Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendments
This action is responsive to the amendments filed on 09/06/2022. Claims 1, 3-11, 13-16, 18, 24-26 and 46 are pending and being considered. Claims 1, 24 and 46 are independent. Claims 2, 12, 17, 19-23 and 27-45 have been, or previously been, cancelled. Claims 1, 3-11, 13-16, 18, 24-26 and 46 are rejected.

Information Disclosure Statement


The information disclosure statement (IDS) submitted on 10/21/2022 was filed on or after the mailing date of the application no. 16/492,757 filed on 09/10/2019. The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner and an initialed and dated copy of Applicant’s IDS form 1449 filed on 10/21/2022 is attached to the instant office action.

Response to Arguments/Remarks
	Applicant’s arguments/remarks, filed on 09/06/2022, have been fully considered but they are not persuasive, as described below.
Applicant’s Arguments/Remarks
Claim Rejections under 35 U.S.C. § 103:
Regarding independent claim 1, Applicant argues that the cited prior art Huxham Horatio Nelson (WO 2014/174491 A1), hereinafter (Huxham), in view of Krishna; Shyam et al. (US 2017/0006030 A1), hereinafter (Krishna), and in further view of Little Herbert A (CA 2479626 C), hereinafter (Little), fails to teach the claimed limitation(s), such as “receiving, at the client device, a request from the server for a first digital certificate …”. Examiner acknowledged the applicant’s perspective but respectfully disagrees because the cited prior art Huxham (Para. [0020-0021]) clearly discloses a method for providing a digital certificate conducted at a mobile device which has a certificate store module coupled thereto in which a digital certificate is stored, the method comprising the steps of: receiving, from a remotely accessible server, a request for a digital certificate.
Applicant further remarks that the cited prior arts Huxham in view of Krishna and Little also fails to teach the limitation “transmitting, to the server in response to the request, the URI for the first digital certificate”. Examiner acknowledges that the cited prior arts Huxham in view of Krishna fails to disclose this limitation but the cited prior art Little (PDF Page 6) clearly discloses that the mobile device 100 sends, to LDAP server 40, a Uniform Resource Identifier (URI) 15 corresponding to a resource request from the LDAP server 40. The URI 15 is, for example, an LDAP query for an X.509 digital certificate 30 (as shown in Fig. 1), or see also PDF Page 11, discloses that, in step 825, the URI 15 query is sent to an LDAP server 40 by the LDAP handler 400 on behalf of a mobile device 100, and as disclosed in PDF Page 23, while the LDAP handler 400 has been described as a software program executed on the wireless gateway 85, the LDAP handler 400 may also be a software program executed on the LDAP server 40.
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Little’ into the teachings of ‘Huxham’ as modified by ‘Krishna’, with a motivation to transmit, to the server in response to the request, the URI for the first digital certificate, as taught by Little, in order to shield the network from the chatty and bulky LDAP communications between devices, such as LDAP server and mobile device; Little, PDF Page 11.
Thus, under BRI, the cited prior arts teach the claimed limitations, as described above, for the independent claim 1. Applicant is suggested to further amend the claim limitations to create a distinction between the claimed limitations (or claimed subject matter) and the cited prior arts of the record.
Regrading independent claims 24 and 46, the claims recite similar limitations as mentioned above for the independent claim 1. Therefore, the independent claims 24 and 46 are rejected for the same reasons as mentioned above for the independent claim 1. 
Regarding dependent claims 3-11, 13-16, 18 and 25-26 fall together accordingly, since the cited prior arts does disclose the limitations as recited in the independent claims.

Claim Rejections under 35 U.S.C. § 112(b):
Regarding independent claims 1, 24 and 46, the applicant remarks that “the word "further" is used in its plain English sense of an additional subject distinct from a first subject. In this sense it is a synonym of "another". A person of ordinary skill in the art would therefore have no trouble discerning the scope of a claim defining "a server" and "a further server". It is therefore submitted that the claims are clear in their current form”. Examiner acknowledged the applicant’s perspective but respectfully disagrees because the term “further server” as recited in the claim is a relative term which renders the claim indefinite, and the word “further” can’t be simply just used in its plain English sense of an additional subject distinct from a first subject, such as a synonym of "another", Since the immediate specification (see Para. [00087-00088]) describes the term “further server” as a “bootstrap server” that may provision the client device with the first digital certificate, and in some embodiments, the term “further server” is described as a machine (such as, a server 104 which is different than the bootstrap server) that may provision the client device (directly or indirectly) with the first digital certificate, which makes it further unclear whether the term “further server” refers to a bootstrap server or it refers to a machine, such as a server 104 which is different than the bootstrap server. Therefore, the term “further server” as recited in the claim is indefinite because it is not clearly defined by the claim, the specification does not clearly define and/or provide a standard for ascertaining the requisite degree for the “further server”, and one of ordinary skill in the art would not be reasonably apprised of the scope of the invention. Therefore, examiner maintains the claim rejections under 35 U.S.C. § 112(b), as described in the previous office action.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claims 1, 3-11, 13-16, 18, 24-26 and 46 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
Regarding claim 1, The claim recites “a domain name of a further server from which the first digital certificate is obtainable” in lines 9-10 of the claim. The term “further server” as recited in the claim is relative term which renders the claim indefinite. The term “further server” is not defined by the claim, the specification does not provide a standard for ascertaining the requisite degree, and one of ordinary skill in the art would not be reasonably apprised of the scope of the invention. Therefore, the term “further server” as recited in the claim is indefinite because the specification does not clearly define and does not provide a standard for ascertaining the requisite degree for the “further server”. Examiner notes that, in the specification Para. [00087], the term “further server” is defined as a “bootstrap server” that may provision the client device with the first digital certificate. However, in some embodiments, as described in Para. [00088] of the specification, the further server may be a machine (such as, a server 104 which is different than the bootstrap server) that may provision the client device (directly or indirectly) with the first digital certificate. Therefore, the term “further server” renders the claim indefinite.
Regarding independent claims 24 and 46, the claims are rejected for the same reasons as mentioned above for the independent claim 1.
Dependent claims 3-11, 13-16, 18 and 25-26 are likewise rejected under 35 U.S.C. 112(b) or pre-AIA  35 U.S.C. 112, second paragraph as being indefinite since they depend on and/or carries the deficiencies of the parent claims.

Claim Rejections - 35 U.S.C. 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or non-obviousness.

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 3-4, 15, 24 and 46 are rejected under 35 U.S.C. 103 as being unpatentable over Huxham Horatio Nelson (WO 2014/174491 A1), hereinafter (Huxham), in view of Krishna; Shyam et al. (US 2017/0006030 A1), hereinafter (Krishna), and in further view of Little Herbert A (CA 2479626 C), hereinafter (Little).

Regarding claim 1, Huxham teaches a method Huxham, Para. [0020], discloses a method for providing a digital certificate conducted at a mobile device): receiving, at the client device, a request from the server for a first digital certificate for authenticating the client device to the server (Huxham, Para. [0020], discloses that the method comprising the steps of: receiving, from a remotely accessible server, a request for a digital certificate), the first digital certificate comprising a client device identifier (Huxham, Para. [0010 and 0049], discloses that the digital certificate may include information about the entity or individual to whom the certificate was issued and may also include information about the certificate authority that issued the digital certificate, etc.), 
Huxham, Para. [0089-0090], discloses that an identifier (associated with a mobile device) may be extracted from a path portion of a uniform resource locator (URL) submitted to the remotely accessible server); and
Huxham fails to explicitly disclose but Krishna teaches a method of establishing a secure communication session between a client device and a server (Krishna, Para. [0112], discloses an example scenario wherein a device connects to gateway server 140 using a transport protocol over a persistent connection such as TCP, gateway server 140 associates the specific socket that is used to hold the connection. Generally, connection-based communication protocols such as TCP first establish a communication session, and then use the established session to communicate data. Connection-based communication protocols offer reliable delivery of data through sequencing, error checking, and flow control. Generally, a session is established through a process of a handshake. Once the connection is established, data can be reliably sent), a server identifier (Krishna, Para. [0070 or 0147], discloses identifiers of gateway servers 140) and a further identifier identifying a relationship between the client device and the server (Krishna, Para. [0071 or 0108], discloses to generate and/or assign a connection identifier (connection id) for purpose of identifying the particular connection with the particular device, and in an example disclosed in Para. [0113], wherein a device connects to gateway server 140 using a connection-less transport such as UDP, gateway server 140 associates the remote IP and port pair with a connection id);
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Krishna’ into the teachings of ‘Huxham’, with a motivation to include a server identifier and a further identifier identifying a relationship between the client device and the server, as taught by Krishna, in order to identify and authenticate each particular device and requests communicated from and to the device via the environment; Krishna (Abstract).
Huxham as modified by Krishna fails to explicitly disclose but Little teaches generating a uniform resource identifier (URI) for the first digital certificate, wherein the URI comprises: a domain name of a further server from which the first digital certificate is obtainable; the server identifier (Little, PDF Page 10, discloses that, in step 815, a URI query is generated. The query is illustratively a standard LDAP query. The URI may include known LDAP data such as the protocol prefix "ldap://"; a domain name host such as the domain name for a root CA, such as "directory.ldap40.com" corresponding to the Internet address of the LDAP server 40; an optional port number over which a stream is initiated, such as the default port ":389", and optional base query DN followed by other known LDAP query parameters. For an example, the URI generated by the mobile device 100 would be "ldap://directory.ldap40. com:389/{optional parameters}". (wherein the optional parameters may include server identifier). Wherein the URI query is generated in response to the mobile device 100 receives a trigger for an event, such as the encryption operation that requires the public key 35 of the digital certificate 30, which is stored at the LDAP server 40); and transmitting, to the server in response to the request, the URI for the first digital certificate (Little, (PDF Page 6), discloses that the mobile device 100 sends a Uniform Resource Identifier (URI) 15 corresponding to a resource request from the LDAP server 40. The URI 15 is, for example, an LDAP query for an X.509 digital certificate 30 (as shown in Fig. 1), or see also PDF Page 11, discloses that, in step 825, the URI 15 query is sent to an LDAP server 40 by the LDAP handler 400 on behalf of a mobile device 100, and as disclosed in PDF Page 23, while the LDAP handler 400 has been described as a software program executed on the wireless gateway 85, the LDAP handler 400 may also be a software program executed on the LDAP server 40).  
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Little’ into the teachings of ‘Huxham’ as modified by ‘Krishna’, with a motivation to generate a uniform resource identifier (URI) for the first digital certificate and transmit the generated URI for the first digital certificate to the server, as taught by Little, in order to shield the network from the chatty and bulky LDAP communications between devices, such as LDAP server and mobile device; Little, PDF Page 11.

Regarding claim 2, (cancelled).

Regarding claim 3, Huxham as modified by Krishna in view of Little teaches the method as claimed in claim 1, wherein Huxham as modified by Krishna further teaches the further server provisioned the client device with the first digital certificate (Huxham, Para. [0057], discloses to provision the certificate module of the mobile device, and as disclosed in Krishna, Para. [0078], the process of registering devices with environment 110 may involve provisioning devices with certificates that may be used during subsequent communications with environment 110).  
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Krishna’ into the teachings of ‘Huxham’, with a motivation wherein the further server provisioned the client device with the first digital certificate, as taught by Krishna, in order to use the provisioned devices certificates during subsequent communications with environment; Krishna, Para. [0078].

Regarding claim 4, Huxham as modified by Krishna in view of Little teaches the method as claimed in claim 3, wherein Huxham further teaches the further server provisioned the client device with information indicating at least one cryptographic algorithm or cipher suite supported by the server (Huxham, Para. [0058], discloses that the cryptographic keys and algorithms stored in the cryptographic key storage (130) can be provisioned to perform various encryption standards and protocols including but not limited to Advanced Encryption Standard (AES), Data Encryption Standard (DES), Triple Data Encryption Standard/Algorithm (TDES/TDEA), Secure Socket Layer (SSL), and/or other encryption algorithms or protocols).  

Regarding claim 15, Huxham as modified by Krishna in view of Little teaches the method as claimed in claim 1, wherein Huxham as modified by Krishna further teaches when the secure communication session is established (Krishna, Para. [0054], discloses that for each connection established from the particular device, the gateway server 140 may also maintain information identifying the connection), the method further comprises: exchanging encrypted messages with the server (Huxham, Para. [0009], discloses that when encrypting a data message, the sender makes use of the recipient's public key to encrypt the data message. The encrypted data message is transmitted from the sender to the recipient. The recipient then uses the recipient's private key to decrypt the data message, or see also Krishna, Para. [0106], discloses to exchange encrypted data between a device and environment 110).  
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Krishna’ into the teachings of ‘Huxham’, with a motivation wherein encrypted messages with the server are exchanged, as taught by Krishna, in order to decrypt the received encrypted data and evaluate the unencrypted data to determine if the data was, in fact encrypted using the private key corresponding to the registered public key and, therefore, received from the actual registered device; Krishna, Para. [0104].

Regarding claim 24, the claim recites substantially similar subject matter as claim 1. Therefore, the response set forth above with respect to the claim 1 is equally applicable to the claim 24 of “a method performed by the server”.

Regarding claim 46, the claim has limitations similar to those treated in the above rejections, and are met by the references as discussed above for the independent claim 1. Claim 46 however also recites the following limitations “A server for establishing a secure communication session with a client device, the server comprising at least one hardware processor and a micro-processor configured to:”, which is discloses in Krishna, Para. [0112 and 0231].  

Claims 5-11, 13, 18 and 26 are rejected under 35 U.S.C. 103 as being unpatentable over Huxham as modified by Krishna in view of Little, as applied above, and further in view of YANG; Xiangying (US 2017/0279619 A1), hereinafter (Yang).

Regarding claim 5, Huxham as modified by Krishna in view of Little teaches the method as claimed in claim 1, further comprising: wherein Huxham, as disclosed in Para. [0049], teaches a certificate valid-from date, a valid-to date but Huxham as modified by Krishna in view of Little fails to disclosed but Yang teaches determining, prior to transmitting the URI for the first digital certificate, the expiry date of the first digital certificate;-3-PAK et al.Atty Docket No.: JRL-6157-60 Appl. No.: To Be Assignedwherein, when the first digital certificate is determined to have expired, the method comprises (Yang, Para. [0051], discloses that the device OS or the device certificate function performs an expiration check on the certificates, and/or see also Para. [0122], discloses maintenance of a time information variable or parameter in an eUICC allows the eUICC to perform a certificate expiration and/or publication date and/or time check. The device can also perform this check. For example, if an expiration time value in a certificate is earlier than the time information value stored in the time information variable, in some embodiments, the eUICC or device may i) discard the certificate, ii) request a new certificate,): requesting an updated first digital certificate; and transmitting, to the server, the updated first digital certificate instead of a URI (Yang, Para. [0018], discloses that the device, in some embodiments, requests or pulls certificate(s) from CAs to provide these to the eUICC, and/or as disclosed in Para. [0060 and 0064], the eUICC proactively obtains or requests a new certificate (if a certificate has expired) from a given server in order to keep up in time with certificate/public key rotations performed by the server, or see also Para. [0076], the end user can request that the device 110 obtain a new certificate for the server identified in the message 129).  
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Yang’ into the teachings of ‘Huxham’ as modified by ‘Krishna’ in view of ‘Little’, with a motivation that provides to improve the recognition of expired certificates based on the time-variant parameters that can be used in identification protocols to counteract replay attacks and to provide timeliness guarantees; Yang, Para. [0006].

Regardin claim 6, Huxham as modified by Krishna in view of Little and Yang teaches the method as claimed in claim 5, wherein Huxham as modified by Krishna in view of Little fails to disclose but Yang further teaches the step of requesting an updated first digital certificate comprises sending a request to a further server which provisioned the client device with the first digital certificate (Yang, Para. [0060 and 0064], discloses that the eUICC/device proactively obtains or requests a new certificate (if a certificate has expired) from a given server in order to keep up in time with certificate/public key rotations performed by the server).  
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Yang’ into the teachings of ‘Huxham’ as modified by ‘Krishna’ in view of ‘Little’, with a motivation wherein the step of requesting an updated first digital certificate comprises sending a request to a further server which provisioned the client device with the first digital certificate, as taught by Yang, in order to counteract replay attacks and to provide timeliness guarantees; Yang, Para. [0006].

Regarding claim 7, Huxham as modified by Krishna in view of Little teaches the method as claimed in claim 1, further comprising: wherein Huxham fails to disclose but Krishna further teaches requesting, from the server, a second digital certificate, the second digital certificate comprising the server identifier (Yang, Para. [0017], discloses that the device can request a new certificate from the given server. When a certificate arrives contains the identity of the given server (a server identifier, as disclosed in Para. [0018])); 
Huxham as modified by Krishna in view of Little fails to disclose but Yang teaches receiving, responsive to the request, fingerprint data corresponding to the second digital certificate (Yang, Para. [0043], discloses that a certificate requestor or user agent (UA) requests that a certificate provider or host provide a certificate chain including at least one fingerprint that matches a pinned fingerprints for that host).  
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Yang’ into the teachings of ‘Huxham’ as modified by ‘Krishna’ in view of ‘Little’, with a motivation wherein the steps of requesting a digital certificate and receiving fingerprint data in response to the requested digital certificate, as taught by Yang, in order to verify the authenticity of messages coming from the delivery server; Yang, Para. [0073].

Regarding claim 8, Huxham as modified by Krishna in view of Little and Yang teaches the method as claimed in claim 7, further comprising: wherein Huxham as modified by Krishna in view of Little fails to disclose but Yang further teaches retrieving, from storage, a copy of the second digital certificate (Yang, Para. [0111], discloses that the delivery server 120 or 160 responds, in the message 806, with a copy of the current certificate); generating, using the copy of the second digital certificate, fingerprint data corresponding to the second digital certificate (Yang, Para. [0111], discloses that the message 806 is forwarded to the eUICC 100 in message 807 and the eUICC 100 updates the pinning table 108. Wherein, the message 807 includes a hash computed by the certificate function 112 over the certificate received by the device 110/certificate function 112 in the message 806. Wherein, the message 806 includes a copy of the current certificate); comparing the generated fingerprint data to the received fingerprint data (Yang, Para. [0112], discloses that the certificate originally sent by the delivery server 120 or 160 based on the event 30 is sent to the eUICC in message 809. The eUICC 100, in some embodiments, then performs a pinning check (Action 31) by computing a hash value on the arriving certificate and comparing it with entries in the eSIM server 180 row or data portion of the pinning table 108 ); and authenticating the server if the generated fingerprint data matches the received fingerprint data (Yang, Para. [0043], discloses that a certificate requestor or user agent (UA) requests that a certificate provider or host provide a certificate chain including at least one fingerprint that matches a pinned fingerprints for that host (i.e., server). Wherein, the pinned fingerprint is a hash of a certificate).  
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Yang’ into the teachings of ‘Huxham’ as modified by ‘Krishna’ in view of ‘Little’, with a motivation wherein the certificate provider or host provide a certificate chain including at least one fingerprint that matches pinned fingerprints, in order to verify the authenticity of the delivery server; Yang, Para. [0043 and 0073].

Regarding claim 9, Huxham as modified by Krishna in view of Little and Yang teaches the method as claimed in claim 8, wherein Huxham as modified by Krishna in view of Little fails to disclose but Yang teaches the step of generating fingerprint data comprises: retrieving, from storage, a cryptographic hash function associated with the server (Yang, Para. [0078-0079], discloses a certificate function to validate server identity by computing hash value of the certificate); and applying the cryptographic hash function to the retrieved copy of the second digital certificate (Yang, Para. [0111], discloses that the message 807 includes a hash computed by the certificate function 112 over the certificate received by the device 110/certificate function 112 in the message 806. Wherein, the message 806 includes a copy of the current certificate).  
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Yang’ into the teachings of ‘Huxham’ as modified by ‘Krishna’ in view of ‘Little’, with a motivation to apply the cryptographic hash function to the retrieved copy of the second digital certificate, as taught by Yang, in order to verify the authenticity of the delivery server; Yang, Para. [0073].

Regarding claim 10, Huxham as modified by Krishna in view of Little and Yang teaches the method as claimed in claim 7, further comprising: wherein Huxham as modified by Krishna in view of Little fails to disclose but Yang teaches-4-PAK et al.Atty Docket No.: JRL-6157-60 Appl. No.: To Be Assignedretrieving, from storage, pre-generated fingerprint data corresponding to the second digital certificate; comparing the pre-generated fingerprint data to the received fingerprint data; and authenticating the server if the pre-generated fingerprint data matches the received fingerprint data (Yang, Para. [0079], discloses that the certificate function 112 then reads a hash value from the pinning table, and as disclosed in Para. [0080], wherein the pinning table 118 includes rows or data portions, with each row or data portion corresponding to a server or CA. The certificate function 112 then searches for a match throughout the row or data portion corresponding to the server or CA identified with the certificate in question, and as further disclosed in Para. [0081], the certificate function 112 finds a match. In that case, the security material (certificate, CRL) passes the certificate pinning check, and/or see also Para. [0017]).  
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Yang’ into the teachings of ‘Mokrushin’ as modified by ‘Krishna’ in view of ‘Little’, with a motivation in which the computed hash value is compared with the hash value from the trusted list or pinning table, in order to verify the authenticity of the delivery server; Yang, Para. [0017 and 0073].

Regarding claim 11, Huxham as modified by Krishna in view of Little and Yang teaches the method as claimed in claim 10, wherein Huxham as modified by Krishna in view of Little fails to disclose but Yang further teaches-4-PAK et al.Atty Docket No.: JRL-6157-60  the pre-generated fingerprint data is generated by: retrieving, from storage, a cryptographic hash function associated with the server (Yang, Para. [0078-0079], discloses a certificate function to validate server identity by computing hash value of the certificate); retrieving, from storage, a copy of the second digital certificate (Yang, Para. [0111], discloses that the delivery server 120 or 160 responds, in the message 806, with a copy of the current certificate); applying the cryptographic hash function to the retrieved copy of the second digital certificate, to generate fingerprint data corresponding to the second digital certificate; and storing the generated fingerprint data as pre-generated fingerprint data (Yang, Para. [0111], discloses that the message 806 is forwarded to the eUICC 100 in message 807 and the eUICC 100 updates the pinning table 108. Wherein, the message 807 includes a hash computed by the certificate function 112 over the certificate received by the device 110/certificate function 112 in the message 806. The message 806 includes a copy of the current certificate).  
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Yang’ into the teachings of ‘Huxham’ as modified by ‘Krishna’ in view of ‘Little’, with a motivation to provide a trusted list or a pinning table corresponding to a server, in which a hash value indicates the result of performing a hash over the corresponding certificate of the server; Yang, Para. [0017].

Regarding claim 13, Huxham as modified by Krishna in view of Little and Yang teaches the method as claimed in claim 8, further comprising: wherein Huxham fails to disclose but Krishna further teaches transmitting, to the server, a message indicating the server has been authenticated (Krishna, Para. [0044 or 0145], discloses an example scenario, wherein a message is received at a gateway server from a computing system in the computing environment, and as disclosed in Para. [0059 or 0144], to confirm that the particular entity (i.e., server) is authorized to communicate with or control the particular device).
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Krishna’ into the teachings of ‘Huxham’, with a motivation wherein a message is transmitted to the server indicating that the server has been authenticated, as taught by Krishna, in order to identify and authenticate each particular device and establish a secure connection between entities such as a particular gateway server and a particular mobile device; Krishna,  Para. [0054].

Regarding claim 18, Huxham as modified by Krishna in view of Little teaches the method as claimed in claim 1, wherein Huxham as modified by Krishna in view of Little fails to disclose but Yang teaches the first digital certificate is a certificate chain or wherein the second digital certificate is a certificate chain (Yang, Para. [0043], discloses that a certificate provider or host provide a certificate chain).  
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Yang’ into the teachings of ‘Huxham’ as modified by ‘Krishna’ in view of ‘Little’, with a motivation wherein the certificate provider or host provide a certificate chain including at least one fingerprint that matches pinned fingerprints, in order to verify the authenticity of the delivery server; Yang, Para. [0043 and 0073].

Regarding claim 26, the claim recites substantially similar subject matter as claim 7. Therefore, the response set forth above with respect to the claim 7 is equally applicable to the claim 26 of “a method performed by the server”.

Claims 14 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Huxham as modified by Krishna in view of Little, as applied above, and further in view of Mokrushin et al. (US 20120226908 A1), hereinafter (Mokrushin).

Regarding claim 14, Huxham as modified by Krishna in view of Little teaches the method as claimed claim 1, further comprising: Krishna in Para. [0103] further discloses that the gateway server 140 validates or authenticates the particular device, wherein Huxham as modified by Krishna in view of Little fails to disclose but Mokrushin teaches receiving, from the server, a message indicating the server has authenticated the client device (Mokrushin, Fig. 11 and Para. [0072], discloses that the SP 70 issues a service response message indicating whether the SP 70 has accepted the requested establishment of connection with the client 50. The service response message is sent by the SP 70 in step 465 and received by the AG 10. In step 470, the AG 10 forwards the service response message to the client 50, and/or as disclosed in Para. [0021], the method further comprises receiving, from the SP via the AR, a service response message indicating whether the SP has accepted the requested establishment of said connection, and forwarding the service response message to the client).  
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Mokrushin’ into the teachings of ‘Huxham’ as modified by ‘Krishna’ in view of ‘Little’, with a motivation wherein the server transmits a message indicating the server has authenticated the client device, as taught by Mokrushin, in order to establish a secure (trusted/encrypted) connection or communication session between entities, such as client device and SP; Mokrushin, Para. [0021 and 0060].

Regarding claim 16, Huxham as modified by Krishna in view of Little teaches the method as claimed in claim 15, wherein Huxham, as disclosed in Para. [0049], teaches a certificate valid-from date, a valid-to date but Huxham as modified by Krishna in view of Little fails to disclosed but Mokrushin further teaches the established secure communication session is terminated when the exchanging of encrypted messages is completed or-5-PAK et al.Atty Docket No.: JRL-6157-60Appl. No.: To Be Assigned wherein the established secure communication session is terminated after a specified time period has lapsed (Mokrushin, Para. [0070], discloses that the SP 70 can refuse (terminate/end) the connection with the client, after determining whether the client’s identity certificate is valid or not, and as disclosed in Para. [0066], wherein the certificate is marked with an expiry time. Therefore, the certificate can be validated based on the marked expiry time).  
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Mokrushin’ into the teachings of ‘Huxham’ as modified by ‘Krishna’ in view of ‘Little’, with a motivation wherein the established secure communication session is terminated after a specified time period has lapsed, as taught by Mokrushin, in order to provide secure communication between one or more clients and one or more service providers; Mokrushin (Abstract).

Claim 25 is rejected under 35 U.S.C. 103 as being unpatentable over Huxham as modified by Krishna in view of Little, as applied above, and further in view of Yeap; Tet Hin et al. (US 2006/0080534 A1), hereinafter (Yeap).

Regarding claim 25, Huxhamas modified by Krishna in view of Little teaches the method as claimed in claim 24, further comprising: wherein Huxham as modified by Krishna in view of Little fails to disclose but Yeap teaches retrieving, using the URI, the first digital certificate (Yeap, Fig. 3 and Para. [0069], discloses that the encryption certificate is sent from device 50 to server 62. Once the certificate is received by server 62 its contents are opened and examined); comparing the client device identifier in the retrieved first digital certificate with the received client device identifier (Yeap, Fig. 3 and Para. [0072], discloses that, at step 340, the server 62 will examine the contents of the certificate received at step 320 to extract the client identifier embedded therein, and as disclosed in Para. [0074], thus, if at step 340 it is determined that the client identifier embedded within the certificate received at step 320 is correct, then method 300 advances to step 350); comparing the server identifier of the retrieved first digital certificate with a stored server identifier (Yeap, Fig. 3 and Para. [0075], discloses that, at step 350, a determination is made as to whether the access server identifier is correct, and as disclosed in Para. [0076], if at step 350 it is determined that the access server identifier is correct, then method 300 will advance to step 370); authenticating the client device if the client device identifier of the first digital certificate matches the received client device identifier, and if the server identifier of the first digital certificate matches the stored server identifier (Yeap, Para. [0074], thus, if at step 340 it is determined that the client identifier embedded within the certificate received at step 320 is correct, then method 300 advances to step 350, and as disclosed in Para. [0076], if at step 350 it is determined that the access server identifier is correct, then method 300 will advance to step 370 and access to network 42 and/or Internet 46 by device 50 will be permitted).  
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Yeap’ into the teachings of ‘Huxham’ as modified by ‘Krishna’ in view ‘Little’, with a motivation that permits the computing device(s) to gain access to the computing resources based on the comparison of the expected identifiers (such as a unique identifier of the computing device and/or the access server) embedded within the certificate received by the access server; Yeap, Abstract.

Conclusion

THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  See PTO-892
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ALI CHEEMA, whose telephone number is 571-272-1239. The examiner can normally be reached on 8AM-4PM (EST) Monday-Friday. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge L. Ortiz-Criado can be reached on 571-272-7624.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. 
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/ALI CHEEMA/
Examiner, Art Unit 2496



/JORGE L ORTIZ CRIADO/Supervisory Patent Examiner, Art Unit 2496