Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is in response to the Amendment filed on 08/30/2022.
In the instant Amendment, claims 1, 3-5, 9, 11, 13-15 and 19-20 have been amended; and claims 1, 11, and 20 are independent claims. Claims 1-20 have been examined and are pending. This Action is made Final
Response to Arguments
Applicant’s arguments, see Remarks pages 10-11, filed 8/30/2022, with respect to the rejection(s) of claim(s) 1-20 under 103 have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made in view of Griffin (U.S 10742420 B1; Hereinafter “Griffin”), in view of Eker et al. (W.O. 2013173408 A1; Hereinafter “Eker”), and further in view of Truskovsky et al. (U.S. 9794249 B1; Hereinafter “Truskovsky”) necessitated by the claim amendment.
The objection to claims 9 and 19 is withdrawn as the claims have been amended.
The rejection of claims 3-5, and 13-15, under 35 U.S.C. 112(b) is withdrawn as the claims have been amended.
The applicant agrees with the 112 (f) interpretation.
No response was made, in light of the 112(b) for claim 20, and thus it remains outstanding.
Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.

This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitations are: “a fingerprinting mechanism configured to calculate a digital fingerprint of a certificate; a certificate generator configured to generate a post-quantum certificate using a quantum resistant algorithm for encryption, wherein the post-quantum certificate is bound to the digital certificate by using the digital fingerprint as a serial number; and a validation component configured to validate a binding between the post- quantum certificate and the certificate.” in claim 20.
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claim 20 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Regarding claim 20, claim 20 invokes 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. However, the written description fails to disclose the corresponding structure, material, or acts for performing the entire claimed function and to clearly link the structure, material, or acts to the function. No corresponding structure is disclosed in the specification for the fingerprinting mechanism, certificate generator, and the validation component. Para [0036],[0038], [0045] in the specification define the fingerprinting mechanism, the certificate generator and the validation component as "a component of the post-quantum certificate binding system 100 ". Therefore, the claim is indefinite and is rejected under 35 U.S.C. 112(b) or pre-AIA  35 U.S.C. 112, second paragraph.
Applicant may:
(a)        Amend the claim so that the claim limitation will no longer be interpreted as a limitation under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph; 
(b)        Amend the written description of the specification such that it expressly recites what structure, material, or acts perform the entire claimed function, without introducing any new matter (35 U.S.C. 132(a)); or 
(c)        Amend the written description of the specification such that it clearly links the structure, material, or acts disclosed therein to the function recited in the claim, without introducing any new matter (35 U.S.C. 132(a)).
If applicant is of the opinion that the written description of the specification already implicitly or inherently discloses the corresponding structure, material, or acts and clearly links them to the function so that one of ordinary skill in the art would recognize what structure, material, or acts perform the claimed function, applicant should clarify the record by either: 
(a)        Amending the written description of the specification such that it expressly recites the corresponding structure, material, or acts for performing the claimed function and clearly links or associates the structure, material, or acts to the claimed function, without introducing any new matter (35 U.S.C. 132(a)); or 
(b)        Stating on the record what the corresponding structure, material, or acts, which are implicitly or inherently set forth in the written description of the specification, perform the claimed function. For more information, see 37 CFR 1.75(d) and MPEP §§ 608.01(o) and 2181.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Claims 1-19 are rejected under 35 U.S.C. 103 as being unpatentable over Griffin (U.S 10742420 B1; Hereinafter “Griffin”), in view of Eker et al. (W.O. 2013173408 A1; Hereinafter “Eker”), and further in view of Truskovsky et al. (U.S. 9794249 B1; Hereinafter “Truskovsky”).
Regarding claim 1, Griffin teaches a computer-implemented method of binding post-quantum certificates to traditional certificates, the computer-implemented method comprising (Column 4 line 24-35“Various embodiments described herein relate to systems and methods for leveraging current cryptographic techniques linked to quantum resistant cryptographic techniques to create a dual signed message. Specifically, a message schema and associated processing for creating and verifying quantum-safe, double-signed content of any type or format, using hash-linked signed message. A quantum-resistant double signature (“QSDS”) may be used to gain assurance in the integrity of the digital signature and origin authenticity and data integrity of the QSDS party's content during transfer and storage against current threats and future vulnerabilities due to advancements in quantum computing”): 
selecting a first traditional certificate in a certificate chain owned by an owner (Griffin: column 10 line 21-39 “At 204, the signing party computing system 104 retrieves a public/private key pair. In some arrangements, the public/private key pair is associated with a digital certificate in a PKI, for example the X.509 certificate. In those arrangements, a key pair is generated (the private/public key pair must be generated together as they are mathematically related), the private key signs the public key, and the pair is summited to the certificate authority (“CA”) or the front-end registration authority that will then generate that public key certificate.”); 
calculating a first digital fingerprint of the first traditional certificate (Griffin: column 10 line 49-56 “At 206, the signing party generates a CMS messageDigest attribute. The CMS messageDigest attribute is generating by the signing party computing system 104 computing a cryptographic hash on the content-to-be-signed (e.g., the content), which is located in the SignedData message Content field, and any associated attributes carried in type SignedData. The hash is generated using a suitable cryptographic hash algorithm); 
generating a first post-quantum certificate with identical information fields as the first traditional certificate (Griffin: step 208-212 column 11 line 42-51 “At 212, the QSDS message processing computing system 102 generates the QSignedData message. The QSignedData message is generated using the messageDigest attribute, received from the signing party computing system 104, as the content-to-be-signed. The QSDS message processing computing system 102 digitally signs the content using the private key of the QSDS message processing computing system 102 and a quantum-resistant signature algorithm to generate a quantum-resistant QSignedData message.”); and 
populating a serial number of the first post-quantum certificate using the first digital fingerprint (Griffin: step 214 -220, column 11-12 line 62-68 “At 214, the QSDS message processing computing system 102 generates a QSignerinfo type and a qSignerInfo attribute. The QSignerinfo type includes the public key identifier of the public key or certificate associated with the public/private key pair of the QSDS message processing computing system 102 and the resulting signature value. The qSignerInfo attribute is linked with the QSignedData message.”).
Griffin does not explicitly teach that the first digital fingerprint is calculating using a cryptographic hash function on characteristics found within the first traditional certificate.
However in an analogous art, Eker teaches calculating a first digital fingerprint (digital Signature) using a cryptographic hash function on characteristics found within the first traditional certificate (Eker:fig.11, para[00122], “At block 1118, the method 1100 creates the digital signature to be incorporated into the digital certificate 108. To do this, the method 1100 combines (e.g., concatenates) the digital fingerprint.sub.2 and the textual information of the digital certificate 108 and computes a secure hash value therefrom. The secure hash value is input to a cryptographic algorithm, along with the cryptographic key 528 (e.g., the certifying authority's private key), to create the digital signature”).
	Therefore, it would have been obvious to a person having ordinary skill in the art, before the effective filling date of the claimed invention, to combine the teaching of Eker into the method of Griffin to include calculating of the digital fingerprint using a cryptographic hash function on characteristics found within the certificate because it will improve the security of the system by protecting it from counterfeiting (Eker: para[0088]).
Griffin in view of Eker does not explicitly teach the certificate of chain.
	However in an analogous art, Truskovsky teaches certificate of chain (Truskovsky : column 21 line 53-59, “FIG. 6 is a block diagram showing an example certificate chain 600 with a digital certificate that includes a public key for a quantum-resistant cryptosystem, in addition to a public key for another (e.g., quantum-vulnerable) cryptosystem. The example certificate chain 600 shown in FIG. 6 includes three digital certificates—a root CA certificate 602, an intermediate CA certificate 604 and an end-entity certificate 606.”). 
	Therefore, it would have been obvious to a person having ordinary skill in the art, before the effective filling date of the claimed invention, to combine the teaching of Truskovsky into the modified method of Griffin to include the certificate of chain because it will provide an additional layer of security, to transition from one cryptosystem to another cryptosystem (Truskovsky: column 4 line 45-49).
Regarding claim 2, Griffin in view of Eker and further in view of Truskovsky teaches the independent claim 1.  Truskovsky teaches determining a second traditional certificate exists in the certificate chain (Truskovsky: column 22 line 8-24, fig 6“the intermediate CA certificate 604 belongs to an intermediate certificate authority. The intermediate certificate authority has a second key pair associated with the first cryptosystem.”); 
selecting the second traditional certificate (column 22 line 8-24, fig 6“The intermediate certificate authority has a second key pair associated with the first cryptosystem. The second key pair includes a second certificate authority private key 640 and a second certificate authority public key 634. The example intermediate CA certificate 604 includes issuer information 630 (the root CA's identity), subject information 632 (the intermediate CA's identity), the second certificate authority public key 634, a second certificate authority signature 636 associated with the first cryptosystem and extensions 638.”); 
Eker teaches calculating a second digital fingerprint of the second traditional certificate (Eker: para[00124], “At block 1122, the method 1100 determines whether to repeat the foregoing blocks to generate another digital certificate for another item of the manufactured product. As noted above, each digital certificate 108 is intended to be unique to each individual item of the manufactured product. If additional digital certificates are to be generated for other items, then the method 1100 returns to block 1110.”);.
generating a second post-quantum certificate with identical information fields as the second traditional certificate (Griffin: column 19 step 508 -512, “At 514, the email agent computing system verifies the signature of the SignedAttributes component (e.g., value) of the second QSignerinfo. The verification process includes the email agent computing system generating a cryptographic hash of the content (e.g., messageDigest, content) identified in the SignedAttributes component of the second QSignerinfo. The hash is signed using the private key of the QSDS message processing computing system 102, the signature algorithm used to previously generate the QSignedData message (e.g., at 220 in method 200 of FIG. 2),” ); and 
populating a second serial number of the second post-quantum certificate using the second digital fingerprint (Eker: para[00123], “At block 1124, the method 1100 may utilize all or a portion of the item-specific digital certificates created previously to generate another identifying feature (e.g., bar code) that can be applied to a container that holds the manufactured items. For instance, the method 1100 may derive item serial numbers from the item-specific digital certificates, concatenate them, and use a cryptographic algorithm to generate an identifying feature that can be affixed to the container. Among other things, the container- specific digital certificate can be used, alone or in combination with one or more of the item-specific digital certificates, to validate the authenticity of multiple items in the container. For instance, in some embodiments, the container- specific digital certificate may be used to validate one or more items in a supply of such items, without having to remove them from their container”).
Regarding claim 3, Griffin in view of Eker and further in view of Truskovsky teaches the independent claim 1. Truskovsky teaches selecting a second traditional certificate chain owned by the owner (Truskovsky: column 13 line 15-20, “the example process 300 is used to issue a digital certificate that includes data objects (e.g., a public key, a certificate authority signature, etc.) for a first cryptosystem and data objects (e.g., a public key, a certificate authority signature, etc.) for a second, different cryptosystem.”); 
Griffin teaches selecting a second traditional certificate in the second traditional certificate chain; (Griffin: column 19  step 506, “At 506, the email agent computing system verifies the digital signature of the signing party computing system 104 on the digitally signed QSDS message. The verification process includes the email agent computing system generating a cryptographic hash of the content (e.g., messageDigest) identified in the digitally signed QSDS message. The hash is signed using the public key of the signing party computing system 104, a signature algorithm, and any additional parameters” ) ; 
calculating a second digital fingerprint of the second traditional certificate (Eker: para[00124], “At block 1122, the method 1100 determines whether to repeat the foregoing blocks to generate another digital certificate for another item of the manufactured product. As noted above, each digital certificate 108 is intended to be unique to each individual item of the manufactured product. If additional digital certificates are to be generated for other items, then the method 1100 returns to block 1110.”); and 
adding the second digital fingerprint to the serial number of the first post-quantum certificate (Eker: para[00123], “At block 1124, the method 1100 may utilize all or a portion of the item-specific digital certificates created previously to generate another identifying feature (e.g., bar code) that can be applied to a container that holds the manufactured items. For instance, the method 1100 may derive item serial numbers from the item-specific digital certificates, concatenate them, and use a cryptographic algorithm to generate an identifying feature that can be affixed to the container. Among other things, the container- specific digital certificate can be used, alone or in combination with one or more of the item-specific digital certificates, to validate the authenticity of multiple items in the container. For instance, in some embodiments, the container- specific digital certificate may be used to validate one or more items in a supply of such items, without having to remove them from their container”).
Regarding claim 4, Griffin in view of Eker and further in view of Truskovsky teaches the independent claim 1. Griffin additionally teaches detecting a vulnerable certificate in the certificate chain, wherein the vulnerable certificate contains encryption algorithm susceptible to attack(Griffin: column 19 line 10  -20 “Beneficially, the generation and verification, described in greater detail below in method 500 of FIG. 5, of the QSDS message prevents attacks by quantum computing techniques on vulnerable signature schemes”, “At 504, the email agent computing system retrieves the public key of the signing party computing system 104 to verify the digital signature of the QSDS message. In some arrangements, the key pair is associated with a digital certificate in a PKI or CA that allows the email agent computing system (or any other entity) to look up and retrieve the public key associated with the signing party computing system 104. In other arrangements, the email agent computing system could examine a public key component in the QSDS message to verify message integrity but would be unable to get origin authenticity assurance”); 
calculating a second digital fingerprint of the vulnerable certificate (Griffin: column 19  step 506, “At 506, the email agent computing system verifies the digital signature of the signing party computing system 104 on the digitally signed QSDS message. The verification process includes the email agent computing system generating a cryptographic hash of the content (e.g., messageDigest) identified in the digitally signed QSDS message. The hash is signed using the public key of the signing party computing system 104, a signature algorithm, and any additional parameters” ); 
generating a second post-quantum certificate with identical information fields as the vulnerable certificate (Griffin: column 19 step 508 -512, “At 514, the email agent computing system verifies the signature of the SignedAttributes component (e.g., value) of the second QSignerinfo. The verification process includes the email agent computing system generating a cryptographic hash of the content (e.g., messageDigest, content) identified in the SignedAttributes component of the second QSignerinfo. The hash is signed using the private key of the QSDS message processing computing system 102, the signature algorithm used to previously generate the QSignedData message (e.g., at 220 in method 200 of FIG. 2),” ); and 
populating a second serial number of the second post-quantum certificate using the second digital fingerprint (Griffin: column 20 Step 514, “At 514, the email agent computing system verifies the signature of the SignedAttributes component (e.g., value) of the second QSignerinfo. The verification process includes the email agent computing system generating a cryptographic hash of the content (e.g., messageDigest, content) identified in the SignedAttributes component of the second QSignerinfo.”).
Regarding claim 5, Griffin in view of Eker and further in view of Truskovsky teaches the independent claim 1.  Griffin additionally teaches applying a public key infrastructure (PKI) validation to the first traditional certificate and the first post-quantum certificate (Griffin: column 10 line 44-48, “As discussed in greater detail below in method 300 of FIG. 3, the relying party computing system 106 can use the PKI information to verify the signature and perform path validation to determine if the signing party computing system 104 should be trusted.”); 
verifying the serial number matches the first digital fingerprint of the first traditional certificate (Griffin: column 14 line 62-68, “The QSDS message processing computing system 102 verifies the fresh cryptographic hash of the content (e.g., messageDigest) by comparing it to the hash in the second QSignerinfo SignedAtrributes messageDigest value of the QSignedData message. if the hash in the messageDigest of the QSignedData matches the freshly generated hash in the messageDigest of the first qSignerInfo, the verification process continues.”); and 
validating the information fields match between the first traditional certificate and the first post-quantum certificate (Griffin: column 12-13 line 1-5, “However, the method 300 may be similarly performed by other systems and devices. As will be appreciated, if there are no threats of quantum computing compromise of the public/private key pair, the QSDS message verification would follow a current verification and path validation rules for validating a SignedData message.”).
Regarding claim 6, Griffin in view of Eker and further in view of Truskovsky teaches the independent claim 1.  Truskovsky teaches wherein the post-quantum certificate acts as an extension of the first traditional certificate providing authentication and validation between a client and a server (Truskovsky: column 20 line 37-55, “The requester generates a second (QR) key pair, which is associated with the second (quantum-resistant) cryptosystem and includes the QR public key 520 and a related QR private key. The requester inserts the QR public key 520 in an extension of a certificate signing request (CSR). The requester inserts the first public key 516 in the public key field in the basic fields of the CSR. The requester populates the other standard basic fields and extensions of the CSR…. The issuer verifies the requester's digital signature to ensure the requestor possesses the private key matching the first public key 516. The issuer verifies all other attributes of the CSR and may apply updates.”).
Regarding claim 7, Griffin in view of Eker and further in view of Truskovsky teaches the independent claim 1. Truskovsky  teaches wherein the post-quantum certificate uses a post-quantum capable algorithm for encryption and signature purposes (Truskovsky :column 7 line 62-68, “In some implementations, the quantum-enabled adversary 108 can factor integers, compute discrete logarithms or perform other classically-hard computational tasks fast enough to compromise the security of certain cryptography systems. For example, the quantum-enabled adversary 108 may be capable of computing prime factors fast enough to compromise certain RSA encryption standards or computing discrete logarithms fast enough to compromise certain ECC encryption standards.”).
Regarding claim 8, Griffin in view of Eker and further in view of Truskovsky teaches the independent claim 1.  Truskovsky teaches wherein the first digital fingerprint is stored in an extension field of the post-quantum certificate (Truskovsky : column 4 line 7-16 “The subject field of an X.509 certificate may contain information (e.g., a user identity) that identifies the entity associated with the public key stored in the public key field (the certificate owner). The public key field of an X.509 certificate may contain the public key of the entity. The public key field of an X.509 certificate may also contain information identifying the cryptographic algorithm with which the pubic key is used.”, “The extensions of an X.509 certificate may include, for example, standard extensions, private extensions and possibly other types of extensions”).
Regarding claim 9, Griffin in view of Eker and further in view of Truskovsky teaches the independent claim 1. Griffin additionally teach wherein public key cryptography standards (PKCS) 7 encoding message includes digital signatures of private keys of the first traditional certificate and the post-quantum certificate (Griffin: column 11 line 4-14, “While the foregoing embodiments are described as being cryptographically protected in CMS X9.73 messages, such as SignedData and NamedKey EncryptedData, the QSDS message processing system 100 may incorporate additional asymmetric cryptography (e.g. Signcryption, X9.73, ISO/IEC 29150), digital signatures (e.g. RSA, X9.31, DSA, FIPS 186-4, ECDSA, X9.62”, “The QSDS message processing computing system 102 digitally signs the content using the private key of the QSDS message processing computing system 102 and a quantum-resistant signature algorithm to generate a quantum-resistant QSignedData message.”).
Regarding claim 10, Griffin in view of Eker and further in view of Truskovsky teaches the dependent claim 9. Griffin additionally teach wherein validation of the PKCS encoding message requires validation of the digital signatures (griffin: column 10 line 44-48 “As discussed in greater detail below in method 300 of FIG. 3, the relying party computing system 106 can use the PKI information to verify the signature and perform path validation to determine if the signing party computing system 104 should be trusted.”) and a binding between the first traditional certificate and the post-quantum certificate (column 11 line 29-31 “As will be appreciated, the QSignedData message is the message with the QSDS message processing computing system 102 that is linked to the QSDS message”).
Regarding claim 11, Griffin teaches a computer program product of binding post-quantum certificates to traditional certificates, the computer program product comprising (Column 4 line 24-35“Various embodiments described herein relate to systems and methods for leveraging current cryptographic techniques linked to quantum resistant cryptographic techniques to create a dual signed message. Specifically, a message schema and associated processing for creating and verifying quantum-safe, double-signed content of any type or format, using hash-linked signed message. A quantum-resistant double signature (“QSDS”) may be used to gain assurance in the integrity of the digital signature and origin authenticity and data integrity of the QSDS party's content during transfer and storage against current threats and future vulnerabilities due to advancements in quantum computing” ): 
one or more computer readable storage medium, and program instructions stored on the one or more computer readable storage media, the program instructions comprising (Griffin: column 22 line 10-15, “In some embodiments, the non-volatile media may take the form of ROM, flash memory (e.g., flash memory such as NAND, 3D NAND, NOR, 3D NOR, etc.), EEPROM, MRAM, magnetic storage, hard discs, optical discs, etc. In other embodiments, the volatile storage media may take the form of RAM, TRAM, ZRAM, etc. Combinations of the above are also included within the scope of machine-readable media”):
program instructions to select a first traditional certificate in a certificate chain owned by an owner (Griffin: column 10 line 21-39 “At 204, the signing party computing system 104 retrieves a public/private key pair. In some arrangements, the public/private key pair is associated with a digital certificate in a PKI, for example the X.509 certificate. In those arrangements, a key pair is generated (the private/public key pair must be generated together as they are mathematically related), the private key signs the public key, and the pair is summited to the certificate authority (“CA”) or the front-end registration authority that will then generate that public key certificate.”):
program instructions to calculate a first digital fingerprint of the first traditional certificate (Griffin: column 10 line 49-56 “At 206, the signing party generates a CMS messageDigest attribute. The CMS messageDigest attribute is generating by the signing party computing system 104 computing a cryptographic hash on the content-to-be-signed (e.g., the content), which is located in the SignedData message Content field, and any associated attributes carried in type SignedData. The hash is generated using a suitable cryptographic hash algorithm);
program instructions to generate a first post-quantum certificate with identical information fields as the first traditional certificate (Griffin: step 208-212 column 11 line 42-51 “At 212, the QSDS message processing computing system 102 generates the QSignedData message. The QSignedData message is generated using the messageDigest attribute, received from the signing party computing system 104, as the content-to-be-signed. The QSDS message processing computing system 102 digitally signs the content using the private key of the QSDS message processing computing system 102 and a quantum-resistant signature algorithm to generate a quantum-resistant QSignedData message.”); 
program instructions to populate a serial number of the first post-quantum certificate using the first digital fingerprint (Griffin: step 214 -220, column 11-12 line 62-68 “At 214, the QSDS message processing computing system 102 generates a QSignerinfo type and a qSignerInfo attribute. The QSignerinfo type includes the public key identifier of the public key or certificate associated with the public/private key pair of the QSDS message processing computing system 102 and the resulting signature value. The qSignerInfo attribute is linked with the QSignedData message.”).
Griffin does not explicitly teach that calculating the first digital fingerprint using a cryptographic hash function on characteristics found within the first traditional certificate.
However in an analogous art, Eker teaches calculate a first digital fingerprint using a cryptographic hash function on characteristics found within the first traditional certificate (Eker:fig.11, para[00122], “At block 1118, the method 1100 creates the digital signature to be incorporated into the digital certificate 108. To do this, the method 1100 combines (e.g., concatenates) the digital fingerprint.sub.2 and the textual information of the digital certificate 108 and computes a secure hash value therefrom. The secure hash value is input to a cryptographic algorithm, along with the cryptographic key 528 (e.g., the certifying authority's private key), to create the digital signature”); 
	Therefore, it would have been obvious to a person having ordinary skill in the art, before the effective filling date of the claimed invention, to combine the teaching of Eker into the method of Griffin to include calculate a first digital fingerprint using a cryptographic hash function on characteristics found within the first traditional certificate because it will improve the security of the system by protecting it from counterfeiting (Eker: para[0088]).
Griffin in view of Eker does not explicitly teach the certificate of chain.
	However in an analogous art, Truskovsky teaches certificate of chain (Truskovsky : column 21 line 53-59, “FIG. 6 is a block diagram showing an example certificate chain 600 with a digital certificate that includes a public key for a quantum-resistant cryptosystem, in addition to a public key for another (e.g., quantum-vulnerable) cryptosystem. The example certificate chain 600 shown in FIG. 6 includes three digital certificates—a root CA certificate 602, an intermediate CA certificate 604 and an end-entity certificate 606.”). 
	Therefore, it would have been obvious to a person having ordinary skill in the art, before the effective filling date of the claimed invention, to combine the teaching of Truskovsky into the modified method of Griffin to include the certificate of chain because it will provide an additional layer of security, to transition from one cryptosystem to another cryptosystem (Truskovsky: column 4 line 45-49).
Regarding claim 12, claim 12 is rejected under the same rational as claim 2.
Regarding claim 13, claim 13 is rejected under the same rational as claim 3.
Regarding claim 14, claim 14 is rejected under the same rational as claim 4.
Regarding claim 15, claim 15 is rejected under the same rational as claim 5.
Regarding claim 16, claim 16 is rejected under the same rational as claim 6.
Regarding claim 17, claim 17 is rejected under the same rational as claim 7.
Regarding claim 18, claim 18 is rejected under the same rational as claim 8.
Regarding claim 19, claim 19 is rejected under the same rational as claim 9.
Claim 20 is rejected under 35 U.S.C. 103 as being unpatentable over Griffin (U.S 10742420 B1; Hereinafter “Griffin”), in view of Eker et al. (W.O. 2013173408 A1; Hereinafter “Eker”).
Regarding claim 20, Griffin teaches a system for binding post-quantum certificates to traditional certificates, the system comprising (Column 4 line 24-35“Various embodiments described herein relate to systems and methods for leveraging current cryptographic techniques linked to quantum resistant cryptographic techniques to create a dual signed message. Specifically, a message schema and associated processing for creating and verifying quantum-safe, double-signed content of any type or format, using hash-linked signed message. A quantum-resistant double signature (“QSDS”) may be used to gain assurance in the integrity of the digital signature and origin authenticity and data integrity of the QSDS party's content during transfer and storage against current threats and future vulnerabilities due to advancements in quantum computing” ): selecting a first traditional certificate in a certificate chain owned by an owner (Griffin: column 10 line 21-39 “At 204, the signing party computing system 104 retrieves a public/private key pair. In some arrangements, the public/private key pair is associated with a digital certificate in a PKI, for example the X.509 certificate. In those arrangements, a key pair is generated (the private/public key pair must be generated together as they are mathematically related), the private key signs the public key, and the pair is summited to the certificate authority (“CA”) or the front-end registration authority that will then generate that public key certificate.”); 
a memory (Griffin: column 21 line 28-31, “The “circuit” may also include one or more processors communicatively coupled to one or more memory or memory devices”);
a processor (Griffin: column 21 line 28-31, “The “circuit” may also include one or more processors communicatively coupled to one or more memory or memory devices”);
local data storage having stored thereon computer executable code(Griffin: column 22 line 10-15, “In some embodiments, the non-volatile media may take the form of ROM, flash memory (e.g., flash memory such as NAND, 3D NAND, NOR, 3D NOR, etc.), EEPROM, MRAM, magnetic storage, hard discs, optical discs, etc. In other embodiments, the volatile storage media may take the form of RAM, TRAM, ZRAM, etc. Combinations of the above are also included within the scope of machine-readable media”);
a fingerprinting mechanism configured to calculate a digital fingerprint of a certificate (Griffin: column 10 line 49-56 “At 206, the signing party generates a CMS messageDigest attribute. The CMS messageDigest attribute is generating by the signing party computing system 104 computing a cryptographic hash on the content-to-be-signed (e.g., the content), which is located in the SignedData message Content field, and any associated attributes carried in type SignedData. The hash is generated using a suitable cryptographic hash algorithm); 
a certificate generator configured to generate a post-quantum certificate using a quantum resistant algorithm for encryption(Griffin: step 208-212 column 11 line 42-51 “At 212, the QSDS message processing computing system 102 generates the QSignedData message. The QSignedData message is generated using the messageDigest attribute, received from the signing party computing system 104, as the content-to-be-signed. The QSDS message processing computing system 102 digitally signs the content using the private key of the QSDS message processing computing system 102 and a quantum-resistant signature algorithm to generate a quantum-resistant QSignedData message.”); 
and a validation component configured to validate a binding between the post- quantum certificate and the certificate (Griffin: column 8 line 34-41, “The authentication circuit 122 is structured to receive a request from a third party (e.g., relying party computing system 106) to verify the origin authenticity and data integrity of an original message by verifying the origin authenticity and data integrity of the linked (e.g., associated) quantum-resistant message. The verification process is described in greater detail below in method 300 of FIG. 3 and method 500 of FIG. 5”);
Griffin does not explicitly teach calculating the digital fingerprint using a cryptographic hash function on characteristics found within the certificate.
However in an analogous art, Eker teaches calculate a digital fingerprint (digital signature) of a certificate using a cryptographic hash function on characteristics found within the certificate (Eker:fig.11, para[00122], “At block 1118, the method 1100 creates the digital signature to be incorporated into the digital certificate 108. To do this, the method 1100 combines (e.g., concatenates) the digital fingerprint.sub.2 and the textual information of the digital certificate 108 and computes a secure hash value therefrom. The secure hash value is input to a cryptographic algorithm, along with the cryptographic key 528 (e.g., the certifying authority's private key), to create the digital signature”); 
	Therefore, it would have been obvious to a person having ordinary skill in the art, before the effective filling date of the claimed invention, to combine the teaching of Eker into the method of Griffin to include the digital fingerprint and the population of the serial number because it will improve the security of the system by protecting it from counterfeiting (Eker: para[0088]).
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to LYDIA L NOEL whose telephone number is (571)272-1628. The examiner can normally be reached Monday - Friday 9:00 - 5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on (571) 272 - 4063. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/L.L.N./
Examiner, Art Unit 2437     

/KRISTINE L KINCAID/Supervisory Patent Examiner, Art Unit 2437