DETAILED ACTION
This Office Action is in response to the application 17/176,622 filed on 02/16/2021.
Claims 1-15 have been examined and are pending. 
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .  This Action is made Non-FINAL.
Information Disclosure Statement
The information disclosure statements (IDS) submitted on 02/16/2021 and 03/16/2021 are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statements have been considered by the examiner.
Priority
The present application claim priority to EU Patent Application NO.: 20159467.8, filed on Feb. 26, 2020. 
Drawings Objections
The drawings (Figures 1-5) are objected to under 37 CFR 1.83(a) because they fail to show the necessary labelling or explanations of figures, parts or steps as described in the specification.  For example, FIG. 1 does not label any components, and FIGs 2-5 does not briefly explain any method steps and/or components. In other words, these drawings lack the necessary structural detail that is essential for a proper understanding of the disclosed invention, which should have been shown in the drawing. MPEP § 608.02(d). Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid abandonment of the application. Any amended replacement drawing sheet should include all of the figures appearing on the immediate prior version of the sheet, even if only one figure is being amended. The figure or figure number of an amended drawing should not be labeled as “amended.” If a drawing figure is to be canceled, the appropriate figure must be removed from the replacement sheet, and where necessary, the remaining figures must be renumbered and appropriate changes made to the brief description of the several views of the drawings for consistency. Additional replacement sheets may be necessary to show the renumbering of the remaining figures. Each drawing sheet submitted after the filing date of an application must be labeled in the top margin as either “Replacement Sheet” or “New Sheet” pursuant to 37 CFR 1.121(d). If the changes are not accepted by the examiner, the applicant will be notified and informed of any required corrective action in the next Office action. The objection to the drawings will not be held in abeyance.
Claim Objection 
Claim 1 recites the limitations “the first device requesting” and “the first validation apparatus querying.” In order to emphasize and recite active steps of a method claim, the Examiner suggests claim 1 be amended to “requesting, by the first device” and “querying, by the first validation apparatus,” respectively.
Claims 8-9 recite the limitation “the second validation apparatus transmits.” In order to emphasize and recite active steps of a method claim, the Examiner suggests the aforementioned limitation be further amended to “transmitting, by the second validation apparatus.”
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 13-14 are rejected under 35 U.S.C. 101 as being directed to non-statutory subject matter.  
Regarding claims 13-14, the claims are directed to apparatuses. However, the body of the claims do not positively recite any hardware elements as the claimed apparatus includes only a processor.  The specification, pages 9-10, provides some examples with respect to the processor; however, the specification does not explicitly define that the claimed processor is only implemented in hardware.  One of ordinary skill in the art would understand that “processor” could be implemented in software (see the Authoritative Dictionary of IEEE, Seventh Edition, published in Dec. 2000).  The nominal recitation to a “apparatus” in the preamble does not limit the body of the claim as it only states the invention' s purpose or intended use. See Catalina Marketing Int'l, Inc., v. Coolsavings.com Inc., 289 F.3d 801,808 (Fed. Cir. 2002) for detail.   The Examiner respectfully suggests that the claim be further amended to positively recites at least one hardware element within the body of the claim to make the claim statutory subject matter under 35 U.S.C. 101.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically discloses as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

Claims 1-6, 10-15 are rejected under 35 U.S.C. 103 as being unpatentable over Pala (“Pala,” US 20190260596, published Aug. 22, 2019) in view of Duccini et al. (“Duccini,” US 20190378120, patented Jan. 28, 2020). 
Regarding claim 1, Pala discloses A method for a validation of a digital certificate by a validation apparatus that checks a certificate of a communication partner on behalf of a first device, the method comprising (Pala FIG. 1, [0030]-[0031]. In other embodiments, the user computer device 102 includes one or more locally configured options that allow it to request the revocation status of the digital certificate. In step 118, the website 104 then transmits a query (an OCSP request) to the OCSP responder 106 to determine the status of the digital certificate. In step 120, the OCSP responder 106 responds with an OCSP response including the revocation status of the digital certificate.):
 the first device requesting validation of the certificate of the communication partner at a first validation apparatus (Pala FIG. 1, [0030]. In other embodiments, the user computer device 102 includes one or more locally configured options that allow it to request the revocation status of the digital certificate. In step 118, the website 104 then transmits a query (an OCSP request) to the OCSP responder 106 to determine the status of the digital certificate.); 
the first validation apparatus querying validation information at a status collection apparatus (Pala FIG. 1, [0021] – [0022]. The CA is further responsible for maintaining up-to-date revocation information regarding the validity of issued certificates, and will provide information to the other parties, for example, through an Online Certificate Status Protocol (OCSP). In some embodiments, the CA may provide information according to a Certificate Revocation List (CRL). In exemplary operation, the CA receives OCSP request messages from the ecosystem members and confirms the revocation status of a corresponding certificate (e.g., stored in the trusted database of the CA), and the OCSP responder of the CA transmits an OCSP response message indicating the revocation status (e.g., “valid,” “revoked,” “unknown,” etc., or an error message if the request message may not be processed).); 
checking, in the first validation apparatus, whether validation information has been received from the status collection apparatus (Pala FIG. 1, [0021] – [0022], [0031]. The CA is further responsible for maintaining up-to-date revocation information regarding the validity of issued certificates, and will provide information to the other parties, for example, through an Online Certificate Status Protocol (OCSP). In some embodiments, the CA may provide information according to a Certificate Revocation List (CRL). In exemplary operation, the CA receives OCSP request messages from the ecosystem members and confirms the revocation status of a corresponding certificate (e.g., stored in the trusted database of the CA), and the OCSP responder of the CA transmits an OCSP response message indicating the revocation status (e.g., “valid,” “revoked,” “unknown,” etc., or an error message if the request message may not be processed). In step 120, the OCSP responder 106 responds with an OCSP response including the revocation status of the digital certificate. If the certificate has not associated revocation information, the OCSP response (i.e., from step 120) will include a non-revoked status.); and 
transmitting the validation information from the first validation apparatus to the first device, wherein, only in the event of a negative inspection result (Pala [0031], [0037] – [0038]. In step 120, the OCSP responder 106 responds with an OCSP response including the revocation status of the digital certificate. If the certificate has not associated revocation information, the OCSP response (i.e., from step 120) will include a non-revoked status. In some embodiments, such as in situations validating not only the revocation information, but also the existence of the digital certificate, the OCSP response may include an extension that provides the requesting party with the hash of the certificate requested. The revocation information provides additional details about the revocation time and optionally about the certification revocation list (CRL) where the revocation information is asserted and the revocation reason (if available).). 
Pala does not explicitly disclose: the validation information of the certificate is determined in the first validation apparatus.
However, in an analogous art, Duccini discloses a method comprising the step of: the validation information of the certificate is determined in the first validation apparatus (Duccini FIG. 1, col. 4: 44-47, 47-50, 62-65. In another embodiment, the creation and publication of digital certificates as well as access to the published certificates occurs exclusively within the PKI blockchain system 160. The relying party 104 can additionally access current policy information and relying party agreements within the PKI blockchain system 160 via the digital certificate blockchain 121, as well as check whether the digital certificate has been revoked. Additionally, any revoked certificates can be published to the blockchain system 160 and can be made publicly available such that a relying party 104 and user 102 can view such information.). 
Therefore, it would have been obvious to one of ordinary skill in the art on or before the effective filing date of the claimed invention to combine the teachings of Duccini and Pala to include the steps of: the validation information of the certificate is determined in the first validation apparatus. One would have been motivated to provide users with a means for checking the status of a certificate through a secure block-chain system.  (See Duccini col. 4: 62-65 .) 
Regarding claim 2, Pala and Duccini disclose the method of claim 1. Duccini further discloses wherein in the event of a negative inspection result, the validation information determined in the first validation apparatus is additionally forwarded to the status collection apparatus (Duccini col. 14: 18-22. Alternatively, the user 102 or relying party 104 can determine that a certificate has been revoked and can communicate the revocation to the CA computing system 116 or can directly update the blockchain if update access is granted.). 
The motivation is the same as that of claim 1 above. 
Regarding claim 3, Pala and Duccini disclose the method of claim 1. Duccini further discloses wherein the validation information is stored in the form of a block of a blockchain in a blockchain storage apparatus (Duccini FIG. 1, col. 3: 39-50, col. 6 16-22. The CA 112 then publishes the generated and signed digital certificate to the blockchain, as described in more detail below. The CA 112 additionally updates the status of the digital certificates by adding subsequent blocks to the blockchain, as described further herein. The CA 112 can publish this [certificate status, such as Certificate Revocation List CRL, see col. 6: 16-22 ] information on the blockchain (e.g., same or separate blockchain) to be viewable by the relying party 104.). 
The motivation is the same as that of claim 1 above. 
Regarding claim 4, Pala and Duccini disclose the method of claim 1. Pala further discloses wherein the validation information is stored in the status collection apparatus as an element of a database (Pala [0022]. In exemplary operation, the CA receives OCSP request messages from the ecosystem members and confirms the revocation status of a corresponding certificate (e.g., stored in the trusted database of the CA), and the OCSP responder of the CA transmits an OCSP response message indicating the revocation status (e.g., “valid,” “revoked,” “unknown,” etc., or an error message if the request message may not be processed).). 
Regarding claim 5, Pala and Duccini disclose the method of claim 1. Pala further discloses wherein the validation information is transmitted from the first validation unit to the first device without cryptographic protection (Pala [0031]. In step 118, the website 104 then transmits a query (an OCSP request) to the OCSP responder 106 to determine the status of the digital certificate. In step 120, the OCSP responder 106 responds with an OCSP response including the revocation status of the digital certificate. If the certificate has not associated revocation information, the OCSP response (i.e., from step 120) will include a non-revoked status.). 
Regarding claim 6, Pala and Duccini disclose the method of claim 1. Pala further discloses wherein the validation information is cryptographically protected, in particular digitally signed, by the first validation apparatus (Pala FIG. 1, 3, [0049],[0075]. In an exemplary embodiment, the data structure 300 of the enhanced OCSP response (e.g., step 120, FIG. 1) includes an OCSP2Response message structure 302. In the exemplary embodiment, the signature section (OCSP2RespSignature) 306 includes data fields such as signatureValue 342, signatureAlgorithm 344, responseSigner 346, and otherCerts 348. The signatureValue 342 field is the value of the signature calculated over the DER encoding of the tbsResponse structure 304 by using the signature algorithm identified in the signatureAlgorithm field 344.).  
Duccini further discloses forwarded to the status collection apparatus and stored in the status collection apparatus (Duccini FIG. 5, col. 14: 13, 18-22. Alternatively, the user 102 or relying party 104 can determine that a certificate has been revoked and can communicate the revocation to the CA computing system 116 or can directly update the blockchain if update access is granted.). 
The motivation is the same as that of claim 1 above. 
Regarding claim 10, Pala and Duccini disclose the method of claim 6. Duccini further discloses wherein the validation information cryptographically protected by way of the first checking unit is checked in the status collection apparatus and (Duccini col. 13: 10-14. The certificate verification circuit 138 accesses the digital certificate blockchain 121 to view the digital certificate of the user 102. At 316, the certificate verification circuit 138 authenticates the digital certificate using the CA public key.), 
in the event of a positive inspection result, the cryptographic protection by way of the first checking unit is replaced with cryptographic protection by way of the status collection apparatus and is stored in the status collection apparatus (Duccini col. 10 13-21 col. 13: 55-60. The blockchain publishing circuit 130 is structured to receive digital certificate update information (e.g., policies, practices, revocations, relying party agreements, etc.), determine whether the information should be published to the digital certificate, CRL blockchain, or management blockchains 121, 123, 125, determine what, if any, encryption should be used to process and protect the data, and ultimately publish the data to the correct blockchain in the correct format on the PKI blockchain system 160. At 412, updates to the digital certificate are found at 412 are published to the blockchain. The policy information circuit 134 can publish any relying party agreements, audit letters, CA policies, business purposes, merger and acquisition data, etc.). 
The motivation is the same as that of claim 6 above. 
Regarding claim 11, Pala and Duccini disclose the method of claim 1. Pala further discloses wherein the validation information is transmitted from the status collection apparatus to the validation apparatus only when the validation information is stored in the status collection apparatus for less than a predefined period (Pala [0037] – [0038]. In the exemplary embodiment, the enhanced OCSP response message (e.g., step 120) includes the following information: a protocol version, the certificate revocation status, the response validity period, the revocation information (for revoked certificates), the range of certificates that the response is valid for, and a signature. The response validity period indicates the response freshness and the amount of time (optional) that the response can be cached for. The revocation information provides additional details about the revocation time and optionally about the certification revocation list (CRL) where the revocation information is asserted and the revocation reason (if available).). 
Regarding claim 12, Pala and Duccini disclose the method of claim 1. Pala further discloses wherein the method steps are implemented by way of protocol messages in accordance with a standardized certificate validation protocol, in particular a Server-based Certificate Validation Protocol SCVP (Pala [0088]. In some embodiments, where the responder 106 is unable to assert the validity status of a certificate, the relying parties 102 should use different protocols (such as Server-based Certificate Validation Protocol (SCVP)) or other resources such as Certificate Transparency to assert the validity of the target certificate.). 
Regarding claim 13, claim 13 corresponds to a validation apparatus corresponding to the method of claim 1. Claim 13 is similar in scope to claim 1 and is therefore rejected under similar rationale. 
Regarding claim 14, Pala discloses A status collection apparatus comprising at least one processor that is configured to (Pala [0021]. In an exemplary embodiment, the present systems and methods utilize an X.509 trust model, in which a trusted third party CA is responsible for signing digital certificates. The CA is further responsible for maintaining up-to-date revocation information regarding the validity of issued certificates, and will provide information to the other parties, for example, through an Online Certificate Status Protocol (OCSP). In some embodiments, the CA may provide information according to a Certificate Revocation List (CRL). OCSP messages may be communicated [ ] from and to OCSP responders of the CA server (or OCSP server)): 
receive a query for validation information by the first validation apparatus, transmit the validation information to the first validation apparatus (Pala [0021] - [0022]. The CA is further responsible for maintaining up-to-date revocation information regarding the validity of issued certificates, and will provide information to the other parties, for example, through an Online Certificate Status Protocol (OCSP). In some embodiments, the CA may provide information according to a Certificate Revocation List (CRL). In exemplary operation, the CA receives OCSP request messages from the ecosystem members and confirms the revocation status of a corresponding certificate (e.g., stored in the trusted database of the CA), and the OCSP responder of the CA transmits an OCSP response message indicating the revocation status (e.g., “valid,” “revoked,” “unknown,” etc., or an error message if the request message may not be processed). ). 
Duccini further discloses a method comprising the step of and/or receive the validation information from the first validation apparatus and store it  (Duccini FIG. 5, col. 14: 13, 18-22. Alternatively, the user 102 or relying party 104 can determine that a certificate has been revoked and can communicate the revocation to the CA computing system 116 or can directly update the blockchain if update access is granted.). 
Therefore, it would have been obvious to one of ordinary skill in the art on or before the effective filing date of the claimed invention to combine the teachings of Duccini and Pala to include the steps of: receive the validation information from the first validation apparatus and store it.  One would have been motivated to provide users with a means for checking and updating the status of a certificate through a secure block-chain system.  (See Duccini FIG. 5, col. 14: 13, 18-22 .) 
Regarding claim 15, claim 15 corresponds to a computer program product corresponding to the method of claim 1. Claim 15 is similar in scope to claim 1 and is therefore rejected under similar rationale. 

Claims 7-9 are rejected under 35 U.S.C. 103 as being unpatentable over Pala (“Pala,” US 20190260596, published Aug. 22, 2019) in view of Duccini et al. (“Duccini,” US 20190378120, patented Jan. 28, 2020) and Schexnaydre et al. (“Schexnaydre,” US 20180248705, published Aug. 30, 2018). 
Regarding claim 7, Pala and Duccini disclose the method of claim 6. Pala further discloses wherein the validation information cryptographically protected by the first validation apparatus (Pala [0026].  In the exemplary embodiment, the enhanced OCSP response message [generated by the OCSP server] includes the following information: a protocol version, the certificate revocation status, the response validity period, the revocation information (for revoked certificates), the range of certificates that the response is valid for, and a signature. [see Specification page 6: 28-30 for digital signature as “cryptographic protections.”]). 
Pala and Duccini do not explicitly disclose: wherein the validation information cryptographically protected by the first validation apparatus is transmitted from the status collection apparatus to a second validation apparatus in response to a request and transmitted to the second device only after a successful check of the cryptographic protection in the second validation apparatus.
However, in an analogous art, Schexnaydre discloses a method comprising the step of: wherein the validation information [cryptographically protected by the first validation apparatus] is transmitted from the status collection apparatus to a second validation apparatus in response to a request and transmitted to the second device only after a successful check of the cryptographic protection in the second validation apparatus (Schexnaydre FIGs. 1 (proxy), 4,  [0048](https), [0052] – [0053]. To establish a secure communications channel, e.g., using a secure communications protocol such as a Transport Layer Security (“TLS”) protocol to setup an HTTPS connection, the client device 110 a may then initiate further negotiations with the content server 120 a. Thus, after establishing an unsecured communications channel, the client device 110 a may issue a TLS request, e.g., a “ClientHello” message, to the content server 120 a. In this example, the certificate information received from the hinting service 140 includes a CRL from a certificate authority associated with the certificate issued to the content server 120 a and an expiration date of the CRL and the age of the CRL. If the CRL [received via a proxy] is valid, the client device 110 a then searches the CRL to find an entry that matches the certificate received from the content server 120 a. If a matching entry is found, the client device 110 a determines that the certificate has been revoked and that it is invalid. However, if no matching entry is found, the client 110 a device determines that the certificate remains valid. ). 
Therefore, it would have been obvious to one of ordinary skill in the art on or before the effective filing date of the claimed invention to combine the teachings of Schexnaydre with the teachings of Pala and Duccini to include the steps of: wherein the validation information cryptographically protected by the first validation apparatus is transmitted from the status collection apparatus to a second validation apparatus in response to a request and transmitted to the second device only after a successful check of the cryptographic protection in the second validation apparatus. One would have been motivated to provide users with a means for using receiving CRL certification status information through a flexible choice of secure or unsecure communication. (See Schexnaydre [0053], [0056].)
Regarding claim 8, Pala, Duccini and Schexnaydre disclose the method of claim 7. Schexnaydre further discloses wherein the second validation apparatus transmits the validation information to the second device without cryptographic protection (Schexnaydre [0056] – [0057], [0059] (use of various proxy).  For example, the client device 110 a may ask the user whether to proceed without a valid certificate or to proceed with an unsecure connection. At block 444, the client device 110 a [ ] transmits a request to the issuing certificate authority, e.g., certificate authority 130 a, to validate the certificate. The client device 110 a may then use the responsive information from the certificate authority 130 a to determine the validity of the certificate. While the example method 400 of FIG. 4 is discussed from the perspective of the client device 110 a, it should be appreciated that any of the client proxy 210, the server proxy 220, the prefetcher 114, the web browser 112 c, or other application 112 a-b or computing device may perform such a method 400 according to different examples.). 
The motivation is the same as that of claim 7 above. 
Regarding claim 9, Pala, Duccini and Schexnaydre disclose the method of claim 7. Schexnaydre further discloses wherein the second validation apparatus transmits the validation information to the second device with cryptographic protection (Schexynaydre [0020], [0048]. A secure communications channel may employ an encrypted communications protocol, such as secure HTTP (“HTTPS”), or any other suitable secure communications protocol. To establish a secure communications channel, e.g., using a secure communications protocol such as a Transport Layer Security (“TLS”) protocol to setup an HTTPS connection, the client device 110 a may then initiate further negotiations with the content server 120 a.). 
The motivation is the same as that of claim 7 above. 


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to EDWARD LONG whose telephone number is (571)272-8961.  The examiner can normally be reached on Monday to Friday, 9 AM - 6  PM EST (Alternate Fridays).
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571) 270-5002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/EDWARD LONG/
Examiner, Art Unit 2439



/LUU T PHAM/            Supervisory Patent Examiner, Art Unit 2439