Prosecution Insights
Browse Companies Examiners Firms Draft Your Response
Office ActionsOracle International Corporation › 18466466
Last updated: April 19, 2026
Application No. 18/466,466

Validating Certificate Bundles With Asymmetric Keys

Non-Final OA §102§103
Filed
Sep 13, 2023
Examiner
PALIWAL, YOGESH
Art Unit
2435
Tech Center
2400 — Computer Networks
Assignee
Oracle International Corporation
OA Round
1 (Non-Final)
84%
Grant Probability
Favorable
1-2
OA Rounds
2y 8m
To Grant
95%
With Interview

Interview Optional

+10.8% interview lift. This examiner has a relatively high allow rate; a written response may suffice.
Based on 702 resolved cases, 2023–2026

Examiner Intelligence

PALIWAL, YOGESH View full profile →
Grants 84% — above average
84%
Career Allow Rate
588 granted / 702 resolved
+25.8% vs TC avg
Moderate +11% lift
Without
With
+10.8%
Interview Lift
resolved cases with interview
Typical timeline
2y 8m
Avg Prosecution
17 currently pending
Career history
719
Total Applications
across all art units

Statute-Specific Performance

§101
9.7%
-30.3% vs TC avg
§103
45.1%
+5.1% vs TC avg
§102
16.7%
-23.3% vs TC avg
§112
16.0%
-24.0% vs TC avg
Black line = Tech Center average estimate • Based on career data from 702 resolved cases

Office Action

§102 §103
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Claim Rejections - 35 USC § 102 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention. Claim(s) 1-4, 7-8, 11, 18-22, 25-26, 29, 33 and 34 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Choi (US 2016/0352521 A1), hereinafter, “Choi”. Regarding Claims 1, 19 and 34, Choi discloses a system comprising: at least one hardware processor (See, Fig. 5, Numeral 504); the system being configured to execute operations, using the at least one hardware processor, the operations comprising: receiving a first certificate bundle and a digital signature associated with the first certificate bundle (See, Paragraph 0034, “issuing (310) a cross-certificate to a rekeyed root certificate includes adding the rekeyed root certificate and the cross-certificate to the signed program during the signature process as additional certificates. In these embodiments, the rekeyed root certificate and the cross-certificate can be disseminated to any end-user computing system(s) with the signed program”), wherein the first certificate bundle comprises a first set of one or more digital certificates (See, Paragraph 0034, “issuing (310) a cross-certificate to a rekeyed root certificate includes adding the rekeyed root certificate and the cross-certificate to the signed program during the signature process as additional certificates. In these embodiments, the rekeyed root certificate and the cross-certificate can be disseminated to any end-user computing system(s) with the signed program”), and wherein the digital signature is generated using a private key of an asymmetric key pair associated with a second set of one or more digital certificates (See, Paragraphs 0033, “Issuing (310) a cross-certificate to a rekeyed root certificate may include certifying a rekeyed root certificate via the current root CA. When a root CA certificate approaches expiration, the CA needs to be rekeyed. A new key pair is generated, and a new self-signed root certificate is created. The subject and issuer names in the certificate remain the same as the expiring certificate. Issuing (310) a cross-certificate may include certifying the new certificate by using the old root CA to issue a cross-certificate to the rekeyed root certificate that is essentially a new public key signed by the old public key. The cross-certificate has the same names as the old and new root certificate. Additionally, the cross-certificate has the same Basic Constraints and Key Usage extensions as the root certificates, indicating that the cross-certificate is a certificate authority certificate and not a code signing certificate”); determining, using a public key of the asymmetric key pair associated with the second set of one or more digital certificates, that the digital signature is generated using the private key (See, Paragraph 0036, “Validating (340) the signatures on the cross-certificate and the new rekeyed root certificate may include verifying the signature on the cross-certificate using the public key from the old trusted root CA certificate. Once the cross-certificate's signature has been validated, the signature on the rekeyed root certificate is validated using the public key from the cross-certificate. If either of these validations fail, the method terminates”); responsive to determining that the digital signature is generated using the private key, storing the first certificate bundle in a certificate repository as a trusted certificate bundle (See, Paragraph 0037, “Copying (350) the rekeyed root certificate to an end-user computing system's trusted root certificate store may include adding the rekeyed root certificate to the trusted root certificate store. The preceding verifications 320-340 ensure that the new rekeyed root certificate is a legitimate rollover certificate from the original trusted root CA certificate. Adding the rekeyed root certificate to the trusted root certificate store implicitly completes the rollover process”). Regarding Claims 2 and 20, the rejection of claims 1 and 19 is incorporated and Choi further discloses wherein the operations further comprise: receiving a first public key of a first asymmetric key pair associated with a first digital certificate of the first set of one or more digital certificates (See, Paragraph 0033, new public key), wherein the public key associated with the second set of one or more digital certificates is a second public key, and wherein the private key used to generate the digital signature is a second private key (See, Paragraph 0033, old public key); and responsive to determining that the digital signature is generated using the second private key, storing the first public key in a public key repository (See, Paragraphs 0036 and 0037), wherein the public key repository comprises a first data structure that identifies the first public key as being associated with the first digital certificate of the first set of one or more digital certificates (See, Fig. 4C, Numeral 480 and Paragraph 0041), wherein prior to storing the first public key in the public key repository, the second public key is stored in the public key repository, wherein the public key repository comprises a second data structure that identifies the second public key as being associated with the second set of one or more digital certificates (See, Fig. 4B, Numerals 410 and 460 and Paragraph 0040). Regarding Claims 3 and 21, the rejection of claims 2 and 20 is incorporated and Choi further discloses wherein storing the first public key in the public key repository comprises replacing the second public key with the first public key (See, Fig. 4D and Paragraph 0042). Regarding Claims 4 and 22, the rejection of claims 2 and 20 is incorporated and Choi further discloses wherein the first public key is included in the first digital certificate (See, Fig. 4C, Numeral 480), and wherein the operations further comprise: prior to storing the first public key in the public key repository, extracting the first public key from the first digital certificate (See, Fig. 4C and Paragraphs 0033 and 0036). Regarding Claims 7 and 25, the rejection of claims 1 and 19 is incorporated and Choi further discloses wherein the private key is held by a certificate authority (CA) (See, Paragraphs 0003 and 0033), and wherein the trusted certificate bundle comprises one or more CA certificates issued by the CA (See, Paragraph 0033). Regarding Claims 8 and 26, the rejection of claims 1 and 19 is incorporated and Choi further discloses wherein the trusted certificate bundle comprises one or more certificate authority (CA) certificates (See, Fig. 4A and Paragraph 0039), and wherein a first network entity trusts a second network entity based on an authentication operation performed by the first network entity, wherein the authentication operation comprises validating a certificate chain that includes (a) an entity certificate presented by the second network entity and (b) at least one CA certificate of the one or more CA certificates (See, Paragraphs 0013, 0024 and 0027). Regarding Claims 11 and 29, the rejection of claims 1 and 19 is incorporated and Choi further discloses wherein the certificate repository comprises a data structure that identifies the first certificate bundle as the trusted certificate bundle (See, Fig. 4A), and wherein the second set of one or more digital certificates are included in a second certificate bundle stored in the certificate repository (See, Fig. 4C), and wherein the operations further comprise: updating the data structure to identity the first certificate bundle as a current certificate bundle and the second certificate bundle as a previous certificate bundle (See, Fig. 4D and Paragraph 0042). Regarding Claims 18 and 33, the rejection of claims 1 and 19 is incorporated and Choi further discloses wherein prior to receiving the first certificate bundle, the second set of one or more digital certificates are currently or previously trusted (See, Paragraphs 0033 and 0040). Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 9 and 27 are rejected under 35 U.S.C. 103 as being unpatentable over Choi in view of Tempel et al. (US 9,252,958 B1), hereinafter, “Tempel”. . Regarding Claims 9 and 27, the rejection of claims 1 and 19 is incorporated and Choi does not explicitly disclose prior to receiving the first certificate bundle and the digital signature associated with the first certificate bundle: polling a pending certificate repository for a pending certificate bundle; and downloading the first certificate bundle and the digital signature associated with the first certificate bundle responsive to polling the pending certificate repository for the pending certificate bundle, wherein the first certificate bundle is the pending certificate bundle. Tempel discloses prior to receiving a first certificate bundle and a digital signature associated with a first certificate bundle: polling a pending certificate repository for a pending certificate bundle; and downloading the first certificate bundle and the digital signature associated with the first certificate bundle responsive to polling the pending certificate repository for the pending certificate bundle, wherein the first certificate bundle is the pending certificate bundle (See, Column 6, lines 39-55 and Column 9, lines 12-28). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to poll, in the system of Choi, a pending certificate repository for a pending certificate bundle; and downloading the first certificate bundle and the digital signature associated with the first certificate bundle responsive to polling the pending certificate repository for the pending certificate bundle, wherein the first certificate bundle is the pending certificate bundle as taught by Tempel in order to notify all participates that the root certificate has been updated and replaced with a new root certificate in order to keep future communication secure. Claims 10 and 28 are rejected under 35 U.S.C. 103 as being unpatentable over Choi in view of LI et al. (US 2021/0144017 A1), hereinafter, “Li”. Regarding Claims 10 and 28, the rejection of claims 1 and 19 is incorporated and Choi does not explicitly disclose wherein the operations further comprise: prior to receiving the first certificate bundle and the digital signature associated with the first certificate bundle: receiving a notification that a pending certificate bundle is available in a pending certificate repository; and responsive to receiving the notification, downloading the first certificate bundle and the digital signature associated with the first certificate bundle from the pending certificate repository, wherein the first certificate bundle is the pending certificate bundle. LI discloses prior to receiving a first certificate bundle and a digital signature associated with a first certificate bundle: receiving a notification that a pending certificate bundle is available in a pending certificate repository; and responsive to receiving the notification, downloading the first certificate bundle and the digital signature associated with the first certificate bundle from the pending certificate repository, wherein the first certificate bundle is the pending certificate bundle (See, Paragraphs 0058, 0077 and 0079). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to receive, in the system of Choi, a notification that a pending certificate bundle is available in a pending certificate repository; and responsive to receiving the notification, downloading the first certificate bundle and the digital signature associated with the first certificate bundle from the pending certificate repository, wherein the first certificate bundle is the pending certificate bundle as taught by Li in order to notify all participates that the root certificate has been updated and replaced with a new root certificate in order to keep the security of the system up to date. Claims 12, 14, 15, and 30-32 are rejected under 35 U.S.C. 103 as being unpatentable over Choi in view of Liu et al (US 2023/0239163 A1), hereinafter, “Liu”. Regarding Claims 12 and 30, the rejection of claims 1 and 19 is incorporated and Choi does not explicitly disclose wherein the operations further comprise: subsequent to updating the data structure to identity the first certificate bundle as the current certificate bundle, distributing the current certificate bundle to one or more network entities associated with a virtual cloud network. Liu discloses distributing a current certificate bundle to one or more network entities associated with a virtual cloud network (See, Paragraphs 0010, 0031 and 0042). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to distribute, subsequent to updating a data structure to identity a first certificate bundle as the current certificate bundle in the system of Choi, a current certificate bundle to one or more network entities associated with a virtual cloud network as taught by Liu so that the chain of trust of an external environment is effectively extended to the AGC environment to ensure the integrity of the AGC root certificate. Regarding Claims 14 and 31, the rejection of claims 12 and 30 is incorporated and the combination of Choi and Liu further discloses wherein the first set of one or more digital certificates comprises a first set of one or more first CA certificates, and wherein the second set of one or more digital certificates comprise a second set of one or more second CA certificates (See, Choi, Fig. 4C and Paragraphs 0033 and 0041). Regarding Claims 15 and 32, the rejection of claims 1 and 19 is incorporated and the combination of Choi and Liu further discloses wherein subsequent to distributing the current certificate bundle to the one or more network entities associated with the virtual cloud network, (a) a first network entity of the one or more network entities determines that a first CA certificate, of the first set of one or more first CA certificates, is a trusted CA certificate, or (b) a second network entity of the one or more network entities determines that a second CA certificate, of the second set of one or more second CA certificates, is an untrusted CA certificate (See, Choi, Paragraphs 0020 and 0036 as combined with virtual cloud network of Liu). Claims 16 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Choi in view of Kocher et al. (US 2014/0354405 A1), hereinafter, “Kocher”. Regarding Claim 16, the rejection of claim 1 is incorporated and Choi does not explicitly disclose wherein the digital signature is generated by (a) applying a hash function to the first certificate bundle to obtain a first hash value and (b) digitally signing the first hash value using the private key of the asymmetric key pair associated with the second set of one or more digital certificates. However, using private keys to encrypt the hash content of the certificate is a basic technique of PKI. Kocher discloses generating a digital signature by (a) applying a hash function to a first certificate bundle to obtain a first hash value and (b) digitally signing a first hash value using a private key of the asymmetric key pair associated with a second set of one or more digital certificates (See, Paragraph 0052). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to generate, in the system of Choi, a digital signature by (a) applying a hash function to a first certificate bundle to obtain a first hash value and (b) digitally signing a first hash value using a private key of the asymmetric key pair associated with a second set of one or more digital certificates as taught by Kocher because hashing to generate digital signature is the basic technique in PKI certificates. Regarding Claim 17, the rejection of claim 16 is incorporated and the combination of Choi and Kocher further discloses wherein determining that the digital signature is generated using the private key comprises: generating a second hash value by applying the hash function to the first certificate bundle; generating a third hash value by decrypting the digital signature using the public key; and determining that the third hash value matches the second hash value (See, Kocher, Paragraphs 0053 and 0070, Note: Since the feature of generating digital signature has been combined in the rejection of claim 16 and this claim further limit the combined feature, a separate motivation to combine statement is not needed. See rejection of claim 16). Allowable Subject Matter Claims 5, 6, 13, 23 and 24 objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to YOGESH PALIWAL whose telephone number is (571)270-1807. The examiner can normally be reached M-F 9:00AM-5:00PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Amir Mehrmanesh can be reached at (571)270-3351. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /YOGESH PALIWAL/Primary Examiner, Art Unit 2435
Read full office action

Prosecution Timeline

Sep 13, 2023
Application Filed
Feb 18, 2026
Non-Final Rejection — §102, §103
Apr 01, 2026
Applicant Interview (Telephonic)
Apr 01, 2026
Examiner Interview Summary

Precedent Cases

Applications granted by this same examiner with similar technology

18/334,560
Patent 12603763
SYSTEMS AND METHODS FOR ENSURING EPHEMERALITY OF ENCRYPTION KEYS
2y 5m to grant Granted Apr 14, 2026
18/535,428
Patent 12596838
METHOD AND SYSTEM FOR PERFORMING TABLE QUESTION-ANSWERING TASKS WHILE PRESERVING DATA SECURITY
2y 5m to grant Granted Apr 07, 2026
18/115,199
Patent 12592819
MEMBERSHIP ACCOUNT MANAGEMENT USING A CONTACTLESS CARD
2y 5m to grant Granted Mar 31, 2026
18/404,368
Patent 12587389
Quantum Resistant Identity Sharing System
2y 5m to grant Granted Mar 24, 2026
18/045,335
Patent 12580740
ACCESS CONTROL USING MEDIATED LOCATION, ATTRIBUTE, POLICY, AND PURPOSE VERIFICATION
2y 5m to grant Granted Mar 17, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

1-2
Expected OA Rounds
84%
Grant Probability
95%
With Interview (+10.8%)
2y 8m
Median Time to Grant
Low
PTA Risk
Based on 702 resolved cases by this examiner. Grant probability derived from career allow rate.

Ready to respond to this office action?

IP Author drafts your complete OA response — amendments, arguments, and claim strategy — in minutes, not days.

Start Drafting Your Response →

Data sourced from USPTO Patent File Wrapper (daily) and Office Action Archive (weekly). Analysis generated by IP Author.

Data: USPTO Patent File Wrapper (daily) • Office Action Archive (weekly) • 89M+ prosecution events

© 2026 IP Author — Browse Office ActionsExaminersCompaniesFirms

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month