DETERMINISTIC ENFORCEMENT OF DIGITAL CERTIFICATE AMENDMENTS

§102 §103

Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . DETAILED ACTION Claim Rejections - 35 USC § 102 The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention. Claims 1-4, 6, 10-14, and 17-18 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Young (US 20220129525 A1 hereafter referred to as “Young”. Regarding to claim 1: Young discloses An apparatus comprising: at least one processing device comprising a processor coupled to a memory (Fig. 5 [0030] The computing device may include one or more processors, memory (e.g., random access memory); the at least one processing device being configured to perform steps of ([0030] The computing device may include instructions, stored on the persistent storage, that when executed by the processor(s) of the computing device cause the computing device to perform the functionality): receiving a hash value for a digital certificate and an amendment for a portion of the digital certificate ([0084] inputs hashed data (e.g., hashed license data) and a private key (e.g., a legacy management controller private key or a non-legacy management controller private key) and may equal a signature generated using an encryption algorithm that inputs hashed data (e.g., hashed license data) and a public key (e.g., a legacy management controller public key or a non-legacy management controller public key) [0021] licenses may include digital signatures associated with a device's private certificate. Embedded firmware in the device verifies a license is valid by verifying that the digital signature, which was created using the private certificate associated with the device, matches a public certificate that is stored in the firmware of the device. [0022] Public certificates of a device may include a public key and private certificates may include a private key that is paired with the public key … Public and private key pairs are changed and updated across devices and device generations); determining whether the hash value corresponds to a last version of the digital certificate on the at least one processing device ([0084] inputs hashed data (e.g., hashed license data) and a private key [0021] Embedded firmware in the device verifies a license is valid by verifying that the digital signature, which was created using the private certificate associated with the device, matches a public certificate that is stored in the firmware of the device. If the signature on the license does not match the stored public key of the public certificate, the device invalidates the license and fails the license installation. Note: public certificate that is currently stored in the firmware is a last version); and incorporating the amendment into a new version of the digital certificate in response to determining that the hash value corresponds to the last version of the digital certificate on the at least one processing device ([0022-0023] Public and private key pairs are changed and updated across devices and device generations … licenses that are installed across multiple devices and device generations must create a unique license that is valid for each unique key pair associated with a device on which they are installed. [0027] Upon receiving a license installation request and a license, a management controller may determine whether the license is associated with a public key included in the public certificate … If a match is found, non-legacy management controller may validate and install the license. If a match is not found, the non-legacy management controller may invalidate the license and fail the installation of the license. Note: install the license with updated/changed public/private keys is incorporating the amendment) Regarding to claim 2: Young discloses The apparatus of claim 1 wherein the at least one processing device is further configured to perform steps of: determining that the hash value fails to correspond to the last version of the digital certificate on the at least one processing device ([0084] inputs hashed data (e.g., hashed license data [0021] Embedded firmware in the device verifies a license is valid by verifying that the digital signature, which was created using the private certificate associated with the device, matches a public certificate that is stored in the firmware of the device. If the signature on the license does not match the stored public key of the public certificate, the device invalidates the license and fails the license installation Note: public certificate that is currently stored in the firmware is a last version); generating a notification for a source of the amendment that the hash value fails to correspond to the last version of the digital certificate (([0084] inputs hashed data (e.g., hashed license data) [0105] the license data was modified in any way and the license signature does not match the generated signature, then the legacy management controller invalidates the license. The legacy management controller may fail the installation of the license and delete the license. The legacy management controller may send a notification to the license generator that the license installation failed); and maintaining the last version of the digital certificate without incorporating the amendment ([0099] In step 320, a license installation request is obtained [0105] the license installation is failed … then the legacy management controller invalidates the license. The legacy management controller may fail the installation of the license and delete the license. [0021] Embedded firmware in the device verifies a license is valid by verifying that the digital signature, which was created using the private certificate associated with the device, matches a public certificate that is stored in the firmware of the device. If the signature on the license does not match the stored public key of the public certificate, the device invalidates the license and fails the license installation. Note: fail a license installation is so the certificate that is stored in the firmware is not updated is maintaining the last version) Regarding to claim 3: Young discloses The apparatus of claim 1 wherein the amendment comprises a restatement associated with the portion of the digital certificate ([0022] Public and private key pairs are changed and updated across devices and device generations [0082] Each signature (e.g., 204A, 204N) may be signed by private key obtained from the same or different certificate authorities. [0029] the license generator (100) also, in addition to the aforementioned functionality, includes all, or a portion of the functionality of the certificate authority(ies). [0044] the functionality to manage the hardware devices of information handling system A (120A) and enable the applications (122) to utilize the computing resources provided by the hardware devices) Regarding to claim 4: Young discloses The apparatus of claim 3 wherein the restatement comprises one of a full restatement and a partial restatement ([0022] Public and private key pairs are changed and updated across devices and device generations [0082] Each signature (e.g., 204A, 204N) may be signed by private key obtained from the same or different certificate authorities. [0029] the license generator (100) also, in addition to the aforementioned functionality, includes all, or a portion of the functionality of the certificate authority(ies). [0044] the functionality to manage the hardware devices of information handling system A (120A) and enable the applications (122) to utilize the computing resources provided by the hardware devices. Note: all, or a portion of the functionality of the certificate authority(ies) is one of a full restatement and a partial restatement) Regarding to claim 6: Young discloses The apparatus of claim 1 wherein the amendment specifies an identifier for the digital certificate and one or more changes to the portion of the digital certificate ([0091] In step 302, one or more management controller private certificates associated with the one or more management controllers are obtained from the certificate authority … include the one or more legacy management controller and/or non-legacy management controller identifiers … private certificates that include the one or more legacy management controller and/or non-legacy management controller identifiers included in the requests. [0022] private certificates may include a private key … Public and private key pairs are changed and updated across devices) Regarding to claim 10: Young discloses The apparatus of claim 1 wherein, in incorporating the amendment into the new version of the digital certificate (see mapping in claim 1), the at least one processing device is configured to perform the step of replacing the last version of the digital certificate with the new version of the digital certificate ([0021] Embedded firmware in the device verifies a license is valid by verifying that the digital signature, … matches a public certificate that is stored in the firmware of the device. Note: public certificate that is currently stored in the firmware is a last version [0022-0023] Public and private key pairs are changed and updated across devices and device generations … licenses that are installed across multiple devices. [0027] Upon receiving a license installation request and a license, a management controller may determine whether the license is associated with a public key included in the public certificate … If a match is found, non-legacy management controller may validate and install the license. [0026] initiate installation of the license on the management controllers. The license generator may delete the private certificates following the signing of the license to prevent the private certificates from becoming compromised Note: install the license with updated/changed public/private keys is incorporating the amendment); install new license is replacing the last version). Regarding to claim 11: Young discloses The apparatus of claim 10 wherein the incorporating (see mapping in claim 1) and the replacing are performed by the at least one processing device in the same operation ([0027] Upon receiving a license installation request and a license, a management controller may determine whether the license is associated with a public key included in the public certificate … If a match is found, non-legacy management controller may validate and install the license. [0026] initiate installation of the license on the management controllers. The license generator may delete the private certificates following the signing of the license to prevent the private certificates from becoming compromised. Note: install new license (comprise updated private key - incorporating) on the exist license on firmware is in the same operation). Regarding to claim 12: Young discloses The apparatus of claim 1 wherein the at least one processing device comprises an endpoint device and the amendment is issued by a certificate authority ([0021] in a system to enable users to obtain services from the devices in the system …. verify trust between licenses and devices, licenses may include digital signatures associated with a device's private certificate. [0084] inputs hashed data (e.g., hashed license data) and a private key … inputs hashed data (e.g., hashed license data) and a public key. [0026] the license generator may obtain private certificates associated with the management controllers targeted by the license generation request from one or more certificate authorities) Regarding to claim 13: Young discloses A computer program product comprising a non-transitory processor-readable storage medium having stored therein program code of one or more software programs, wherein the program code when executed by at least one processing device causes the at least one processing device to perform steps of ([0030] The computing device may include instructions, stored on the persistent storage, that when executed by the processor(s) of the computing device cause the computing device to perform the functionality): [Rejection rationale for claim 1 is applicable]. Regarding to claim 14: [Rejection rationale for claim 2 is applicable]. Regarding to claim 17: [Rejection rationale for claim 1 is applicable]. Regarding to claim 18: [Rejection rationale for claim 2 is applicable]. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1,148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under pre- AIA 35 U.S.C. 103(a) are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. Claim 5 is rejected under 35 U.S.C. 103 as being unpatentable by Young (US 20220129525 A1 hereafter referred to as “Young”, in view of Jones (US20220116229 A1) Regarding to claim 5: Young teaches The apparatus of claim 3 Young does not teach wherein the restatement comprises a revocation of the portion of the digital certificate. Jones teaches wherein the restatement comprises a revocation of the portion of the digital certificate ([0027] certificate revocation list (CRL). [0028] certificate authorities (CAs) [0042] The CRL 510 contains a list of each certificate 210N, 210L that the system 100 has issued and subsequently revoked. [0043] FIGS. 5A-5C … certificates 210N, 210L may be added to the CRL 510 at any point after the validation time period 312 associated with the intermediate CA 310 that issued the certificate has passed or elapsed. Note: revoke a certificate after the validation time period has passed or elapsed is revocation of the portion of the digital certificate It would have been obvious to a person of ordinary skill in the art before the effective filling date of the claimed invention to take the teachings of Jones and apply them on the teachings of Young to further implement wherein the restatement comprises a revocation of the portion of the digital certificate. One would be motivated to do so because in order to improve better system and method to provide certificates may be added to the CRL at any point after the validation time period associated with the intermediate CA that issued the certificate has passed or elapsed (Jone, [0043]). Claims 7, 15, 19 are rejected under 35 U.S.C. 103 as being unpatentable by Young (US 20220129525 A1 hereafter referred to as “Young”, in view of Rahiman (US 20190392119A1) Regarding to claim 7: Young teaches The apparatus of claim 1 wherein the at least one processing device is further configured to perform the step of applying one or more rules designed to ensure application of any amendments to the last version of the digital certificate that have been issued ([0022] Public and private key pairs are changed and updated across devices and device generations [0082] Each signature (e.g., 204A, 204N) may be signed by private key obtained from the same or different certificate authorities. [0029] the license generator (100) also, in addition to the aforementioned functionality, includes all, or a portion of the functionality of the certificate authority(ies). [0044] the functionality to manage the hardware devices of information handling system A (120A) and enable the applications (122) to utilize the computing resources provided by the hardware devices. [0021] Licenses are used to install software across devices … Embedded firmware in the device verifies a license is valid by verifying that the digital signature, … matches a public certificate that is stored in the firmware of the device, Note: authorities is one or more rules), Young does not teach wherein the one or more rules specify a maximum time interval within which to perform a check to determine whether any amendments to the last version of the digital certificate have been issued Rahiman teaches wherein the one or more rules specify a maximum time interval within which to perform a check to determine whether any amendments to the last version of the digital certificate have been issued ([0042] the licensing authority generates a new license block that includes an updated license token and corresponding licensing logic. The updated license token may specify one or more modifications to the aspects of a participating node that are licensed. [0005] the license token comprises a token balance indicating the duration of a license modification. In various additional method embodiments, the license logic comprises instructions for evaluating the license token … the license logic comprises instructions directing the licensing virtual machine to issue periodic reports to the licensing authority … a transfer license token corresponding to a licensable aspect of the first IHS and a second IHS of the participating IHSs … transmitting the second block to the participating IHSs. In various additional method embodiments, the licensing logic is utilized by the second IHS to determine one or more modifications to the licensable aspect of the second IHS indicated by the transfer license token) It would have been obvious to a person of ordinary skill in the art before the effective filling date of the claimed invention to take the teachings of Rahiman and apply them on the teachings of Young to further implement wherein the one or more rules specify a maximum time interval within which to perform a check to determine whether any amendments to the last version of the digital certificate have been issued. One would be motivated to do so because in order to improve better system and method to provide a token balance indicating the duration of a license modification. In various additional method embodiments, the license logic comprises instructions for evaluating the license token transfer license token corresponding to a licensable aspect of the first IHS and a second IHS of the participating IHSs, transmitting the second block to the participating IHSs (Rahiman, [0005]). Regarding to claim 15: [Rejection rationale for claim 7 is applicable]. Regarding to claim 19: [Rejection rationale for claim 7 is applicable]. Claims 8-9, 16, and 20 are rejected under 35 U.S.C. 103 as being unpatentable by Young (US 20220129525 A1 hereafter referred to as “Young”, in view of Jatti (US 20220131711A1) Regarding to claim 8: Young teaches The apparatus of claim 7 Young does not teach wherein: the one or more rules further specify one or more operations to be performed by the at least one processing device in response to a failure to perform the check within the maximum time interval Jatti teaches wherein: the one or more rules further specify one or more operations to be performed by the at least one processing device in response to a failure to perform the check within the maximum time interval ([0003] utilize a digital certificate that may provide a (e.g., satisfactory) level of authenticated verification by a trusted party of an entity's identity [0067] managing one or more digital certificates related to communication of electronic content via a media control device, among other devices. [0069] At 308, an expiration status (e.g., a first expiration status) of the at least first digital certificate may be identified. The first expiration status may be negative perhaps for example where the first validity time period may be greater than a predetermined time period. The predetermined time period may be a week, a month, three months, six months, and/or twelve months, etc. The first expiration status may be positive perhaps for example where the first validity time period may be less than, or equal to, the predetermined time period. Note: expiration status is a failure); and the at least one processing device is further configured to perform the step of executing the one or more operations in response to the failure to perform the check within the maximum time interval ([0069] At 308, an expiration status (e.g., a first expiration status) of the at least first digital certificate may be identified [0070] At 310 an electronic notification (e.g., a first electronic notification) may be sent. The first electronic notification may indicate at least the first expiration status for the at least first digital certificate, perhaps for example at least where the first expiration status is positive, among other scenarios. Note: sent an electronic notification is executing the one or more operations in response to the failure). It would have been obvious to a person of ordinary skill in the art before the effective filling date of the claimed invention to take the teachings of Jatti and apply them on the teachings of Young to further implement wherein: the one or more rules further specify one or more operations to be performed by the at least one processing device in response to a failure to perform the check within the maximum time interval, and the at least one processing device is further configured to perform the step of executing the one or more operations in response to the failure to perform the check within the maximum time interval One would be motivated to do so because in order to improve better system and method to provide an expiration status (e.g., a first expiration status) of the at least first digital certificate may be identified. The first expiration status may be positive (Jatti, [0069-0070]). Regarding to claim 9: Young-Jatti teaches the apparatus of claim 8 wherein the one or more operations comprise at least one of generating a warning message indicating the failure to perform the check within the maximum time interval (Jatti [0069] At 308, an expiration status (e.g., a first expiration status) of the at least first digital certificate may be identified. The first expiration status may be negative perhaps for example where the first validity time period may be greater than a predetermined time period. The predetermined time period may be a week, a month, three months, six months, and/or twelve months, etc. The first expiration status may be positive perhaps for example where the first validity time period may be less than, or equal to, the predetermined time period. [0070] At 310 an electronic notification (e.g., a first electronic notification) may be sent. The first electronic notification may indicate at least the first expiration status for the at least first digital certificate, perhaps for example at least where the first expiration status is positive, among other scenarios), preventing future operations authorized by the last version of the digital certificate following expiration of the maximum time interval, and terminating existing operations authorized by the last version of the digital certificate following expiration of the maximum time interval (Jatti [0069] At 308, an expiration status (e.g., a first expiration status) of the at least first digital certificate may be identified. … The first expiration status may be positive [0071] At 312 the process may stop or restart. [0036] Digital certificates may have corresponding validity time periods (e.g., the time period between the start date and the end/expiration date), beyond which the digital certificates may be expired and/or might not be valid. … When digital certificates expire, such expirations usually negatively impact and/or stop electronic content functions/use cases associated with the expired digital certificates. [0003] utilize a digital certificate that may provide a (e.g., satisfactory) level of authenticated verification by a trusted party of an entity's identity. [0004] managing one or more digital certificates that may be related to communication of electronic content via a media control device, for example, among other devices. The media control device may be a set-top box, a home gateway, a mobile device, a media gateway, a television, and/or a personal computing device, among others. Note: process may stop is preventing future operations; digital certificate to authenticate on device is authorized by the last version of the digital certificate) It would have been obvious to a person of ordinary skill in the art before the effective filling date of the claimed invention to take the teachings of Jatti and apply them on the teachings of Young to further implement wherein the one or more operations comprise at least one of generating a warning message indicating the failure to perform the check within the maximum time interval, preventing future operations authorized by the last version of the digital certificate following expiration of the maximum time interval, and terminating existing operations authorized by the last version of the digital certificate following expiration of the maximum time interval. One would be motivated to do so because in order to improve better system and method to provide a notification and stop the processing (Jatti, [0069-0071]). Regarding to claim 16: [Rejection rationale for claim 8 is applicable]. Regarding to claim 20: [Rejection rationale for claim 8 is applicable]. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to HIEN DOAN whose telephone number is 571 272-4317. The examiner can normally be reached on Monday-Thursday and biweekly Friday 9am-6pm. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, VIVEK SRIVASTAVA can be reached on (571)272-7304. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /HIEN V DOAN/Examiner, Art Unit 2449 /VIVEK SRIVASTAVA/Supervisory Patent Examiner, Art Unit 2449