate in the proposed blockchain (Interpreted as the certificate permission blockchain) transaction based on the confidence level indicated by the recipient's digital certificate. the sender device 110 may automatically confirm the participation if the confidence level is at or above a predetermined threshold (Confidence level is determined based on the plurality of blockchain transactions [0065]). Once confirmation has been made, then, in step 514, the transmitting device 324 of the sender device 110 may submit transaction data to a node in the blockchain network (confidence level is the permission data that is indicated from the digital certificate. That the certificate includes the blockchain address or sender/recipient address)[0070]. The digital certificate may include the determined confidence level [0074]. In the memory of the computing device, a user digital certificate, wherein the user digital certificate includes a user confidence level; and electronically transmitting, by the transmitting device of the computing device, the user digital certificate to the secondary computing device prior to receipt of the recipient address and signed digital certificate. The user signature and the blockchain transaction may be electronically transmitted if the confidence level included in the signed digital certificate is also above the user confidence level [0078]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by the combination of McClintock-Kumar to include digital certificate includes a blockchain address to a certificate permissions blockchain that stores the permissions data; and the step of obtaining the permissions data associated with the digital certificate comprises obtaining the permissions data from the certificate permissions blockchain using the blockchain address from the digital certificate as disclosed by Arora. One of ordinary skill in the art would have been motivated for the purpose of a future transaction to prove the recipient device's ownership of that address, to thereby prove ownership of the transferred blockchain currency (Arora [0028]).

Re. claim 9, rejection of claim 8 is included and claim 9 is rejected with the same rationale as applied in claim 2.

Re. claim 16, rejection of claim 15 is included and claim 16 is rejected with the same rationale as applied in claim 2.

Claim 3, 10, and 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over McClintock et al. (US 20170272441, hereinafter McClintock), Kumar et al. (US 20160277446, hereinafter Kumar), Arora et al. (US 20190173872, hereinafter Arora), and in further view of Smith et al. (US 20190036957, hereinafter Smith).

Re. claim 3, the combination of McClintock-Kumar-Arora computer-implemented method of Claim 2, where the method includes: receiving modified permissions data for the digital client certificate (McClintock teaches the permissions management system 102 may cause the ledger to be updated to remove the revoked permissions [0027]).
The combination of McClintock-Kumar McClintock do not explicitly teach but Arora teach creating a new permissions data block that stores the modified permissions data (Arora teaches storing, in a memory of a processing server, a blockchain, wherein the blockchain is comprised of a plurality of blocks, each block including a block header and one or more transaction values, where each transaction value includes data related to a blockchain transaction including at least a sending address, a recipient address, and a transaction amount [0007]. The confidence level may thus represent, for instance, the likelihood that a new transaction conducted by the sender 104 will be successful and not determined to be fraudulent [0033]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by the combination of McClintock-Kumar to include creating a new permissions data block that stores the modified permissions data as disclosed by Arora. One of ordinary skill in the art would have been motivated for the purpose of a future transaction to prove the recipient device's ownership of that address, to thereby prove ownership of the transferred blockchain currency (Arora [0028]).
The combination of McClintock-Kumar-Arora teach blockchain but the combination of McClintock-Kumar-Arora do not explicitly teach but Smith teach linking the new permissions data block to a previous permissions data block of the certificate permissions blockchain (Smith teaches when appending a new block to the end of the blockchain, contents of a prior block are combined with the contents of the new block (e.g., via hashing) to link the new block with the prior block [0021]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by the combination of McClintock-Kumar-Arora to include linking the new permissions data block to a previous permissions data block of the certificate permissions blockchain as disclosed by Arora. One of ordinary skill in the art would have been motivated for the purpose of any attempt to later tamper with the new block will also require tampering with the prior block, and so on, to ensure that the combined (e.g., hashed) data is correct. Such tampering can become prohibitively expensive as the length of the blockchain increases (Smith [0021]).

Re. claim 10, rejection of claim 9 is included and claim 10 is rejected with the same rationale as applied in claim 3.

Re. claim 17, rejection of claim 16 is included and claim 17 is rejected with the same rationale as applied in claim 3.

Claims 4, 5, 11, 12, 18, and 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over McClintock et al. (US 20170272441, hereinafter McClintock), Kumar et al. (US 20160277446, hereinafter Kumar), and in further view of Sharifi Mehr (US 10454689, hereinafter Sharifi).

Re. claim 4, the combination of McClintock-Kumar the computer-implemented method of Claim 1, the combination of McClintock-Kumar discloses a CA issuing client certificate, the combination of McClintock-Kumar do not explicitly teach but Sharifi teaches where: the permissions data for the digital client certificate is stored on a certificate authority for the digital client certificate; and the step of obtaining the permissions data associated with the digital client certificate comprises obtaining the permissions data from the certificate authority for the digital client certificate (Sharifi teaches a system 1400 includes a client 1402 that maintains a certificate policy store 1404. The certificate policy store 1404 includes a collection of certificate policies that determine combinations of certificate-authority signatures that permit a digital certificate to be validated. The collection of certificate policies are maintained in a database, and each certificate policy in the collection of certificate policies includes a number of data fields that specify requirements for validating a digital certificate [Col 20 lines 4-26]. assigns each certificate authority that signs a digital certificate a trust score based at least in part on the level of identity verification performed by the certificate authority (trust score interpreted as permission data, wherein determining that the certificate is invalid or valid) [Col 20 lines 26-67]. When the client 1402 receives a digital certificate, the client 1402 reads the certificate policies in the certificate policy store 1404 and evaluates the constraints defined by each certificate policy to determine whether the received digital certificate is valid [Col 21 lines 1-17]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by the combination of McClintock-Kumar to include the permissions data for the digital client certificate is stored on a certificate authority for the digital client certificate; and the step of obtaining the permissions data associated with the digital client certificate comprises obtaining the permissions data from the certificate authority for the digital client certificate as disclosed by Arora. One of ordinary skill in the art would have been motivated for the purpose of verifies the identity of a party and issues a certificate signed with a private key. Certificates are occasionally updated to improve their effectiveness and mitigate newly discovered vulnerabilities (Sharifi [Col 1 lines 5-51]).

Re. claim 5, the combination of McClintock-Kumar-Sharifi teaches the computer-implemented method of Claim 4. the combination of McClintock-Kumar do not explicitly teach but Sharifi teaches where the method includes: receiving modified permissions data for the digital certificate: and storing the modified permissions data for the digital certificate on the certificate authority for the digital certificate (Sharifi teaches the server 104 sends a request to a certificate authority 122, requesting an updated digital certificate 124 to replace an outdated digital certificate in the certificate store 108. In response to the request, the certificate authority 122 provides the updated digital certificate 124 to the server 104. The updated digital certificate 124 includes an issuer field 126, a subject field 128, a subject public key field 130, a list of permitted ciphers 132, and an issuer signature 134 [Col 7 lines 48-67]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by the combination of McClintock-Kumar to include receiving modified permissions data for the digital certificate: and storing the modified permissions data for the digital certificate on the certificate authority for the digital certificate as disclosed by Arora. One of ordinary skill in the art would have been motivated for the purpose of verifies the identity of a party and issues a certificate signed with a private key. Certificates are occasionally updated to improve their effectiveness and mitigate newly discovered vulnerabilities (Sharifi [Col 1 lines 5-51]).

Re. claim 11, rejection of claim 8 is included and claim 11 is rejected with the same rationale as applied in claim 4.

Re. claim 12, rejection of claim 11 is included and claim 12 is rejected with the same rationale as applied in claim 5.

Re. claim 18, rejection of claim 15 is included and claim 18 is rejected with the same rationale as applied in claim 4.

Re. claim 19, rejection of claim 18 is included and claim 19 is rejected with the same rationale as applied in claim 5.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Brandwine et al. (US 20190068379) discloses performing privileged operations and modifying software code in computing resources, such as operating system kernels and/or hypervisors. in order to enable privileged operations to be performed and code to be securely added to or modified on the operating system (OS) kernel and/or the hypervisor.
Qiu (US 20190036712) discloses a digital certificate management for blockchain technologies. a transaction request including a digital certificate is received from a certificate authority at a node in a blockchain network, and the transaction request is a request to write the digital certificate into a blockchain associated with the blockchain network, and the digital certificate is issued to a node in the blockchain network. A consensus verification result is determined for the transaction request, and the consensus verification result is produced by nodes in the blockchain network.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KEVIN A AYALA whose telephone number is (571)270-3912. The examiner can normally be reached Monday-Thursday 8AM-5PM; Friday: Variable EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge Ortiz-Criado can be reached on 571-272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/K.A./Examiner, Art Unit 2496                                        

/HARESH N PATEL/Primary Examiner, Art Unit 2496