Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
Response to Amendment
This is a reply to the request for Continued Examination (RCE) filed on 12/28/2020, in which Claim(s) 22-39 are presented for examination.
Claim(s) 1-21 are cancelled.

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 12/28/2020 has been entered.

Terminal Disclaimer
The terminal disclaimer filed on 02/17/2021 disclaiming the terminal portion of any patent granted on this application which would extend beyond the expiration date of 8,966,267 and 10,033,529 has been reviewed and is accepted.  The terminal disclaimer has been recorded.

Claim Rejections - 35 U.S.C. § 112:
st paragraph with rejection of claim(s) 22-39 have been fully considered and are persuasive.  The rejection of 112 1st paragraph have been withdrawn in view of the amendment to claim.

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in a telephone interview with Attorney Matt Rojanakiathavorn at 408.610.4298 on 02/17/2021
The application has been amended as follows:
.	(Cancelled).
(Currently Amended) A method in a first server for establishing and using a secure session with a client device, the method comprising:
transmitting, by the first server, a plurality of messages between the client device and a second server, the plurality of messages generated by the client device and the second server for establishing the secure session between the client device and the first server, wherein the second server has access to a private key used in establishing the secure session including signing a set of cryptographic parameters, included in the plurality of messages, that are to be used by the client device when generating a premaster secret and include a first Diffie-Hellman public value selected by the second server, and wherein the private key is not available on the first server; 

receiving, from the client device over the secure session, an encrypted request for a resource, 
decrypting, using the set of session keys, the encrypted request for the resource;
retrieving the requested resource locally on the first server;
generating a response that includes the retrieved resource;
encrypting the generated response using the set of session keys; and
transmitting, to the client device over the secure session, the encrypted response. 
 (Previously Presented)	The method of claim 22, wherein the first server and the second server are owned or operated by different entities.
(Previously Presented)	The method of claim 22, wherein the set of session keys are received from the second server over a secure session between the first server and the second server. 
(Previously Presented)	The method of claim 22, wherein retrieving the requested resource includes transmitting the request for the resource to a third server and receiving the resource from the third server in response to the request, and wherein the second server and the third server are the same server. 
(Canceled) 	 
(Previously Presented)	The method of claim 22, further comprising: 
wherein the plurality of messages transmitted between the client device and the second server includes a Client Hello message received from the client device, a Server Hello message received from the second server, a Certificate message received from the second server, a Server Key Exchange message received from the 
receiving, from the second server, the master secret;
verifying information in the first Finished message including,
calculating a first value using a function that takes as input at least the master secret and a hash of the Client Hello message, Server Hello message, Certificate message, Server Key Exchange message, Server Hello Done message, Client Key Exchange message, and first Change Cipher Spec message, and
comparing the calculated first value with a second value included in the first Finished message, wherein a same first value and second value indicates a successful key exchange;
calculating a third value using a function that takes as input at least the master secret and a hash of the Client Hello message, Server Hello message, Certificate message, Server Key Exchange message, Server Hello Done message, Client Key Exchange message, first Change Cipher Spec message, first Finished message, and second Change Cipher Spec message; and
including the third value in the second Finished message.
(Currently Amended)	A non-transitory computer-readable medium storing instructions, which when executed by a set of one or more processors of a first server, cause the set of processors to perform operations comprising:
transmitting, by the first server, a plurality of messages between a client device and a second server, the plurality of messages generated by the client device and the second server for establishing a secure session between the client device and the first server, wherein the second server has access to a private key used in establishing a secure session between the client device and the first server including signing a set of cryptographic parameters, included in the plurality of messages, that are to be used by the client device when generating a premaster secret and include a first Diffie-Hellman public value selected by the second server, and wherein the private key is not available on the first server; 

receiving, from the client device over the secure session, an encrypted request for a resource, 
decrypting, using the set of session keys, the encrypted request for the resource;
retrieving the requested resource locally on the first server;
generating a response that includes the retrieved resource;
encrypting the generated response using the set of session keys; and
transmitting, to the client device over the secure session, the encrypted response.   
(Previously Presented)	The non-transitory computer-readable medium of claim 28, wherein the first server and the second server are owned or operated by different entities.
(Previously Presented)	The non-transitory computer-readable medium of claim 28, wherein the set of session keys are received from the second server over a secure session between the first server and the second server.
 (Previously Presented)	The non-transitory computer-readable medium of claim 28, wherein retrieving the requested resource includes transmitting the request for the resource to a third server and receiving the resource from the third server in response to the request, and wherein the second server and the third server are the same server. 
(Canceled)
 (Previously Presented)	The non-transitory computer-readable medium of claim 28, further storing instructions that, when executed by the set of processors, cause the set of processors to perform the following operations: 
wherein the plurality of messages transmitted between the client device and the second server includes a Client Hello message received from the client device, a Server 
receiving, from the second server, the master secret;
verifying information in the first Finished message including,
calculating a first value using a function that takes as input at least the master secret and a hash of the Client Hello message, Server Hello message, Certificate message, Server Key Exchange message, Server Hello Done message, Client Key Exchange message, and first Change Cipher Spec message, and
comparing the calculated first value with a second value included in the first Finished message, wherein a same first value and second value indicates a successful key exchange;
calculating a third value using a function that takes as input at least the master secret and a hash of the Client Hello message, Server Hello message, Certificate message, Server Key Exchange message, Server Hello Done message, Client Key Exchange message, first Change Cipher Spec message, first Finished message, and second Change Cipher Spec message; and
including the third value in the second Finished message.
(Currently Amended)	An apparatus comprising:
a first server including a set of one or more processors and a set of one or more non-transitory computer-readable storage mediums storing instructions, that when executed by the set of processors, cause the set of processors to perform the following operations:
transmit a plurality of messages between a client device and a second server, the plurality of messages generated by the client device and the second server for establishing a secure session between the client device and the first server, wherein the second server has access to a private key used in establishing a secure session between the client device and the first server 
receive, from the second server, a set of one or more session keys to be used in the secure session for encrypting and decrypting communication between the client device and the first server that were generated at least using a master secret that is generated using a premaster secret that is generated using a second Diffie-Hellman public value selected by the client device and the first Diffie-Hellman public value selected by the second server;
receive, from the client device over the secure session, an encrypted request for a resource, 
decrypt, using the set of session keys, the encrypted request for the resource;
retrieve the requested resource locally on the first server;
generate a response that includes the retrieved resource;
encrypt the generated response using the set of session keys; and
transmit, to the client device over the secure session, the encrypted response. 
(Previously Presented)	The apparatus of claim 34, wherein the first server and the second server are owned or operated by different entities.
(Previously Presented)	The apparatus of claim 34, wherein the set of session keys are to be received from the second server over a secure session between the first server and the second server.
 (Previously Presented)	The apparatus of claim 34, wherein retrieval of the requested resource includes transmission of the request for the resource to a third server and receipt of the resource from the third server in response to the request, wherein the second server and the third server are the same server. 
(Canceled)	
(Previously Presented)	The apparatus of claim 34, wherein the set of non-transitory computer-readable storage mediums further stores instructions, that when executed by the set of processors, cause the set of processors to perform the following operations: 
wherein the plurality of messages to be transmitted between the client device and the second server includes a Client Hello message received from the client device, a Server Hello message received from the second server, a Certificate message received from the second server, a Server Key Exchange message received from the second server, a Server Hello Done message received from the second server, a Client Key Exchange message received from the client device, a first and second Change Cipher Spec message, and a first and second Finished message;
receive, from the second server, the master secret;
verify information in the first Finished message including,
calculate a first value using a function that takes as input at least the master secret and a hash of the Client Hello message, Server Hello message, Certificate message, Server Key Exchange message, Server Hello Done message, Client Key Exchange message, and first Change Cipher Spec message, and
compare the calculated first value with a second value included in the first Finished message, wherein a same first value and second value indicates a successful key exchange;
calculate a third value using a function that takes as input at least the master secret and a hash of the Client Hello message, Server Hello message, Certificate message, Server Key Exchange message, Server Hello Done message, Client Key Exchange message, first Change Cipher Spec message, first Finished message, and second Change Cipher Spec message; and
include the third value in the second Finished message.

Allowable Subject Matter
Claims 22-25, 27-31, 33-37 and 39 are allowed.


Independent Claim(s) and their respective dependent claims are allowable over prior arts since the prior arts taken individually or in combination fails to particular discloses, fairly suggest or render obvious the following italic limitations:
In regards to claim(s) 22, 28 and 34, the prior art of record (Mowers et al. (Pub. No.: US 2004/0210756 A1; hereinafter Primary Reference) in view Nagel et al. (Pat. No.: US 7,869,591 B1; Secondary Reference)) does not disclose:
 “transmitting, by the first server, a plurality of messages between the client device and a second server, the plurality of messages generated by the client device and the second server for establishing the secure session between the client device and the first server, wherein the second server has access to a private key used in establishing the secure session including signing a set of cryptographic parameters, included in the plurality of messages, that are to be used by the client device when generating a premaster secret and include a first Diffie-Hellman public value selected by the second server, and wherein the private key is not available on the first server…” in combination with other limitations recited as specified in the independent claim(s). Rather, the primary reference discloses a first server for presenting evidence to a Domain Controller (DC) of a first authentication context being submitted from a client to the first server to obtain a delegable credential, wherein the credential can be used to request a second authentication context from that client to a second server. Another aspect relates to the first server providing a pass-thru with evidence to a DC. The evidence relates to a first authentication context being submitted from a client to the first server that it obtained a delegable credential. The pass-thru is used in combination with the credential to request a second authentication context from the client to a second server. Similarly, the secondary reference discloses a system and method for communicating information between a first party and a second party, comprising the steps of receiving, by an intermediary, an identifier of desired information and accounting information for a transaction involving the information from the first party, transmitting an identifier of the first party to the second party, and negotiating, by the intermediary, a comprehension function for obscuring at least a portion of the information communicated between the first party and the second party. Accordingly, the claims are allowed.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DAO Q HO whose telephone number is (571)270-5998.  The examiner can normally be reached on 7:00am - 5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Nickerson can be reached on (469) 295-9235.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/DAO Q HO/Primary Examiner, Art Unit 2432