DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Applicant's amendments filed on 01/20/2026 has been received and entered. Currently Claims 1-30 are pending.
Response to Arguments
Applicant’s arguments have been considered but are moot in view of the new ground(s) of rejection.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-5, 10-16 and 21-26 are rejected under 35 U.S.C. 103 as being unpatentable over Nagaratnam et al. US2022/0376929 (hereinafter Nagaratnam), in view of Nguyen-Huu et al. US2010/0023757 (hereinafter Nguyen-Huu).
As per claim 1, Nagaratnam teaches a method comprising: generating a digital certificate based on a signed request (Nagaratnam paragraph [0080], [0086], generating digital certificate);
signing, by a first system dedicated to the first client device, a message using a first private key associated with the first client device to generate a signed message, wherein the first private key is inaccessible to the first client device (Nagaratnam paragraph [0076]-[0078], [0084], [0087]-[0089], [0095], sign with private key associated with client, where the private key is inaccessible to the client. The system comprises a plurality of clients and servers having a system for signing for a client device.) (It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to duplicate the signing system across the plurality of servers, since it has been held that mere duplication of parts involves routine skill in the art. It would have also been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to assign/have each signing system to a specific client device because the results would have been predictable and resulted in each client device having its own dedicated signing system); and
signing, by a second system dedicated to a second client device, a second message using a second private key associated with the second client device to generate a second signed message (Nagaratnam paragraph [0076]-[0078], [0084], [0087]-[0089], [0095], sign with private key associated with client, where the private key is inaccessible to the client. The system comprises a plurality of clients and servers having a system for signing for a client device.) (It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to duplicate the signing system across the plurality of servers, since it has been held that mere duplication of parts involves routine skill in the art. It would have also been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to assign/have each signing system to a specific client device because the results would have been predictable and resulted in each client device having its own dedicated signing system).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to duplicate the signing system across the plurality of servers, since it has been held that mere duplication of parts involves routine skill in the art. It would have also been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to try to have a dedicated signing system for each client device. There are only two options for the signing system, either having a dedicated signing system for each client device or not having a dedicated signing system for the client devices and the result will be the same, messages are signed by the signing system.
Nagaratnam does not explicitly disclose causing digital certificate to be stored in a shared data storage available to a first client device.
Nguyen-Huu teaches causing digital certificate to be stored in a shared data storage available to a first client device (Nguyen-Huu paragraph [0024], [0026], [0036], [0059], store generated certificate in repository available to other client devices).
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Nagaratnam of generating certificates with the teachings of Nguyen-Huu to include storing and retrieving certificates in shared repository in order to provide a central certificate repository such that certificates are accessible to a plurality of client devices for secure communications.
As per claim 2, Nagaratnam in view of Nguyen-Huu teaches the method of claim 1, wherein the digital certificate comprises a public key associated with the second client device (Nagaratnam paragraph [0078], [0080], [0084], [0086], digital certificate comprises a public key associated with a second client; Nguyen-Huu paragraph [0024], [0026], [0036], [0059], digital certificate comprises a public key associated with a second client).
As per claim 3, Nagaratnam in view of Nguyen-Huu teaches the method of claim 2, further comprising: generating a second public key associated with the second client device; and sending the second public key to the second client device (Nagaratnam paragraph [0078], [0084], generating public key and private key associated with second client and sending public key to second client; Nguyen-Huu paragraph [0026], [0059]).
As per claim 4, Nagaratnam in view of Nguyen-Huu teaches the method of claim 1, further comprising: receiving, from the first client device, a first request to sign the message; and signing the message using the first private key associated with the first client device responsive receiving the first request to sign the message (Nagaratnam paragraph [0089], [0095]-[0096], receive request to sign and signing with the private key).
As per claim 5, Nagaratnam in view of Nguyen-Huu teaches the method of claim 4, wherein the message was generated based on a second public key associated with the digital certificate (Nguyen-Huu paragraph [0056], encrypts data using public key).
As per claim 10, Nagaratnam in view of Nguyen-Huu teaches the method of claim 1, further comprising: receiving a request for the digital certificate, wherein the request comprises at least one of an identifier of an application executing on the second client device, an identifier to an owner of the application, or an indication of a geographic location associated with the application (Nagaratnam paragraph [0080], [0083], [0085]-[0086], request for certificate comprises various information such as owner information; Nguyen-Huu paragraph [0057], [0059], request for certificate comprises owner information).
As per claim 11, Nagaratnam in view of Nguyen-Huu teaches the method of claim 1, further comprising: providing the digital certificate to the first client device to cause the first client device to verify that the digital certificate is associated with the second client device by at least one of: determining that the digital certificate was signed by a certificate authority that is respectively assigned to the second client device; determining that a second digital certificate is unexpired; or determining that the second digital certificate comprises an identifier of an application executing on the second client device (Nagaratnam paragraph [0080], [0097], receive certificate and validate signature of certificate; Nguyen-Huu paragraph [0059], provide certificate to client device).
As per claims 12-16 and 21-26, the claims claim a system and a non-transitory computer-readable medium essentially corresponding to the method claims 1-5 and 10 above, and they are rejected, at least for the same reasons.
Claims 9, 20 and 30 are rejected under 35 U.S.C. 103 as being unpatentable over Nagaratnam in view of Nguyen-Huu, and further in view of Peddada US2017/0163618.
As per claim 9, Nagaratnam in view of Nguyen-Huu teaches the method of claim 1.
Nagaratnam in view of Nguyen-Huu does not explicitly disclose wherein message comprises at least one of a password, a token, or an application programming interface (API) key.
Peddada teaches wherein message comprises at least one of a password, a token, or an application programming interface (API) key (Peddada paragraph [0039], [0056], secret).
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Nagaratnam in view of Nguyen-Huu of signing data with a private key with the teachings of Peddada to include encrypting a secret with a recipient public key and signing the secret with a private key in order to provide and establish a shared secret for secure communications.
As per claims 20 and 30, the claims claim a system and a non-transitory computer-readable medium essentially corresponding to the method claim 9 above, and they are rejected, at least for the same reasons.
Allowable Subject Matter
Claims 6-8, 17-19 and 27-29 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HENRY TSANG whose telephone number is (571)270-7959. The examiner can normally be reached M-F 9am - 5pm EST.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached at (571) 272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/HENRY TSANG/Primary Examiner, Art Unit 2495