Prosecution Insights
Last updated: April 18, 2026
Application No. 18/628,488

CERTIFICATE OPERATOR FOR KUBERNETES BASED APPLICATIONS

Final Rejection §103
Filed
Apr 05, 2024
Examiner
MOHAMMADI, FAHIMEH M
Art Unit
2439
Tech Center
2400 — Computer Networks
Assignee
DELL PRODUCTS, L.P.
OA Round
2 (Final)
76%
Grant Probability
Favorable
3-4
OA Rounds
3y 3m
To Grant
99%
With Interview

Examiner Intelligence

Grants 76% — above average
76%
Career Allow Rate
224 granted / 294 resolved
+18.2% vs TC avg
Strong +53% interview lift
Without
With
+52.6%
Interview Lift
resolved cases with interview
Typical timeline
3y 3m
Avg Prosecution
24 currently pending
Career history
318
Total Applications
across all art units

Statute-Specific Performance

§101
16.0%
-24.0% vs TC avg
§103
58.1%
+18.1% vs TC avg
§102
8.0%
-32.0% vs TC avg
§112
9.3%
-30.7% vs TC avg
Black line = Tech Center average estimate • Based on career data from 294 resolved cases

Office Action

§103
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . This Office Action is in response to the Amendment filed on 12/04/2025. In the instant Amendment, claims 2 and 13 were cancelled; claims 1 and 12 have been amended; and claims 1 and 12 are independent claims. Claims 1, 3-12 and 14-20 have been examined and are pending. This Action is made FINAL. Response to Arguments Applicant’s arguments with respect to claims 1-20 have been considered but are moot because the arguments do not apply to any of the references being used in the current rejection. The new reference Caceres et al. (US 11496323) used to address the limitations. The amended claims 1 and 12 have been addressed in rejection below. Claim objection Claims 3-6 and 14-15 are objected to because of the following informalities: Regarding claims 3-6; claims 3-6 recite the limitation “[T]he method of claim 2”. However, claim 2 was canceled. For purpose of applying art, the Examiner considers claims 3-6 depend on claim 1. Regarding claims 14-15; claims 14-15 recite the limitation “[T]he non-transitory computer readable medium of claim 13”. However, claim 13 was canceled. For purpose of applying art, the Examiner considers claims 14-15 depend on claim 12. Appropriate correction(s) is required. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention. Claims 1, 4, and 12 are rejected under 35 U.S.C. 103 as being unpatentable over Mallikarjuna Durga Lokanath et al. (“Lokanath,” US 2022/0239503) in view of Vaddi et al. (“Vaddi,” US 2020/0287724) and Caceres et al. (“Caceres,” US 11496323). Regarding claim 1: Lokanath discloses a method for managing authentication in a cluster, comprising: generating, by a node of a cluster, at least one initial cluster certificate using at least one cluster identity parameter (Lokanath: par. 0027 the certificate orchestrator to create [] a certificate; par. 0017 the container orchestration system 100 can expose a container using the domain name service (INS) name or using an Internet Protocol (IP) address), wherein: the cluster comprises a plurality of worker nodes (Lokanath: par. 0018 groups of nodes managed by the container orchestration system 100 can be referred to as a cluster), the plurality of worker nodes host a plurality of pods (Lokanath: par. 0018 the nodes can host 'pods' that are the components of the application workload), the plurality of pods comprise a plurality of containers (Lokanath: par. 0020 a pod is a group of one or more containers), and the plurality of containers comprise a plurality of services (Lokanath: par. 0019 the container orchestration system 100 runs applications by placing applications in containers, which are placed into pods to run on nodes); making a determination that a cluster certificate update is required (Lokanath: par. 0029 in response to detecting the creation or update of the custom resources, the certificate orchestrator requests a certificate for renewal from the cloud certificate manager of the cloud computing environment (Block 207)), wherein making the determination comprises: monitoring the cluster (Lokanath: par. 0028 monitors the custom resources related to certificates, keystores, and truststores); identifying a change in the cluster (Lokanath: par. 0028 detects the creation or update of these custom resources (Block 205)); and in response to the determination: generating an updated certificate (Lokanath: par. 0030 the custom resources and associated objects are updated by the certificate orchestrator with information related to the certificate). Lokanath does not explicitly disclose performing authentication for the cluster using the at least one initial cluster certificate, replacing the at least one initial cluster certificate using the updated certificate, and performing authentication for the cluster using the updated certificate. However, Vaddi discloses performing authentication for the cluster using the at least one initial cluster certificate (Vaddi: par. 0034 the service 206 determines that the first certificate was issued by the trusted authority, the service 206 may begin trusting the software program 202, and may begin exchanging information with the software program 202); replacing the at least one initial cluster certificate using the updated certificate (Vaddi: par. 0036 the present subject matter injects the certificate 107 into the container 208. The injection of a certificate into a container may refer to writing the certificate into a storage region within the container); and performing authentication for the cluster using the updated certificate (Vaddi: par. 0042 the injection of the certificate 107 into the CSL 214 ensures that the service 206 can readily access the certificate 107 upon injection of the certificate 107. Therefore [] enables container-based services to establish trusted communications with minimal delay). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Vaddi with the system/method of Lokanath to include performing authentication for the cluster using the updated certificate. One would have been motivated to using digital certificate to establish trust between two communicating entities, such as communicating programs (Vaddi: par. 0001). Lokanath in view of Vaddi does not explicitly disclose obtaining a new cluster identity parameter, a pod identifier, and a service identifier associated with the change, the new cluster identity parameter, a cryptographic algorithm, the pod identifier and the service identifier. However, Caceres discloses obtaining a new cluster identity parameter, a pod identifier, and a service identifier associated with the change (Caceres: col. 10 lines 8-13 assume, for example, a request in cloud computing service platform for a new container of an open-source document-oriented database. In order to do this, the platform 500 may need to allocate new components, such as a new virtual machine and a new container, which may need to interact with other components, such as a web server, in the system); the new cluster identity parameter (Caceres: col. 4 lines 9-11 at least one container update from the enterprise registry to a plurality of cloud computing service platform internal registries in a one-to-many relationship); a cryptographic algorithm (Caceres: col. 5 lines 58-60 assuring that communication between each pair of nodes should be authenticated and encrypted using public key infrastructure (PKI)); the pod identifier (Caceres: col. 6 lines 43-46 image provisioning may be performed via external cloud/container orchestration tools, and image instantiation may be provided via separately controlled application deployment tools); and the service identifier (Caceres: col. 8 lines 14-16 a cloud computing service platform solution may include a component referred to as a policy engine that makes authorization decisions for the platform). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Caceres with the system/method of Lokanath and Vaddi to include obtaining a new cluster identity parameter, a pod identifier, and a service identifier associated with the change. One would have been motivated to providing methods and systems for enterprise security in container orchestration environments (Caceres: col. 1 lines 18-20). Regarding claim 4: Lokanath in view of Vaddi and Caceres discloses the method of claim 2. Lokanath further discloses wherein the new cluster identity parameter comprises a new fully qualified domain name associated with the cluster (Lokanath: par. 0025 the metadata of the certificate CRD includes the certificate of the fully qualified domain name (FQDN) and type of certificate). Regarding claim 12: Lokanath discloses a non-transitory computer readable medium comprising computer readable program code, which when executed by a computer processor enables the computer processor to perform a method for managing authentication in a cluster, the method comprising: generating, by a node of a cluster, at least one initial cluster certificate using at least one cluster identity parameter (Lokanath: par. 0027 the certificate orchestrator to create [] a certificate; par. 0017 the container orchestration system 100 can expose a container using the domain name service (INS) name or using an Internet Protocol (IP) address), wherein: the cluster comprises a plurality of worker nodes (Lokanath: par. 0018 groups of nodes managed by the container orchestration system 100 can be referred to as a cluster), the plurality of worker nodes host a plurality of pods (Lokanath: par. 0018 the nodes can host 'pods' that are the components of the application workload), the plurality of pods comprise a plurality of containers (Lokanath: par. 0020 a pod is a group of one or more containers), and the plurality of containers comprise a plurality of services (Lokanath: par. 0019 the container orchestration system 100 runs applications by placing applications in containers, which are placed into pods to run on nodes); making a determination that a cluster certificate update is required (Lokanath: par. 0029 in response to detecting the creation or update of the custom resources, the certificate orchestrator requests a certificate for renewal from the cloud certificate manager of the cloud computing environment (Block 207)), wherein making the determination comprises: monitoring the cluster (Lokanath: par. 0028 monitors the custom resources related to certificates, keystores, and truststores); identifying a change in the cluster (Lokanath: par. 0028 detects the creation or update of these custom resources (Block 205)); and in response to the determination: generating an updated certificate (Lokanath: par. 0030 the custom resources and associated objects are updated by the certificate orchestrator with information related to the certificate). Lokanath does not explicitly disclose performing authentication for the cluster using the at least one initial cluster certificate, replacing the at least one initial cluster certificate using the updated certificate, and performing authentication for the cluster using the updated certificate. However, Vaddi discloses performing authentication for the cluster using the at least one initial cluster certificate (Vaddi: par. 0034 the service 206 determines that the first certificate was issued by the trusted authority, the service 206 may begin trusting the software program 202, and may begin exchanging information with the software program 202); replacing the at least one initial cluster certificate using the updated certificate (Vaddi: par. 0036 the present subject matter injects the certificate 107 into the container 208. The injection of a certificate into a container may refer to writing the certificate into a storage region within the container); and performing authentication for the cluster using the updated certificate (Vaddi: par. 0042 the injection of the certificate 107 into the CSL 214 ensures that the service 206 can readily access the certificate 107 upon injection of the certificate 107. Therefore [] enables container-based services to establish trusted communications with minimal delay). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Vaddi with the system/method of Lokanath to include performing authentication for the cluster using the updated certificate. One would have been motivated to using digital certificate to establish trust between two communicating entities, such as communicating programs (Vaddi: par. 0001). Lokanath in view of Vaddi does not explicitly disclose obtaining a new cluster identity parameter, a pod identifier, and a service identifier associated with the change, the new cluster identity parameter, a cryptographic algorithm, the pod identifier and the service identifier. However, Caceres discloses obtaining a new cluster identity parameter, a pod identifier, and a service identifier associated with the change (Caceres: col. 10 lines 8-13 assume, for example, a request in cloud computing service platform for a new container of an open-source document-oriented database. In order to do this, the platform 500 may need to allocate new components, such as a new virtual machine and a new container, which may need to interact with other components, such as a web server, in the system); the new cluster identity parameter (Caceres: col. 4 lines 9-11 at least one container update from the enterprise registry to a plurality of cloud computing service platform internal registries in a one-to-many relationship); a cryptographic algorithm (Caceres: col. 5 lines 58-60 assuring that communication between each pair of nodes should be authenticated and encrypted using public key infrastructure (PKI)); the pod identifier (Caceres: col. 6 lines 43-46 image provisioning may be performed via external cloud/container orchestration tools, and image instantiation may be provided via separately controlled application deployment tools); and the service identifier (Caceres: col. 8 lines 14-16 a cloud computing service platform solution may include a component referred to as a policy engine that makes authorization decisions for the platform). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Caceres with the system/method of Lokanath and Vaddi to include obtaining a new cluster identity parameter, a pod identifier, and a service identifier associated with the change. One would have been motivated to providing methods and systems for enterprise security in container orchestration environments (Caceres: col. 1 lines 18-20). Claims 3, 5-11 and 14-20 are rejected under 35 U.S.C. 103 as being unpatentable over Mallikarjuna Durga Lokanath et al. (“Lokanath,” US 2022/0239503) in view of Vaddi et al. (“Vaddi,” US 2020/0287724), Caceres et al. (“Caceres,” US 11496323) and Callaghan et al. (“Callaghan,” US 2006/0075219). Regarding claim 3: Lokanath in view of Vaddi and Caceres discloses the method of claim 2. Lokanath in view of Vaddi and Caceres does not explicitly disclose wherein the new cluster identity parameter comprises a new network address associated with the cluster. However, Callaghan discloses wherein the new cluster identity parameter comprises a new network address associated with the cluster (Callaghan: par. 0020 an administrator selects an option or application to change a network configuration setting [] the settings include the host name (e.g. "hmcserver"), network domain name (e.g. "ibm.com") and IP address of server system 109). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Callaghan with the system/method of Lokanath, Vaddi and Caceres to include the new cluster identity parameter comprises a new network address associated with the cluster. One would have been motivated to detect when a change has been made to a name, domain or IP address of the server and updating an SSL certificate (Callaghan: par. 0007). Regarding claim 5: Lokanath in view of Vaddi and Caceres discloses the method of claim 2. Lokanath in view of Vaddi and Caceres does not explicitly disclose wherein the new cluster identity parameter comprises a new domain associated with the cluster. However, Callaghan discloses wherein the new cluster identity parameter comprises a new domain associated with the cluster (Callaghan: par. 0020 an administrator selects an option or application to change a network configuration setting [] the settings include the host name (e.g. "hmcserver"), network domain name (e.g. "ibm.com") and IP address of server system 109). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Callaghan with the system/method of Lokanath, Vaddi and Caceres to include the new cluster identity parameter comprises a new domain associated with the cluster. One would have been motivated to detect when a change has been made to a name, domain or IP address of the server and updating an SSL certificate (Callaghan: par. 0007). Regarding claim 6: Lokanath in view of Vaddi and Caceres discloses the method of claim 2. Lokanath in view of Vaddi and Caceres does not explicitly disclose wherein obtaining the updated certificate comprises generating the updated certificate using the new cluster identity parameter. However, Callaghan discloses wherein obtaining the updated certificate comprises generating the updated certificate using the new cluster identity parameter (Callaghan: par. 0022 management server 204 generates the new CSR containing the updated server system 109 information and writes it to removable media 203 (step 407)). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Callaghan with the system/method of Lokanath, Vaddi and Caceres to include obtaining the updated certificate comprises generating the updated certificate using the new cluster identity parameter. One would have been motivated to detect when a change has been made to a name, domain or IP address of the server and updating an SSL certificate (Callaghan: par. 0007). Regarding claim 7: Lokanath in view of Vaddi, Caceres and Callaghan discloses the method of claim 6. Vaddi further discloses wherein performing authentication for the cluster using the updated certificate comprises authenticating communications associated with cluster using the updated certificate by at least one client of a plurality of clients while connecting to at least one service of the plurality of services (Vaddi: par. 0016 the injection of certificates in response to initialization of a container ensures that a container has all certificates that can be used for establishing trusted communications before a service becomes operational. Further, the injection of a certificate in response to updating of the memory with the certificate ensures that the container possesses valid and up-to-date certificates). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Vaddi with the system/method of Lokanath to include authenticating communications associated with cluster using the updated certificate by at least one client of a plurality of clients. One would have been motivated to using digital certificate to establish trust between two communicating entities, such as communicating programs (Vaddi: par. 0001). Regarding claim 8: Lokanath in view of Vaddi and Caceres discloses the method of claim 1. Lokanath further discloses wherein making the determination that the cluster certificate update is required comprises: monitoring the cluster (Lokanath: par. 0022 the certificate orchestrator 107 is a custom (e.g., Kubernetes) controller which monitors custom resources 109). Lokanath in view of Vaddi and Caceres does not explicitly disclose obtaining a message from a client of a plurality of clients comprising an imported certificate and specifying a portion of the plurality of services associated with the imported certificate. However, Callaghan further discloses obtaining a message from a client of a plurality of clients comprising an imported certificate and specifying a portion of the plurality of services associated with the imported certificate (Callaghan: par. 0021 management server 204 automatically queries the administrator if he or she would like to have management server 204 automatically generate a new certificate signing request (CSR) using the new host information (i.e. the information that was changed in step 401) to obtain from the certificate authority an updated, signed SSL certificate with the new host information (step 406)). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Callaghan with the system/method of Lokanath, Vaddi and Caceres to include obtaining a message from a client of a plurality of clients comprising an imported certificate and specifying a portion of the plurality of services associated with the imported certificate. One would have been motivated to detect when a change has been made to a name, domain or IP address of the server and updating an SSL certificate (Callaghan: par. 0007). Regarding claim 9: Lokanath in view of Vaddi, Caceres and Callaghan discloses the method of claim 8. Callaghan further discloses wherein the imported certificate is generated by a user of the client (Callaghan: par. 0023 the administrator himself or herself wants to generate a new CSR). The motivation is the same that of claim 8 above. Regarding claim 10: Lokanath in view of Vaddi and Caceres and Callaghan discloses the method of claim 8. Vaddi further discloses wherein replacing the at least one initial cluster certificate with the updated certificate comprises replacing the at least one initial cluster certificate with the imported certificate for the portion of the plurality of services (Vaddi: par. 0036 the present subject matter injects the certificate 107 into the container 208. The injection of a certificate into a container may refer to writing the certificate into a storage region within the container). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Vaddi with the system/method of Lokanath to include replacing the at least one initial cluster certificate with the imported certificate for the portion of the plurality of services. One would have been motivated to using digital certificate to establish trust between two communicating entities, such as communicating programs (Vaddi: par. 0001). Regarding claim 11: Lokanath in view of Vaddi, Caceres and Callaghan discloses the method of claim 10. Lokanath further discloses wherein the performing authentication for the cluster using the updated certificate comprises: authenticating communications associated with the portion of the plurality of services using the imported certificate (Lokanath: par. 0023 when a create event for certificate occurs, the certificate orchestrator 107 captures the create event and requests a new certificate from the cloud certificate manager 111); and authenticating communications associated with a remaining portion of the plurality of services using the at least one initial cluster certificate (Lokanath: par. 0023 when the create event for the keystore occurs, then the certificate orchestrator 107 downloads the service's certificate bundle from the cloud certificate manager, creates a keystore and uploads it to cloud secrets manager 113). Regarding claim 14: Claim 14 is similar in scope to claim 3, and is therefore rejected under similar rationale. Regarding claims 15-20: Claims 15-20 are similar in scope to claims 6-11, respectively, and are therefore rejected under similar rationale. Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to Fahimeh Mohammadi whose telephone number is (571)270-7857. The examiner can normally be reached Monday - Friday 9:00 - 5:00. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached at 5712705002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /FAHIMEH MOHAMMADI/ Examiner, Art Unit 2439 /LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439
Read full office action

Prosecution Timeline

Apr 05, 2024
Application Filed
Sep 29, 2025
Non-Final Rejection — §103
Nov 12, 2025
Interview Requested
Nov 20, 2025
Applicant Interview (Telephonic)
Nov 20, 2025
Examiner Interview Summary
Dec 04, 2025
Response Filed
Mar 29, 2026
Final Rejection — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12604186
Methods and Systems for Network Authentication Using a Unique Authentication Identifier
2y 5m to grant Granted Apr 14, 2026
Patent 12598078
NETWORK ACCESS USING HARDWARE-BASED SECURITY
2y 5m to grant Granted Apr 07, 2026
Patent 12598174
FLEET MANAGEMENT SYSTEM AND METHOD
2y 5m to grant Granted Apr 07, 2026
Patent 12568073
SECURE EXCHANGE OF CERTIFICATE AUTHORITY CERTIFICATE INLINE AS PART OF FILE TRANSFER PROTOCOL
2y 5m to grant Granted Mar 03, 2026
Patent 12562966
Transitioning Network Entities Associated With A Virtual Cloud Network Through A Series Of Phases Of A Certificate Bundle Distribution Process
2y 5m to grant Granted Feb 24, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

3-4
Expected OA Rounds
76%
Grant Probability
99%
With Interview (+52.6%)
3y 3m
Median Time to Grant
Moderate
PTA Risk
Based on 294 resolved cases by this examiner. Grant probability derived from career allow rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month