DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Amendment
Applicant’s amendment filed 07 March 2019 cancels claims 9, 10, 18-20, 26, and 27. Applicant’s amendment has been fully considered and entered.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-8 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim limitations “message copier”, “connection establisher”, “decryptor”, “security enforcer”, “key generator”, “support determiner”, “connection establisher”, and “certificate verifier” invoke 35 U.S.C. 112(f) or pre-AIA  35 
Applicant may:
(a)        Amend the claim so that the claim limitation will no longer be interpreted as a limitation under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph; 
(b)        Amend the written description of the specification such that it expressly recites what structure, material, or acts perform the entire claimed function, without introducing any new matter (35 U.S.C. 132(a)); or 
(c)        Amend the written description of the specification such that it clearly links the structure, material, or acts disclosed therein to the function recited in the claim, without introducing any new matter (35 U.S.C. 132(a)).
If applicant is of the opinion that the written description of the specification already implicitly or inherently discloses the corresponding structure, material, or acts and clearly links them to the function so that one of ordinary skill in the art would recognize what structure, material, or acts perform the claimed function, applicant should clarify the record by either: 
(a)        Amending the written description of the specification such that it expressly recites the corresponding structure, material, or acts for performing the claimed function and clearly links or associates the structure, material, or acts to the claimed function, without introducing any new matter (35 U.S.C. 132(a)); or 
(b)        Stating on the record what the corresponding structure, material, or acts, which are implicitly or inherently set forth in the written description of the specification, perform the claimed function. For more information, see 37 CFR 1.75(d) and MPEP §§ 608.01(o) and 2181.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1, 4, 7, 11, 14, 17, 21, 23, 25 are rejected under 35 U.S.C. 103 as being unpatentable over Chen, U.S. Publication No. 2019/0173863, in view of Wu, U.S. Publication No. 2010/0199099. Referring to claims 1, 11, 21, Chen discloses a secure communication system wherein a client transmits a client hello message to a server to open a TLS session such that an inspector intercepts the client hello message and sends a “fake” client hello message to the server ([0046]: the inspector would read on the claimed apparatus and the fake client hello message is equivalent to the claimed clone client introductory message), which meets the limitation of a message copier to clone a client introductory message, the client introductory message is included in a first handshake for network communication between a client and a server. The inspector sending the “fake” client hello message to the server allows for the establishment of a session between the inspector and the server using a session key generating using a handshake procedure ([0046]-[0051]: inspector reads on the claimed traffic manipulator of claims 11 and 21), which meets the limitation of a connection establisher to initiate a second handshake between the apparatus and the server based on the cloned client introductory message, initiating a second handshake between a traffic manipulator and the server based on the cloned client introductory message. Chen discloses that server can transmit a certificate to the inspector ([0041] & Figure 2, 206) and that the established session key enables the inspector to decrypt data received from the server ([0045]), which meets the limitation of a decryptor to, in response to the second handshake, decrypt [a certificate] sent by the server. 
However, Chen does not specify that the server transmits the certificate in encrypted fashion in order to allow for the inspector to decrypt the certificate. Wu discloses the transmission of a certificate in encrypted fashion such that the recipient of the certificate can decrypt the certificate with a secret key ([0200]), which meets the limitation of a decryptor to, in response to the second handshake, decrypt a certificate sent by the server. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the server of Chen to have encrypted the certificate such that the inspector can decrypt the received certificate in order to verify that the certificate is valid as suggested by Wu ([0199]).
	Referring to claims 4, 14, 23, Chen discloses that the session key is generated using a random byte string (cr) that was included in the fake client hello message ([0046] & [0073] & [0090]), which meets the limitation of further including a key generator to generate a key for the second handshake, the key generated using the cloned client introductory message.
	Referring to claims 7, 17, 25, Chen discloses that the handshaking procedures performed to generate the session key between the client and the inspector are performed in parallel with the procedures performed to generate the session key between the inspector and the server (Figures 3 & 5), which meets the limitation of wherein the connection establisher initiates the second handshake in parallel with the first handshake. 
Claims 2, 3, 8, 12, 13, 22 are rejected under 35 U.S.C. 103 as being unpatentable over Chen, U.S. Publication No. 2019/0173863, in view of Wu, U.S. Publication No. 2010/0199099, and further in view of Edstrom, U.S. Publication No. 2011/0154026. Referring to claims 2, 3, 12, 13, 22, Chen does not specify that the server transmits the certificate in encrypted fashion in order to allow for the inspector to decrypt the certificate. Wu discloses the transmission of a certificate in encrypted fashion such that the recipient of the certificate can decrypt the certificate with a secret key ([0200]), which meets the limitation of further including a security enforcer to [terminate the second handshake] in response to the decryptor decrypting the certificate. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the server of Chen to have encrypted the certificate such that the inspector can decrypt the received certificate in order to verify that the certificate is valid as suggested by Wu ([0199]).
Chen, as modified in view of Wu above, does not disclose terminating handshake protocols if the decrypted certificate is determined be invalid. 
Edstrom discloses terminating handshake protocols when a certificate is determined to be invalid ([0301] & [0309]), which meets the limitation of including a security enforcer to terminate the second handshake in response to the decryptor decrypting the certificate, wherein the security enforcer terminates the first handshake in response to the certificate verifier indicating that the certificate is invalid. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to terminate handshake protocols of Chen when the server certificate is determined to be invalid in order to prevent unauthorized connections as suggested by Edstrom ([0301]).
Referring to claim 8, Chen, as modified in view of Wu, does not specify that the validity of the certificate is determined based upon communication with a second server. 
Edstrom discloses that the validity of received certificates ([0301]) is determined based upon communications between the intermediary and a second server ([0315] & [0317]: OCSP server 668) such that the intermediary establishes or terminates connections when the OCSP indicates that the certificate is valid/invalid respectively ([0320]: revoked, unknown and/or expired would be equivalent to the claimed invalid certificate), which meets the limitation of wherein the apparatus is to communicate with a second server to convey an indication from a certificate verifier, the indication representing at least one of a valid certificate or an invalid certificate. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the validity of the certificates in Chen to have been determined based upon communication between the inspector and a second server, such as the OCSP server in Edstrom, in order to determine the validity of the certificates when the status of the certificates is unknown as suggested by Edstrom ([0302]). 
Claims 5, 6, 15, 16, 24 are rejected under 35 U.S.C. 103 as being unpatentable over Chen, U.S. Publication No. 2019/0173863, in view of Wu, U.S. Publication No. 2010/0199099, and further in view of Stamos, U.S. Patent No. 9,106,661. Referring to claims 5, 6, 15, 16, 24, Chen discloses that the client hello message and the “fake” client hello message include TLS version information ([0046]).
Chen, as modified by Wu above, does not disclose determining whether TLS version from the hello message is supported by the inspector. Stamos discloses determining whether a device supports a specific TLS version, such as TLS version 1.3 (Col. 29, lines 46-50), which meets the limitation of further including a support determiner to, in response to observing the first handshake between the client and the server, determine if the first handshake includes a mechanism for secure handshake supported by the apparatus/traffic manipulator, wherein the mechanism for secure handshake supported by the apparatus/traffic manipulator is transport layer security (TLS) version 1.3. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have determined whether the inspector of Chen supports the TLS version listed in the hello messages in order to ensure the that inspector supports minimum policy requirements as suggested Stamos (Col. 29, lines 46-49).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Joshi, U.S. Publication No. 2019/0058714, discloses connection establishment procedures between host servers and user devices utilizing cryptographic certificates.
Wang, U.S. Publication No. 2008/0126794, discloses session establishment between a client and server utilizing a transparent proxy that intercepts establishment messages.
Sharifi Mehr, U.S. Patent No. 9,932,932, discloses a communication session establishment procedure that determines mutually acceptable cipher suites to utilize in the established communication session. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BENJAMIN E LANIER whose telephone number is (571)272-3805.  The examiner can normally be reached on M-Th: 6:20-4:50.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on 5712724063.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/BENJAMIN E LANIER/          Primary Examiner, Art Unit 2437