DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Amendment
Applicant’s amendment filed 08 June 2021 amends claims 1-8, 11, and 21. Applicant’s amendment has been fully considered and entered.
Response to Arguments
Applicant argues, “…the amendments included herein render the § 112(b) rejections moot.” This argument has been fully considered and is persuasive. The previous § 112(b) rejections have been withdrawn.
Applicant argues, “As Chen’s ‘fake’ message includes the Diffie-Hellman Ephemeral (DHE) of the client introductory message, Chen does not teach or suggest ‘clone a client introductory message without cloning Diffie-Hellman parameters of the client introductory message.’” This argument has been fully considered and is persuasive. Therefore, the rejection has been withdrawn.  However, upon further consideration, a new grounds of rejection is made in view of Hughes, U.S. Publication No. 2019/0074982.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1, 4, 7, 11, 14, 17, 21, 23, 25 are rejected under 35 U.S.C. 103 as being unpatentable over Chen, U.S. Publication No. 2019/0173863, in view of Wu, U.S. Publication No. 2010/0199099, and further in view of Hughes, U.S. Publication No. 2019/0074982. Referring to claims 1, 11, 21, Chen discloses a . 
However, Chen does not specify that the server transmits the certificate in encrypted fashion in order to allow for the inspector to decrypt the certificate. Wu discloses the transmission of a certificate in encrypted fashion such that the recipient of the certificate can decrypt the certificate with a secret key ([0200]), which meets the limitation of a decryptor to, in response to the second handshake, decrypt a certificate sent by the server. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the server of Chen to have encrypted the certificate such that the inspector can decrypt the received certificate in order to verify that the certificate is valid as suggested by Wu ([0199]).
Chen discloses the use of the Diffie-Hellman key agreement protocol as part of the handshake procedure between the client and server ([0039]-[0040]) such that the fake client hello message includes the Diffie-Hellman cryptographic information from the client hello message ([0046]). Chen does not disclose that the fake client hello message does not include Diffie-Hellman parameters. Hughes discloses a handshake procedure that could utilize the Diffie-Hellman key agreement protocol or the RSA key exchange protocol ([0160]: use of the RSA key exchange protocol in the Chen system would result in client hello message and fake client hello message that include RSA key exchange protocols. Therefore, as claimed, the fake client hello message would not include Diffie-Hellman parameters.), which meets the limitation of clone a client introductory message without cloning Diffie-Hellman parameters of the client introductory message. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have replaced the Diffie-Hellman key agreement protocol with the RSA key exchange protocol in the handshake procedure of Chen because either protocol could have been implemented by one of ordinary skill in the art with a reasonable expectation of success as suggested by Hughes ([0160]).
Referring to claims 4, 14, 23, Chen discloses that the session key is generated using a random byte string (cr) that was included in the fake client hello message ([0046] & [0073] & [0090]), which meets the limitation of further generate a key for the second handshake, the key generated using the cloned client introductory message.
Referring to claims 7, 17, 25, Chen discloses that the handshaking procedures performed to generate the session key between the client and the inspector are performed in parallel with the procedures performed to generate the session key between the inspector and the server (Figures 3 & 5), which meets the limitation of initiate the second handshake in parallel with the first handshake.
Claims 2, 3, 8, 12, 13, 22 are rejected under 35 U.S.C. 103 as being unpatentable over Chen, U.S. Publication No. 2019/0173863, in view of Wu, U.S. Publication No. 2010/0199099, in view of Hughes, U.S. Publication No. 2019/0074982, and further in view of Edstrom, U.S. Publication No. 2011/0154026. Referring to claims 2, 3, 12, 13, 22, Chen does not specify that the server transmits the certificate in encrypted fashion in order to allow for the inspector to decrypt the certificate. Wu discloses the transmission of a certificate in encrypted fashion such that the recipient of the certificate can decrypt the certificate with a secret key ([0200]), which meets the limitation of to [terminate the second handshake] in response to decrypting the certificate. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the server of Chen to have encrypted the certificate such that the inspector can decrypt the received certificate in order to verify that the certificate is valid as suggested by Wu ([0199]).
Chen, as modified in view of Wu above, does not disclose terminating handshake protocols if the decrypted certificate is determined be invalid. 
Edstrom discloses terminating handshake protocols when a certificate is determined to be invalid ([0301] & [0309]), which meets the limitation of to terminate the second handshake in response to decrypting the certificate, to terminate the first handshake in response to an indication that the certificate is invalid. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to terminate handshake protocols of Chen when the server certificate is determined to be invalid in order to prevent unauthorized connections as suggested by Edstrom ([0301]).
Referring to claim 8, Chen, as modified in view of Wu, does not specify that the validity of the certificate is determined based upon communication with a second server. 
Edstrom discloses that the validity of received certificates ([0301]) is determined based upon communications between the intermediary and a second server ([0315] & [0317]: OCSP server 668) such that the intermediary establishes or terminates connections when the OCSP indicates that the certificate is valid/invalid respectively ([0320]: revoked, unknown and/or expired would be equivalent to the claimed invalid certificate), which meets the limitation of to communicate with a second server to convey an indication representing at least one of a valid certificate or an invalid certificate. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the validity of the certificates in Chen to have been determined based upon communication between the inspector and a second server, such as the OCSP server in Edstrom, in order to determine the validity of the certificates when the status of the certificates is unknown as suggested by Edstrom ([0302]).
Claims 5, 6, 15, 16, 24 are rejected under 35 U.S.C. 103 as being unpatentable over Chen, U.S. Publication No. 2019/0173863, in view of Wu, U.S. Publication No. 2010/0199099, in view of Hughes, U.S. Publication No. 2019/0074982, and further in view of Stamos, U.S. Patent No. 9,106,661. Referring to claims 5, 6, 15, 16, 24, Chen discloses that the client hello message and the “fake” client hello message include TLS version information ([0046]).
Chen, as modified by Wu above, does not disclose determining whether TLS version from the hello message is supported by the inspector. Stamos discloses determining whether a device supports a specific TLS version, such as TLS version 1.3 (Col. 29, lines 46-50), which meets the limitation of in response to observing the first handshake between the client and the server, determine if the first handshake includes a mechanism for secure handshake supported by the apparatus/traffic manipulator, wherein the mechanism for secure handshake supported by the apparatus/traffic manipulator is transport layer security (TLS) version 1.3. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have determined whether the inspector of Chen supports the TLS version listed in the hello messages in order to ensure the that inspector supports minimum policy requirements as suggested Stamos (Col. 29, lines 46-49).
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BENJAMIN E LANIER whose telephone number is (571)272-3805.  The examiner can normally be reached on M-Th: 6:20-4:50.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on 5712724063.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/BENJAMIN E LANIER/          Primary Examiner, Art Unit 2437