DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
1. 	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

2. 	This is the initial office action that has been issued in
response to patent application 17/069,178, filed on 10/31/2020.
Claims 1-22 as originally filed, are currently pending and have
been considered below. Claims 1 and 12 are independent claims.

Priority
3. 	No priority claimed.

Drawings
4. 	The drawings were received on 10/13/2020.  These drawings are acceptable

Claim Rejections - 35 USC § 103
5. 	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


6 	Claims 1-6 and 8-10 are rejected under 35 U.S.C. 103 as being unpatentable over Doonan(US Patent Publication No.  2006/200661 A1) in view of Meriac(US Patent Publication No. 2017/295025 A1).

7. 	Regarding Claim 1, Doonan discloses, a method comprising: 
generating, by the data processing hardware, a chain of intermediate certificate authorities, each respective intermediate certificate authority in the chain of intermediate certificate authorities comprising: 
a respective intermediate certificate digitally signed by the intermediate certificate authority or the root certificate authority that is immediately higher in the chain of intermediate certificate authorities than the respective intermediate certificate authority(Doonan, Claim 11, a digital signature, wherein the digital signature was generated from the document using a digital key; chain data, where chain data is a subset of a chain of m digital certificates issued by m+1 certification authorities, wherein m≧1, wherein the chain comprises a self-signed 1st (root) level certificate, k intermediate level certificates, and an (m+1)th-level certificate that corresponds to the digital key used to generate the digital signature, and wherein for 1<j≦m+1, a jth level certificate is signed by the digital certificate key corresponding to a (j−1)th certificate in the chain); 
and a respective validation time period indicating a range of times when the respective intermediate certificate authority is permitted to digitally sign intermediate certificates and end entity certificates, the respective validation time period of the respective intermediate certificate authority including the validation time period of each intermediate certificate authority that is lower in the chain of intermediate certificate authorities than the respective intermediate certificate authority(Doonan, Claim 11, wherein the chain comprises a self-signed 1st (root) level certificate, k intermediate level certificates, and an (m+1)th-level certificate that corresponds to the digital key used to generate the digital signature, and wherein for 1<j≦m+1, a jth level certificate is signed by the digital certificate key corresponding to a (j−1)th certificate in the chain; certificate revocation information corresponding to the m certification authorities wherein the certificate revocation information identifies digital certificates that have been revoked by the m certification authorities; and digital timestamp data, wherein timestamp data is generated by applying at least one secure digital timestamp to at least one record comprising at least one of the document, the digital signature, the chain data, and the revocation information); 
generating, by the data processing hardware, a certificate revocation list for the chain of intermediate certificate authorities(Doonan, [0035],  the certificate revocation information is in the form of certificate revocation lists or CRLDPs provided by the various certification authorities); 
generating, by the data processing hardware, from the lowest intermediate certificate authority in the chain of intermediate certificate authorities, a plurality of end entity certificates, each end entity certificate of the plurality of end entity certificates digitally signed by the lowest intermediate certificate authority in the chain of intermediate certificate authorities (Doonan, Claim 11, a digital signature, wherein the digital signature was generated from the document using a digital key; chain data, where chain data is a subset of a chain of m digital certificates issued by m+1 certification authorities, wherein m≧1, wherein the chain comprises a self-signed 1st (root) level certificate, k intermediate level certificates, and an (m+1)th-level certificate that corresponds to the digital key used to generate the digital signature, and wherein for 1<j≦m+1, a jth level certificate is signed by the digital certificate key corresponding to a (j−1)th certificate in the chain;[0010],  CA is a member of a hierarchy of CAs, with higher-level CAs attesting to the validity of lower-level CAs. When a CA is part of a hierarchy of CAs, the certificate issued to a lower-level CA is signed by a CA higher in the hierarchy.); 
and after the respective validation time period of the lowest intermediate certificate authority in the chain of intermediate certificate authorities has elapsed, adding, by the data processing hardware, to the certificate revocation list, one or more of the plurality of end entity certificates generated from the lowest intermediate certificate authority in the chain of intermediate certificate authorities.(Doonan, [0049], all the digital certificates issued in a hierarchical chain, up to and including the root authority, are included in the validation information for which a timestamp is requested. However, it may sometimes be sufficient for the user to include only a partial certificate chain and corresponding certificate revocation information. In this case, the user would include a first digital certificate issued to the user by a first certification authority, a second digital certificate which was used by the first certification authority to issue the first digital certificate to the user.); 
Doonan does not explicitly disclose the following limitations that Meriac teaches:
obtaining, at data processing hardware, from a root certificate authority, a root digital certificate digitally signed by the root certificate authority (Meriac, [0017], The root authority then certifies other certification authorities, called level 1 certification authorities, who can issue certificates and also certify additional or level N, where N is 2 or more, certification authorities. [0018], The highest and first level certification authority is the Root 202. The Root 202 may sign its own root certificate 204) 
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to include the data processing hardware wherein the root certificate is a digital certificate signed by the root to enhance security features. 

8. 	Regarding Claim 2, 	Doonan and Meriac discloses, the method of claim 1, further comprising, when every end entity certificate digitally signed by a respective intermediate certificate authority in the chain of intermediate certificate authorities has been added to the certificate revocation list and the current time is at or after an end of the respective validation time period of the respective intermediate certificate authority(Doonan, [0070], the records may be digitally signed as each is created. In step 504, each of these signed records is securely timestamped, preferably soon after signing, to establish a time not later than when each signature was created. In step 506, at some later predetermined time, and perhaps periodically, USER-2 gathers the relevant certificate and CRL information, preferably into a single file.): 
removing, by the data processing hardware, each of the plurality of end entity certificates from the certificate revocation list (Doonan, [0064], The user then validates each certificate and CRL, checking that both the validity periods are correct for the current time, and the required certificates are not listed on the relevant CRLs. This process then proves the certificate is valid at the current time. Claim 6, wherein the certificate revocation information includes at least one certificate revocation list identifying digital certificates revoked by one of the m certification authorities.); 
and adding, by the data processing hardware, the respective intermediate certificate associated with the respective intermediate certificate authority to the certificate revocation list (Doonan, [0035], the certificate revocation information is in the form of certificate revocation lists or CRLDPs provided by the various certification authorities. In another aspect, the certificate revocation information is obtained from certificate revocation list distribution points or from verification authorities).  

9. 	Regarding Claim 3, Doonan and Meriac disclose, the method of claim 1, further comprising, after the respective validation time period associated with a respective intermediate certificate authority in the chain of intermediate certificate authorities has elapsed: generating, by the data processing hardware, another intermediate certificate authority associated with a validation time period having a same duration as the validation time period associated with the respective intermediate certificate authority(Doonan, [0048], he present invention contemplates that at least one secure digital timestamp is applied to a digitally signed document and to validation information which attests to the validity of the digital signature applied to the digitally signed document. The validation information includes the digital certificates issued by certification authorities in a hierarchical chain, including the digital certificate used to sign the document, along with certificate revocation information provided by the respective certification authorities, when present. Thus, in the case where the root certification authority is the entity that digitally signs the document, the validation information); 
and replacing, by the data processing hardware, the respective intermediate certificate authority with the other intermediate certificate authority in the chain of intermediate certificate authorities (Doonan, [0048], The validation information includes the digital certificates issued by certification authorities in a hierarchical chain, including the digital certificate used to sign the document, along with certificate revocation information provided by the respective certification authorities, when present.).  

10. 	Regarding Claim 4, Doonan and Meriac disclose, the method of claim 3, further comprising, after replacing the respective intermediate certificate authority with the other intermediate certificate authority, generating, by the data processing hardware(Doonan, [0048], The validation information includes the digital certificates issued by certification authorities in a hierarchical chain, including the digital certificate used to sign the document, along with certificate revocation information provided by the respective certification authorities, when present.), 
an end entity certificate digitally signed by the other intermediate certificate authority and not digitally signed by the respective intermediate certificate authority (Doonan, [0023], Once any element of the digital signature process is no longer valid, any signature based on that element can no longer be considered valid. For example, if the public key in a CA's certificate reaches the end of its validity period, all certificates issued by that CA with that certificate can no longer be validated.).  

11. 	Regarding Claim 5, Doonan and Meriac disclose, the method of claim 1, wherein each validation time period is associated with one of a day, a week, a month, a quarter, or a year (Doonan, [0023], For example, if the public key in a CA's certificate reaches the end of its validity period, all certificates issued by that CA with that certificate can no longer be validated. Hence, any signatures formed using those certificates can also no longer be validated. Since digital certificates only have a finite period of validity, typically on the order of one year, expiry is a concern).  

12. 	Regarding Claim 6, Doonan and Meriac disclose, the method of claim 1, wherein each end entity certificate does not have an expiration time (Doonan, Claim 11, validating that at the time the digital signature was generated, a digital certificate in the chain data had not expired or been revoked).  

13. 	Regarding Claim 8, Doonan and Meriac disclose, the method of claim 1, wherein each intermediate certificate authority is associated with a unique key derived from a common seed value (Doonan, [0006],a digital certificate typically contains a serial number 102, information identifying the issuer of the certificate 104, information identifying the owner of the certificate 106, the owner's public key issued by the issuer 108 and information about the validity period 110 of the digital certificate.).  

14. 	Regarding Claim 9, Doonan and Meriac disclose, the method of claim 8, 
	Doonan does not explicitly disclose the following limitations that Kucharski teaches:
wherein each unique key is derived using a Key Derivation Function (Meriac, [0036], the shared key at the start of the communication session between the devices using a key-agreement protocol rather than having a pre-shared key.).  
	It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to include the unique key using the derivation function to enhance security features. 

15. 	Regarding Claim 10, Doonan and Meriac disclose, the method of claim 1, wherein the respective validation time period of the respective intermediate certificate authority is shorter than the validation time periods of any intermediate certificate authorities higher in the chain of intermediate certificate authorities than the respective intermediate certificate authority (Doonan, [0064], The user then validates each certificate and CRL, checking that both the validity periods are correct for the current time, and the required certificates are not listed on the relevant CRLs. This process then proves the certificate is valid at the current time. Claim 6, wherein the certificate revocation information includes at least one certificate revocation list identifying digital certificates revoked by one of the m certification authorities.).  

16. 	Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over Doonan(US Patent Publication No.  2006/200661 A1) and Meriac(US Patent Publication No. 2017/295025 A1) in view of Kivinen(US Publication No. 2004/128504 A1).

17. 	Regarding Claim 7, Doonan and Meriac disclose, the method of claim 1, 
Doonan and Meriac does not explicitly disclose the following limitations that Kivinen teaches:
further comprising: determining, by the data processing hardware, that a respective end entity certificate of the plurality of end entity certificates is compromised (Kivinen, [0023], Certificates have pre-defined lifetimes, typically lasting from a couple of weeks to several years. If a private key of an end entity is compromised or the right to authenticate with a certificate); 
and adding, by the data processing hardware, the respective end entity certificate to the certificate revocation list (Kivinen, [0023], an end entity is compromised or the right to authenticate with a certificate is lost during the certificate's validity period, the certificate has to be revoked, and all PKI users have to be informed about this in some way. Certificate revocation lists are used for this purpose.).  
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to include the end entity certificate when the certificate is comprised and to include the revocation list of the respective certificate to enhance security features. 

18. 	Claim 11 is rejected under 35 U.S.C. 103 as being unpatentable over Doonan (US Patent Publication No.  2006/200661 A1) and Meriac (US Patent Publication No. 2017/295025 A1) in view of Kucharski (US Patent Publciation No. 2020/0136838 A1).

19. 	Regarding Claim 11, Doonan and Meriac disclose, the method of claim 1, further comprising: 
and adding, by the data processing hardware, the respective end entity certificate to the certificate revocation list (Doonan, [0035], the certificate revocation information is in the form of certificate revocation lists or CRLDPs provided by the various certification authorities. In another aspect, the certificate revocation information is obtained from certificate revocation list distribution points or from verification authorities).  
Doona and Meriac does not explicitly disclose the following limitations that Kucharski teaches:
determining, by the data processing hardware, that a respective end entity certificate of the plurality of end entity certificates has been rotated (Kucharski, [0003], these high security industries, certificates with short lifespans in a trust chain need to be rotated or updated without service interruptions); 
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to rotate the end entity certificate to enhance security features of the claimed invention.

19. 	Claims 12-17 and 19-22 are rejected under 35 U.S.C. 103 as being unpatentable over Doonan(US Patent Publication No.  2006/200661 A1) and Meriac(US Patent Publication No. 2017/295025 A1) in view of Kucharski (US Patent Publication No. 2020/0136838 A1).

20. 	Regarding Claim 12, Doonan disclose, a system comprising:  
generating a chain of intermediate certificate authorities, each respective intermediate certificate authority in the chain of intermediate certificate authorities comprising: 
a respective intermediate certificate digitally signed by the intermediate certificate authority or the root certificate authority that is immediately higher in the chain of intermediate certificate authorities than the respective intermediate certificate authority (Doonan, Claim 11, a digital signature, wherein the digital signature was generated from the document using a digital key; chain data, where chain data is a subset of a chain of m digital certificates issued by m+1 certification authorities, wherein m≧1, wherein the chain comprises a self-signed 1st (root) level certificate, k intermediate level certificates, and an (m+1)th-level certificate that corresponds to the digital key used to generate the digital signature, and wherein for 1<j≦m+1, a jth level certificate is signed by the digital certificate key corresponding to a (j−1)th certificate in the chain); 
and a respective validation time period indicating a range of times when the respective intermediate certificate authority is permitted to digitally sign intermediate certificates and end entity certificates, the respective validation time period of the respective intermediate certificate authority including the validation time period of each intermediate certificate authority that is lower in the chain of intermediate certificate authorities than the respective intermediate certificate authority (Doonan, Claim 11, wherein the chain comprises a self-signed 1st (root) level certificate, k intermediate level certificates, and an (m+1)th-level certificate that corresponds to the digital key used to generate the digital signature, and wherein for 1<j≦m+1, a jth level certificate is signed by the digital certificate key corresponding to a (j−1)th certificate in the chain; certificate revocation information corresponding to the m certification authorities wherein the certificate revocation information identifies digital certificates that have been revoked by the m certification authorities; and digital timestamp data, wherein timestamp data is generated by applying at least one secure digital timestamp to at least one record comprising at least one of the document, the digital signature, the chain data, and the revocation information); 
generating a certificate revocation list for the chain of intermediate certificate authorities (Doonan, [0035], the certificate revocation information is in the form of certificate revocation lists or CRLDPs provided by the various certification authorities); 
generating from the lowest intermediate certificate authority in the chain of intermediate certificate authorities, a plurality of end entity certificates, each end entity certificate of the plurality of end entity certificates digitally signed by the lowest intermediate certificate authority in the chain of intermediate certificate authorities (Doonan, Claim 11, a digital signature, wherein the digital signature was generated from the document using a digital key; chain data, where chain data is a subset of a chain of m digital certificates issued by m+1 certification authorities, wherein m≧1, wherein the chain comprises a self-signed 1st (root) level certificate, k intermediate level certificates, and an (m+1)th-level certificate that corresponds to the digital key used to generate the digital signature, and wherein for 1<j≦m+1, a jth level certificate is signed by the digital certificate key corresponding to a (j−1)th certificate in the chain;[0010],  CA is a member of a hierarchy of CAs, with higher-level CAs attesting to the validity of lower-level CAs. When a CA is part of a hierarchy of CAs, the certificate issued to a lower-level CA is signed by a CA higher in the hierarchy.); 
and after the respective validation time period of the lowest intermediate certificate authority in the chain of intermediate certificate authorities has elapsed, adding, by the data processing hardware, to the certificate revocation list, one or more of the plurality of end entity certificates generated from the lowest intermediate certificate authority in the chain of intermediate certificate authorities (Doonan, [0049], all the digital certificates issued in a hierarchical chain, up to and including the root authority, are included in the validation information for which a timestamp is requested. However, it may sometimes be sufficient for the user to include only a partial certificate chain and corresponding certificate revocation information. In this case, the user would include a first digital certificate issued to the user by a first certification authority, a second digital certificate which was used by the first certification authority to issue the first digital certificate to the user.).  
Doonan does not explicitly disclose the following limitations that Meriac teaches:
obtaining, from a root certificate authority, a root digital certificate digitally signed by the root certificate authority (Meriac, [0017], The root authority then certifies other certification authorities, called level 1 certification authorities, who can issue certificates and also certify additional or level N, where N is 2 or more, certification authorities. [0018], The highest and first level certification authority is the Root 202. The Root 202 may sign its own root certificate 204);
Doonan and Meriac does not explicitly disclose the following limitations that Kucharski teaches:
data processing hardware (Kucharski, [0028], Electronic processor 103 may also include, for example, a communications unit 102 coupled to a common data and address bus 117 of an electronic processor 103 (also referred to as the electronic processing unit 103)); 
and memory hardware in communication with the data processing hardware, the memory hardware storing instructions that when executed on the data processing hardware cause the data processing hardware to perform operations comprising (Kucharski, [0029], The electronic processor 103 may include a code read-only memory (ROM) 112 for storing data for initializing system components of electronic processor unit 118. The electronic processor 103 may further include a microprocessor 113 coupled, by the common data and address bus 117, to one or more memory devices). 
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to include the memory when communicating with the processing hardware and storing the instructions once executing the hardware to perform operation to enhance security features. 


21. 	Regarding Claim 13, Doonan, Meriac and Kucharski disclose, the system of claim 12, wherein the operations further comprise, when every end entity certificate digitally signed by a respective intermediate certificate authority in the chain of intermediate certificate authorities has been added to the certificate revocation list and the current time is at or after an end of the respective validation time period of the respective intermediate certificate authority (Doonan, [0070], the records may be digitally signed as each is created. In step 504, each of these signed records is securely timestamped, preferably soon after signing, to establish a time not later than when each signature was created. In step 506, at some later predetermined time, and perhaps periodically, USER-2 gathers the relevant certificate and CRL information, preferably into a single file.): 
removing each of the plurality of end entity certificates from the certificate revocation list (Doonan, [0064], The user then validates each certificate and CRL, checking that both the validity periods are correct for the current time, and the required certificates are not listed on the relevant CRLs. This process then proves the certificate is valid at the current time. Claim 6, wherein the certificate revocation information includes at least one certificate revocation list identifying digital certificates revoked by one of the m certification authorities.); 
and adding the respective intermediate certificate associated with the respective intermediate certificate authority to the certificate revocation list (Doonan, [0035], the certificate revocation information is in the form of certificate revocation lists or CRLDPs provided by the various certification authorities. In another aspect, the certificate revocation information is obtained from certificate revocation list distribution points or from verification authorities).  
  
22. 	Regarding Claim 14, Doonan, Meriac and Kucharski disclose the system of claim 12, wherein the operations further comprise, after the respective validation time period associated with a respective intermediate certificate authority in the chain of intermediate certificate authorities has elapsed: generating another intermediate certificate authority associated with a validation time period having a same duration as the validation time period associated with the respective intermediate certificate authority (Doonan, [0048], he present invention contemplates that at least one secure digital timestamp is applied to a digitally signed document and to validation information which attests to the validity of the digital signature applied to the digitally signed document. The validation information includes the digital certificates issued by certification authorities in a hierarchical chain, including the digital certificate used to sign the document, along with certificate revocation information provided by the respective certification authorities, when present. Thus, in the case where the root certification authority is the entity that digitally signs the document, the validation information); 
and replacing the respective intermediate certificate authority with the other intermediate certificate authority in the chain of intermediate certificate authorities (Doonan, [0048], The validation information includes the digital certificates issued by certification authorities in a hierarchical chain, including the digital certificate used to sign the document, along with certificate revocation information provided by the respective certification authorities, when present.).  
  
23. 	Regarding Claim 15, Doonan, Meriac and Kucharski disclose, the system of claim 14, wherein the operations further comprise, after replacing the respective intermediate certificate authority with the other intermediate certificate authority, generating, by the data processing hardware (Doonan, [0048], The validation information includes the digital certificates issued by certification authorities in a hierarchical chain, including the digital certificate used to sign the document, along with certificate revocation information provided by the respective certification authorities, when present.), 
an end entity certificate digitally signed by the other intermediate certificate authority and not digitally signed by the respective intermediate certificate authority (Doonan, [0023], Once any element of the digital signature process is no longer valid, any signature based on that element can no longer be considered valid. For example, if the public key in a CA's certificate reaches the end of its validity period, all certificates issued by that CA with that certificate can no longer be validated.).  
  
24. 	Regarding Claim 16, Doonan, Meriac and Kucharski disclose, the system of claim 12, wherein each validation time period is associated with one of a day, a week, a month, a quarter, or a year (Doonan, [0023], For example, if the public key in a CA's certificate reaches the end of its validity period, all certificates issued by that CA with that certificate can no longer be validated. Hence, any signatures formed using those certificates can also no longer be validated. Since digital certificates only have a finite period of validity, typically on the order of one year, expiry is a concern).  

25. 	Regarding Claim 17, Doonan, Meriac and Kucharski disclose, the system of claim 12, wherein each end entity certificate does not have an expiration time (Doonan, Claim 11, validating that at the time the digital signature was generated, a digital certificate in the chain data had not expired or been revoked).  

26. 	Regarding Claim 19, Doonan, Meriac and Kucharski disclose, the system of claim 12, wherein each intermediate certificate authority is associated with a unique key derived from a common seed value (Doonan, [0006], a digital certificate typically contains a serial number 102, information identifying the issuer of the certificate 104, information identifying the owner of the certificate 106, the owner's public key issued by the issuer 108 and information about the validity period 110 of the digital certificate.).  

27. 	Regarding Claim 20, Doonan, Meriac and Kucharski disclose, the system of claim 19,
	Doonan does not explicitly disclose the following limitations that Kucharski teaches: 
wherein each unique key is derived using a Key Derivation Function (Meriac, [0036], the shared key at the start of the communication session between the devices using a key-agreement protocol rather than having a pre-shared key.).  

28. 	Regarding Claim 21, Doona, Meriac and Kucharski disclose, the system of claim 12, wherein the respective validation time period of the respective intermediate certificate authority is shorter than the validation time periods of any intermediate certificate authorities higher in the chain of intermediate certificate authorities than the respective intermediate certificate authority (Doonan, [0064], The user then validates each certificate and CRL, checking that both the validity periods are correct for the current time, and the required certificates are not listed on the relevant CRLs. This process then proves the certificate is valid at the current time. Claim 6, wherein the certificate revocation information includes at least one certificate revocation list identifying digital certificates revoked by one of the m certification authorities.).  

29. 	Regarding Claim 22, Doonan, Meriac and Kucharski disclose, the system of claim 12, further comprising: 
and adding the respective end entity certificate to the certificate revocation list (Doonan, [0035], the certificate revocation information is in the form of certificate revocation lists or CRLDPs provided by the various certification authorities. In another aspect, the certificate revocation information is obtained from certificate revocation list distribution points or from verification authorities).
Doonan and Meriac does not explicitly disclose the following limitations that Kucharski teaches:
determining that a respective end entity certificate of the plurality of end entity certificates has been rotated (Kucharski, [0003], these high security industries, certificates with short lifespans in a trust chain need to be rotated or updated without service interruptions);

30. 	Claim 18 is rejected under 35 U.S.C. 103 as being unpatentable over Doonan(US Patent Publication No. 2006/200661 A1), Meriac(US Patent Publication No. 2017/295025 A1) and Kucharski (US Patent Publication No. 2020/0136838 A1) in view of Kivinen (US Patent Publication No. 2004/128504 A1)
 
31. 	Regarding Claim 18, Doonan, Meriac and Kucharski disclose, the system of claim 12, 
	Doonan, Meriac and Kucharski does not explicitly disclose the following limitations that Kivinen teaches:
wherein the operations further comprise: determining that a respective end entity certificate of the plurality of end entity certificates is compromised (Kivinen, [0023], Certificates have pre-defined lifetimes, typically lasting from a couple of weeks to several years. If a private key of an end entity is compromised or the right to authenticate with a certificate); 
and adding the respective end entity certificate to the certificate revocation list (Kivinen, [0023], an end entity is compromised or the right to authenticate with a certificate is lost during the certificate's validity period, the certificate has to be revoked, and all PKI users have to be informed about this in some way. Certificate revocation lists are used for this purpose.).  


Conclusion
32. 	 Any inquiry concerning this communication or earlier communications from the examiner should be directed to MAYASA SHAAWAT whose telephone number is (571)272-3939.  The examiner can normally be reached on M-F, 8 AM TO 5 PM. 
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, JEFFREY PWU can be reached on (571)272-6789. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MAYASA SHAAWAT/
Examiner, Art Unit 2433
	
/William J. Goodchild/     Primary Examiner, Art Unit 2433