Prosecution Insights
Browse Companies Examiners Firms Draft Your Response
Office ActionsSemtech Corporation › 18090314
Last updated: April 19, 2026
Application No. 18/090,314

METHOD AND APPARATUS FOR DEVICE AUTHENTICATION USING CHAINS OF CERTIFICATES

Non-Final OA §103§112
Filed
Dec 28, 2022
Examiner
FARAMARZI, GITA
Art Unit
2496
Tech Center
2400 — Computer Networks
Assignee
Semtech Corporation
OA Round
3 (Non-Final)
53%
Grant Probability
Moderate
3-4
OA Rounds
3y 4m
To Grant
75%
With Interview

This examiner grants 53% of cases after interview

+21.5% interview lift. A telephonic interview to clarify the technical implementation could significantly improve the outcome.
Based on 75 resolved cases, 2023–2026

Examiner Intelligence

FARAMARZI, GITA View full profile →
Grants 53% of resolved cases
53%
Career Allow Rate
40 granted / 75 resolved
-4.7% vs TC avg
Strong +22% interview lift
Without
With
+21.5%
Interview Lift
resolved cases with interview
Typical timeline
3y 4m
Avg Prosecution
33 currently pending
Career history
108
Total Applications
across all art units

Statute-Specific Performance

§101
8.1%
-31.9% vs TC avg
§103
56.6%
+16.6% vs TC avg
§102
5.0%
-35.0% vs TC avg
§112
29.4%
-10.6% vs TC avg
Black line = Tech Center average estimate • Based on career data from 75 resolved cases

Office Action

§103 §112
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Status of Claims The following is a Non-Final Office Action in response to applicant’s response on October 28, 2025. Claims 20-21 were amended. Claim 3 was cancelled. Claims 1-2, 4-21 are pending, of which claims 1, 10, 16, and 20 are in independent form. Continued Examination Under 37 CFR 1.114 A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 10/28/2025 has been entered. Response to Amendment The amendment filed 10/28/2025 has been entered. Amendments to the claims have overcome the previous § 112(b) issue as found in Final Office Action dated 06/10/2025. Thus, the rejection has been withdrawn. However, claims 1-15 are rejected under 35 USC § 112 as being indefinite. Response to Arguments Applicant’s arguments with respect to claim(s) are rejected, under 35 USC 103(a), have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter. On pages 8-9 of remarks, Applicant’s argues that Holtzman also does not teach or even suggest that "the one or more additional root certificates and the prior root certificate form a certificate chain, wherein each root certificate in the one or more additional root certificates and the prior root certificate is signed with a private cryptographic key associated with a previous root certificate in the certificate chain" as defined in claim 1. Applicant’s arguments, with respect to the rejection(s) of claim(s) 1, 10, 16 and 20 have been fully considered and are persuasive. Therefore, the rejection has been withdrawn. However, upon further consideration, a new ground(s) of rejection is made in view of HIMAWAN et al. (US 2013/0036303 A1). As to the dependent claims 2, 4-9, 11-15, 17-19 and 21, these claims remain rejected by virtue of dependency to their independent claims. Therefore, the examiner maintains the rejection under 35 USC § 103. Claim Rejections - 35 USC § 112 The following is a quotation of 35 U.S.C. 112(b): (b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph: The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. Claims 1-15 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention. Claim 1 recites “the electronic device is configured to receive “zero or more additional root certificates” and further recites that “each root certificate in the one or more additional root certificates and the prior root certificate is signed with a private cryptographic key associated with a previous root certificate in the certificate chain”. Claim 1 is indefinite because, in the case where zero additional root certificates are received, the claim nonetheless recites a certificate chain and a signing relationship applicable to “each root certificated in the one or more additional root certificates”, even though no such certificates exist. As a result, it is unclear how the recited signing requirement is satisfied when the set of additional root certificates is empty (zero). Moreover, the claim fails to show whether the signing requirement applies only when one or more additional root certificates are received, or whether it applies in all cases, including when zero additional root certificates are received. Claim 9 recites “wherein zero additional root certificates are received based on the prior root certificate being same as a most recent root certificate.”. The claim is indefinite because it is unclear how the condition “the prior root certificate being same as the most recent root certificate” is evaluated when zero additional root certificates are received, as no additional root certificates exist from which a “most recent root certificate” can be determined. Claim 10 recites “causing the electronic server device to send, to the client device, zero or more Root certificates of the chain of Root certificates, wherein when present, a first Root certificate of the zero or more Root certificates is signed using a private cryptographic key of the particular Root certificate, and wherein each Root certificate is signed using a private cryptographic key of a previous Root certificate in the chain of Root certificates;”. The claim is indefinite because when zero root certificates are sent, no “previous root certificate” exists from which a signing relationship can be evaluated. As a result, it is unclear how the signing limitations are satisfied in the zero-certificate scenario. Claim 12 recites “the zero or more Root certificates immediately follow the particular Root certificate according to the ordering and are a contiguous subset of the chain of Root certificates according to the ordering”. The claim is indefinite because it is unclear how “zero or more Root certificates” can “immediately follow” a particular root certificate and a form a “contiguous subset” of the chain of root certificates when zero root certificates are present. Claim 14 recites “wherein the zero or more Root certificates are sent to the client device, in one or more messages, in response to a same single message from the client device”. The claim is indefinite because when zero root certificates are sent, there is no certificate that can be “sent to the client device”, rendering the recited transmission operation unclear. Claim 15 recites “wherein the server implicitly or explicitly indicates, to the client device, the ordering among the zero or more Root certificates in the chain of Root certificates”. The claim is indefinite because it is unclear how an “ordering” can be indicated among zero root certificates. Additionally, the claim does not specify what constitutes “implicitly” indicating the ordering, nor specifies distinguishing implicit indication from explicit indication. As to the dependent claims 4-8, 10, and 13, these claims remain rejected by virtue of dependency to their independent claims. Appropriate correction is required. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 1 – 2, 6, 8, and 9 are rejected under 35 U.S.C. 103 as being unpatentable over Stradling (US 2008/0155254 A1), in view Chen et al (CN 110598375 B), hereinafter Chen, in further view of HIMAWAN et al. (US 2013/0036303 A1), hereinafter HIMAWAN. Regarding Claim 1, Stradling discloses an electronic device comprising: a communication interface configured to communicate directly or indirectly with a server (Figure 1 shows a computer (i.e., electronic device) communicating via SSL/TLS handshake with a server computer); a memory configured to store a prior root certificate (Stradling, Figure 1 shows a root storage facility (i.e., memory) for storing root certificates on the computing device); and processing electronics configured to perform a process including: sending, to the server via the communication interface, an indication of the prior root certificate” (Stradling, Para. 0005, the client computer examines the server computer's certificate information to determine the validity of the server computer. The certificate is considered trusted if the sent certificate is found in the local trusted root storage facility (the one or more places on the client computer where digital certificates are stored). If the certificate is not found, the client computer will try to establish trust by using data associated with the sent certificate to establish a certificate chain by tracing referenced certificates (cross-certificates) in an attempt to locate a trusted certificate) and (Stradling, Para. 0023; discloses a method of updating a root certificate on a computer with a root update mechanism 2 by causing a new root certificate (which includes root certificates that are updated and will replace root certificates already installed) 10 to be sent to the client computer during an SSL/TLS handshake in addition to the legacy certificate chain 8) it is noted that the initiation of root certificate updating during an SSL/TLS handshake implies the existence of a prior trusted root certificate; receiving, from the server via the communication interface, zero or more additional root certificates and a server certificate (Stradling, Figure 1 shows the server sending at least zero additional root certificates to the client computer and [0024] describes how a first certificate is requested (and received) via a SSL/TLS handshake); and replace the prior root certificate with a most recent additional root certificate selected from the one or more additional root certificates (Stradling, [0023] describes how a new root certificate replaces an existing root certificate in the memory); wherein the one or more additional root certificates and the prior root certificate form a certificate chain” (Stradling, Para. 0024, describes how a certificate chain is built using one (or more) legacy root certificates. Cross-certificates are delivered so that a client can build a certificate chain up to the new root certificate); wherein upon determination that there are zero additional root certificates in the zero or more additional root certificates received from the server (Stradling, Para. 0024, the second computer 4 responds and sends zero or more cross-certificates 8 to allow the client computer 2 to build certificate chain(s) up to one or more legacy root certificates. The second computer 4 also delivers a new or updated root certificate 10 to the client computer 2. Optionally, the second computer 4 can deliver one or more cross-certificates 12 to allow the client to build a certificate chain up to the new root certificate 10), the processing electronics are further configured to authenticate the server using the prior root certificate and the server certificate (Stradling, Para. 0024, a client computer with a root update mechanism 2 requests at least one certificate from a second computer 4 (which is often a web server computer) through an SSL/TLS handshake. The second computer 4 responds and sends zero or more cross-certificates 8 to allow the client computer 2 to build certificate chain(s) up to one or more legacy root certificates. The second computer 4 also delivers a new or updated root certificate 10 to the client computer 2) and (Stradling, Paras. 0025-0027, an Apache™ server's mod_ssl module can be configured to include the new root certificate in addition to the certificates which form the legacy certificate chain of the server certificate by pointing the SSLCertificateChainFile directive to a bundle file containing 1) zero or more legacy root certificates; 2) zero or more cross-certificates, to allow the client to build the certificate chain(s) up to one or more legacy root certificates; 3) one or more new root certificates and 4) zero or more cross-certificates, to allow the client to build the certificate chain(s) up to one or more new root certificates), and Stradling does not explicitly disclose wherein upon determination that there are one or more additional certificates in the zero or more additional root certificates received from the server, the processing electronics are further configured to authenticate the server using the prior root certificate, the one or more additional root certificates, and the server certificate. However, Chen teaches wherein upon determination that there are one or more additional certificates in the zero or more additional root certificates received from the server (Chen, Page.5, after adding the new root certificate to the CA's root certificate pool, in the subsequent process, new certificate issuing requests use the new The root certificate is signed for issuance), the processing electronics are further configured to authenticate the server using the prior root certificate, the one or more additional root certificates, and the server certificate (Chen, Page.5, the CA node detects the trigger of the root certificate replacement. In the event, all existing root certificates can be marked as "old root certificates", but they can still be used normally. After adding the new root certificate to the CA's root certificate pool, in the subsequent process, new certificate issuing requests use the new the root certificate is signed for issuance. The trigger event for the replacement of the root certificate may be a trigger instruction for replacing a new root certificate input by a user or an event related to a preset service in a service. Further, in step S301, the CA node sends a root certificate issue transaction to any consensus node in the consensus network. After receiving the root certificate issue transaction, any of the consensus nodes may write the root certificate issue transaction into the blockchain). Stradling and Chen are both considered to be analogous to the claim invention because they are in the same field of authenticating the last Root certificate in the chain. Therefore, it would have been obvious to someone ordinary skill in the art before the effective filing date of the claimed invention to have modified Stradling to incorporate the teachings of Chen to include wherein upon determination that there are one or more additional certificates in the zero or more additional root certificates received from the server (Chen, Page.5), the processing electronics are further configured to authenticate the server using the prior root certificate, the one or more additional root certificates, and the server certificate (Chen, Page.5). Doing so would aid the behavior of business nodes and other possible nodes accessing the consensus network needs to be strictly controlled. This layered blockchain network can help replace CA root certificates securely and efficiently (Chen, Page.4). The combination of Stradling and Chen does not explicitly disclose wherein each root certificate in the one or more additional root certificates and the prior root certificate is signed with a private cryptographic key associated with a previous root certificate in the certificate chain. However, HIMAWAN teaches wherein each root certificate in the one or more additional root certificates and the prior root certificate is signed with a private cryptographic key associated with a previous root certificate in the certificate chain (HIMAWAN, Para. 0028, a trust anchor for a digital certificate is the root CA associated with the digital certificate. For example, the trust anchor in domain 202a is CA 204a. Domain 202a CA topology is configured in the form of a tree structure. A root certificate is the top-most certificate of the tree and the private key of CA 204a is used to "sign" the direct descendant "intermediate" CA certificates in the trust chain. All certificates immediately below the root certificate inherit the trustworthiness of the root certificate. Certificates further down the tree also depend on the trustworthiness of respective intermediate CAs. A trust path is formed from a sequence of certificates starting from a self-signed root CA certificate and ending at certificate holder's certificate. The sequence may include one or more intermediate CA certificates. Each subsequent certificate in the sequence is signed by the CA associated with the previous certificate in the sequence). Stradling, Chen and HIMAWAN are all considered to be analogous to the claim invention because they are in the same field of authenticating the last Root certificate in the chain. Therefore, it would have been obvious to someone ordinary skill in the art before the effective filing date of the claimed invention to have modified Stradling and Chen to incorporate the teachings of HIMAWAN to include wherein each root certificate in the one or more additional root certificates and the prior root certificate is signed with a private cryptographic key associated with a previous root certificate in the certificate chain (HIMAWAN, Para. 0028). Doing so would aid to enable relying parties receiving information signed with the private key associated with the digital certificate to verify the authenticity and integrity of the information (HIMAWAN, Para. 0003). It is noted that the primary reference Stradling expressly discloses cross-certification between legacy root certificates and newly introduced root certificates, enabling certificate chains that span from a prior root to a subsequent root through cryptographic signing. However, HIMAWAN provides the appropriate support for the claimed requirement that each root certificate in the chain is signed using a private cryptographic key associated with a previous root certificate. Regarding Claim 2, the combination of Stradling, Chen, and HIMAWAN further discloses “The electronic device of claim 1, wherein the one or more additional root certificates are generated after the prior root certificate” (Stradling: Figure 1 shows a process of root certificates being sent to the computing device in succession). Regarding Claim 6, the combination of Stradling, Chen, and HIMAWAN further discloses “The electronic device of claim 1, wherein the processing electronics are further configured to authenticate a server certificate indicative of an identity of the server using a most recent additional root certificate of the one or more additional root certificates” (Stradling: Figure 1 shows a process of root certificate issuance to a client computing device, where a chain is started based on the latest root certificate (reference character 12)). Regarding Claim 8, the combination of Stradling, Chen, and HIMAWAN further discloses “The electronic device of claim 1, wherein the one or more additional root certificates are received based on the prior root certificate being different from a most recent additional root certificates” (Stradling: Figure 1 shows the issuance of a new or updated root certificate; a new root certificate implies that it is different from prior root certificates). Regarding Claim 9, the combination of Stradling, Chen, and HIMAWAN further discloses “The electronic device of claim 1, wherein zero additional root certificates are received based on the prior root certificate being same as a most recent root certificate” (Stradling: Figure 1 shows the issuance of a number of certificates, where the number may be zero). Claim(s) 4, 5, 7, 13, 14, and 16 – 19 are rejected under 35 U.S.C. 103 as being unpatentable over Stradling (US 2008/0155254 A1), in further view Chen et al (CN 110598375 B), hereinafter Chen, in further view of HIMAWAN et al. (US 2013/0036303 A1), hereinafter HIMAWAN, in further view of Ignatchenko et al (US 2013/0346747 A1), hereinafter Ignatchenko. Regarding Claim 4, the combination of Stradling and Chen discloses the above subject matter content, but fails to expressly disclose “and after authenticating the first one of the additional root certificates: according to an ordering of the one or more additional root certificates, sequentially authenticate each one of the additional root certificates other than the first one of the additional root certificates using another one of the additional root certificates already authenticated”. However, analogous art from the same field of endeavor, HIMAWAN teaches this: (HIMAWAN, Para. 0028, root certificate is the top-most certificate of the tree and the private key of CA 204 a is used to “sign” the direct descendant “intermediate” CA certificates in the trust chain. All certificates immediately below the root certificate inherit the trustworthiness of the root certificate. Certificates further down the tree also depend on the trustworthiness of respective intermediate CAs. A trust path is formed from a sequence of certificates starting from a self-signed root CA certificate and ending at certificate holder's certificate. The sequence may include one or more intermediate CA certificates. Each subsequent certificate in the sequence is signed by the CA associated with the previous certificate in the sequence). Therefore, based on Stradling in view of Chen, and in further view of HIMAWAN, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teaching of HIMAWAN to the system of Stradling and Chen in order to enable relying parties receiving information signed with the private key associated with the digital certificate to verify the authenticity and integrity of the information (HIMAWAN, Para. 0003). The combination of Stradling, Chen, and HIMAWAN discloses the above subject matter content, but fails to expressly disclose “The electronic device of claim 3, wherein the processing electronics are further configured to: authenticate a first one of the additional root certificates using the prior root certificate”. However, analogous art from the same field of endeavor, Ignatchenko, teaches this: [0043] describes how the authenticity of replacement (i.e., additional) message is verified prior to the replacement (i.e., additional) message is sent by way of using private signing keys. [0027] describes “one or more digital certificates, e.g., as may be attached to a received message”, which shows that there is a chain of certificates, as they are attached to the messages in the particular chain). Therefore, based on Stradling in view of Chen, in further view of HIMAWAN, and further in view of Ignatchenko, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teaching of Ignatchenko to the system of Stradling, Chen, and HIMAWAN in order to securely create new root certificates following the compromise of a current root certificate (Ignatchenko, para. 0009). Regarding Claim 5, the combination of Stradling, Chen, HIMAWAN, and Ignatchenko further discloses “The electronic device of claim 1, wherein authenticating of any one of the additional root certificates comprises determining that said one of the additional root certificates is signed with a private cryptographic key associated with another root certificate” (Ignatchenko: [0043] describes how the message containing the root certificates is signed by at least two private keys corresponding to the two root certificates). Therefore, based on Stradling in view of Chen, in further view of HIMAWAN, and further in view of Ignatchenko, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teaching of Ignatchenko to the system of Stradling, Chen, and HIMAWAN in order to securely create new root certificates following the compromise of a current root certificate (Ignatchenko, para. 0009). Regarding Claim 7, the combination of Stradling, Chen, HIMAWAN, and Ignatchenko further discloses “The electronic device of claim 3, wherein the electronic device receives at least one invalid root certificate that occurs after a most recent one of the additional root certificate, and wherein the processing electronics are further configured to: determine that the at least one invalid root certificate cannot be authenticated using the most recent additional root certificates” (Ignatchenko: Para. 0055 describes a process where verification may fail (i.e., receiving an invalid root certificate); “and restart the process from the most recent one of the additional root certificates” (Ignatchenko: Para. 0055 describes the failure of the process for verifying root certificates. It is implied that this process is restarted in order to complete the verification of the root certificates). Therefore, based on Stradling in view of Chen, in further view of HIMAWAN, and further in view of Ignatchenko, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teaching of Ignatchenko to the system of Stradling, Chen, and HIMAWAN in order to securely create new root certificates following the compromise of a current root certificate (Ignatchenko, para. 0009). Regarding Claim 13, the combination of Stradling, Chen, HIMAWAN, and Ignatchenko further discloses “The electronic server device of claim 10, wherein the particular Root certificate is a most recent Root certificate held by the client device” (Chen: [0007] describes the receipt of a byte stream of the new root certificate which is then written into the latest block of a blockchain). Therefore, based on Stradling in view of Chen, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teaching of replacing root certificates of Chen to the system of Stradling in order to ensure root certificates are not tampered with by way of replacing them (Chen, [0003]). Regarding Claim 14, the combination of Stradling, Chen, HIMAWAN, and Ignatchenko further discloses “The electronic server device of claim 10, wherein the zero or more Root certificates are sent to the client device, in one or more messages, in response to a same single message from the client device” (Stradling: The Abstract describes how a message identifying one or more root certificates is received and stored in non-volatile storage (i.e., on the client device)). Regarding Claim 16, the combination of Stradling, Chen, HIMAWAN, and Ignatchenko further discloses “A method comprising, by an electronic device having a prior Root certificate stored in memory: in response to receiving, from a server, two or more additional Root certificates: authenticating a first one of the additional Root certificates using the prior Root certificate” (HIMAWAN, Para. 028, each subsequent certificate in the sequence is signed by the CA associated with the previous certificate in the sequence.); “after authenticating the first one of the additional root certificates: according to an ordering of the one or more additional root certificates, sequentially authenticate each one of the additional root certificates other than the first one of the additional root certificates using another one of the additional root certificates already authenticated” (HIMAWAN, Para. 0028) and (HIMAWAN, Para. 0036, each subsequent certificate in the sequence is signed by the CA associated with the previous certificate in the sequence) and (HIMAWAN, Para. 0037, the relying party retrieves a chain of certificates, including cross signed certificates, from a certificate repository); “after authenticating each one of the additional root certificates other than the first one of the additional root certificates: updating, in the memory, the prior root certificate to be a most recent one of the additional root certificates” (Stradling: [0023] describes the updating of a root certificate on a computer, causing a new root certificate (i.e., prior root certificate) to be installed as the new root); “wherein each root certificate in the one or more additional root certificates and the prior root certificate is signed with a private cryptographic key associated with a previous root certificate in the certificate chain”. (HIMAWAN, Para. 0028, root certificate is the top-most certificate of the tree and the private key of CA 204 a is used to “sign” the direct descendant “intermediate” CA certificates in the trust chain. All certificates immediately below the root certificate inherit the trustworthiness of the root certificate. Certificates further down the tree also depend on the trustworthiness of respective intermediate CAs. A trust path is formed from a sequence of certificates starting from a self-signed root CA certificate and ending at certificate holder's certificate. The sequence may include one or more intermediate CA certificates. Each subsequent certificate in the sequence is signed by the CA associated with the previous certificate in the sequence). Therefore, based on Stradling in view of Chen, and in further view of HIMAWAN, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teaching of HIMAWAN to the system of Stradling and Chen in order to enable relying parties receiving information signed with the private key associated with the digital certificate to verify the authenticity and integrity of the information (HIMAWAN, Para. 0003). It is noted that the primary reference Stradling expressly discloses cross-certification between legacy root certificates and newly introduced root certificates, enabling certificate chains that span from a prior root to a subsequent root through cryptographic signing. However, HIMAWAN provides the appropriate support for the claimed requirement that each root certificate in the chain is signed using a private cryptographic key associated with a previous root certificate. Regarding Claim 17¸ the combination of Stradling, Chen, HIMAWAN, and Ignatchenko further discloses “The method of claim 16, further comprising receiving or determining an indication of ordering of the one or more additional Root certificates” (Ignatchenko: Para. 0063 describes how replacement messages, including messages immediately preceding the referenced message, may be used for different purposes); “and wherein said sequentially authenticating is performed according to said ordering” (HIMAWAN, Para. 0028, A trust anchor for a digital certificate is the root CA associated with the digital certificate. For example, the trust anchor in domain 202a is CA 204a. Domain 202a CA topology is configured in the form of a tree structure. A root certificate is the top-most certificate of the tree and the private key of CA 204a is used to "sign" the direct descendant "intermediate" CA certificates in the trust chain. All certificates immediately below the root certificate inherit the trustworthiness of the root certificate. Certificates further down the tree also depend on the trustworthiness of respective intermediate CAs. A trust path is formed from a sequence of certificates starting from a self-signed root CA certificate and ending at certificate holder's certificate. The sequence may include one or more intermediate CA certificates. Each subsequent certificate in the sequence is signed by the CA associated with the previous certificate in the sequence). Therefore, based on Stradling in view of Chen, and in further view of HIMAWAN, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teaching of HIMAWAN to the system of Stradling and Chen in order to enable relying parties receiving information signed with the private key associated with the digital certificate to verify the authenticity and integrity of the information (HIMAWAN, Para. 0003). Regarding Claim 18, the combination of Stradling, Chen, HIMAWAN, and Ignatchenko further discloses “The method of claim 16, further comprising authenticating a server certificate indicative of an identity of the server using the most recent one of the additional Root certificates” (Stradling: Figure 1 shows a process of root certificate issuance to a client computing device, where a chain is started based on the latest root certificate (reference character 12)). Regarding Claim 19, the combination of Stradling, Chen, HIMAWAN, and Ignatchenko further discloses “The method of claim 16, further comprising, prior to receiving the two or more additional Root certificates, sending an indication of the prior Root certificate to the server” (Stradling: Para. 0017 describes how the client computer requests an updated certificate from the server via SSL/TLS handshake. This implies that the computer was already in possession of a root certificate). Claim(s) 10 – 12, 15, and 20 – 21 are rejected under 35 U.S.C. 103 as being unpatentable over Ignatchenko et al (US 2013/0346747 A1), hereinafter Ignatchenko, in view of HIMAWAN et al. (US 2013/0036303 A1), hereinafter HIMAWAN. Regarding Claim 10¸ Ignatchenko discloses “An electronic server device comprising: one or more communication interfaces configured to communicate directly or indirectly with a client device and with a certificate authority; a memory; and processing electronics configured to: store, in the memory, a chain of Root certificates received from the certificate authority, each Root certificates of the chain of root certificates is signed using a private cryptographic key associated with a previous Root certificate in the chain of root certificates according to an ordering of the chain of root certificates” (Figure 1 shows communications with a server and a certificate authority; the Abstract describes non-volatile storage in which certificates are stored. Para. 0031 describes how each certificate authority involved may have a set of root private keys, where each private key is associated with a root certificate. [0043] describes how the message of the certificate is signed by at least two private keys associated with one of the root certificates. [0027] describes “one or more digital certificates, e.g., as may be attached to a received message”, which shows that there is a chain of certificates, as they are attached to the messages in the particular chain); “and in response to the electronic server device receiving, from the client device, at least one message including a message indicating a particular Root certificate: causing electronic the server device to send, to the client device, zero or more Root certificates of the chain of Root certificates” (Para. 0041 describes how the server or CA may transmit a message detailing certificate replacement by root certificates. Para. 0088 describes how multiple replacement messages (i.e., root certificates) may be sent); “wherein, when present, a first Root certificate of the zero or more Root certificates is signed using a private cryptographic key of the particular Root certificate” (Claim 1 describes how the message containing the root certificates is signed by at least two private keys corresponding to the two root certificates); “wherein each Root certificates other than the first Root certificate is signed using a private cryptographic key of a previous root certificate in the chain of root certificates” (Claim 3 describes how the two root certificates used to validate the key signatures are the second and third root certificates stored in the memory), and Ignatchenko does not expressly disclos wherein each root certificate in the one or more additional root certificates and the prior root certificate is signed with a private cryptographic key associated with a previous root certificate in the certificate chain”. However, HIMAWAN teaches wherein each root certificate in the one or more additional root certificates and the prior root certificate is signed with a private cryptographic key associated with a previous root certificate in the certificate chain (HIMAWAN, Para. 0028, A trust anchor for a digital certificate is the root CA associated with the digital certificate. For example, the trust anchor in domain 202a is CA 204a. Domain 202a CA topology is configured in the form of a tree structure. A root certificate is the top-most certificate of the tree and the private key of CA 204a is used to "sign" the direct descendant "intermediate" CA certificates in the trust chain. All certificates immediately below the root certificate inherit the trustworthiness of the root certificate. Certificates further down the tree also depend on the trustworthiness of respective intermediate CAs. A trust path is formed from a sequence of certificates starting from a self-signed root CA certificate and ending at certificate holder's certificate. The sequence may include one or more intermediate CA certificates. Each subsequent certificate in the sequence is signed by the CA associated with the previous certificate in the sequence). Therefore, based on Stradling in view of Chen, and in further view of HIMAWAN, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teaching of HIMAWAN to the system of Stradling and Chen in order to enable relying parties receiving information signed with the private key associated with the digital certificate to verify the authenticity and integrity of the information (HIMAWAN, Para. 0003). Regarding Claim 11, the combination of Ignatchenko and HIMAWAN further discloses “The electronic server device of claim 10, wherein said previous root certificate of the chain of Root certificates is an immediately previous root certificate of the chain of Root certificates according to the ordering” (Ignatchenko: Para. 0063 describes how replacement messages, including messages immediately preceding the referenced message, may be used for different purposes). Regarding Claim 12, the combination of Ignatchenko and HIMAWAN further discloses “The electronic server device of claim 11, wherein: the particular Root certificate is one root certificate of the chain of Root certificates or immediately precedes the chain of Root certificates according to the ordering and the zero or more Root certificates immediately follow the particular Root certificate according to the ordering and are a contiguous subset of the plurality of Root certificates according to the ordering” (Ignatchenko: [0027] describes “one or more digital certificates, e.g., as may be attached to a received message”, which shows that there is a chain of certificates, as they are attached to the messages in the particular chain). Regarding Claim 15, the combination of Ignatchenko and HIMAWAN further discloses “The electronic server device of claim 10, wherein the server implicitly or explicitly indicates, to the client device, the ordering among the zero or more Root certificates in the chain of root certificates” (Ignatchenko: Para. 0073 describes how a particular order may be used with the root certificates). Regarding Claim 20, the combination of Ignatchenko and HIMAWAN further discloses “A method comprising, by an electronic server device: storing, in memory, a chain of root certificates received from a certificate authority, each root certificate of the chain of root certificates signed using a private cryptographic key associated with a previous root certificate of the chain of root certificates according to an ordering of the chain of root certificates” (HIMAWAN, Para. 0028, A trust anchor for a digital certificate is the root CA associated with the digital certificate. For example, the trust anchor in domain 202a is CA 204a. Domain 202a CA topology is configured in the form of a tree structure. A root certificate is the top-most certificate of the tree and the private key of CA 204a is used to "sign" the direct descendant "intermediate" CA certificates in the trust chain. All certificates immediately below the root certificate inherit the trustworthiness of the root certificate. Certificates further down the tree also depend on the trustworthiness of respective intermediate CAs. A trust path is formed from a sequence of certificates starting from a self-signed root CA certificate and ending at certificate holder's certificate. The sequence may include one or more intermediate CA certificates. Each subsequent certificate in the sequence is signed by the CA associated with the previous certificate in the sequence); “and in response to the electronic server device receiving, from a client device, at least one message including a message indicating a particular Root certificate: sending, to the client device, one or more Root certificates of the chain of Root certificates” (Ignatchenko: Para. 0041 describes how the server or CA may transmit a message detailing certificate replacement (i.e., sending to client device root certificates of the chain) by root certificates. Para. 0088 describes how multiple replacement messages (i.e., root certificates) may be sent); “wherein when the one or more root certificates are sent, a first root certificate of the one or more root certificates is signed using a private cryptographic key of the first root certificate, and wherein each subsequent root certificate other than the first root certificate is signed using a private cryptographic key of a previous root certificate in the chain of root certificates” (HIMAWAN, Para. 0028, A trust anchor for a digital certificate is the root CA associated with the digital certificate. For example, the trust anchor in domain 202a is CA 204a. Domain 202a CA topology is configured in the form of a tree structure. A root certificate is the top-most certificate of the tree and the private key of CA 204a is used to "sign" the direct descendant "intermediate" CA certificates in the trust chain. All certificates immediately below the root certificate inherit the trustworthiness of the root certificate. Certificates further down the tree also depend on the trustworthiness of respective intermediate CAs. A trust path is formed from a sequence of certificates starting from a self-signed root CA certificate and ending at certificate holder's certificate. The sequence may include one or more intermediate CA certificates. Each subsequent certificate in the sequence is signed by the CA associated with the previous certificate in the sequence). Regarding Claim 21, the combination of Ignatchenko and HIMAWAN further discloses “The method of claim 20, wherein: said previous root certificate of the chain of Root certificates is an immediately previous one of the chain of Root certificates according to the ordering” (Ignatchenko: Para. 0063 describes how replacement messages, including messages immediately preceding the referenced message, may be used for different purposes. [0027] describes how digital signatures of certificates are attached to each message; the messages form a chain structure, with the digital signatures attached thereto); “the first Root certificate is a most recent Root certificate held by the client device” (HIMAWAN, Para. 0029, the relying party's P-CRL could be issued by the trust anchor, i.e., an entity authorized by the relying party's trust management authority to issue the P-CRL. In a system where the relying party independently manages its own root of trust, each relying party may manually configure and maintain its own P-CRL. For example, in domain 202 c, each of certificate holders 208 d-208 f may manually configure and maintain its own P-CRL); and “the electronic server device implicitly or explicitly indicates, to the client device, the ordering among the one or more Root certificates” (Ignatchenko: Para. 0073 describes how a particular order may be used with the root certificates). Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See PTO-892. Any inquiry concerning this communication or earlier communications from the examiner should be directed to GITA FARAMARZI whose telephone number is (571)272-0248. The examiner can normally be reached Monday- Friday 9:00 am- 6:00 pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge L. Ortiz-Criado can be reached at (571)272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /GITA FARAMARZI/Examiner, Art Unit 2496 /JORGE L ORTIZ CRIADO/Supervisory Patent Examiner, Art Unit 2496
Read full office action

Prosecution Timeline

Dec 28, 2022
Application Filed
Oct 10, 2024
Non-Final Rejection — §103, §112
Feb 24, 2025
Response Filed
May 29, 2025
Final Rejection — §103, §112
Oct 28, 2025
Request for Continued Examination
Nov 02, 2025
Response after Non-Final Action
Jan 26, 2026
Non-Final Rejection — §103, §112 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

18/318,308
Patent 12339997
ENTITY FOCUSED NATURAL LANGUAGE GENERATION
2y 5m to grant Granted Jun 24, 2025
16/519,789
Patent 12316648
Data value classifier
2y 5m to grant Granted May 27, 2025
17/151,384
Patent 12301564
VIRTUAL SESSION ACCESS MANAGEMENT
2y 5m to grant Granted May 13, 2025
17/613,404
Patent 12256022
BLOCKCHAIN TRANSACTION COMPRISING RUNNABLE CODE FOR HASH-BASED VERIFICATION
2y 5m to grant Granted Mar 18, 2025
16/948,762
Patent 12242613
AUTOMATED EVALUATION OF MACHINE LEARNING MODELS
2y 5m to grant Granted Mar 04, 2025
Study what changed to get past this examiner. Based on 5 most recent grants.

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

3-4
Expected OA Rounds
53%
Grant Probability
75%
With Interview (+21.5%)
3y 4m
Median Time to Grant
High
PTA Risk
Based on 75 resolved cases by this examiner. Grant probability derived from career allow rate.

Ready to respond to this office action?

IP Author drafts your complete OA response — amendments, arguments, and claim strategy — in minutes, not days.

Start Drafting Your Response →

Data sourced from USPTO Patent File Wrapper (daily) and Office Action Archive (weekly). Analysis generated by IP Author.

Data: USPTO Patent File Wrapper (daily) • Office Action Archive (weekly) • 89M+ prosecution events

© 2026 IP Author — Browse Office ActionsExaminersCompaniesFirms

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month