Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Priority
This application is a continuation of Ser. No. 15/010,692 filed Jan. 29, 2016, which is hereby incorporated herein in its entirety by reference.
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 11/09/2020 has been entered.
DETAILED ACTION
This office action is in response to a Request for Continued Examination (RCE) application received on 11/09/2020. In the RCE, applicant has amended claims 1, 3, 11, 13 and 20. Claims 2, 4-10, 12 and 14-19 remain original. No new claim has been added. 
For this office action, claims 1-20 have been received for consideration and have been examined.



 
Response to Arguments
Claim Rejections under 35 U.S.C. § 112
	Claim amendments to independent claims 1 and 20 have been reviewed by the examiner and appear to overcome the 35 U.S.C. § 112(b) rejection. Therefore examiner has withdrawn this rejection.  
Claim Rejections under 35 U.S.C. § 103
Applicant’s arguments, filed 11/06/2020, with respect to the rejections of claims under 35 U.S.C. § 103 have been fully considered and are persuasive. Therefore, the rejection has been withdrawn. However, upon further consideration, a new grounds of rejection is made in view of new amendments to the independent claims.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

s 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Hawthorne (US8145768B1) in view of Prince et al., (US8327128B1) and further in of Pahl et al., (US20150288514A1).
Regarding claims 1, 11 and 20, Hawthorne discloses:
	An appliance (i.e. (TMD) 108) of pre-establishing Secure Socket Layer (SSL) session connections (Col. 3, Line # 41-45 As shown in the figure, system 100 includes client device 102, Traffic Management Device (TMD) 108, server devices 109-110, and network 104. TMD 108 is in communication with server devices 109-110, and with client device 102 through network 104) for SSL connection establishment, the appliance comprising:
a memory and a processor coupled to said memory configured to:
facilitate a secure session connection (i.e. SSL/TLS handshake or re-handshake protocol) request between the appliance and a server (i.e. server device 109-110), and wherein the facilitation causes the appliance to receive session information corresponding to the secure session connection request (Col. 1, lines 23-27; An SSL/TLS session may be initiated using a SSL/TLS handshake or re-handshake protocol. A CLIENTHELLO message may be sent from a client to a server. The CLIENT HELLO message may include an SSL session identifier (ID),among other things; Col. 4, lines 29-34; Client device 102 may re-establish a previously created SSL Session with one of server devices 109-110 and/or TMD 108 by sending the SSL session ID within an SSL handshake protocol message to server devices 109-110 and/or TMD 108. In one embodiment, client device 102 may send the SSL session ID within a CLIENTHELLO message; Col. 5, Line # 36-42; TMD 108 may, for example, control the flow of data packets delivered to and forwarded from an array of servers, such as server devices 109-110. TMD 108 may direct a request to a particular server based on network traffic, network topology, capacity of a server, content requested, and a host of other traffic distribution mechanisms; Col. 5, lines 57-61; In one embodiment, TMD 108 may receive over network 104 an SSL handshake protocol message for initiating or restarting an SSL connection. TMD 108 may receive the message from client device 102 over network 104. TMD 108 may act as an SSL terminator/accelerator; Col. 6, lines 7-12; In one embodiment, TMD 108 may receive the SSL session ID within an SSL handshake protocol message from client device 102. The message may be a CLIENT HELLO message. TMD 108 may confirm that the received SSL session ID is a valid SSL session ID and/or is associated with the previously created SSL session; Col. 9, lines 8-11; In one embodiment, SSL manager 258 may receive an SSL session ID within the SSL handshake protocol, if a client device attempts to re-establish a previously created SSL session; Col. 9, lines 59-64; At block 302, a second SSL session ID is received within a second SSL handshake protocol message. In one embodiment, receiving the second SSL session ID comprises receiving the second SSL session ID within a CLIENT HELLO message. In one embodiment, the second SSL session ID may be the same as the first SSL session ID);
in response to the session information being cached and the name of the server being associated with server names listed in a server group, reuse at least one session to one or more servers listed in the server group (i.e. server devices 109-110) (Col. 6, Line # 7-15; In one embodiment, TMD 108 may receive the SSL session ID within an SSL handshake protocol message from client device 102. The message may be a CLIENT-HELLO message. TMD 108 may confirm that the received SSL session ID is a valid SSL session ID and/or is associated with the previously created SSL session. TMD 108 may also enable tuning a session cache for storing the SSL session information and/or for confirming the validity of the SSL session ID; Col. 1, lines 38-47; If on the other hand, the SSL session ID included with the CLIENTHELLO message is an ID that is known by the server and associated with a valid session, the client and server may then use a shortened SSL/TLS handshake protocol and may reuse cryptographic information to re-establish the SSL session. The server may respond with a SERVER HELLO message which includes the SSL session ID. The client and server may then exchange the CHANGE-CIPHER-SPEC messages and FINISHED messages. The SSL session is then re-established; Col. 4, lines 29-34; Client device 102 may re-establish a previously created SSL Session with one of server devices 109-110 and/or TMD 108 by sending the SSL session ID within an SSL handshake protocol message to server devices 109-110 and/or TMD 108. In one embodiment, client device 102 may send the SSL session ID within a CLIENTHELLO message; Col. 10, lines 19-22; In another embodiment, the presence of the other ID in the session cache may indicate that the SSL session is valid. If the other ID is found in the session cache, processing continues to block 310, and otherwise processing continues to block 312; Col. 10, lines 36-43; At block 310, an SSL connection is established and the SSL session is re-established. In one embodiment, a shortened SSL/TLS handshake protocol may be used. A server may respond with a SERVER-HELLO message which includes the second SSL session ID. A client and the server may then exchange the CHANGE-CIPHER-SPEC messages and FINISHED messages. Processing then returns to a calling process for further processing; Col. 12, lines 50-55; In one embodiment, SSL session ID 516 may be included in a SERVER-HELLO message. SSL session ID 516 may be associated with an established SSL session. SSL session ID 516 may be used in a subsequent SSL handshake protocol to re-establish the SSL session); and
Col. 1, lines 27-37; If the SSL session ID is an ID that is unknown by the server, is unassociated with a valid session, or is otherwise invalid, the server may respond with a SERVER HELLO message which includes a different SSL session ID. The client and server may continue with the SSL/TLS hand shake protocol to negotiate an encryption algorithm to be used, to exchange certificates, or the like, as described in RFC 2246. For example, the client and server may send messages, including SERVER-CERTIFICATE, SERVER-HELLO DONE, CLIENT-KEY-EXCHANGE, CHANGE-CIPHER-SPEC, FINISHED, or the like; Col. 4, lines 21-28; In one embodiment, client device 102 may be configured Such that an end-user may operate the computing device to make requests for data and/or services from other computers on the network. Client device 102 may establish an SSL session and SSL connection with one of server devices 109 110 and/or TMD 108. Client device 102 may receive an SSL session ID within at least one SSL handshake protocol message; Col. 5, line 57 to Col. 6, line 6; In one embodiment, TMD 108 may receive over network 104 an SSL handshake protocol message for initiating or restarting an SSL connection. TMD 108 may receive the message from client device 102 over network 104. TMD 108 may act as an SSL terminator/accelerator. TMD 108 may establish an SSL connection and SSL session with client device 102 on behalf of one of server devices 109-110. TMD 108 may decrypt data received from client device 102 and forward the data to server devices 109-110. TMD 108 may encrypt data from server devices 109-110 and forward the encrypted data over the SSL connection to client device 102. In one embodiment, TMD 108 may generate an SSL session ID associated with the SSL session. TMD 108 may use process 500 of FIG. 5 to generate the SSL session ID. TMD 108 may send the SSL session ID within an SSL handshake protocol message to client device 102. TMD 108 may send the SSL session ID within a SERVER-HELLO message; Col. 10, lines 13-18; At decision block 308, it is determined whether the SSL session is valid based on the received second SSL session ID, session cache and/or the failure statistic. In one embodiment, if the failure statistic indicates an invalid SSL session ID, processing continues to block 312. Otherwise, processing continues to block 310; Col. 10, lines 55-62; In an alternate embodiment, at block 312, a new SSL session ID may be generated. The process for generating the new SSL session ID may be performed by, for example, block 301. The new SSL session ID may be provided to the client device. In one embodiment, a new SSL session associated with the new session ID may be established using the  SSL handshake protocol. Processing then returns to a calling process for further processing).  
Hawthorne fails to explicitly disclose:
	establishing secure sessions with the server group including a head server and a plurality of sub-servers.
However, Prince discloses:
	establishing secure sessions with the server group including a head server (i.e. destination host) and a plurality of sub-servers (i.e. multiple websites) (Col. 4, Line # 16-33; If the destination host historically supports a secure session or it is unclear whether the destination host supports a secure session, the proxy server attempts to establish a secure session with the destination host. For example, the proxy server transmits an SSL/TLS client-hello message to the proxy server identified in the decrypted HTTPs request. In one embodiment, this client-hello message includes the SNI extension that indicates the destination host name. Including the SNI extension in the client-hello message (which identifies the destination host) allows a hosting provider to implement name-based virtual hosting (multiple websites can share the same IP address) and return the appropriate certificate for that host. The origin server returns the appropriate certificate for the destination (e.g., in the SSL/TLS server-hello message) and the secure session is established (assuming that the origin server supports secure sessions). The proxy server then transmits an encrypted request (encrypted with the certificate received from the origin server) to the origin server; Col. 5, Line # 52-60; some of the origin servers 130A-N may host multiple ones of the domains owned by the domain owners 135A-L. For example, a single origin server 130 may host multiple domains owned by the same domain owner or different domain owners through use of virtual hosting. In one embodiment, the virtual hosting is name-based virtual hosting where multiple websites (domains), which may or may not be owned or operated by the same domain owner, are hosted on the same IP address; Col. 6, Line # 43-54; Assuming that the origin server 130 supports secure sessions, the proxy server 120 transmits a request for a secure session to the origin server 130. For example, the proxy server 120 transmits an SSL or TLS client-hello message. If the origin server 130 supports TLS, the proxy server 120 transmits a TLS client-hello message with the SNI extension to identify the destination host name. The origin server returns the appropriate certificate for the destination (e.g., in a TLS server-hello message) and the secure session is established using that certificate. Traffic (e.g., responses and requests) is then encrypted over the connection 166 between the proxy server 120 and the origin server 130).
	It would have been obvious to one of the ordinary person skilled in the art before the effective filing date of the claimed invention to modify the Hawthorne reference and include Server Name Indication (SNI) in the client-hello handshake message, as disclosed by Prince.
	The motivation to include Server Name Indication (SNI) in the client-hello handshake message is to ensure HTTPS packet(s) from the client device are accurately and efficiently delivered to those servers which host multiple websites in a single server.
The combination of Hawthorne and Prince does not explicitly disclose:
	a server associated with a website, with the secure session connection request including a name of the server associated with the website.
However, Pahl discloses:
	a server associated with a website (i.e. example.com and example2.com), with the secure session connection request including a name of the server (i.e. a mapping of destination IP address and hostname of the server) associated with the website ([0048] if the client device 110 is requesting a secure session with example.com, then the secure session server 120 indicates to the key server 130 that example.com is the requested domain. The client device 110 may specify the destination domain using the Server Name Indication (SNI) extension in the Client Hello message … the secure session server 120 matches the destination IP address of the client-hello message sent by the client device 110 with the corresponding hostname (e.g., the secure session server 120 may include a mapping of IP addresses and hostnames; [0079] the secure session server 420 indicates the domain or zone in which the client device 410 is requesting a connection. For example, if the client device 410 is requesting a secure session with example.com, then the secure session server 420 indicates to the key server 430 that example.com is the requested domain. The client device 410 may specify the destination domain using the SNI extension in the Client Hello message)).
	It would have been obvious to one of the ordinary person skilled in the art before the effective filing date of the claimed invention to modify the Hawthorne and Prince references and have a middle appliance which ensures if secure session connection includes hostname (website address) of the accessing website in the client HELLO message by checking server name Indicator (SNI) field in the data packet, as disclosed by Pahl.
	The motivation to have a middle appliance checking server name Indicator (SNI) field in the data packet is to make sure Client request is directed to correct website based on the SNI field information in the data packet. 
	Regarding claim 11, it is a method claim and recites the same concept as claim 1 and therefore rejected on same grounds. 
	Regarding claim 20, it is a non-transitory computer readable storage medium claim and recites the same concept as claim 1 and therefore rejected on same grounds.
Regarding claims 2 and 12, the combination of Hawthorne, Prince & Pahl discloses:
Pahl: [0048] & [0079]).
Regarding claim 12, it is a method claim and recites the same concept as claim 2 and therefore rejected on same grounds.
Regarding claims 3 and 13, the combination of Hawthorne, Prince & Pahl discloses:
The appliance of claim 1, where the server group includes a head server and a plurality of sub-servers, and wherein names of the head server and plurality of sub-servers listed in the server group comprises a head server name and a plurality of sub-servers names, a head server representing at least one webpage and comprising a plurality of objects provided by the plurality of sub-servers to load completely the at least one webpage (Pahl: [0048] & [0079]).
Regarding claim 13, it is a method claim and recites the same concept as claim 3 and therefore rejected on same grounds.
Regarding claims 4 and 14, the combination of Hawthorne, Prince & Pahl discloses:
The appliance of claim 3, wherein said processor is further configured to determine whether there is a matching server among the head server name and the plurality of sub-servers names in the server group, the matching server matching to the server associated with the website (Pahl: [0048] & [0079]).
Regarding claim 14, it is a method claim and recites the same concept as claim 4 and therefore rejected on same grounds.
Regarding claims 5 and 15, the combination of Hawthorne, Prince & Pahl discloses:
Hawthorne: Col. 8, Line # 35-40).
Regarding claim 15, it is a method claim and recites the same concept as claim 5 and therefore rejected on same grounds.
Regarding claim 6, the combination of Hawthorne, Prince & Pahl discloses:
The appliance of claim 1, wherein the session information comprises at least one of session identifier and session ticket information (Hawthorne: Col. 8, Line # 23-28).
Regarding claims 7 and 16, the combination of Hawthorne, Prince & Pahl discloses:
The appliance of claim 6, wherein the session information is acquired based on a SSL/Transport Layer Security (TLS) full handshake protocol (Hawthorne: Col. 5, Line # 57-59).
	Regarding claim 16, it is a method claim and recites the same concept as claim 7 and therefore rejected on same grounds.
Regarding claims 8 and 17, the combination of Hawthorne, Prince & Pahl discloses:
The appliance of claim 1, wherein the said processor is further configured to:
accumulate the session connection request and subsequent session connection requests for a predetermined time period, based on the determination that session information corresponding to the session connection request and the subsequent session connection requests has not been cached (Hawthorne; Col. 9, Line # 36-44; Col. 10, Line # 44-54);
(Hawthorne: Col. 8, Line # 35-40).
	determine whether there are one or more matching servers in the server group matching to the session connection request and the subsequent session connection requests (Pahl: [0048] & [0079]).
	Regarding claim 17, it is a method claim and recites the same concept as claim 8 and therefore rejected on same grounds.
Regarding claims 9 and 18, the combination of Hawthorne, Prince & Pahl discloses:
The appliance of claim 9, wherein said processor is further configured to add or delete at least one server from the server group based on a number of the frequency count (Hawthorne: Col. 8, Line # 57-61).
	Regarding claim 18, it is a method claim and recites the same concept as claim 9 and therefore rejected on same grounds.
Regarding claims 10 and 19, the combination of Hawthorne, Prince & Pahl discloses:
The appliance of claim 1, wherein said processor is further configured to: 
accumulate SSL connections made by a client device for a predetermined time period (Hawthorne: Col. 9, Line # 36-44);
determine a list of one or more server names belonging to the server group based on the accumulated SSL connections (Pahl: [0048]).
Regarding claim 19, it is a method claim and recites the same concept as claim 10 and therefore rejected on same grounds.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SYED M AHSAN whose telephone number is (571)272-5018.  The examiner can normally be reached on 8:30 AM - 6:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffery L. Nickerson can be reached on 469-295-9235.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/S.M.A./Patent Examiner, Art Unit 2432                                                                                                                                                                                           /Jeffrey Nickerson/Supervisory Patent Examiner, Art Unit 2432