DETAILED ACTION
This office action is in response to applicant’s RCE amendment filed on 08/23/2022.  Claims 1, 5, 8, 12, 15, and 19 have been amended.  Claims 1-20 are pending and are directed towards system, method, and computer product for Digital Certificate Invalidation and Verification.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
1.	Applicant’s arguments filed 08/23/2022 have been fully considered.
A) Applicant’s arguments, with respect to the amended limitations 1, that Lewison, Doi, and Rescorla fail to teach “determining that the second digital certificate is invalid based on the search result showing that the second certificate is recorded in the blockchain from searching the blockchain storage states in the binary vector structure at the second node without searching the data records of blocks of the blockchain” (page 9-10 of the present response) have been fully considered but they are moot in view of the new grounds of 35 U.S.C. 103 rejections.
Claim Rejections - 35 USC § 103
2.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
3.	Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Lewison et al. (US Pub. 2017/0338967), hereinafter Lewison, filed on May 18, 2017 in view of Doi et al. (US Pub. 2014/0373118), hereinafter Doi, filed on June 11, 2014 and Goeringer et al. (US Pub. 2019/0394050), hereinafter Goeringer, filed May 3, 2019. 
Regarding claim 1, Lewison teaches a method for verifying a digital certificate (para 33, line 1-18; validate certificates operating on a distributed ledger), comprising: 
determining whether a first digital certificate is expired based on a validity time period (para 94, line 1-5 and para 95, line 1-4; checks if the present time falls between the Begin and End times of the validity period 735 of certificate 700); 
in response to the first digital certificate being not expired, determining that the first digital certificate is a to-be-invalidated digital certificate (para 43, line 1-19; determine a certificate to be listed as revoked in a revocation store); 
obtaining a first certificate identification of the first digital certificate (para 43, line 1-19; determine a serial number 415 of the certificate to be stored in the revocation store); 
sending a recording request to a first node in a blockchain network to cause the first node to broadcast the first certificate identification in the blockchain network and record the first certificate identification in a blockchain associated with the blockchain network, wherein the recording request comprises the first certificate identification (para 38, line 1-9 and para 43, line 1-19; node 110 operated by on-ledger CA 205 propagates the certificate revocation transaction 400 to node 130 operated by on-ledger verifier 210 of the distributed ledger which stores the serial number of the certificate),
Lewison does not teach the first certificate identification in the blockchain is recorded via bloom filter mechanism in a binary vector structure at the first node and in a binary vector structure at a second node in the network, and wherein the first certificate identification is mapped to a position in the binary vector structure at the first node and a position in the binary vector structure at the second node through a mapping function;
Doi teaches the first certificate identification in the blockchain is recorded via bloom filter mechanism in a binary vector structure at the first node and in a binary vector structure at a second node in the network, and wherein the first certificate identification is mapped to a position in the binary vector structure at the first node and a position in the binary vector structure at the second node through a mapping function (para 23, line 1-8 and para 24, line 1-17 and para 54, line 1-13; determine certificate revocation using bloom filter, where the bloom filter algorithm projects data onto a bitmap and each node is provided with a bloom-filter certificate revocation list from a server); 
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Lewison to incorporate the teachings of Doi to provide determine certificate revocation using bloom filter, where the bloom filter algorithm projects data onto a bitmap.  Doing so would allow for the certificate authority to update the bloom filter for certificate revocation, as recognized by Doi.
Lewison and Doi do not each wherein a blockchain storage state of the first certificate identification in the blockchain is recorded
Goeringer teaches wherein a blockchain storage state of the first certificate identification in the blockchain is recorded (para 23, line 1-20 and para 52, line 1-12; query created consensus database entries instead of blocks in blockchains in order to confirm or validate the status of a PKI certificate, where the status of a PKI certificate is recorded in a blockchain)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Lewison and Doi to incorporate the teachings of Goeringer to provide query created consensus database entries instead of blocks in blockchains in order to confirm or validate the status of a PKI certificate, where the status of a PKI certificate is recorded in a blockchain.  Doing so would allow more efficient mechanisms for conducting data operations (e.g., searches, queries, views) than blockchains, as recognized by Goeringer.
Lewison teaches obtaining a second certificate identification of a second digital certificate (para 33, line 1-18 and para 43, line 1-19; obtaining the serial number of certificates); 
sending a search request to a second node in the blockchain network to cause the second node to determine whether the second certificate identification is recorded in the blockchain, wherein the search request comprises the second certificate identification (para 33, line 1-18 and para 43, line 1-19; on-ledger CA asks for validation of certificates identifiers from verifiers operating on distributed ledger nodes); 
Lewison does not teach searching in the binary vector structure at the second node,
Doi teaches searching in the binary vector structure at the second node (para 23, line 1-8 and para 24, line 1-17 and para 54, line 1-13; determine certificate revocation using bloom filter, where the bloom filter algorithm projects data onto a bitmap and each node is provided with a bloom-filter certificate revocation list from a server), 
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Lewison to incorporate the teachings of Doi to provide determine certificate revocation using bloom filter, where the bloom filter algorithm projects data onto a bitmap.  Doing so would allow for the certificate authority to update the bloom filter for certificate revocation, as recognized by Doi.
Lewison and Doi do not teach searching storage states at the second node without searching data records of blocks of the blockchain
Goeringer teaches searching storage states at the second node without searching data records of blocks of the blockchain (para 23, line 1-20 and para 52, line 1-12; query created consensus database entries instead of blocks in blockchains in order to confirm or validate the status of a PKI certificate, where the status of a PKI certificate is recorded in a blockchain)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Lewison and Doi to incorporate the teachings of Goeringer to provide query created consensus database entries instead of blocks in blockchains in order to confirm or validate the status of a PKI certificate, where the status of a PKI certificate is recorded in a blockchain.  Doing so would allow more efficient mechanisms for conducting data operations (e.g., searches, queries, views) than blockchains, as recognized by Goeringer.
Lewison teaches receiving a search result returned by the second node, the search result showing that the second digital certificate is recorded in the blockchain; and determining that the second digital certificate is invalid (para 33, line 1-18 and para 43, line 1-19; verifiers operating on distributed ledger node determine if the certificates are revoked using the revocation store).
Lewison does not teach searching in the binary vector structure at the second node,
Doi teaches searching in the binary vector structure at the second node (para 23, line 1-8 and para 24, line 1-17 and para 54, line 1-13; determine certificate revocation using bloom filter, where the bloom filter algorithm projects data onto a bitmap and each node is provided with a bloom-filter certificate revocation list from a server), 
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Lewison to incorporate the teachings of Doi to provide determine certificate revocation using bloom filter, where the bloom filter algorithm projects data onto a bitmap.  Doing so would allow for the certificate authority to update the bloom filter for certificate revocation, as recognized by Doi.
Lewison and Doi do not teach based on the search result showing that the second digital certificate is recorded in the blockchain from searching the blockchain storage states at the second node without searching the data records of blocks of the blockchain.
Goeringer teaches based on the search result showing that the second digital certificate is recorded in the blockchain from searching the blockchain storage states at the second node without searching the data records of blocks of the blockchain (para 23, line 1-20 and para 52, line 1-12; query created consensus database entries instead of blocks in blockchains in order to confirm or validate the status of a PKI certificate, where the status of a PKI certificate is recorded in a blockchain)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Lewison and Doi to incorporate the teachings of Goeringer to provide query created consensus database entries instead of blocks in blockchains in order to confirm or validate the status of a PKI certificate, where the status of a PKI certificate is recorded in a blockchain.  Doing so would allow more efficient mechanisms for conducting data operations (e.g., searches, queries, views) than blockchains, as recognized by Goeringer.
Regarding claim 2, Lewison, Doi, and Goeringer teach method of claim 1.
	Lewison teaches the obtaining a first certificate identification of the first digital certificate comprises (para 33, line 1-18 and para 56, line 1-5; obtain validation hashes of all the certificate data, where certificate data include seral number, to use for identifying the certificate for validation): 
obtaining content of the first digital certificate (para 47, line 1-13 and para 56, line 1-5; use all certificate data in the computation of the validation hash); 
hashing the content to obtain a hash value; and using the obtained hash value as the first certificate identification (para 47, line 1-13 and para 56, line 1-5; compute a validation hash of the certificate to identify the certificate issued).
Regarding claim 3, Lewison, Doi, and Goeringer teach method of claim 2.
Lewison teaches the second certificate identification comprises a hash value of content of the second digital certificate (para 33, line 1-18 and para 56, line 1-5; obtain validation hashes of all data for certificates, where certificate data include seral number, to use for identifying the certificates for validation).
Regarding claim 4, Lewison, Doi, and Goeringer teach method of claim 1.
Lewison teaches the obtaining a first certificate identification of the first digital certificate comprises: obtaining a first unique certificate number of the first digital certificate as the first certificate identification (para 43, line 1-19; determine a serial number 415 of the certificate to be stored in the revocation store).
Regarding claim 5, Lewison, Doi, and Goeringer teach method of claim 3.
Lewison teaches the second certificate identification comprises a second unique certificate number of the second digital certificate (para 33, line 1-18 and para 43, line 1-19; obtaining the serial numbers of certificates).
Regarding claim 6, Lewison, Doi, and Goeringer teach method of claim 1.
Lewison teaches obtaining content of the first digital certificate (para 43, line 1-19; determining the contents of the certificate transaction); 16Client Ref No. A26690US Attorney Docket No. 56JS-332006 
generating an asymmetric public-private key pair comprising a public key and a private key (para 45, line 1-16; identifies the certificate-signing key pair including the private key and public key); 
generating a first certificate summary of the first digital certificate based on the content of the first digital certificate; and encrypting the first certificate summary with the private key to obtain a first digital signature of the first digital certificate (para 43, line 1-19 and para 52, line 1-19; the certificate revocation transaction also comprises a signature 420 of the contents of the transaction by encrypting using a private key).
Regarding claim 7, Lewison, Doi, and Goeringer teach method of claim 6.
Lewison teaches the first digital certificate is the same as the second digital certificate (para 33, line 1-18 and para 43, line 1-19; determine if the certificates are revoked using the revocation store), and the method further comprises: 
verifying a second digital signature of the second digital certificate with the public key (para 33, line 1-18 and para 45, line 1-16; validating certificates, where the certificate revocation transaction also comprises a signature 420 of the contents of the transaction verifiable using the public key); and 
in response to failing to verify the second digital signature, determining the second digital certificate is invalid (para 33, line 1-18 and para 48, line 1-8; verifying the signature of certificates is a means of verifying that the certificate was issued by the CA, which is used to determine revocation of certificates).
Regarding claim 8, Lewison teaches a system for verifying a digital certificate, comprising a certificate authority and a verification platform, wherein the certificate authority and the verification platform comprise one or more processors and a non-transitory computer-readable memory coupled to the one or more processors and configured with instructions executable by the one or more processors to perform operations comprising (para 27, line 1-8 and para 33, line 1-18; validate certificates operating on a distributed ledger using certificate authority (CA) and verifier nodes, where each node executes instructions to carry out ledger transactions in local data store):
determining whether a first digital certificate is expired based on a validity time period (para 94, line 1-5 and para 95, line 1-4; checks if the present time falls between the Begin and End times of the validity period 735 of certificate 700); 
in response to the first digital certificate being not expired, determining that the first digital certificate is a to-be-invalidated digital certificate (para 43, line 1-19; determine a certificate to be listed as revoked in a revocation store); 
obtaining a first certificate identification of the first digital certificate (para 43, line 1-19; determine a serial number 415 of the certificate to be stored in the revocation store); 
sending a recording request to a first node in a blockchain network to cause the first node to broadcast the first certificate identification in the blockchain network and record the first certificate identification in a blockchain associated with the blockchain network, wherein the recording request comprises the first certificate identification (para 38, line 1-9 and para 43, line 1-19; node 110 operated by on-ledger CA 205 propagates the certificate revocation transaction 400 to node 130 operated by on-ledger verifier 210 of the distributed ledger which stores the serial number of the certificate),
Lewison does not teach the first certificate identification in the blockchain is recorded via bloom filter mechanism in a binary vector structure at the first node and in a binary vector structure at a second node in the network, and wherein the first certificate identification is mapped to a position in the binary vector structure at the first node and a position in the binary vector structure at the second node through a mapping function;
Doi teaches the first certificate identification in the blockchain is recorded via bloom filter mechanism in a binary vector structure at the first node and in a binary vector structure at a second node in the network, and wherein the first certificate identification is mapped to a position in the binary vector structure at the first node and a position in the binary vector structure at the second node through a mapping function (para 23, line 1-8 and para 24, line 1-17 and para 54, line 1-13; determine certificate revocation using bloom filter, where the bloom filter algorithm projects data onto a bitmap and each node is provided with a bloom-filter certificate revocation list from a server); 
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Lewison to incorporate the teachings of Doi to provide determine certificate revocation using bloom filter, where the bloom filter algorithm projects data onto a bitmap.  Doing so would allow for the certificate authority to update the bloom filter for certificate revocation, as recognized by Doi.
Lewison and Doi do not each wherein a blockchain storage state of the first certificate identification in the blockchain is recorded
Goeringer teaches wherein a blockchain storage state of the first certificate identification in the blockchain is recorded (para 23, line 1-20 and para 52, line 1-12; query created consensus database entries instead of blocks in blockchains in order to confirm or validate the status of a PKI certificate, where the status of a PKI certificate is recorded in a blockchain)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Lewison and Doi to incorporate the teachings of Goeringer to provide query created consensus database entries instead of blocks in blockchains in order to confirm or validate the status of a PKI certificate, where the status of a PKI certificate is recorded in a blockchain.  Doing so would allow more efficient mechanisms for conducting data operations (e.g., searches, queries, views) than blockchains, as recognized by Goeringer.
Lewison teaches obtaining a second certificate identification of a second digital certificate (para 33, line 1-18 and para 43, line 1-19; obtaining the serial number of certificates); 
sending a search request to a second node in the blockchain network to cause the second node to determine whether the second certificate identification is recorded in the blockchain, wherein the search request comprises the second certificate identification (para 33, line 1-18 and para 43, line 1-19; on-ledger CA asks for validation of certificates identifiers from verifiers operating on distributed ledger nodes); 
Lewison does not teach searching in the binary vector structure at the second node,
Doi teaches searching in the binary vector structure at the second node (para 23, line 1-8 and para 24, line 1-17 and para 54, line 1-13; determine certificate revocation using bloom filter, where the bloom filter algorithm projects data onto a bitmap and each node is provided with a bloom-filter certificate revocation list from a server), 
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Lewison to incorporate the teachings of Doi to provide determine certificate revocation using bloom filter, where the bloom filter algorithm projects data onto a bitmap.  Doing so would allow for the certificate authority to update the bloom filter for certificate revocation, as recognized by Doi.
Lewison and Doi do not teach searching storage states at the second node without searching data records of blocks of the blockchain
Goeringer teaches searching storage states at the second node without searching data records of blocks of the blockchain (para 23, line 1-20 and para 52, line 1-12; query created consensus database entries instead of blocks in blockchains in order to confirm or validate the status of a PKI certificate, where the status of a PKI certificate is recorded in a blockchain)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Lewison and Doi to incorporate the teachings of Goeringer to provide query created consensus database entries instead of blocks in blockchains in order to confirm or validate the status of a PKI certificate, where the status of a PKI certificate is recorded in a blockchain.  Doing so would allow more efficient mechanisms for conducting data operations (e.g., searches, queries, views) than blockchains, as recognized by Goeringer.
Lewison teaches receiving a search result returned by the second node, the search result showing that the second digital certificate is recorded in the blockchain; and determining that the second digital certificate is invalid (para 33, line 1-18 and para 43, line 1-19; verifiers operating on distributed ledger node determine if the certificates are revoked using the revocation store).
Lewison does not teach searching in the binary vector structure at the second node,
Doi teaches searching in the binary vector structure at the second node (para 23, line 1-8 and para 24, line 1-17 and para 54, line 1-13; determine certificate revocation using bloom filter, where the bloom filter algorithm projects data onto a bitmap and each node is provided with a bloom-filter certificate revocation list from a server), 
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Lewison to incorporate the teachings of Doi to provide determine certificate revocation using bloom filter, where the bloom filter algorithm projects data onto a bitmap.  Doing so would allow for the certificate authority to update the bloom filter for certificate revocation, as recognized by Doi.
Lewison and Doi do not teach based on the search result showing that the second digital certificate is recorded in the blockchain from searching the blockchain storage states at the second node without searching the data records of blocks of the blockchain.
Goeringer teaches based on the search result showing that the second digital certificate is recorded in the blockchain from searching the blockchain storage states at the second node without searching the data records of blocks of the blockchain (para 23, line 1-20 and para 52, line 1-12; query created consensus database entries instead of blocks in blockchains in order to confirm or validate the status of a PKI certificate, where the status of a PKI certificate is recorded in a blockchain)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Lewison and Doi to incorporate the teachings of Goeringer to provide query created consensus database entries instead of blocks in blockchains in order to confirm or validate the status of a PKI certificate, where the status of a PKI certificate is recorded in a blockchain.  Doing so would allow more efficient mechanisms for conducting data operations (e.g., searches, queries, views) than blockchains, as recognized by Goeringer.
Regarding claim 9, Lewison, Doi, and Goeringer teach system of claim 8.
Lewison teaches the obtaining a first certificate identification of the first digital certificate comprises (para 33, line 1-18 and para 56, line 1-5; obtain validation hashes of all the certificate data, where certificate data include seral number, to use for identifying the certificate for validation): 
obtaining content of the first digital certificate (para 47, line 1-13 and para 56, line 1-5; use all certificate data in the computation of the validation hash); 
hashing the content to obtain a hash value; and using the obtained hash value as the first certificate identification (para 47, line 1-13 and para 56, line 1-5; compute a validation hash of the certificate to identify the certificate issued).
Regarding claim 10, Lewison, Doi, and Goeringer teach system of claim 9.
Lewison teaches the second certificate identification comprises a hash value of content of the second digital certificate (para 33, line 1-18 and para 56, line 1-5; obtain validation hashes of all data for certificates, where certificate data include seral number, to use for identifying the certificates for validation).
Regarding claim 11, Lewison, Doi, and Goeringer teach system of claim 8.
Lewison teaches the obtaining a first certificate identification of the first digital certificate comprises: obtaining a first unique certificate number of the first digital certificate as the first certificate identification (para 43, line 1-19; determine a serial number 415 of the certificate to be stored in the revocation store).
Regarding claim 12, Lewison, Doi, and Goeringer system of claim 11.
Lewison teaches the second certificate identification comprises a second unique certificate number of the second digital certificate (para 33, line 1-18 and para 43, line 1-19; obtaining the serial numbers of certificates).
Regarding claim 13, Lewison, Doi, and Goeringer teach system of claim 8.
Lewison teaches obtaining content of the first digital certificate (para 43, line 1-19; determining the contents of the certificate transaction); 16Client Ref No. A26690US Attorney Docket No. 56JS-332006 
generating an asymmetric public-private key pair comprising a public key and a private key (para 45, line 1-16; identifies the certificate-signing key pair including the private key and public key); 
generating a first certificate summary of the first digital certificate based on the content of the first digital certificate; and encrypting the first certificate summary with the private key to obtain a first digital signature of the first digital certificate (para 43, line 1-19 and para 52, line 1-19; the certificate revocation transaction also comprises a signature 420 of the contents of the transaction by encrypting using a private key).
Regarding claim 14, Lewison, Doi, and Goeringer teach system of claim 13.
Lewison teaches the first digital certificate is the same as the second digital certificate (para 33, line 1-18 and para 43, line 1-19; determine if the certificates are revoked using the revocation store), and the method further comprises: 
verifying a second digital signature of the second digital certificate with the public key (para 33, line 1-18 and para 45, line 1-16; validating certificates, where the certificate revocation transaction also comprises a signature 420 of the contents of the transaction verifiable using the public key); and 
in response to failing to verify the second digital signature, determining the second digital certificate is invalid (para 33, line 1-18 and para 48, line 1-8; verifying the signature of certificates is a means of verifying that the certificate was issued by the CA, which is used to determine revocation of certificates).
Regarding claim 15, Lewison teaches one or more non-transitory computer-readable storage media for verifying a digital certificate, storing instructions executable by one or more processors to cause the one or more processors to perform operations comprising (para 27, line 1-8 and para 33, line 1-18; validate certificates operating on a distributed ledger using certificate authority (CA) and verifier nodes, where each node executes instructions to carry out ledger transactions in local data store):
determining whether a first digital certificate is expired based on a validity time period (para 94, line 1-5 and para 95, line 1-4; checks if the present time falls between the Begin and End times of the validity period 735 of certificate 700); 
in response to the first digital certificate being not expired, determining that the first digital certificate is a to-be-invalidated digital certificate (para 43, line 1-19; determine a certificate to be listed as revoked in a revocation store); 
obtaining a first certificate identification of the first digital certificate (para 43, line 1-19; determine a serial number 415 of the certificate to be stored in the revocation store); 
sending a recording request to a first node in a blockchain network to cause the first node to broadcast the first certificate identification in the blockchain network and record the first certificate identification in a blockchain associated with the blockchain network, wherein the recording request comprises the first certificate identification (para 38, line 1-9 and para 43, line 1-19; node 110 operated by on-ledger CA 205 propagates the certificate revocation transaction 400 to node 130 operated by on-ledger verifier 210 of the distributed ledger which stores the serial number of the certificate),
Lewison does not teach the first certificate identification in the blockchain is recorded via bloom filter mechanism in a binary vector structure at the first node and in a binary vector structure at a second node in the network, and wherein the first certificate identification is mapped to a position in the binary vector structure at the first node and a position in the binary vector structure at the second node through a mapping function;
Doi teaches the first certificate identification in the blockchain is recorded via bloom filter mechanism in a binary vector structure at the first node and in a binary vector structure at a second node in the network, and wherein the first certificate identification is mapped to a position in the binary vector structure at the first node and a position in the binary vector structure at the second node through a mapping function (para 23, line 1-8 and para 24, line 1-17 and para 54, line 1-13; determine certificate revocation using bloom filter, where the bloom filter algorithm projects data onto a bitmap and each node is provided with a bloom-filter certificate revocation list from a server); 
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Lewison to incorporate the teachings of Doi to provide determine certificate revocation using bloom filter, where the bloom filter algorithm projects data onto a bitmap.  Doing so would allow for the certificate authority to update the bloom filter for certificate revocation, as recognized by Doi.
Lewison and Doi do not each wherein a blockchain storage state of the first certificate identification in the blockchain is recorded
Goeringer teaches wherein a blockchain storage state of the first certificate identification in the blockchain is recorded (para 23, line 1-20 and para 52, line 1-12; query created consensus database entries instead of blocks in blockchains in order to confirm or validate the status of a PKI certificate, where the status of a PKI certificate is recorded in a blockchain)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Lewison and Doi to incorporate the teachings of Goeringer to provide query created consensus database entries instead of blocks in blockchains in order to confirm or validate the status of a PKI certificate, where the status of a PKI certificate is recorded in a blockchain.  Doing so would allow more efficient mechanisms for conducting data operations (e.g., searches, queries, views) than blockchains, as recognized by Goeringer.
Lewison teaches obtaining a second certificate identification of a second digital certificate (para 33, line 1-18 and para 43, line 1-19; obtaining the serial number of certificates); 
sending a search request to a second node in the blockchain network to cause the second node to determine whether the second certificate identification is recorded in the blockchain, wherein the search request comprises the second certificate identification (para 33, line 1-18 and para 43, line 1-19; on-ledger CA asks for validation of certificates identifiers from verifiers operating on distributed ledger nodes); 
Lewison does not teach searching in the binary vector structure at the second node,
Doi teaches searching in the binary vector structure at the second node (para 23, line 1-8 and para 24, line 1-17 and para 54, line 1-13; determine certificate revocation using bloom filter, where the bloom filter algorithm projects data onto a bitmap and each node is provided with a bloom-filter certificate revocation list from a server), 
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Lewison to incorporate the teachings of Doi to provide determine certificate revocation using bloom filter, where the bloom filter algorithm projects data onto a bitmap.  Doing so would allow for the certificate authority to update the bloom filter for certificate revocation, as recognized by Doi.
Lewison and Doi do not teach searching storage states at the second node without searching data records of blocks of the blockchain
Goeringer teaches searching storage states at the second node without searching data records of blocks of the blockchain (para 23, line 1-20 and para 52, line 1-12; query created consensus database entries instead of blocks in blockchains in order to confirm or validate the status of a PKI certificate, where the status of a PKI certificate is recorded in a blockchain)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Lewison and Doi to incorporate the teachings of Goeringer to provide query created consensus database entries instead of blocks in blockchains in order to confirm or validate the status of a PKI certificate, where the status of a PKI certificate is recorded in a blockchain.  Doing so would allow more efficient mechanisms for conducting data operations (e.g., searches, queries, views) than blockchains, as recognized by Goeringer.
Lewison teaches receiving a search result returned by the second node, the search result showing that the second digital certificate is recorded in the blockchain; and determining that the second digital certificate is invalid (para 33, line 1-18 and para 43, line 1-19; verifiers operating on distributed ledger node determine if the certificates are revoked using the revocation store).
Lewison does not teach searching in the binary vector structure at the second node,
Doi teaches searching in the binary vector structure at the second node (para 23, line 1-8 and para 24, line 1-17 and para 54, line 1-13; determine certificate revocation using bloom filter, where the bloom filter algorithm projects data onto a bitmap and each node is provided with a bloom-filter certificate revocation list from a server), 
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Lewison to incorporate the teachings of Doi to provide determine certificate revocation using bloom filter, where the bloom filter algorithm projects data onto a bitmap.  Doing so would allow for the certificate authority to update the bloom filter for certificate revocation, as recognized by Doi.
Lewison and Doi do not teach based on the search result showing that the second digital certificate is recorded in the blockchain from searching the blockchain storage states at the second node without searching the data records of blocks of the blockchain.
Goeringer teaches based on the search result showing that the second digital certificate is recorded in the blockchain from searching the blockchain storage states at the second node without searching the data records of blocks of the blockchain (para 23, line 1-20 and para 52, line 1-12; query created consensus database entries instead of blocks in blockchains in order to confirm or validate the status of a PKI certificate, where the status of a PKI certificate is recorded in a blockchain)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Lewison and Doi to incorporate the teachings of Goeringer to provide query created consensus database entries instead of blocks in blockchains in order to confirm or validate the status of a PKI certificate, where the status of a PKI certificate is recorded in a blockchain.  Doing so would allow more efficient mechanisms for conducting data operations (e.g., searches, queries, views) than blockchains, as recognized by Goeringer.
Regarding claim 16, Lewison, Doi, and Goeringer teach computer product of claim 15.
Lewison teaches the obtaining a first certificate identification of the first digital certificate comprises (para 33, line 1-18 and para 56, line 1-5; obtain validation hashes of all the certificate data, where certificate data include seral number, to use for identifying the certificate for validation): 
obtaining content of the first digital certificate (para 47, line 1-13 and para 56, line 1-5; use all certificate data in the computation of the validation hash); 
hashing the content to obtain a hash value; and using the obtained hash value as the first certificate identification (para 47, line 1-13 and para 56, line 1-5; compute a validation hash of the certificate to identify the certificate issued).
Regarding claim 17, Lewison, Doi, and Goeringer teach computer product of claim 16.
Lewison teaches the second certificate identification comprises a hash value of content of the second digital certificate (para 33, line 1-18 and para 56, line 1-5; obtain validation hashes of all data for certificates, where certificate data include seral number, to use for identifying the certificates for validation).
Regarding claim 18, Lewison, Doi, and Goeringer teach computer product of claim 15.
Lewison teaches the obtaining a first certificate identification of the first digital certificate comprises: obtaining a first unique certificate number of the first digital certificate as the first certificate identification (para 43, line 1-19; determine a serial number 415 of the certificate to be stored in the revocation store).
Regarding claim 19, Lewison, Doi, and Goeringer teach computer product of claim 18.
Lewison teaches the second certificate identification comprises a second unique certificate number of the second digital certificate (para 33, line 1-18 and para 43, line 1-19; obtaining the serial numbers of certificates).
Regarding claim 20, Lewison, Doi, and Goeringer teach computer product of claim 15.
Lewison teaches the first digital certificate is the same as the second digital certificate (para 33, line 1-18 and para 43, line 1-19; determine if the certificates are revoked using the revocation store), and the operations further comprise: 
obtaining content of the first digital certificate (para 43, line 1-19; determining the contents of the certificate transaction); 16Client Ref No. A26690US Attorney Docket No. 56JS-332006 
generating an asymmetric public-private key pair comprising a public key and a private key (para 45, line 1-16; identifies the certificate-signing key pair including the private key and public key); 
generating a first certificate summary of the first digital certificate based on the content of the first digital certificate; and encrypting the first certificate summary with the private key to obtain a first digital signature of the first digital certificate (para 43, line 1-19 and para 52, line 1-19; the certificate revocation transaction also comprises a signature 420 of the contents of the transaction by encrypting using a private key);
verifying a second digital signature of the second digital certificate with the public key (para 33, line 1-18 and para 45, line 1-16; validating certificates, where the certificate revocation transaction also comprises a signature 420 of the contents of the transaction verifiable using the public key); and 
in response to failing to verify the second digital signature, determining the second digital certificate is invalid (para 33, line 1-18 and para 48, line 1-8; verifying the signature of certificates is a means of verifying that the certificate was issued by the CA, which is used to determine revocation of certificates).
Conclusion
4.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. The following are relevant prior arts:  Antar et al. (US Pub. 2020/0218795) discloses may receive a second digital certificate from the second certifier API in response to acceptance of an invitation, a second record indicating the second digital certificate may be stored on and/or created on the first distributed ledger; Callan et al. (US Patent 10,243,748) discloses provisioning an IoT device with a digital certificate without a need for a central Certificate Authority and blockchain provides a final single view of a true state of the digital certificates in the system and their respective authority and validity; Guo et al. (US Patent 11,349,674) discloses receiving a digital certificate generation request submitted by a certificate application node and transmitting identification information to consensus authentication centers for certification to obtain certification results obtained by the consensus authentication centers from performing the certification according to the identification information.
5.	Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
6.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to NHAN H NGUYEN whose telephone number is (571)272-6443.  The examiner can normally be reached on Monday-Friday 8:30am - 4:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on 571-272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/NHAN HUU NGUYEN/Examiner, Art Unit 2492

/SALEH NAJJAR/Supervisory Patent Examiner, Art Unit 2492