Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
This Office Action is in response to the application filed on 06/24/2020. Claims 1-25 were canceled; Claims 26-50 have been added; Claims 26, 27, and 48 are independent claims.  Claims 26-50 have been examined and are pending. This Action is made non-FINAL. 

Drawings
The drawings were received on 06/24/2020.  These drawings are reviewed and accepted by the Examiner.
Information Disclosure Statement
The information disclosure statement (IDS), submitted on 06/24/2020, 12/19/2020, and 12/19/2020 is being considered by the examiner.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 26-27, 30-33, 37-38, 41-44, and 48-49 are rejected under 35 U.S.C. 103 as being unpatentable over Hakola et al. (“Hakola,” US 2013/0160101, published Jun. 20, 2013) in view of Choyi et al. (“Choyi, US 2016/0277391, published Sep. 22, 2016).
Regarding claim 26, Hakola discloses a device (Hakola: par. 0032, a service gateway), comprising: 
processing circuitry (Hakola: par. 0080, circuit); and 
a memory device (Hakola: pars. 0030, 0080, memory) including instructions embodied thereon, wherein the instructions, which when executed by the processing circuitry, configure the processing circuitry to perform operations comprising: 
identifying the credential resource, the credential source including a credential that indicates a dependency associated with a credential (Hakola: par. 0030, assign a credential of a first type to the first device-to-device, D2D device …, wherein the validity condition is dependent on a characteristic; par. 0031-0038); 
identifying dependency characteristics of the credential resource, based on the dependency indicated in the credential (Hakola: par. 0030, store an association between a validity condition and the credential of the first type, wherein the validity condition is dependent on a characteristic of the D2D communication service”, pars. 0031-0038); 
populating the credential resource to include a dependent credential, based on the dependency characteristics (Hakola: par. 0030, store an association between a validity condition and the credential of the first type, wherein the validity condition is dependent on a characteristic of the D2D communication service … maintain an operative state for the D2D communication service in dependence on said association”, pars. 0031-0038); and 
transmitting the populated credential resource in response to the request (Hakola: par. 0030, transmit data indicative of the credential of the first type for reception by the first D2D device, said credential being for use in verification of said D2D communication service to be provided by the first D2D device to a second, different, D2D device; pars. 0031-0038).
Hakola discloses implicitly receiving a request for a credential resource in communication but not explicitly disclose in a Representation State Transfer (RESTful) communication; the credential resource including a credential path that indicates a dependency associated with a credential.
However, in an analogous art, Choyi discloses receiving a request in a Representation State Transfer (RESTful) communication (Choyi: par. 0003, The Service Enablement Function (SEF) may also optionally provide a link or indicate a location to a Credential Registry [CR]  from which credentials may be requisitioned; par. 0004, This involves requesting for public key credentials that may be used for End-to-End (E2E) authentication in a dynamic manner; par. 0048, a typical communication session typically involves a persistent interactive exchange of information between two or more communicating entities (e.g. devices, applications, etc.). However, with current RESTful approach, there is no real persistent connection but an on-demand request/response message);
the credential resource including a credential path that indicates a dependency associated with a credential (Choyi: par. 0003, The Service Enablement Function (SEF) may also optionally provide a link or indicate a location to a Credential Registry (CR) from which credentials may be requisitioned; par. 0004).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Choyi with the method and system of Hakola to include “receiving a request for a credential resource in a Representation State Transfer (RESTful) communication” and “the credential resource including a credential path that indicates a dependency associated with a credential”. One would have been motivated to secure communications with the remote resources may be established using secure protocols appropriate to the resources and services and capabilities of end devices, and communication thereafter conducted directly without the overhead or risks engendered hop-by-hop translation (Choyi: abstract).
Regarding claim 27, the combination of Hakola and Chovi teaches the device of claim 26.  The combination of Hakola and Chovi further discloses wherein the operations of identifying the dependency characteristics of the credential resource include: 
identifying a plurality of credential dependencies indicated in the credential path (Hakola: par. 0030, store an association between a validity condition and the credential of the first type, wherein the validity condition is dependent on a characteristic of the D2D communication service”, pars. 0031-0038; Choyi: par. 0003, The Service Enablement Function (SEF) may also optionally provide a link or indicate a location to a Credential Registry (CR) from which credentials may be requisitioned; par. 0004); 
wherein the credential path includes references to respective credentials of the credential dependencies (Hakola: par. 0030, store an association between a validity condition and the credential of the first type, wherein the validity condition is dependent on a characteristic of the D2D communication service”, pars. 0031-0038; Choyi: par. 0003, The Service Enablement Function (SEF) may also optionally provide a link or indicate a location to a Credential Registry (CR) from which credentials may be requisitioned; par. 0004).
Regarding claim 30, the combination of Hakola and Chovi teaches the device of claim 26. The combination of Hakola and Chovi teaches wherein the dependency characteristics but does not explicitly disclose “include reason properties for respective dependent credentials, and wherein the reason properties indicate an intended use and format of the respective dependent credentials.”
However, the additional feature above is merely of option of the combination of Hakola and Chovi (Hakola: par. 0030, store an association between a validity condition and the credential of the first type, wherein the validity condition is dependent on a characteristic of the D2D communication service”, pars. 0031-0038; Choyi: par. 0003, The Service Enablement Function (SEF) may also optionally provide a link or indicate a location to a Credential Registry (CR) from which credentials may be requisitioned; par. 0004).
Regarding claim 31, the combination of Hakola and Chovi teaches the device of claim 26.  The combination of of Hakola and Chovi teaches wherein the credential resource but does not explicitly discloses “includes an array including a plurality of credential entries, and wherein the plurality of credential entries are linked to a plurality of credentials identified in the credential path.”
However, the additional feature above is merely of option of the combination of Hakola and Chovi (Hakola: par. 0030, store an association between a validity condition and the credential of the first type, wherein the validity condition is dependent on a characteristic of the D2D communication service”, pars. 0031-0038; Choyi: par. 0003, The Service Enablement Function (SEF) may also optionally provide a link or indicate a location to a Credential Registry (CR) from which credentials may be requisitioned; par. 0004).
Regarding claim 32, the combination of Hakola and Chovi teaches the device of claim 26. The combination of Hakola and Chovi discloses wherein the credential resource is a collection resource but does not explicitly discloses that includes an array of credential resource links, and wherein the respective credential resource links are linked to a plurality of credential identified in the credential path.
However, the additional feature above is merely of option of the combination of Hakola and Chovi (Hakola: par. 0030, store an association between a validity condition and the credential of the first type, wherein the validity condition is dependent on a characteristic of the D2D communication service”; pars. 0031-0038; Choyi: par. 0003, The Service Enablement Function (SEF) may also optionally provide a link or indicate a location to a Credential Registry (CR) from which credentials may be requisitioned; par. 0004).
Regarding claim 33, the combination of Hakola and Chovi teaches the device of claim 26.  The combination of Hakola and Chovi discloses the operations further comprising: the credential resource and the credential path but does not explicitly “establishing credential properties and establishing the credential path within the credential resource, wherein the credential path includes one or more paths defined for each of the credential properties.”
However, these additional features above are merely of option the features of the combination of Hakola and Chovi (Hakola: par. 0030, store an association between a validity condition and the credential of the first type, wherein the validity condition is dependent on a characteristic of the D2D communication service”; pars. 0031-0038; Choyi: par. 0003, The Service Enablement Function (SEF) may also optionally provide a link or indicate a location to a Credential Registry (CR) from which credentials may be requisitioned; par. 0004).
Regarding claim 37, claim 37 is directed to a method for accessing credential resource dependencies using operations performed by a device associated with the method claimed in claim 26; claim 37 is similar in scope to claim 26, and is therefore rejected under similar rationale.
Regarding claim 38, claim 38 is similar in scope to claim 27, and is therefore rejected under similar rationale.
Regarding claim 41, claim 41 is similar in scope to claim 30, and is therefore rejected under similar rationale.
Regarding claim 42, claim 42 is similar in scope to claim 31, and is therefore rejected under similar rationale.
Regarding claim 43, claim 43 is similar in scope to claim 32, and is therefore rejected under similar rationale.
Regarding claim 44, claim 44 is similar in scope to claim 33, and is therefore rejected under similar rationale.
Regarding claim 48, claim 48 is directed to at least one non-transitory machine-readable storage medium including instructions, wherein the instructions, when executed by a processing circuitry of a device, cause the processing circuitry to perform operations associated with the method claimed in claim 26; claim 48 is similar in scope to claim 26, and is therefore rejected under similar rationale.
Regarding claim 49, claim 49 is similar in scope to claim 27, and is therefore rejected under similar rationale.
Claims 28 and 39 are rejected under 35 U.S.C. 103 as being unpatentable over Hakola et al. (“Hakola,” US 2013/0160101, published Jun. 20, 2013) in view of Choyi et al. (“Choyi, US 2016/0277391, published Sep. 22, 2016), further in view of Keung Chan et al. (“Keung,” US 2014/0281502, published Sep. 18, 2014).
Regarding claim 28, the combination of Hakola and Chovi teaches the device of claim 26. The combination of Hakola and Chovi teaches wherein the dependency characteristics are produced based on an end-entity credential but does not explicitly disclose depending on a sub-certificate authority credential and the sub-certificate authority credential depending on a root-certificate authority credential.
However, in an analogous art, Keung discloses an end-entity depends on a sub-certificate authority and the sub-certificate authority depending on a root-certificate authority (Keung: par. 0048, leaf digital certificate is determined to be sourced by the sub-certificate entity, and though further verification of the sub-CA certificate obtained from the certification entity 106 issuing the root certificate 302, all of the digital certificates chained up to the root of trust can be determined to be verified).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Keung with the method and system of Hakola and Chovi to include wherein the dependency characteristics are produced based on an end-entity credential but does not explicitly disclose depending on a sub-certificate authority credential and the sub-certificate authority credential depending on a root-certificate authority credential. One would have been motivated to provide the different hash operations are used for different devices or different device classes to enhance security or to provide further authentication options, so long as the association between the hash functions implemented in the certification entity and the service enabling entity and the device identifiers is preserved (Keung: abstract, par. 0036). 
Regarding claim 39, claim 39 is similar in scope to claim 28, and is therefore rejected under similar rationale.
Claims 29 and 40 are rejected under 35 U.S.C. 103 as being unpatentable over Hakola et al. (“Hakola,” US 2013/0160101, published Jun. 20, 2013) in view of Choyi et al. (“Choyi, US 2016/0277391, published Sep. 22, 2016), further in view of Sugawara (“Sugawara,” US 2013/0151552, published Jun. 13, 2013).
Regarding claim 29, the combination of Hakola and Chovi teaches the device of claim 26. The combination of Hakola and Chovi discloses wherein the request for the credential resource and the dependent credential included in the credential resource but does not explicitly discloses “includes a query for the credential path, and wherein the dependent credential included in the credential resource is selected based on the query.”
However, in an analogous art, Sugawara discloses a request including a query for resource path (Sugawara: par. 0024, a request for a particular resources causes a mobile device to be redirected to another resource, the search result for the particular resource can include a link (or another reference) to the other resource to which the mobile device would otherwise be redirected. For example, the link to the other resource can be inserted into the search result so that the mobile device requests the other resource, rather than the particular resource).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Sugawara with the method and system of Hakola and Chovi to include “includes a query for the credential path, and wherein the dependent credential included in the credential resource is selected based on the query.” One would have been motivated to provide the mobile search result is linked to a mobile resource so as to prevent the mobile computing device from requesting the desktop resource prior to being redirected to the mobile resource. Thus number of redirects between user selection of a mobile search result and presentation of the mobile resource are reduced so as to reduce the amount of time required to present the mobile resource. The latency between a resource request and presentation of a resource can be reduced by reducing the number of redirects that a user device is required to make presentation of a resource (Sugawara: pars. 0014, 0043). 
Regarding claim 40, claim 40 is similar in scope to claim 29, and is therefore rejected under similar rationale.
Claims 34 and 45 are rejected under 35 U.S.C. 103 as being unpatentable over Hakola et al. (“Hakola,” US 2013/0160101, published Jun. 20, 2013) in view of Choyi et al. (“Choyi,” US 2016/0277391, published Sep. 22, 2016), further in view of Metke et al. (“Metke,” US 2010/0082975, published Apr. 1, 2010).
Regarding claim 34, the combination of Hakola and Chovi teaches the device of claim 33, The combination of Hakola and Chovi teaches wherein the operations of establishing the credential path but does not explicitly disclose “identifying multiple link dependencies to trust anchor entries, and wherein the one or more paths define the multiple link dependencies to the trust anchor entries.”
However, in an analogous art, Metke discloses multiple link dependencies to trust anchor entries, and wherein the one or more paths define the multiple link dependencies to the trust anchor entries (Metke: par. 0024, The chain of certificates may include first through Nth certificates that link the subject node to the trust anchor of the relying party node.);
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Metke with the method and system of Hakola and Chovi to include identifying multiple link dependencies to trust anchor entries, and wherein the one or more paths define the multiple link dependencies to the trust anchor entries. One would have been motivated to provide the method enables initially setting the current external organization path length (EOPLC) value to infinity, and replaces/updates whenever the relying party node encounters another certificate in the chain that has lower EOPLC value (Metke: par. 0026).
Regarding claim 45, claim 45 is similar in scope to claim 34, and is therefore rejected under similar rationale.
Claims 35 and 46 are rejected under 35 U.S.C. 103 as being unpatentable over Hakola et al. (“Hakola,” US 2013/0160101, published Jun. 20, 2013) in view of Choyi et al. (“Choyi, US 2016/0277391, published Sep. 22, 2016), further in view of Fenner et al. (“Fenner,” US 2017/0302459, published Oct. 19, 2017).
Regarding claim 35, the combination of Hakola and Chovi teaches the device of claim 26. The combination of Hakola and Chovi discloses wherein the credential resource and the dependency indicated in the credential path but does not explicitly disclose “including an end-entity key, and wherein the dependency indicated in the credential path is linked to a trusted computing key of a trusted computing module that attests to trust properties of the end-entity key.”
However, in an analogous art, Fenner discloses resource including an end-entity key, and wherein a trusted computing key of a trusted computing module that attests to trust properties of the end-entity key (Fenner: par. 0022, key attestation of keys from a trusted platform module within a computing platform.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Fenner with the method and system of Hakola and Chovi to include an end-entity key, and wherein the dependency indicated in the credential path is linked to a trusted computing key of a trusted computing module that attests to trust properties of the end-entity key.  One would have been motivated to provide for streamlined issuance of certificates and other tokens that are contingent on key attestation of keys from a trusted platform module within a computing platform (Fenner: abstract).
Regarding claim 46, claim 46 is similar in scope to claim 35, and is therefore rejected under similar rationale.
Claims 36, 47, and 50 are rejected under 35 U.S.C. 103 as being unpatentable over Hakola et al. (“Hakola,” US 2013/0160101, published Jun. 20, 2013) in view of Choyi et al. (“Choyi, US 2016/0277391, published Sep. 22, 2016), further in view of Smith et al. (“Smith,” US 2016/0366183, published Dec. 15, 2016).
Regarding claim 36, the combination of Hakola and Chovi teaches the device of claim 26.  Hakola and Chovi do not explicitly disclose wherein the operations are performed as operations of a Credential Management Service (CMS), and wherein the CMS operates according to an Open Connectivity Foundation (OCF) specification.
However, in an analogous art, Smith discloses wherein the operations are performed as operations of a Credential Management Service (CMS), and wherein the CMS operates according to an Open Connectivity Foundation (OCF) specification (Smith: par. 0059, A network may include a collection of computing devices. This network, such as a network of interconnected devices including IoT devices (e.g., client) and one or more service-based systems (e.g., servers), may provide multiple entities that enable services for performing access control interactions. In one such embodiment, a Credential Management Service (CMS) may be configured to grant credentials to clients and servers for establishment of encrypted and integrity protected sessions, messages and stored data.; pars. 0016, 0070).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Smith with the method and system of Hakola and Chovi to include the operations are performed as operations of a Credential Management Service (CMS), and wherein the CMS operates according to an Open Connectivity Foundation (OCF) specification. One would have been motivated to provide the improved resiliency, availability and safety of Internet of things (IoT) command-and-control are achieved by tailoring the portion of the network, thereby achieving improved mobility, data availability and integrity (Smith: par. 0022).
Regarding claim 47, claim 47 is similar in scope to claim 36, and is therefore rejected under similar rationale.
Regarding claim 50, claim 50 is similar in scope to claim 36, and is therefore rejected under similar rationale.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Canh Le whose telephone number is 571-270-1380. The examiner can normally be reached on Monday to Friday 6:00AM to 3:30PM other Friday off.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on 571-270-5002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. 
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/Canh Le/
Examiner, Art Unit 2439
September 9th, 2022 


/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439