Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


DETAILED ACTION
This is the initial office action has been issued in response to patent application, 16/228714, filed on 20 December 2018.  Claims 1-26, as originally filed, are currently pending and have been considered below.  


Information Disclosure Statement
The information disclosure statement filed 12/20/2018 complies with the provisions of 37 CFR 1.97, 1.98 and MPEP § 609 and the information referred to therein has been considered as to the merits.  


Minor Informalities
Claim 18 is objected to because of the following informalities:  Claim 18 recites “is a invalid certificate, key or hash”.  Examiner suggests changing "a” to "an".  Appropriate correction is required.



Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(d):
(d) REFERENCE IN DEPENDENT FORMS.—Subject to subsection (e), a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.

The following is a quotation of pre-AIA  35 U.S.C. 112, fourth paragraph:
Subject to the following paragraph [i.e., the fifth paragraph of pre-AIA  35 U.S.C. 112], a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.



Claims 24, 25, 26 are rejected under 35 U.S.C. 112(d) or pre-AIA  35 U.S.C. 112, 4th paragraph, as being of improper dependent form for failing to further limit the subject matter of the claim upon which it depends, or for failing to include all the limitations of the claim upon which it depends. Claims 24, 25, 26 recite “a test system including one or more processors and non-transitory memory coupled to the processors, the non-transitory memory holding a computer program … the test system performing the method of claim 1/8/20”.  Applicant may cancel the claim(s), amend the claim(s) to place the claim(s) in proper dependent form, rewrite the claim(s) in independent form, or present a sufficient showing that the dependent claim(s) complies with the statutory requirements.





Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.



Claims 1-26 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Canady et al. (US2019/0182129 A1, file date 12/11/2017).

Claim 1:
With respect to claim 1, Canady et al. discloses a method of testing handling of secure communication sessions of a plurality of clients with a plurality of servers by device or system under test (DUT) (to provide methods and systems to efficiently test handling of HTTPS sessions of a plurality of clients with a plurality of servers by a switching, bridging or routing device (referred to as the "device or system under test" or "DUT"), 0010), the testing conducted by a test system having at least (the testing conducted by a test system having at least first and second ports that are coupled to ports on the DUT, 0010), the method including:
using a plurality of client state machines running one or more processor cores (using a plurality of client state machines running on at least four processor cores, 0011),
communicating through the DUT with a plurality of server state machines running on one or more additional processor cores (communicating through the DUT with a plurality of server state machines running on at least four additional processor cores, 0011);
for each connection between (i) a client represented by a client state machine, of the plurality of client state machines, and (ii) a server represented by a server state machine, of the plurality of server state machines, setting up a secure communication session (for each connection between (i) a client represented by a client state machine, of the plurality of client state machines, and (ii) a server represented by a server state machine, of the plurality of server state machines, setting up an HTTPS session including establishing an HTTPS session between the client and the server, 0011) including:
establishing a secure communication session, with a handshake between the client and the server (negotiating an encryption protocol and exchanging keys, and completing an HTTPS handshake, 0011) including the client and/or the server transitioning past a standards-required verification step or validation step without performing the required verification or validation step (without using the negotiated encryption protocol to encrypt and decrypt the patterned payload data, 0011, 0012);
using at least 1,000 of the established secure communication sessions, conducting a test including: generating test packets; and transmitting the test packets through the DUT; and compiling and reporting results of the test (following the setup of between 100,000 HTTPS sessions and 10,000,000 HTTPS sessions, conducting a stress test including (i) generating address and packet header information in conformance with an HTTPS standard, (ii) combining patterned payload data to the generated address and packet header to form test packets without using the negotiated encryption protocol to encrypt and decrypt the patterned payload data, and (iii) transmitting the test packets through the DUT.  Additionally, the method can include and compiling and reporting results of the stress test, 0011).

Claim 2:
With respect to claim 2, Canady et al. discloses wherein the establishing of the secure communication session includes one of the client and the server bypassing a transmission of a standards-required error message to another of the client and the server when an error has occurred at the one of the client and the server (combining patterned payload data to the generated address and packet header to form test packets without using the negotiated encryption protocol to encrypt and decrypt the patterned payload data, and (iii) transmitting the test packets through the 
DUT, 0011) (If the value is "False", this means that the FSM is still running and the dispatcher continues to dequeue and dispatch messages.  However, if the return value is "True", the dispatcher stops dispatching any queued messages, and the FSM is considered to be complete, 0061).

Claim 3:
With respect to claim 3, Canady et al. discloses wherein the standards-required verification step or validation step is a verification of a certificate received by one of the client and the server, from the other of the client and the server (The server 220 continues the handshaking procedure by sending a Certificate in operation 242, 0043), and
wherein the one of the client and the server receiving the certificate operates as if there has been a successful verification of the certificate without verifying the certificate (after receiving the certificate, the client 210 will essentially say, ok, let's start encrypting 0044).

Claim 4:
With respect to claim 4, Canady et al. discloses wherein the standards-required verification step or validation step is a verification that a particular field (i) does correspond to a particular group and (ii) does not correspond to another particular group, and
wherein one of the client and the server transmits a standards-required message to another of the client and the server as if there has been a successful verification that the particular field (i) does correspond to the particular group and (ii) does not correspond to the other particular group (Once the client machine 110, the server machine 120, the DUT 130 and the calibration and analysis tool 140 have been set up to run the "stress test," it will be necessary to start establishing HTTPS sessions between the various emulated clients and the various emulated servers, the "stress test" could also be performed in the field for the purpose of determining whether a DUT deployed in the field has been damaged and needs replacement or repair., 0038).

Claim 5:
With respect to claim 5, Canady et al. discloses wherein, the standards-required verification step or validation step is a validation of a key received by one of the client and the server, from the other of the client and the server, and
wherein the one of the client and the server receiving the key operates as if there has been a successful validation of the key without validating the key (the "Client_Hello" message may include information regarding which types of Key the client 210 can accept (e.g., RSA, Diffie-Hellman, DSA, etc.), which type of Cipher the client can accept (e.g., RC4, Triple DES, AES, etc.) and which type of Hash can be used (e.g., HMAC-MDS, HMAC-SHA, etc.), 0041) (The "Server_Hello" message may also indicate which type of Key, Cipher and Hash will or can be used by the server 
220, 0042).




Claim 6:
With respect to claim 6, Canady et al. discloses wherein, the standards-required verification step or validation step is a verification of a hash received by one of the client and the server, from the other of the client and the server, and
wherein the one of the client and the server receiving the hash operates as if there has been a successful verification of the hash without verifying the hash (the "Client_Hello" message may include information regarding which types of Key the client 210 can accept (e.g., RSA, Diffie-Hellman, DSA, etc.), which type of Cipher the client can accept (e.g., RC4, Triple DES, AES, etc.) and which type of Hash can be used (e.g., HMAC-MDS, HMAC-SHA, etc.), 0041) (The "Server_Hello" message may also indicate which type of Key, Cipher and Hash will or can be used by the server 
220, 0042).

Claim 7:
With respect to claim 7, Canady et al. discloses wherein, the standards-required verification step or validation step is a verification of a digital signing of content received by one of the client and the server, from the other of the client and the server, and
wherein the one of the client and the server receiving the content operates as if there has been a successful verification of the digital signing of the content without verifying the digital signing of the content (The Certificate can identify, for example, a serial number, an issuer (e.g., Verisign), validity dates, a public key, as well as a site address, and a company address, 0043) (the "Client_Hello" message may include information regarding which types of Key the client 210 can accept (e.g., RSA, Diffie-Hellman, DSA, etc.), which type of Cipher the client can accept (e.g., RC4, Triple DES, AES, etc.) and which type of Hash can be used (e.g., HMAC-MDS, HMAC-SHA, etc.), 0041) (The "Server_Hello" message may also indicate which type of Key, Cipher and Hash will or can be used by the server 220, 0042).

Claim 8:
With respect to claim 8, Canady et al. discloses a method of testing handling of secure communication sessions of a plurality of clients with a plurality of servers by device or system under test (DUT) (to provide methods and systems to efficiently test handling of HTTPS sessions of a plurality of clients with a plurality of servers by a switching, bridging or routing device (referred to as the "device or system under test" or "DUT"), 0010), the testing conducted by a test system having at least first and second ports that are coupled to ports on the DUT (the testing conducted by a test system having at least first and second ports that are coupled to ports on the DUT, 0010), the method including:
using a plurality of client state machines running one or more processor cores (using a plurality of client state machines running on at least four processor cores, 0011),
communicating through the DUT with a plurality of server state machines running on one or more additional processor cores (communicating through the DUT with a plurality of server state machines running on at least four additional processor cores, 0011);
for each connection between (i) a client represented by a client state machine, of the plurality of client state machines, and (ii) a server represented by a server (for each connection between (i) a client represented by a client state machine, of the plurality of client state machines, and (ii) a server represented by a server state machine, of the plurality of server state machines, setting up an HTTPS session including establishing an HTTPS session between the client and the server, 0011) including:
establishing a secure communication session, with a handshake between the client and the server (negotiating an encryption protocol and exchanging keys, and completing an HTTPS handshake, 0011), including the client and/or the server reusing standards-required security mechanisms without generating or obtaining new standards-required security mechanisms (without using the negotiated encryption protocol to encrypt and decrypt the patterned payload data, 0011, 0012);
following the setup of at least 1,000 secure communication sessions, conducting a test including: generating test packets; and transmitting the test packets through the DUT; and compiling and reporting results of the test (following the setup of between 100,000 HTTPS sessions and 10,000,000 HTTPS sessions, conducting a stress test including (i) generating address and packet header information in conformance with an HTTPS standard, (ii) combining patterned payload data to the generated address and packet header to form test packets without using the negotiated encryption protocol to encrypt and decrypt the patterned payload data, and (iii) transmitting the test packets through the DUT.  Additionally, the method can include and compiling and reporting results of the stress test, 0011).

Claim 9:
With respect to claim 9, Canady et al. discloses wherein one of the standards-required security mechanisms that is reused by the client or the server is a reused certificate, where reuse of certificates is contrary to a standard-based procedure of the secure communication session (The server 220 continues the handshaking procedure by sending a Certificate in operation 242, 0043) (after receiving the certificate, the client 210 will essentially say, ok, let's start encrypting 0044) (the client 210 and the server 220 exchange "test packets" therebetween.  In typical HTTPS communications, once encryption is negotiated (see operations 240-249), subsequent communications between the client 210 and the server 220 include (i) an unencrypted header, (ii) an encrypted command, such as GET or POST, and (iii) encrypted data that is encrypted using the negotiated encryption method, 0045).

Claim 10:
With respect to claim 10, Canady et al. discloses wherein the reused certificate is selected from a pool of reusable certificates (The server 220 continues the handshaking procedure by sending a Certificate in operation 242, 0043) (after receiving the certificate, the client 210 will essentially say, ok, let's start encrypting 0044) (the Caches can be utilized to pre-fetch the data necessary for performing operations 240 through 251, 0055).


Claim 11:
With respect to claim 11, Canady et al. discloses wherein the reused certificate is a wildcard certificate covering all subdomains of a top-level domain or a wildcard certificate covering all top-level domains, both types of wildcard certificates being unusable or non-compliant according to a standard-based procedure utilized to conduct the secure communication session (high-level data link control (HDLC), 0035) (the test system 100 is configurable on many levels and is capable of interfacing with a DUT 130 using any of the interfaces and protocols from the OSI layers (i.e. layers 1-5) that are below the HTTPS layers (i.e., layers 6 and 7), 0037).

Claim 12:
With respect to claim 12, Canady et al. discloses wherein one of the standards-required security mechanisms that is reused by the client or the server is a reused key, where reuse of keys is contrary to a standard-based procedure of the secure communication session (From the "Client_Key_Exchange" message the server 220 will receive a key and both the client 210 and server 220 will be able to calculate a master secret code and from the "Change_Cipher_Spec" message., the different types of algorithms and encryption/decryption can include symmetric algorithms that use a single key, and asymmetric algorithms that use a public/private key pair, 0044).

Claim 13:
With respect to claim 13, Canady et al. discloses wherein one of the standards-required security mechanisms that is reused by the client or the server is a reused ticket, where (pre-fetching makes it possible to get canned data or messages from the external memory 400 or other sources, such that the canned data or messages can be used as the payload of the messages exchanged between the server machine 120 and the client machine 110, 0056).

Claim 14:
With respect to claim 14, Canady et al. discloses where reuse of the standards-required security mechanisms is performed when a standard-based procedure of the secure communication session requires at least one of a discarding of the standards-required security mechanism, a creation of a new standards-required security mechanism, an implementation of a standards-required security mechanism having new values.
(The entry handlers 441 handle the entry of a message and can cause a state of the FSM 440 to change and the exit handlers 442 handle the exit of a massage based on the new state of the FSM 440, 0057) (the FSM 440 performs an evaluation of the received incoming test packet 450 and performs a state change from an old state to a new state 810, based on the net state, the FSM 440, using one or more exit handlers, outputs the new state 820 or a new state message, a counter update 830, and additional information 840, Information from the new state 820, the counter update 830 and the additional information 840 can be received by a generator and combiner 850 that generates and combines the received information to generate the outgoing test packet 860 that includes an outgoing header 870 and an outgoing payload 880, 0070).

Claim 15:
With respect to claim 15, Canady et al. discloses wherein the establishing of the secure communication session includes the server selecting an exchange mode of exchanging standards-required security mechanisms regardless of whether the exchange mode is listed by the client (A person of ordinary skill in the art may understand that the type of data generation required for the first phase of HTTPS communication (see FIG. 2) can be referred to as flexible mode data generation and the type of data generation required for the second phase of HTTPS communication, as implemented by the present technology can be either flexible mode data generation (i.e., not pre-fetching data into the Caches for data generation) or inflexible mode data generation (i.e., using pre-fetching data, to place the appropriate data into the Caches), 0056).

Claim 16:
With respect to claim 16, Canady et al. discloses wherein the establishing of the secure communication session includes the server transmitting a non-unique standards-required security mechanism request contrary to a standard-based procedure of the secure communication session requires a unique standards-required security mechanism request (combining patterned payload data to the generated address and packet header to form test packets without using the negotiated encryption protocol to encrypt and decrypt the patterned payload data, 0011).

Claim 17:
With respect to claim 17, Canady et al. discloses wherein the standards-required security mechanisms are a requirement of a standard-based procedure utilized to conduct the secure communication session (The SSL (Secure Sockets Layer) protocol is the early version of security that was required by HTTPS and the 
TLS (Transport Layer Security) protocol is the more recent version of security required by HTTPS., 0005) (HTTPS requires a level of encryption that has been negotiated between the servers and the clients, 0008).

Claim 18:
With respect to claim 18, Canady et al. discloses wherein one of the reused standards-required security mechanisms is a invalid certificate, key or hash (The "Client_Hello" message may include a session ID, as well as other information required by the HTTPS protocol.  For example, the "Client_Hello" message may include information regarding which types of Key the client 210 can accept (e.g., RSA, Diffie-Hellman, DSA, etc.), which type of Cipher the client can accept (e.g., RC4, Triple DES, AES, etc.) and which type of Hash can be used (e.g., HMAC-MDS, HMAC-SHA, etc.), 0041) (The "Server_Hello" message may also indicate which type of Key, Cipher and Hash will or can be used by the server 220., 0042).

Claim 19:
With respect to claim 19, Canady et al. discloses further including the secure communication session using a security mechanism that has a lower security strength (the test system 100 is configurable on many levels and is capable of interfacing with a DUT 130 using any of the interfaces and protocols from the OSI layers (i.e. layers 1-5) that are below the HTTPS layers (i.e., layers 6 and 7), 0037).

Claim 20:
With respect to claim 20, Canady et al. discloses a method of testing handling of secure communication sessions of a plurality of clients with a plurality of servers by device or system under test (DUT) (to provide methods and systems to efficiently test handling of HTTPS sessions of a plurality of clients with a plurality of servers by a switching, bridging or routing device (referred to as the "device or system under test" or "DUT"), 0010), the testing conducted by a test system having at least first and second ports that are coupled to ports on the DUT (the testing conducted by a test system having at least first and second ports that are coupled to ports on the DUT, 0010), the method including:
using a plurality of client state machines running one or more processor cores (using a plurality of client state machines running on at least four processor cores, 0011),
communicating through the DUT with a plurality of server state machines running on one or more additional processor cores (communicating through the DUT with a plurality of server state machines running on at least four additional processor cores, 0011);
for each connection between (i) a client represented by a client state machine, of the plurality of client state machines, and (ii) a server represented by a server (for each connection between (i) a client represented by a client state machine, of the plurality of client state machines, and (ii) a server represented by a server state machine, of the plurality of server state machines, setting up an HTTPS session including establishing an HTTPS session between the client and the server, 0011) including:
establishing a secure communication session between the client and the server (negotiating an encryption protocol and exchanging keys, and completing an HTTPS handshake, 0011),
including completing a handshake between the client and the server and the client and the server transmitting content contrary to an established standard-based procedure that requires signing of the content (without using the negotiated encryption protocol to encrypt and decrypt the patterned payload data, 0011, 0012); and following the setup of at least 1,000 secure communication sessions, conducting a test including: generating test packets; and transmitting the test packets through the DUT; and compiling and reporting results of the test (following the setup of between 100,000 HTTPS sessions and 10,000,000 HTTPS sessions, conducting a stress test including (i) generating address and packet header information in conformance with an HTTPS standard, (ii) combining patterned payload data to the generated address and packet header to form test packets without using the negotiated encryption protocol to encrypt and decrypt the patterned payload data, and (iii) transmitting the test packets through the DUT.  Additionally, the method can include and compiling and reporting results of the stress test, 0011).
Claim 21:
With respect to claim 21, Canady et al. discloses wherein elements of the content generated and transmitted by the client and server are unsigned or improperly signed (without using the negotiated encryption protocol to encrypt and decrypt the patterned payload data, 0011, 0012), which is contrary to the established standard-based procedure that requires the elements of the content to be signed or properly signed (The Certificate can identify, for example, a serial number, an issuer (e.g., Verisign), validity dates, a public key, as well as a site address, and a company address, 0043) (the "Client_Hello" message may include information regarding which types of Key the client 210 can accept (e.g., RSA, Diffie-Hellman, DSA, etc.), which type of Cipher the client can accept (e.g., RC4, Triple DES, AES, etc.) and which type of Hash can be used (e.g., HMAC-MDS, HMAC-SHA, etc.), 0041) (The "Server_Hello" message may also indicate which type of Key, Cipher and Hash will or can be used by the server 220, 0042).

Claim 22:
With respect to claim 22, Canady et al. discloses wherein the unsigned content is selected from a pool of unsigned content (The server 220 continues the handshaking procedure by sending a Certificate in operation 242, 0043) (after receiving the certificate, the client 210 will essentially say, ok, let's start encrypting 0044) (the Caches can be utilized to pre-fetch the data necessary for performing operations 240 through 251, 0055).

Claim 23:
With respect to claim 23, Canady et al. discloses further including transmitting content contrary an established-based procedure that requires encryption of the content (negotiating an encryption protocol and exchanging keys, and completing an HTTPS handshake, 0011) (without using the negotiated encryption protocol to encrypt and decrypt the patterned payload data, 0011, 0012).

Claims 24, 25, 26:
With respect to claims 24, 25, 26, Canady et al. discloses a test system including one or more processors and non-transitory memory coupled to the processors, the non-transitory memory holding a computer program thereon (memory, processor, Figures 4 and 9), the computer program for testing handling of secure communication sessions of a plurality of clients with a plurality of servers by device or system under test (DUT) (to provide methods and systems to efficiently test handling of HTTPS sessions of a plurality of clients with a plurality of servers by a switching, bridging or routing device (referred to as the "device or system under test" or "DUT"), 0010), the test system further including at least first and second ports that couple the processors to ports on the DUT, the test system performing the method of claim 1/8/20 (the testing conducted by a test system having at least first and second ports that are coupled to ports on the DUT, 0010).



Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure, (see PTO Form 892).

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Helai Salehi whose telephone number is 571-270-7468.  The examiner can normally be reached on Monday - Friday from 9 am to 5 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Jeff Pwu, can be reached on 571-272-6798.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a .

/HELAI SALEHI/Examiner, Art Unit 2433        

/JEFFREY C PWU/Supervisory Patent Examiner, Art Unit 2433