Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
The present office action is responsive to communications received on 01/26/2026.
Status of Claims
Claims 1-2, 5, 7-11, 17 and 19 were amended.
Claims 1-20 are pending.
Response to arguments
Prior claim objections and 112 rejections withdrawn in light of amended claims.
With respect to the 101 rejection the amendments does not clarify that it is a hardware processor and no memory.
Regarding the 35 USC § 103 arguments, applicant’s amendments necessitated new grounds of rejection for the argued portion.
Claim Objections
Claim 19 objected to because of the following informalities: the claim was amended but marked as original. Appropriate correction is required in the future otherwise a non-compliance will be issued.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1-8 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter. The claim(s) does/do not fall within at least one of the four categories of patent eligible subject matter because the claims recite a system that can be interpreted as software. The claim recite software “interface processor” and software “agent” and software “processing engine” which are known terms in the art and therefore 112f was not invoked however there is no hardware in the system therefore given BRI the system is interpreted as software thus failing step 1.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claim(s) 1-7, 9-13, 15-18 and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Levy et al. (US 10652030 B1) hereinafter referred to as Levy in view of Waldron et al. (US 20180219689 A1) hereinafter referred to as Waldron in view of Rivera et al. (US 20240214807 A1) hereinafter referred to as Rivera.
With respect to claim 1, Levy discloses: A system for analyzing certificates received by disparate sources within a public key infrastructure, comprising: a database having a certificate repository; (Levy col 4 line 65 to col 5 line 10 explain a storage [database] for certificates with certificate data comprising public key attributes [PKI]).
a certificate ingestion interface processor, communicatively coupled to the certificate repository, the certificate ingestion interface processor ingesting certificates issued by the disparate sources; (Levy Abstract discloses the system obtaining [ingesting] certificates issued by different sources and each certificate comprising different attributes).
an analytics processing engine, communicatively coupled to the certificate repository, analyzing attributes of the ingested certificates; (Levy Abstract discloses the system, which comprises a processing engine per Levy col 12 lines 51-60, analyzes attributes of certificates. Levy 5:40-65 disclose certificate attribute having a score).
a reporting processing engine, communicatively coupled to the certificate repository, reporting results of the analytics engine via a reporting interface; (Levy col 8 line 65 to col 9 line 10 disclose reporting results to customer system when reciting “a list including the highest ranked profiles is generated and presented to a source of the request in block 410 (e.g., a customer system)”).
and an administrative interface, communicatively coupled to the certificate repository, managing the system. (Levy Fig. 1 illustrates a “Management system 150” in communication with certificate storage for managing the system).
Levy does not explicitly disclose “visualizing” as recited in visualizing and reporting results of the analytics engine via a reporting interface;
However, Waldron in an analogous art discloses: visualizing and reporting results of the analytics engine via a reporting interface; (Waldron ¶22 discloses notify user visually of the results of the certificate analysis).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Levy with visualizing and reporting results of the analytics engine via a reporting interface as disclosed by Waldron to allow the user to take a corrective action when there is a potential thereat (see Waldron ¶22).
Levy and Waldron do not explicitly disclose: analyzing attributes of the ingested certificates to score one or more parameters of security risk provided by each respective ingested certificate with respect to a disaggregated Radio Access Network (RAN)
However, Rivera in an analogous art discloses: analyzing attributes of the ingested certificates to score one or more parameters of security risk provided by each respective ingested certificate with respect to a disaggregated Radio Access Network (RAN) (Rivera ¶105 teaches threshold score of 60% for certificate expiration attribute with respect to device. Given broadest reasonable interpretation ¶45 it is interpreted with respect to a RAN).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Levy and Waldron with analyzing attributes of the ingested certificates to score one or more parameters of security risk provided by each respective ingested certificate with respect to a disaggregated Radio Access Network (RAN) as disclosed by Rivera to ensure there is a threshold to expiration of a certificate time attribute (see Rivera ¶105).
Claims 9 and 17 recite a method and apparatus claims but essentially the same limitations therefore rejected based on the same rationale as claim 1.
With respect to claim 2, Levy in view of Waldron and Rivera disclose: The system of claim 1, wherein the certificate ingestion interface processor comprises: a certificate authority interface for accepting certificates and certificate chains from a plurality of disparate certificate authorities; (Levy col 4 lines 5-20 “the digital certificate management system 150 identifies one or more digital certificates based on information received or collected from one or more [plurality] certificate sources 110. In one embodiment, the certificate source 110 may be any suitable computing device or system (e.g., a desktop computer, a laptop computer, a mobile device, a server, a virtual computing system, etc.) that generates, stores, maintains, distributes, or provides a digital certificate, such as for example, a certificate authority”, in other words, the certificate source(s) are certificate authorities. Waldron Fig. 2 illustrates that the obtained data is certificate chains).
and a server for accepting certificates from remote devices. (Levy Fig. 1 illustrates the system comprises computing device [server] for accepting certificates).
Claim 10 recites a method claim but essentially the same limitations therefore rejected based on the same rationale as claim 2.
With respect to claim 3, Levy in view of Waldron and Rivera disclose: The system of claim 2, wherein analyzing attributes of the ingested certificate attributes comprises at least one of: analyzing key and certificate anomalies; (Levy col 2 lines 30-45 disclose analyzing key and certificate data and col 5 lines 50-65 teach generating a score threshold for the attributes to determine if the score is suitable, otherwise it is interpreted as an anomaly).
Claims 13 and 18 recite a method and apparatus claims but essentially the similar mapped limitations therefore rejected based on the same rationale as claim 3.
With respect to claim 4, Levy in view of Waldron and Rivera disclose: The system of claim 3, wherein the server comprises at least one of a certificate management protocol (CMP) server and a hypertext transfer protocol (HTTP) server. (Levy Fig. 1 illustrates server 150 comprises the functions of a “management system” server and also in Levy col 6 lines 40-55 it discloses the management server handles requests related to “web server application” therefore interpreted as also performing the functions of an HTTP server).
Claim 15 recites a method claim but essentially the same limitations therefore rejected based on the same rationale as claim 4.
With respect to claim 5, Levy in view of Waldron and Rivera disclose: The system of claim 3, wherein: the server ingests the certificates from the remote devices, the certificates provided from the remote devices to the server as a part of establishing a two-way secure connection between the server and the remote devices. (Levy col 2 lines 20-30 “In one embodiment, the digital certificates may be received from various certificate sources, such as one or more customer systems. For each of the digital certificates, the digital certificate management system generates a profile including one or more intrinsic attributes of the digital certificate.” And then in col 2 line 60 to col 3 line 15 disclose using the ingested certificates from the remote customer devices as part of establishing communication with the management server which determines certain certificates as required for customer communication to access certain application(s)).
Claim 12 recites a method claim but essentially the same limitations therefore rejected based on the same rationale as claim 5.
With respect to claim 6, Levy in view of Waldron and Rivera disclose: The system of claim 3, wherein the analytics engine further validates the ingested certificates and certificate chains of the ingested certificates. (Levy col 7 line 60 to col 8 line 20 teach attribute checking [validation] to determine qualified data from the certificates data).
Claim 16 recites a method claim but essentially the same limitations therefore rejected based on the same rationale as claim 6.
With respect to claim 7, Levy in view of Waldron and Rivera disclose: The system of claim 3, wherein at least one of the remote devices comprises a certificate discovery agent executed by the remote device, the certificate discovery agent retrieving a certificate stored on the remote device and providing the retrieved certificate to the certificate ingestion interface. (Levy col 2 lines 20-30 “In one embodiment, the digital certificates may be received from various certificate sources, such as one or more customer systems. [remote device(s)]” so the certificates are sent from the remote device(s) to the management system disclosed by the prior art. Waldron Fig. 2 illustrates that the obtained data is certificate chains).
Claims 11 and 20 recite a method and apparatus claims but essentially the same limitations therefore rejected based on the same rationale as claim 7.
Claim(s) 8, 14 and 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Levy and Waldron and Rivera as applied to claims 1-7, 9-13, 15-18 and 20 above, and further in view of Alrawais et al. (US 20170317837 A1) hereinafter referred to as Alrawais.
With respect to claim 8, Levy in view of Waldron and Rivera disclose: The system of claim 1, wherein analyzing certificate attributes and trust relations, includes at least one of:
identifying and evaluating common certificate authorities; (Waldron ¶28 teaches identifying certificates issued by trusted [common] certificate authorities).
determining certificate attribute statistics, the certificate attribute statistics including at least one of:
key size statistics; (Levy col 8 lines 45-55 disclose using certificate attributes statistics which includes Levy col 9 lines 40-45 disclose the attributes data of the certificates comprises key size data which is used in determining which certificate(s) to use).
analyzing remote device attributes, including at least one of:
generating remote device identity statistics; (Levy col 10 lines 15-35 disclose the certificates obtained from the remote devices are analyzed and a score is calculated comprising statistical measures).
Levy in view of Waldron and Rivera do not explicitly disclose: detection of key and certificate anomalies, including at least one of: detection of weak keys;
However, Alrawais in an analogous art discloses: detection of key and certificate anomalies, including at least one of: detection of weak keys; (Alrawais ¶41 teaches analysis of digital certificates and detecting weak key(s)).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Levy and Waldron and Rivera with detection of key and certificate anomalies, including at least one of: detection of weak keys as disclosed by Alrawais to detect invalid certificates (see Alrawais ¶41).
Claims 14 and 19 recite a method and apparatus claims but recite the same limitations and therefore rejected based on the dame rationale as claim 8.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HANY S GADALLA whose telephone number is (571)272-2322. The examiner can normally be reached Mon to Fri 8:00AM - 4:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on (571) 272-3862. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/HANY S. GADALLA/Primary Examiner, Art Unit 2493
Prosecution Insights