DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 9/29/2025 has been entered.
Response to Arguments
Applicant’s arguments, see pages 8 and 9, filed 1/22/2026, with respect to the objection(s) to claim(s) 7 and 9 have been fully considered and are persuasive. The associated objection(s) to the listed claim(s) has been withdrawn.
Applicant’s arguments, see page(s) 9, filed 1/22/2026, with respect to the interpretation of claim(s) 6 and 7 under 35 USC 112(f) have been fully considered and are persuasive. These claims are no longer being interpreted under the statute.
Applicant’s arguments, see page(s) 9, filed 1/22/2026, with respect to the rejection of claim(s) 1, 3, 5-7, 9, and 10 under 35 USC 112(a) have been fully considered and are persuasive. The associated rejections to the listed claim(s) have been withdrawn.
Applicant’s arguments, see pages 9-12, filed 1/22/2026, with respect to the rejection of claims 1,3,5-7 and 9-10 under 35 USC 103 have been fully considered and are persuasive. Therefore, the rejection has been withdrawn. However, upon further consideration, a new ground(s) of rejection is made in view of OKAZAWA (Doc ID US 20130057895 A1).
Claim Objections
Claim(s) 1, 3, 5-7, and 9-11 are objected to because of the following informalities:
Regarding claims 1, 6, 7, and 9:
The intended steps of the claimed invention, as understood by the examiner, can be summarized as follows:
A client application attempts a secure connection with a destination Main Server.
Receive a public key certificate (C1) from the Main Server.
Verify the received certificate against a held reference certificate (C2).
If that verification fails for some reason, get an updated reference certificate (C3) for the Main Server from an Update Server.
Examiner notes that the current wording of the claims would likely be interpreted by one skilled in the art that the certificate is found to be specifically non-compliant (i.e. expired). This makes it somewhat difficult to understand the necessity of the following limitations. However, this is not an issue of definiteness, and the claim wording is supported by the specification.
Use the C3 to attempt a new secure connection with the Main Server.
If C3 is the same as C2, instruct the user to use a different network or connection method to attempt a new secure connection with the main server.
Examiner notes that the wording and verbosity of these limitations makes it difficult to parse what is actually intended by the applicant. Based on the context of the specification, it seems the check for C3 being Identical to C2 should occur before any attempt at a new secure connection with the Main Server; however, its placement implies a new secure connection is attempted first, and only then is C3 checked against C2, and the user instructed to change network connections before attempting yet another secure connection. Examiner suggests that these limitations could be combined and simplified, or, at a minimum, amended to swap their order within the claim.
Regarding claims 3, 5, 10, and 11:
They are objected to for being dependent on one or more objected-to claims. These objections could be overcome by overcoming the objections to any claims upon which these claims depend, or by amending the claim such that they are no longer dependent on any objected-to claims.
Appropriate correction is required.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1, 6, 7, and 9 are rejected under 35 U.S.C. 103 as being unpatentable over YAMAMOTO et al (Doc ID US 20190068581 A1), and further in view of STRADLING (Doc ID US 20080155254 A1) and OKAZAWA (Doc ID US 20130057895 A1).
Regarding claim 1:
YAMAMOTO teaches:
in response to said public key certificate transmitted by the main server being not verified compliant, setting up a second secure communication with an update server (Fig 1B, [0019] "At 142, the client calculates a hash value from the signed certificate.", and [0022] "... at 144, the client determines that the computed hash value does not equal the expected hash value; in response to this situation, the security update agent is invoked ... for establishing a secure connection to the security updater for purposes of obtaining an updated hash value for the certificate of the server from the update security server.") and
verifying compliance of a public key certificate transmitted by the update server, as a function of a reference certificate for said update server (Fig 2 and [0055] "... at 212, the pinning updater provides a method cert (pinning updater cert) to the client that is signed by a sole root certificate authority (CA) for the client for purposes of permitting the client to authenticated the pinning updater (method 200) for the secure and custom-encrypted communication session.");
receiving an updated reference certificate for said main server by using the second secure communication, said updated reference certificate for said main server being used by the client application during a new setup of secure communication with the main server ([0032] "Assuming, the newly computed hash value is equal to the updated hash value provided by the server 130, the client 110 permits a session between the client 110 and the server 120 to continue at 147."); and
ordering a modification of an access network underlying a communication network during the new setup of secure communication with the main server ([0032] "Assuming, the newly computed hash value is equal to the updated hash value provided by the server 130, the client 110 permits a session between the client 110 and the server 120 to continue at 147.").
STRADLING teaches the following limitation(s) not taught by YAMAMOTO:
A method of communication between a client application implementing a service being executed on a user device and a main server, said method comprising, in the client application: verifying compliance of a public key certificate transmitted by the main server during an attempt to set up a first secure communication, as a function of a reference certificate for said main server stored by the client application, a setup of the first secure communication being conditional upon said verification of compliance ([0024] "… a client computer ... requests at least one certificate from a second computer 4 (which is often a web server computer) through an SSL/TLS handshake."),
Updating an invalid reference certificate for a server with one acquired from an update server is a known technique in the art, as demonstrated by YAMAMOTO. Further, verifying a received certificate before allowing a secure connection is a known technique in the art, as demonstrated by STRADLING. It would have been obvious to a person having ordinary skill in the art (PHOSITA) before the effective filing date of the claimed invention to modify the certificate update of YAMAMOTO with the certificate verification of STRADLING with the motivation provide updated certificates only when necessary as determined by a verification process.
OKAZAWA teaches the following limitations not taught by the combination of YAMAMOTO and STRADLING:
in response to the received updated reference certificate for the main server being identical to the reference certificate for the main server stored in the client application ([0056] "... the printer server 103 acquires certificate information for the image forming apparatus 105 from the authentication server 104. Here, the printer server 103 checks (compares) the acquired certificate information with the saved certificate information that has been previously cached (step S1205), and if the acquired certificate information is the same as the previous certificate information, the procedure returns to step S1203 ..."),
Checking whether a received certificate is identical to a cached certificate is a known technique in the art, as demonstrated by OKAZAWA. It would have been obvious to a PHOSITA before the effective filing date of the claimed invention to modify the certificate update and verification of YAMAMOTO and STRADLING with the duplicate certificate check of OKAZAWA with the motivation to determine whether a held certificate is the most up-to-date certificate available for a destination.
Regarding claims 6, 7, and 9:
These claims are rejected with the same justification, mutatis mutandis, as their counterpart claim 1 above.
Claim 3 is rejected under 35 U.S.C. 103 as being unpatentable over YAMAMOTO et al (Doc ID US 20190068581 A1), STRADLING (Doc ID US 20080155254 A1), and OKAZAWA (Doc ID US 20130057895 A1) as applied to claim 1 above, and further in view of MERIAC (Doc ID US 20170295025 A1).
Regarding claim 3:
The combination of YAMAMOTO, STRADLING, and OKAZAWA teaches:
The method as claimed in claim 1,
The combination of YAMAMOTO, STRADLING, and OKAZAWA does NOT teach:
wherein an expiration date of the reference certificate for the update server is later than that of the reference certificate for the main server.
MERIAC teaches this limitation:
[0041] "… an expiry date of the shortcut certificate is no greater than the expiry date of any digital certificate of each certification authority in the chain …"
Ensuring a certificate does not expire before any certificate which depends on that certificate is a known technique in the art, as demonstrated by MERIAC. It would have been obvious to a PHOSITA before the effective filing date of the claimed invention to modify the certificate verification and update method of YAMAMOTO, STRADLING, and OKAZAWA with the certificate expiration date method of MERIAC with the motivation to ensure that a situation does not arise where an expired main server certificate expires, which requires updating, but where the update server’s certificate has also already expired. It is obvious to accomplish this by having the root certificate have the latest expiration of all pinned certificates.
Claim 5 is rejected under 35 U.S.C. 103 as being unpatentable over YAMAMOTO et al (Doc ID US 20190068581 A1), STRADLING (Doc ID US 20080155254 A1), and OKAZAWA (Doc ID US 20130057895 A1) as applied to claim 1 above, and further in view of ALBERTH et al (Doc ID US 20040209593 A1).
Regarding claim 5:
The combination of YAMAMOTO, STRADLING, and OKAZAWA teaches:
The method as claimed in claim 1,
The combination of YAMAMOTO, STRADLING, and OKAZAWA does NOT teach:
in response to the second secure communication not being able to be set up with the update server, ordering a modification of the access network underlying the communication network with a view to attempting another new setup of a-secure communication with the main server.
ALBERTH teaches this limitation
Fig 5 and [0020] "... the communications device transmits a network connection request to a first network and is registered on the first network. At block 520, the communications device transmits a network connection request to a second network ...., the communications device transmits a network communication request to the first network if the attempt to connect to the second network fails ..."
Retrying a first connection after a second connection fails is a known technique in the art, as demonstrated by ALBERTH. It would have been obvious to a PHOSITA before the effective filing date of the claimed invention to modify the certificate verification and update method of YAMAMOTO, STRADLING, and OKAZAWA with the method of retrying connections of ALBERTH with the motivation to make a second attempt at connecting to a main server despite failing to authenticate the server’s certificate. It is obvious to make a second attempt to connect to consider whether the main server is able to send an updated certificate which matches the reference certificate and allows the connection to proceed.
Claim 10 is rejected under 35 U.S.C. 103 as being unpatentable over YAMAMOTO et al (Doc ID US 20190068581 A1), STRADLING (Doc ID US 20080155254 A1), and OKAZAWA (Doc ID US 20130057895 A1) as applied to claim 1 above, and further in view of GANTMAN et al (Doc ID US 20060236098 A1).
Regarding claim 10:
The combination of YAMAMOTO, STRADLING, and OKAZAWA teaches:
The method according to claim 1, wherein the method comprises, after said public key certificate transmitted by the main server being verified as compliant and setting up of the first secure communication, receiving an update of a public key certificate for the update server by using the first secure communication (STRADLING [0024] "... The second computer 4 responds and sends zero or more cross-certificates 8 .... The second computer 4 also delivers a new or updated root certificate 10 to the client computer 2."),
storing the update of the public key certificate as an updated reference certificate for the update server (STRADLING [0024] "… The client computer 2 then takes the root certificate 10 and stores it in the appropriate root storage facility 14.").
Verifying certificate compliance before establishing secure communications, receiving an updated certificate for an update server, and storing the update as a new reference certificate are known techniques in the art, as demonstrated by STRADLING. It would have been obvious to a PHOSITA before the effective filing date of the claimed invention to modify the certificate verification and update method of YAMAMOTO, STRADLING, and OKAZAWA with the root certificate update of STRADLING with the motivation ensure that trust is maintained with the update server which provides certificates for other servers. It is obvious to ensure the most up-to-date certificates for the update server are distributed even during connections not involving the update server.
The combination of YAMAMOTO, STRADLING, and OKAZAWA does NOT teach:
the received update of the public key certificate for the update server indicating a start date that is later than a send date at which the update of the public key certificate for the update server is received and
GANTMAN teaches this limitation:
[0069] "… the certificate can be generated with an inception timestamp that indicates a start and end time that takes place in the future."
Postdating a certificate is a known technique in the art, as demonstrated by GANTMAN. It would have been obvious to a PHOSITA before the effective filing date of the claimed invention to modify the certificate verification and update method of YAMAMOTO, STRADLING, and OKAZAWA with the postdated certificate of GANTMAN with the motivation to ensure the validity period for the new update server certificate outlives the certificate for the main server. It is obvious to seek a simple solution such as postdating the certificate, as it will not be referenced until the expiration of the certificate for the main server.
Claim 11 is rejected under 35 U.S.C. 103 as being unpatentable over YAMAMOTO et al (Doc ID US 20190068581 A1), STRADLING (Doc ID US 20080155254 A1), and OKAZAWA (Doc ID US 20130057895 A1) as applied to claim 1 above, and further in view of IDA et al (Doc ID US 20060072475 A1).
Regarding claim 11:
The combination of YAMAMOTO, STRADLING, and OKAZAWA teaches:
The method according to claim 1,
IDA teaches the following limitation(s) not taught by the combination of YAMAMOTO, STRADLING, and OKAZAWA:
The method according to claim 1, wherein the ordering a modification of the access network is triggered by a user following a request made to the user using a human-machine interface of the user device ([0136] "… the CPU 10 ... requests the user to change the network settings by displaying, on the display section 15, the setting-input screen PIC2 …").
Prompting a user to make a change of some kind to a network is a known technique in the art, as demonstrated by IDA. It would have been obvious to a PHOSITA before the effective filing date of the claimed invention to modify the certificate verification and update method of YAMAMOTO, STRADLING, and OKAZAWA with the network change prompt of IDA with the motivation to prompt the user to make a change in the network before making another attempt to connect to the destination server. This may resolve network connection issues.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to whose telephone number is (703)756-4528. The examiner can normally be reached M-F 0800-1700.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Alexander Lagor can be reached on (571) 270-5143. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/BB/Examiner, Art Unit 2437
/BENJAMIN E LANIER/Primary Examiner, Art Unit 2437