Office Action Predictor
Last updated: April 15, 2026
Application No. 18/255,365

CERTIFICATE MANAGEMENT MICROSERVICE

Final Rejection §103
Filed
Jun 01, 2023
Examiner
KATSIKIS, KOSTAS J
Art Unit
2441
Tech Center
2400 — Computer Networks
Assignee
Rakuten Symphony, INC.
OA Round
2 (Final)
81%
Grant Probability
Favorable
3-4
OA Rounds
2y 8m
To Grant
99%
With Interview

Examiner Intelligence

Grants 81% — above average
81%
Career Allow Rate
613 granted / 758 resolved
+22.9% vs TC avg
Strong +29% interview lift
Without
With
+28.9%
Interview Lift
resolved cases with interview
Typical timeline
2y 8m
Avg Prosecution
8 currently pending
Career history
766
Total Applications
across all art units

Statute-Specific Performance

§101
14.2%
-25.8% vs TC avg
§103
43.1%
+3.1% vs TC avg
§102
14.2%
-25.8% vs TC avg
§112
16.4%
-23.6% vs TC avg
Black line = Tech Center average estimate • Based on career data from 758 resolved cases

Office Action

§103
DETAILED ACTION 1. The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 2. This communication is in response to the Amendment filed on August 27, 2025, in which claims 1-5, 11-18 and 20 have been amended. Accordingly, claims 1-20 remain pending for examination. Status of Claims 3. Claims 1-20 are pending, all of which are rejected under 35 U.S.C. 103. Information Disclosure Statement 4. The information disclosure statement, filed on September 1, 2025 is in compliance with the provisions of 37 CFR 1.97, 1.98 and MPEP § 609. It has been placed in the application file, and the information referred to therein has been considered as to the merits. Claim Rejections - 35 USC § 103 5. In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. 6. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. 7. This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention. 8. Claims 1, 2, 4, 8, 9, 11, 12, 18 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over YAN et al. (Chinese Patent Application Publication No. CN 111066284 A), hereinafter “YAN” in view of POURZANDI (United States Patent Application Publication No. US 20240275775 A1), hereinafter “POURZANDI”. Examiner relies on translation of the above foreign document, as provided by Applicant in the IDS filed 08/04/2023. Regarding claim 1, YAN discloses a method comprising: receiving a configuration instruction at a certificate management microservice of a cloud-native network function (CNF) (wherein a first application applies for a service certificate (configuration instruction) at a certificate trusted application (certificate management microservice)) (YAN, paragraphs [0009] and [0153]); in response to the configuration instruction, initializing the certificate management microservice, wherein the initializing the certificate management microservice comprises writing a certificate comprising a certificate key to a secure storage element (wherein YAN further teaches writing a service certificate and a private key and storing them in a secure memory of a TEE) (YAN, paragraphs [0077], [0079] and [0080]); receiving, at the certificate management microservice, a service request from an other microservice of the CNF (wherein YAN further teaches generating (receiving) a private key use request of a second application) (YAN, paragraph [0165]); and in response to the service request, sending certificate information to the other microservice, wherein the certificate information is configured to be usable by the other microservice to read the certificate key from the secure storage element (wherein the private key use request of the second application carries an index of the first private key and an application identifier (certificate information); the second application is allowed to use the first private key in the secure memory in the TEE, which of course, has a secure memory) (YAN, paragraphs [0077] and [0165]). YAN does not explicitly disclose wherein the CNF is configured as a virtualized network component comprising a plurality of microservices including the certificate management microservice; in response to the configuration instruction, initializing the certificate management microservice of the plurality of microservices; receiving, at the certificate management microservice, a service request from an other microservice of the plurality of microservices of the CNF; and in response to the service request, sending certificate information to the other microservice of the plurality of microservices. However in an analogous art, POURZANDI discloses wherein a CNF is configured as a virtualized network component comprising a plurality of microservices including a certificate management microservice (wherein a certificate issuing task for different VNF components (e.g., including a plurality of microservices) is delegated/outsourced from an external certification authority (CA) 58, and in particular, a need for the CA 58 to issue many certificates in a very short period of time (e.g., microservices in a cloud native approach). Hence, the certificate issuing task for the different VNF components/plurality of microservices is delegated/outsourced from the external CA 58 to a certificate manager/proxy certificate generator (PCG) 64 by issuing proxy certificates, in order to avoid a bottleneck at the CA 58 when there is a need to create many certificates in a short period of time to launch many additional microservices) (POURZANDI, FIGS. 10-12, paragraphs [0175]-[0176]); in response to a configuration instruction, initializing the certificate management microservice of the plurality of microservices (wherein the PCG 64, which may be logically part of or separate from the certificate manager (CertM), is generated and configured per tenant for better functionality and isolation between different tenants. More particularly, a ProxyManager (e.g., management node 16 - See again, FIGS. 10-12) may manage the lifecycle of PCG 64 components. Once ProxyManager receives a request with origin_cert, a service type A and a tenant identifier, the ProxyManager verifies whether a PCG 64 is already created for this tenant. If not, the ProxyManager creates a new PCG 64 associated with the tenant ID and service type A and returns, to the tenant, identification about the created PCG 64. The tenant then communicates securely with the PCG 64 according to the specification in RFC 3820, in order to set up the PCG 64 that can generate Proxy Certificates from an origin certificate. Finally, once this is performed, the tenant 60 informs the Virtualized Infrastructure Management (VIM) through the VNFM about the configured PCG 64 so that it will be used once a network service is created with this service type) (POURZANDI, FIGS. 10-12, paragraphs [0051]-[0052] and [0168]); receiving, at the certificate management microservice, a service request from an other microservice of the plurality of microservices of the CNF (wherein the PCG 64 is called by Certificate Manager (CertM) each time a new VNF instance of type ServiceA is created to issue a proxy certificate for this instance. As well, a VNFC may request the proxy certificate directly from PCG or CertM using a secure authenticated connection. See also FIG. 10, particularly at 7a., illustrating that the VNFC1 instance requests PCG 64 to provide it with a proxy certificate for service type A (RequestCert(ServiceA))) (POURZANDI, paragraphs [0020], [0099] and [0116]); and in response to the service request, sending certificate information to the other microservice of the plurality of microservices (wherein after issuing the proxy certificates from origin_cert, the PCG 64 pushes origin_cert’s public key, PubOrigin_Cert with the proxy certificates to the VNFCs. See also FIG. 10, particularly at 9a., illustrating that the proxy_origin_cert1 and public key of origin_Cert (i.e., PubCertOrigin) are returned to VNFC1 (Proxy_Origin_Cert1, PubCertOrigin_cert)) (POURZANDI, paragraphs [0101] and [0118]). YAN and POURZANDI are analogous art because they are from the same field of endeavor, namely, certificate management methods in public key infrastructures. Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of YAN and POURZANDI before him or her, to modify the certificate management method of YAN to include the additional limitations of wherein a CNF is configured as a virtualized network component comprising a plurality of microservices including a certificate management microservice; in response to a configuration instruction, initializing the certificate management microservice of the plurality of microservices; receiving, at the certificate management microservice, a service request from an other microservice of the plurality of microservices of the CNF; and in response to the service request, sending certificate information to the other microservice of the plurality of microservices, as disclosed in POURZANDI, with reasonable expectation that this would result in an improved certificate management method having the added benefit of the ability to scale enormous amounts of microservices at a finer granular level and afford a much more flexible approach to issuing certificates, particularly by providing multiple proxy certificates for the same ID, i.e., VNF type, and which automated certificate monitoring and improved life cycle management for Network Function Virtualization environments, while also providing better functionality and isolation between different tenants (See POURZANDI, paragraphs [0016]-[0017], [0046] and [0052]). This method of improving the certificate management method of YAN was well within the ordinary ability of one of ordinary skill in the art based on the teachings of POURZANDI. Therefore, it would have been obvious to one having ordinary skill in the art to combine the teachings of YAN with POURZANDI to obtain the invention as specified in claim 1. Claim 11 includes a “method” that performs limitations substantially as recited in “method” claim 1 (albeit from the perspective of an active microservice of a cloud-native network function (CNF)), and does not appear to contain any additional features with regard to novelty and/or nonobviousness; therefore, it is rejected under the same rationale. In addition, claim 20 is directed to a “computer-readable medium including instructions executable by a controller of a network device to cause the controller to perform operations” substantially as recited in “method” claim 1, and does not appear to contain any additional features with regard to novelty and/or nonobviousness; therefore, as YAN discloses such a “computer-readable medium” (wherein a computer-readable storage medium is disclosed for causing a computer to execute the service certificate management method) (YAN, paragraph [0058]), claim 20 rejected under the same rationale. Regarding claim 2, YAN-POURZANDI discloses the method of claim 1, wherein the initializing the certificate management microservice of the plurality of microservices further comprises integrating the certificate management microservice to the secure storage element comprising a secure vault or a persistent volume (wherein again, the certificate trusted application is executed in the TEE comprising the secure memory) (YAN, paragraphs [0077] and [0165]). The motivation regarding the obviousness of claim 1 is also applied to claim 2. Regarding claim 4, YAN-POURZANDI discloses the method of claim 1, wherein the initializing the certificate management microservice of the plurality of microservices further comprises instantiating the certificate manager based on a set of parameters comprising authentication parameters (wherein an account server performs login authentication on a user name and password (parameters) on the application and verifies a certificate issuance request) (YAN, paragraphs [0078], [0081] and [0141]). The motivation regarding the obviousness of claim 1 is also applied to claim 4. Regarding claim 8, YAN-POURZANDI discloses the method of claim 1, wherein the writing the certificate comprising the certificate key to the secure storage element comprises writing an operator-signed certificate to the secure storage element (wherein again, YAN teaches writing the signed service certificate and storing in the secure memory in a TEE) (YAN, paragraphs [0055], [0077], [0079] and [0080]). The motivation regarding the obviousness of claim 1 is also applied to claim 8. Regarding claim 9, YAN-POURZANDI discloses the method of claim 1, wherein the writing the certificate comprising the certificate key to the secure storage element comprises writing a default certificate to the secure storage element (wherein YAN further teaches writing the signed target service certificate of an application where a second and third application are allowed to use the target certificate(default), and storing in the secure memory in a TEE) (YAN, paragraphs [0017], [0018], [0055], [0077], [0079] and [0080]). The motivation regarding the obviousness of claim 1 is also applied to claim 9. Regarding claim 12, YAN-POURZANDI discloses the method of claim 11, further comprising: pushing a configuration message to the certificate management microservice (wherein again, a first application applies for a service certificate (configuration instruction) at a certificate trusted application (certificate management microservice)) (YAN, paragraphs [0009] and [0153]); microservice of the plurality of microservices and in response to receiving the configuration message, instantiating the certificate management microservice of the plurality of microservices, wherein the instantiating the certificate management microservice comprises writing a certificate comprising the certificate key to the secure storage element (wherein as above, YAN further teaches writing a service certificate and a private key and storing them in a secure memory of a TEE) (YAN, paragraphs [0077], [0079] and [0080]). The motivation regarding the obviousness of claim 1 is also applied to claim 12. Regarding claim 18, YAN-POURZANDI discloses the method of claim 11, wherein the active microservice is a first active microservice of the plurality of active microservices of the CNF (at least impliedly, as YAN discloses second and third applications) (YAN, paragraph [0044]), and the method further comprises: sending additional certificate information from the certificate management microservice of the plurality of microservices to a second active microservice of the plurality of active microservices (wherein again, a private key use request of the second application carries an index of the first private key and an application identifier (certificate information) (YAN, paragraph [0165]); and based on the additional certificate information, using the second active microservice of the plurality of microservices to read another certificate key from the secure storage element (wherein again, the second application is allowed to use (read) the first private key in the secure memory in the TEE) (YAN, paragraph [0077]). The motivation regarding the obviousness of claim 1 is also applied to claim 18. 9. Claims 3, 10 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over YAN-POURZANDI in view of MAHAJAN et al. (United States Patent Application Publication No. US 2021/0377054 A1), hereinafter “MAHAJAN”. As to claim 3, YAN-POURZANDI discloses the method of claim 1, but does not explicitly disclose wherein the initializing the certificate management microservice of the plurality of microservices further comprises setting a certificate enrolment protocol. However in an analogous art, MAHAJAN discloses wherein initializing a certificate management microservice of a plurality of microservices further comprises setting a certificate enrolment protocol (wherein MAHAJAN teaches that virtual network functions may allow a structure of a network to be modified in response to current network conditions. In particular, a network function orchestrator instantiates a virtual network function (microservice) including identifying a protocol such as simple certificate enrollment protocol (SCEP)) (MAHAJAN, paragraphs [0016], [0020] and [0053]). YAN-POURZANDI and MAHAJAN are analogous art because they are from the same field of endeavor, namely, certificate management methods in public key infrastructures. Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of YAN-POURZANDI and MAHAJAN before him or her, to modify the certificate management method of YAN-POURZANDI to include the additional limitation of wherein initializing a certificate management microservice of a plurality of microservices further comprises setting a certificate enrolment protocol, as disclosed in MAHAJAN, with reasonable expectation that this would result in an improved certificate management method having the added benefit of an open-source protocol that facilitated automated certificate issuance for various devices. This method of improving the certificate management method of YAN-POURZANDI was well within the ordinary ability of one of ordinary skill in the art based on the teachings of MAHAJAN. Therefore, it would have been obvious to one having ordinary skill in the art to combine the teachings of YAN-POURZANDI with MAHAJAN to obtain the invention as specified in claim 3. Regarding claim 10, YAN-POURZANDI-MAHAJAN discloses the method of claim 1, wherein the CNF comprises one of a centralized unit (CU) CNF or a distributed unit (DU) CNF of a radio access network (RAN) (wherein a device 400 (DU) (See FIG. 4) comprises a network function orchestrator 210 and a certificate manager 220 (CNF) (See also FIG. 2) of a RAN 250) (MAHAJAN, FIGS. 2 and 4, paragraphs [0027] and [0085]). As discussed and shown above, YAN-POURZANDI and MAHAJAN are analogous art because they are from the same field of endeavor, namely, certificate management methods in public key infrastructures. Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of YAN-POURZANDI and MAHAJAN before him or her, to modify the certificate management method of YAN-POURZANDI to include the additional limitation of wherein the CNF comprises one of a centralized unit (CU) CNF or a distributed unit (DU) CNF of a radio access network (RAN), as disclosed in MAHAJAN, with reasonable expectation that this would result in an improved certificate management method having the added benefit of facilitating communication in a RAN (See MAHAJAN, Abstract). This method of improving the certificate management method of YAN-POURZANDI was well within the ordinary ability of one of ordinary skill in the art based on the teachings of MAHAJAN. Therefore, it would have been obvious to one having ordinary skill in the art to combine the teachings of YAN-POURZANDI with MAHAJAN to obtain the invention as specified in claim 10. Regarding claim 17, YAN-POURZANDI-MAHAJAN discloses the method of claim 11, wherein the using the active microservice of the plurality of microservices to read the certificate key comprises reading the certificate key corresponding to a certificate profile based on a 3GPP or open radio access network (O-RAN) specification (wherein the certificate manager generates a certificate profile comprising the private key, for the network function NF-1 (active microservice) of a node B in a RAN (3GPP)) (MAHAJAN, paragraphs [0054] and [0070]). Again, YAN-POURZANDI and MAHAJAN are analogous art because they are from the same field of endeavor, namely, certificate management methods in public key infrastructures. Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of YAN-POURZANDI and MAHAJAN before him or her, to modify the certificate management method of YAN-POURZANDI to include the additional limitation of wherein the using the active microservice of the plurality of microservices to read the certificate key comprises reading the certificate key corresponding to a certificate profile based on a 3GPP or open radio access network (O-RAN) specification, as disclosed in MAHAJAN, with reasonable expectation that this would result in an improved certificate management method having the added benefit of facilitating communication in a RAN (See MAHAJAN, Abstract). This method of improving the certificate management method of YAN-POURZANDI was well within the ordinary ability of one of ordinary skill in the art based on the teachings of MAHAJAN. Therefore, it would have been obvious to one having ordinary skill in the art to combine the teachings of YAN-POURZANDI with MAHAJAN to obtain the invention as specified in claim 17. 10. Claims 5, 6 and 13-16 are rejected under 35 U.S.C. 103 as being unpatentable over YAN-POURZANDI in view of Rezvani et al. (United States Patent Application Publication No. US 2020/0021575 A1), hereinafter “Rezvani”. Regarding claim 5, YAN-POURZANDI discloses the method of claim 4, but does not expressly disclose wherein the initializing the certificate management microservice of the plurality of microservices further comprises: performing an enrolment procedure on the certificate with a certification authority based on the set of parameters; and starting a renewal timer corresponding to the performing the enrolment procedure on the certificate. However in an analogous art, Rezvani discloses performing an enrolment procedure on the certificate with a certification authority based on the set of parameters (See in particular, FIG. 2, which illustrates an enrollment procedure of the certificate in a SCEP server connected to a certificate authority based on challenge passwords (parameters),CA) (Rezvani, FIG. 2, paragraphs [0054] and [0055]); and starting a renewal timer corresponding to the performing the enrolment procedure on the certificate (wherein a predetermined threshold time is the criterion for renewing the certificate) (Rezvani, paragraph [0065]). YAN-POURZANDI and Rezvani are analogous art because they are from the same field of endeavor, namely, certificate management methods. Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of YAN-POURZANDI and Rezvani before him or her, to modify the certificate management method of YAN-POURZANDI to include the additional limitations of performing an enrolment procedure on the certificate with a certification authority based on the set of parameters; and starting a renewal timer corresponding to the performing the enrolment procedure on the certificate, as disclosed in Rezvani, with reasonable expectation that this would result in an improved certificate management method having the added benefit of improving the management of security certificates for enterprise scale network-based devices (See Rezvani, paragraph [0006]). This method of improving the certificate management method of YAN-POURZANDI was well within the ordinary ability of one of ordinary skill in the art based on the teachings of Rezvani. Therefore, it would have been obvious to one having ordinary skill in the art to combine the teachings of YAN-POURZANDI with Rezvani to obtain the invention as specified in claim 5. Regarding claim 6, YAN-POURZANDI-Rezvani discloses the method of claim 5, further comprising: detecting that an elapsed time of the renewal timer exceeds a renewal threshold (wherein Rezvani further teaches automatically checking the validity of the certificate expiration, as the process automatically manages the check for validity and renewal with a buffer so that the end devices 50 retain their validity without the security status expiring) (Rezvani, paragraph [0065]); and in response the detecting that the elapsed time exceeds the renewal threshold: sending an enrolment renewal request to the certification authority (wherein in block 345, the NDM 30 sends an enrollment for reviewing the device certificate with the SCEP server 40) (Rezvani, FIG. 4, paragraph [0066]); and sending a renewal notification to a user of the CNF (wherein in block 360, the NDM assigning the renewal certificate to the device (user)) (Rezvani, FIG. 4, paragraph [0067]). As discussed and shown above, YAN-POURZANDI and Rezvani are analogous art because they are from the same field of endeavor, namely, certificate management methods. Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of YAN-POURZANDI and Rezvani before him or her, to modify the certificate management method of YAN-POURZANDI to include the additional limitations of detecting that an elapsed time of the renewal timer exceeds a renewal threshold; and in response the detecting that the elapsed time exceeds the renewal threshold: sending an enrolment renewal request to the certification authority; and sending a renewal notification to a user of the CNF, as disclosed in Rezvani, with reasonable expectation that this would result in an improved certificate management method having the added benefit of improving the management of security certificates for enterprise scale network-based devices (See Rezvani, paragraph [0006]). This method of improving the certificate management method of YAN-POURZANDI was well within the ordinary ability of one of ordinary skill in the art based on the teachings of Rezvani. Therefore, it would have been obvious to one having ordinary skill in the art to combine the teachings of YAN-POURZANDI with Rezvani to obtain the invention as specified in claim 6. Regarding claim 13, YAN-POURZANDI-Rezvani discloses the method of claim 12. YAN-POURZANDI further discloses one or more identifiers corresponding to a certification authority (CA) (wherein the certificate application request includes an application identifier used for verifying a service certificate application authority) (YAN, paragraph [0026]). YAN-POURZANDI does not expressly disclose, but Rezvani discloses wherein the pushing the configuration message to the certificate management microservice of the plurality of microservices comprises pushing the configuration message comprising a set of configuration parameters comprising: a certificate enrolment protocol (wherein FIG. 2 shows an enrollment procedure of the certificate in a SCEP (enrolment protocol) server connected to a certificate authority, a network device manager NDM 30 gets a root certificate from the SCEP server (certificate management microservice), in block 135, challenge passwords (configuration parameters) are generated) (Rezvani, FIG. 2, paragraphs [0054]-[0056). Again, YAN-POURZANDI and Rezvani are analogous art because they are from the same field of endeavor, namely, certificate management methods. Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of YAN-POURZANDI and Rezvani before him or her, to modify the certificate management method of YAN-POURZANDI to include the additional limitations of wherein the pushing the configuration message to the certificate management microservice of the plurality of microservices comprises pushing the configuration message comprising a set of configuration parameters comprising: a certificate enrolment protocol, as disclosed in Rezvani, with reasonable expectation that this would result in an improved certificate management method having the added benefit of improving the management of security certificates for enterprise scale network-based devices (See Rezvani, paragraph [0006]). This method of improving the certificate management method of YAN-POURZANDI was well within the ordinary ability of one of ordinary skill in the art based on the teachings of Rezvani. Therefore, it would have been obvious to one having ordinary skill in the art to combine the teachings of YAN-POURZANDI with Rezvani to obtain the invention as specified in claim 13. Regarding claim 14, YAN-POURZANDI-Rezvani discloses the method of claim 13. YAN-POURZANDI further discloses one or more identifiers corresponding to a certification authority (CA) (wherein the certificate application request includes an application identifier used for verifying a service certificate application authority) (YAN, paragraph [0026]). YAN-POURZANDI does not expressly disclose, but Rezvani discloses further comprising: based on one or more identifiers, sending an enrolment request from the certificate management microservice of the plurality of microservices to the CA (wherein the reader may jump to block 235 where the network administrator may use a bash script, web UI or, any other flexible method to generate one challenge password on the SCEP server side. In block 240, the network administrator inputs the previously generated challenge password to the NDM 30. In block 245, using the same challenge password input by the administrator, the NDM 30 may make the request in block 247 to enroll an end device 50 with the SCEP server 40) (Rezvani, FIG. 3, paragraph [0059]), wherein the enrolment request corresponds to the certificate enrolment protocol (wherein the SCEP server is an enrollment protocol server) (Rezvani, paragraph [0007]). Again, YAN-POURZANDI and Rezvani are analogous art because they are from the same field of endeavor, namely, certificate management methods. Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of YAN-POURZANDI and Rezvani before him or her, to modify the certificate management method of YAN-POURZANDI to include the additional limitation of based on one or more identifiers, sending an enrolment request from the certificate management microservice of the plurality of microservices to the CA, wherein the enrolment request corresponds to the certificate enrolment protocol, as disclosed in Rezvani, with reasonable expectation that this would result in an improved certificate management method having the added benefit of improving the management of security certificates for enterprise scale network-based devices (See Rezvani, paragraph [0006]). This method of improving the certificate management method of YAN-POURZANDI was well within the ordinary ability of one of ordinary skill in the art based on the teachings of Rezvani. Therefore, it would have been obvious to one having ordinary skill in the art to combine the teachings of YAN-POURZANDI with Rezvani to obtain the invention as specified in claim 14. Regarding claim 15, YAN-POURZANDI-Rezvani discloses the method of claim 14, further comprising: using the certificate management microservice of the plurality of microservices to detect an elapsed time greater than a renewal threshold of the certificate (wherein the NDM process automatically manages the check for validity and whether a device has lost its validity based on the threshold time for renewal) (Rezvani, paragraph [0065]); and in response to the detecting the elapsed time greater than the renewal threshold, sending an enrolment renewal request from the certificate management microservice to the CA (wherein in block 345, the NDM 30 sends an enrollment for reviewing the device certificate with the SCEP server 40) (Rezvani, FIG. 4, paragraph [0066]). Again, YAN-POURZANDI and Rezvani are analogous art because they are from the same field of endeavor, namely, certificate management methods. Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of YAN-POURZANDI and Rezvani before him or her, to modify the certificate management method of YAN-POURZANDI to include the additional limitations of using the certificate management microservice of the plurality of microservices to detect an elapsed time greater than a renewal threshold of the certificate; and in response to the detecting the elapsed time greater than the renewal threshold, sending an enrolment renewal request from the certificate management microservice to the CA, as disclosed in Rezvani, with reasonable expectation that this would result in an improved certificate management method having the added benefit of improving the management of security certificates for enterprise scale network-based devices (See Rezvani, paragraph [0006]). This method of improving the certificate management method of YAN-POURZANDI was well within the ordinary ability of one of ordinary skill in the art based on the teachings of Rezvani. Therefore, it would have been obvious to one having ordinary skill in the art to combine the teachings of YAN-POURZANDI with Rezvani to obtain the invention as specified in claim 15. Regarding claim 16, YAN-POURZANDI-Rezvani discloses the method of claim 15, wherein the sending the enrolment renewal request from the certificate management microservice of the plurality of microservices to the CA comprises sending an initial enrolment renewal request (wherein as above, in block 345, the NDM 30 sends an enrollment for reviewing the device certificate with the SCEP server 40) (Rezvani, FIG. 4, paragraph [0066]), and the method further comprises periodically sending subsequent enrolment renewal requests from the certificate management microservice to the CA (wherein FIG. 4 shows the renewal request process is performed in a loop once per day (periodically)) (Rezvani, FIG. 4, paragraph [0061]). Again, YAN-POURZANDI and Rezvani are analogous art because they are from the same field of endeavor, namely, certificate management methods. Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of YAN-POURZANDI and Rezvani before him or her, to modify the certificate management method of YAN-POURZANDI to include the additional limitations of wherein the sending the enrolment renewal request from the certificate management microservice of the plurality of microservices to the CA comprises sending an initial enrolment renewal request, and the method further comprises periodically sending subsequent enrolment renewal requests from the certificate management microservice to the CA, as disclosed in Rezvani, with reasonable expectation that this would result in an improved certificate management method having the added benefit of improving the management of security certificates for enterprise scale network-based devices (See Rezvani, paragraph [0006]). This method of improving the certificate management method of YAN-POURZANDI was well within the ordinary ability of one of ordinary skill in the art based on the teachings of Rezvani. Therefore, it would have been obvious to one having ordinary skill in the art to combine the teachings of YAN-POURZANDI with Rezvani to obtain the invention as specified in claim 16. 11. Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over YAN-POURZANDI in view of Thornton et al. (United States Patent Application Publication No. US 2005/0071630 A1), hereinafter “Thornton”. As to claim 7, YAN-POURZANDI discloses the method of claim 6, but does not expressly disclose further comprising, based on a failure of the enrolment renewal request: sending a second enrolment renewal request to the certification authority; and sending a failure notification to the user of the CNF. However in an analogous art, Thornton discloses based on a failure of an enrolment renewal request: sending a second enrolment renewal request to a certification authority (at least impliedly, as Thornton teaches that [multiple] administrators may be notified in case of a certificate signing/processing failure, with several different error codes shown in Appendix A. This implies, e.g., if a CSR fails, a subsequent CSR may be submitted upon an administrator being given the chance to correct the error) (Thornton, paragraphs [0120] and [0133], Appendix A); and sending a failure notification to the user of a CNF (again, notifying the administrators of failures (See in particular the alerts log of FIG. 33 (which is empty), as well as error codes shown in Appendix A). Thornton also discloses an error log shown in FIG. 32) (Thornton, FIGS. 32 and 33, paragraphs [0120], [0133] and [0168], Appendix A). YAN-POURZANDI is analogous art because YAN-POURZANDI is from the same field of endeavor, namely, certificate management methods in public key infrastructures, while Thornton is analogous art, because Thornton is reasonably pertinent to the particular problem with which the inventor was concerned, as Thornton discloses a number of systems and methods useful in environments of certificate management (See Thornton, paragraph [0078]). Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of YAN-POURZANDI and Thornton before him or her, to modify the certificate management method of YAN-POURZANDI to include the additional limitations of based on a failure of the enrolment renewal request: sending a second enrolment renewal request to the certification authority; and sending a failure notification to the user of the CNF, as disclosed in Thornton, with reasonable expectation that this would result in an improved certificate management method having the added benefit of alerting administrators to the issues arising from a failed certificate renewal procedure, thereby ensuring that certificates were properly renewed and minimizing the risk of downtime and loss of income or services to clients or customers (See Thornton, paragraph [0077]). This method of improving the certificate management method of YAN-POURZANDI was well within the ordinary ability of one of ordinary skill in the art based on the teachings of Thornton. Therefore, it would have been obvious to one having ordinary skill in the art to combine the teachings of YAN-POURZANDI with Thornton to obtain the invention as specified in claim 7. 12. Claim 19 is rejected under 35 U.S.C. 103 as being unpatentable over YAN-POURZANDI in view of Carney Landow et al. (United States Patent Application Publication No. US 2022/0060520 A1), hereinafter “Carney Landow”. As to claim 19, YAN-POURZANDI discloses the method of claim 11, but does not expressly disclose wherein the cloud network comprises an open radio access network (O-RAN). However in an analogous art, Carney Landow discloses wherein a cloud network comprises an open radio access network (O-RAN) (wherein Carney Landow discloses an authentication service 220 and a certificate authority 265 in an O-RAN 100) (Carney Landow, FIGS. 1 and 2, paragraphs [0025] and [0036]). YAN-POURZANDI is analogous art because YAN-POURZANDI is from the same field of endeavor, namely, certificate management methods in public key infrastructures, while Carney Landow is analogous art, because Carney Landow is reasonably pertinent to the particular problem with which the inventor was concerned, as Carney Landow discloses a certificate authority system distinct from a 5G cellular network, the certificate authority system being configured to calculate a reputation score using a SIP identity header (See Carney Landow, paragraphs [0006] and [0036]). Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of YAN-POURZANDI and Carney Landow before him or her, to modify the certificate management method of YAN-POURZANDI to include the additional limitation of wherein a cloud network comprises an open radio access network (O-RAN), as disclosed in Carney Landow, with reasonable expectation that this would result in an improved certificate management method having the added benefit of providing authenticated caller information for voicemail in an O-RAN (See Carney Landow, paragraph [0003]). This method of improving the certificate management method of YAN-POURZANDI was well within the ordinary ability of one of ordinary skill in the art based on the teachings of Carney Landow. Therefore, it would have been obvious to one having ordinary skill in the art to combine the teachings of YAN-POURZANDI with Carney Landow to obtain the invention as specified in claim 19. Response to Arguments 13. Applicant’s arguments, see page 7, filed August 27, 2025, with respect to Rejection of Claim 20 under 35 U.S.C. 101 have been fully considered and are persuasive. The Rejection of Claim 20 under 35 U.S.C. 101, as set forth in the previous Office action, has been withdrawn. 14. Applicant’s arguments with respect to claims 1, 2, 4, 8, 9, 11, 12, 18 and 20 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument. Conclusion 15. Applicant’s arguments, as well as request for reconsideration, filed August 27, 2025, have been fully considered, but they are moot in view of new ground(s) of rejection. 16. Further references of interest are cited on Form PTO-892, which is an attachment to this Office Action. For instance, Sood (USPAT 12,425,380) discloses methods, systems, and use cases for securely managing, generating, and controlling access to keys in a service mesh. In various examples, key protection operations include service mesh signing key protection and service mesh communication key protection, for a secure transport session between services such as conducted with mutual transport layer security (mTLS). For instance, such key protection operations may be used to establish communications between the service host and another entity within the service mesh, in a secure transport session, based on use of a private key (secured using a confidential computing technology) in a secure enclave or other secure compute environment to sign one or more keys for the secure transport session (See Abstract). 17. Applicant’s amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 18. Any inquiry concerning this communication or earlier communications from the examiner should be directed to KOSTAS J. KATSIKIS whose telephone number is (571)270-5434. The examiner can normally be reached Monday-Friday, 9:00am-5:00pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Wing F. Chan can be reached at 571-272-7493. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /KOSTAS J KATSIKIS/Primary Examiner, Art Unit 2441
Read full office action

Prosecution Timeline

Jun 01, 2023
Application Filed
May 23, 2025
Non-Final Rejection — §103
Aug 27, 2025
Response Filed
Sep 27, 2025
Final Rejection — §103
Apr 04, 2026
Response after Non-Final Action

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12596780
TECHNIQUES TO PERFORM DYNAMIC CALL CENTER AUTHENTICATION UTILIZING A CONTACTLESS CARD
2y 5m to grant Granted Apr 07, 2026
Patent 12592840
BLOCKCHAIN-BASED DATA PROCESSING METHOD, DEVICE, AND READABLE STORAGE MEDIUM
2y 5m to grant Granted Mar 31, 2026
Patent 12566624
COMMUNICATION BETWEEN CONTROL PLANES IN A VIRTUALIZED COMPUTING SYSTEM HAVING AN AUTONOMOUS CLUSTER
2y 5m to grant Granted Mar 03, 2026
Patent 12568112
DISTRIBUTED DENIAL OF SERVICE (DDOS) BASED ACCELERATED SOLUTION
2y 5m to grant Granted Mar 03, 2026
Patent 12563051
Assistance method for managing a cyber attack, and device and system thereof
2y 5m to grant Granted Feb 24, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

3-4
Expected OA Rounds
81%
Grant Probability
99%
With Interview (+28.9%)
2y 8m
Median Time to Grant
Moderate
PTA Risk
Based on 758 resolved cases by this examiner. Grant probability derived from career allow rate.

Sign in for Full Analysis

Enter your email to receive a magic link. No password needed.

Free tier: 3 strategy analyses per month