DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The Amendment filed 05/10/2022 has been received and considered.
Claims 1-4 and 6-13 are pending.
This action is Final.
Response to Arguments
2.	Applicant's arguments filed 05/10/2022 have been fully considered but are not persuasive. Applicant argues that regarding amended claim 1, Falk in view of Vlot fails to teach “wherein the trusted device database is used to ascertain devices to which a first manufacturer certificate has been issued by a compromised first certification authority and the first manufacturer certificate is replaced in the ascertained devices by a second manufacturer certificate generated by a second certification authority”
With respect to this argument, as disclosed below, Vlot in paragraph [0018] discloses applying stored revocation information each time a root certificate is to be used in order to validate data by validating the revocation information and blocking root certificates for use. The revocation information is retrieved from a trust authority server (trusted device database) connected to the user device. Thus, the device can store and/or retrieve the revocation information, which corresponds to the  claimed ascertaining,  in order to have the revocation information available when a root certificate is to be accessed in order to validate data. In paragraph [0019], the trust authority server provides a new version of the revocation information each time a root certificate is revoked, each version indicating all root certificates that have been revoked until an issuance of the version, and the device is configured to receive a new version of the revocation information upon issuance. A new version of the revocation information may be sent to the device on the initiative of the trust authority server, or the device may retrieve new versions from the trust authority server on its initiative.
In paragraph [0046] discloses the trust authority server operated by a trust authority that manages the root certificates or by an organization that provides revocation information for revoking root certificates on behalf of the trust authority. In paragraph [0047], the root certificates may comprise management information for each root certificate including an identification of the root certificate and information identifying the trust authority. By identifying the trust authority, one of ordinary skill in the art would be able to determine multiple trust authorities to be identified. In paragraph [0054], if the secret key pertaining to a root certificate is compromised, has become known to un-authorized third parties or if the trust authority fears that this may have happened, the trust authority may revoke the first root certificate activate the second root certificate. Furthermore, in paragraph [0056], the trust authority issues new digital certificates for replacing the digital certificates in the user device.  
Therefore, Falk in view of Vlot teaches the claimed limitations of amended claim 1 and thereby the dependent claims. 

3. 	Claim objections are withdrawn based on the filed amendments.
4. 	The rejections under 35 U.S.C. 112(d) are withdrawn based on the filed amendments.
5. 	The rejections under 35 U.S.C. 101 are withdrawn based on the filed amendments.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.



6.	Claims 1-4 and 6-13 are rejected under 35 U.S.C. 103 as being unpatentable over US Pub No. US 2016/0057134 A1 to Falk, (hereinafter, “Falk”), as disclosed in IDS submitted on 02/13/2020 in view of US Pub. No. US 2015/0365241 A1 to Vlot, (hereinafter, “Vlot”).

As per claims 1, 11 and 13, Falk teaches a method, a system having a security function based on a public key infrastructure and a computer program product, respectively, including a non-transitory computer readable storage medium having instructions, which executed by a processor, performs the steps comprising at least one trusted device database, at least one certification authority and at least one device for securely replacing a first manufacturer certificate, already introduced into a device, with a second manufacturer certificate, comprising: 
- ascertaining at least one specific device-related parameter that explicitly characterizes the device, which is contained in the first manufacturer certificate (Falk, para. [0047] “The automation device 41 contains a configuration-dependent device certificate 55 having device-specific configuration data. The automation device 41 uses said certificate to be authenticated with respect to an authentication server, for example, via a network connection or to transmit measured values to a recording server or other automation devices in the automation system.” And para. [0048] “a plurality of predefined configuration-specific device certificates 55 are present on the automation device 41 and are stored in the program memory 49, for example. Depending on the current device configuration stored in the configuration memory 50, for example, the device certificate 55 corresponding to the configuration is selected and is used for communication with other automation devices or authentication partners.”). 
- generating a second manufacturer certificate comprising at least the explicitly characterizing device-related parameter of the first certificate and a public key of the device (Falk, para. [0039] “the automation device automatically determines an updated device certificate comprising the device-specific configuration data corresponding to the changed configuration” [0057] “FIG. 5 shows another embodiment 80 of the method, in which the issuing unit 87 is in the form of an independent registration unit 82 and a separate certification unit 83 and is not integrated in the automation device 81. If a change in the configuration is determined in the automation device 81, the automation device 81 requests an updated device certificate from the issuing unit 87 using a request message 84. The request message 84 contains the name of the automation device, the current, i.e. changed, device-specific configuration data and a public key.”); and 
- replacing the first manufacturer certificate with the second manufacturer certificate in the device (Falk, [0042] “The request message is verified for the updated device certificate in step 24. If the verification is successful, the issuing unit issues an updated device certificate with the aid of authentication credentials of the issuing unit. The updated device certificate is transmitted to the automation device in step 27 and is stored there in step 18.” And para. [0043] “the previous device certificate is revoked if an updated device certificate is requested or used.” And para. [0053] “An issuer of the certificate from the issuing unit 57 may be the manufacturer of the automation device 41, for example. It is likewise possible for the certificate from the issuing unit 57 to be replaced with a special certificate from an operator.”).
Falk teaches all the limitations of claims 1, 11 and 13 above, however fails to explicitly teach but Vlot teaches:
and uniquely identifies the device from a trusted device database (Vlot, para. [0046] “The trust authority server 105 is operated by a trust authority that also manages the root certificates Ri or by an organization that provides revocation information for revoking root certificates Ri on behalf of the trust authority. The trust authority may use the secret key to create digital signatures and/or other encrypted data. In particular, the trust authority may act as a certification authority for issuing digital certificates that can be validated using the root certificates Ri (i.e. for issuing digital certificates including digital signatures which can be decrypted the public keys included in the root certificates). Thus, it is the trust authority which issues the digital certificates of the second level of a hierarchical tree structure of digital certificates, which contains a root certificate Ri as the root node.” And para. [0047] “In addition to the public key, the root certificates Ri may comprise management information which may include for each root certificate Ri an identification of the root certificate Ri and possibly further information, such as e.g. information identifying the trust authority.”)
wherein the trusted device database is used to ascertain devices to which a first manufacturer certificate has been issued by a compromised first certification authority and the first manufacturer certificate is replaced in the ascertained devices by a second manufacturer certificate generated by a second certification authority (Vlot, para. [0047] “In addition to the public key, the root certificates Ri may comprise management information which may include for each root certificate Ri an identification of the root certificate Ri and possibly further information, such as e.g. information identifying the trust authority.” And para. [0054] “If this secret key has become known to un-authorized third parties or if the trust authority fears that this may have happened, the trust authority may revoke the first root certificate R1 in a process described below and may activate the second root certificate R2 in the following rank 2. In the same way, the trust authority may revoke a root certificate Ri in the rank i and puts the root certificate R(i+1) in the subsequent rank i+1 into use, if the secret key pertaining to a root certificate Ri is compromised.” And para. [0056] “When a new root certificate Ri is “activated”, the trust authority no longer issues digital signatures created using the secret key pertaining to the root certificate R(i−1) in the previous rank, but uses the secret key pertaining to the new root certificate Ri for creating digital signatures. Further, the trust authority preferably issues new digital certificates for replacing the digital certificates stored in the user device 101, which are validated using the revoked root certificate R(i−1).” And para. [0077] “FIG. 2a shows two root certificates Rn and R(n+1) stored in the user device 101. Moreover, the user device 101 disposes of M digital certificates C1, . . . , CM, which can be validated using the root certificate Rn. When the secret key pertaining to the root certificate Rn is compromised, the trust authority puts the root certificate R(n+1) into use in the example illustrated in FIGS. 2a and 2b. This means that the trust authority does now use the secret key pertaining to the root certificate R(n+1) for generating digital certificates. In so doing, the trust authority may also generate replacement digital certificates C1′, . . . , CM′ for replacing the digital certificates C1, . . . , CM. Thus, new digital certificates C1′, . . . , CM′ are provided for the entities to which the digital certificates C1, . . . , CM belong.”)
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Vlot’s revocation of a root certificate into Falk’s method for updating a digital device certificate, with a motivation for revoking a root certificate securely stored in a device such that a new root certificate can be securely taken into use within the device (Vlot, para. [0007]).
As per claim 2, the combination of Falk and Vlot teach the method as claimed in claim 1, wherein the specific device-related parameter is a unique serial number of the device (Falk, para. [0053] “The keys of the issuing unit 57 may be directly tied to the identity of the automation device 41. For this purpose, the common name of the device certificate 55 from the issuing unit 56 may contain specific information relating to the automation device 41, for example its serial number. An issuer of the certificate from the issuing unit 57 may be the manufacturer of the automation device 41, for example. It is likewise possible for the certificate from the issuing unit 57 to be replaced with a special certificate from an operator.”).
As per claim 3, the combination of Falk and Vlot teach the method as claimed in claim 1, wherein the second manufacturer certificate is introduced into the device during a change of configuration of the device, or while an operative certificate is being updated (Falk, para. [0039] “If the automation device determines such a change in the configuration, the automation device automatically determines an updated device certificate comprising the device-specific configuration data corresponding to the changed configuration in method step 4. During subsequent communication with other automation devices or other authentication partners, for example, see method step 5, messages are transmitted in a manner protected by the updated device certificate. Updated device certificates can be determined and used on the basis of the current configuration. A seamless sequence of the device configurations used can therefore be understood without interruption as far as the original configuration of the automation device using the chain of certificates and can be provided for further evaluation.”).
As per claim 4, the combination of Falk and Vlot teach the method as claimed in claim 1, wherein a certificate serial number of the second manufacturer certificate and/or a validity period of the second manufacturer certificate, is generated independently of the corresponding parameters of the first certificate (Falk, para. [0057] “FIG. 5 shows another embodiment 80 of the method, in which the issuing unit 87 is in the form of an independent registration unit 82 and a separate certification unit 83 and is not integrated in the automation device 81. If a change in the configuration is determined in the automation device 81, the automation device 81 requests an updated device certificate from the issuing unit 87 using a request message 84. The request message 84 contains the name of the automation device, the current, i.e. changed, device-specific configuration data and a public key.”).
As per claim 6, the combination of Falk and Vlot teach the method as claimed in claim 1, wherein at least one further device-related parameter of the first certificate is ascertained and transferred to the second manufacturer certificate as a parameter (Falk, para. [0047] “The automation device 41 contains a configuration-dependent device certificate 55 having device-specific configuration data. The automation device 41 uses said certificate to be authenticated with respect to an authentication server, for example, via a network connection or to transmit measured values to a recording server or other automation devices in the automation system.” [0048] “a plurality of predefined configuration-specific device certificates 55 are present on the automation device 41 and are stored in the program memory 49, for example. Depending on the current device configuration stored in the configuration memory 50, for example, the device certificate 55 corresponding to the configuration is selected and is used for communication with other automation devices or authentication partners.”).
Falk teaches the limitations of claim 6 above, however fails to explicitly teach the trusted device database but Vlot teaches:
the first certificate is ascertained from the trusted device database (Vlot, para. [0046] “The trust authority server 105 is operated by a trust authority that also manages the root certificates Ri or by an organization that provides revocation information for revoking root certificates Ri on behalf of the trust authority. The trust authority may use the secret key to create digital signatures and/or other encrypted data. In particular, the trust authority may act as a certification authority for issuing digital certificates that can be validated using the root certificates Ri (i.e. for issuing digital certificates including digital signatures which can be decrypted the public keys included in the root certificates). Thus, it is the trust authority which issues the digital certificates of the second level of a hierarchical tree structure of digital certificates, which contains a root certificate Ri as the root node.” And para. [0047] “In addition to the public key, the root certificates Ri may comprise management information which may include for each root certificate Ri an identification of the root certificate Ri and possibly further information, such as e.g. information identifying the trust authority.”)
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Vlot’s revocation of a root certificate into Falk’s method for updating a digital device certificate, with a motivation for revoking a root certificate securely stored in a device such that a new root certificate can be securely taken into use within the device (Vlot, para. [0007]).
As per claim 7, the combination of Falk and Vlot teach the method as claimed in claim 1, wherein a second certification authority generates the second manufacturer certificate and signs the second manufacturer certificate using a private key of the second certification authority, and the second manufacturer certificate is transmitted with a certificate of the second certification authority to the device, and the device accepts the second manufacturer certificate as a new manufacturer certificate (Falk, para. [0056] “This embodiment has the advantage that the separation unit 63 provides logical software partitions which are separate from one another and are in the form of the separate memory units 61, 62. This ensures that the memory unit 62 having functions for controlling the operation of the automation device 41 cannot access a private key of the issuing unit 57 included in the memory unit 61.” And para. [0057] “FIG. 5 shows another embodiment 80 of the method, in which the issuing unit 87 is in the form of an independent registration unit 82 and a separate certification unit 83 and is not integrated in the automation device 81. If a change in the configuration is determined in the automation device 81, the automation device 81 requests an updated device certificate from the issuing unit 87 using a request message 84. The request message 84 contains the name of the automation device, the current, i.e. changed, device-specific configuration data and a public key.” And para. [0058] “The request message 84 may be protected using a checksum 85, for example. The registration unit 82 receives the request message, checks it and forwards it to the certification authority 83. After the request message 84 has been received, the certification authority 83 issues a corresponding device certificate 86 and transmits the latter back to the automation device 81. In this case, the certificate 86 is protected by a signature 87 of the certification authority 83.”).
As per claim 8, the combination of Falk and Vlot teach the method as claimed in claim 1, wherein the first certification authority generates the second manufacturer certificate and signs the second manufacturer certificate using a private key of the first certification authority, and the second manufacturer certificate is accepted in the device as a new manufacturer certificate (Vlot, para. [0056] “When a new root certificate Ri is “activated”, the trust authority no longer issues digital signatures created using the secret key pertaining to the root certificate R(i−1) in the previous rank, but uses the secret key pertaining to the new root certificate Ri for creating digital signatures. Further, the trust authority preferably issues new digital certificates for replacing the digital certificates stored in the user device 101, which are validated using the revoked root certificate R(i−1). Such new digital certificates may then be provided to the user device 101 in a suitable way. In particular, the may be sent via the data network connecting the user device 101 and the trust authority server 105.”).
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Vlot’s revocation of a root certificate into Falk’s method for updating a digital device certificate, with a motivation to securely update a root certificate (Vlot, para. [0007]).
As per claim 9, the combination of Falk and Vlot teach the method as claimed in claim 1, wherein the public key of the device in the first manufacturer certificate is transferred to the second manufacturer certificate as a public key (Falk, para. [0040] “FIG. 2 shows the sequence 10 for determining an updated device certificate using an issuing unit for certificates which operates, for example, as a certification authority in a security infrastructure with public keys (PKI security infrastructure). In this case, an updated device certificate is requested from an issuing unit by generating a request message. In this case, the request message is protected, for example, by a previous device certificate associated with device-specific configuration data relating to the automation device before the change in the configuration.” And para. [0057] “FIG. 5 shows another embodiment 80 of the method, in which the issuing unit 87 is in the form of an independent registration unit 82 and a separate certification unit 83 and is not integrated in the automation device 81. If a change in the configuration is determined in the automation device 81, the automation device 81 requests an updated device certificate from the issuing unit 87 using a request message 84. The request message 84 contains the name of the automation device, the current, i.e. changed, device-specific configuration data and a public key.”).
As per claim 10, the combination of Falk and Vlot teach the method as claimed in claim 1, wherein a second public key different than the public key of the first manufacturer certificate is introduced into a second manufacturer certificate, and a second private key associated with the second public key is provided to the device in a manner cryptographically protected by the first public key (Falk, para. [0044] “The plurality of previous or updated device certificates may each have the same device key or the same device key pair. However, it is likewise possible for the plurality of previous or updated device certificates to each have different device keys or different device key pairs.”).
As per claim 12, the combination of Falk and Vlot teach the system as claimed in claim 11, which is a part of an industrial installation (Falk, para. [0038] “FIG. 1 shows a general sequence 1 of updating a digital device certificate in an automation device. The sequence begins in method step 3 with a change in the configuration of the automation device. Such a change in the configuration can be effected, for example, by a firmware exchange, a feature activation or the activation of a country code, by means of which a country-specific operating mode is selected. Changes in the configuration of a user-definable configuration or a user-definable security configuration are likewise possible. A change in the configuration is also caused, for example, by resetting to an initial state. A change in the configuration is also possible by means of non-user-definable configurations initiated by a manufacturer or a service employee, for example.”).

Conclusion
7.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
US 20140281497 A1 – Updating identity data on network-enabled devices.
US 20130238895 A1 – Renewal process of digital certificates.

THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZOHA P TAFAGHODI whose telephone number is (571)272-5199.  The examiner can normally be reached on 9AM-5PM EST M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s acting supervisor, Kristine Kincaid can be reached on (571) 272-4063. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/ZOHA PIYADEHGHIBI TAFAGHODI/Examiner, Art Unit 2437                                                                                                                                                                                                        
/ALI S ABYANEH/Primary Examiner, Art Unit 2437