DETAILED ACTION
The following claims are pending in this office action: 1-20
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Drawings
The drawings filed on 12/05/2019 are accepted.  
Information Disclosure Statement
The information disclosure statements (IDS) submitted on 12/05/2019 and 08/10/2020 have been considered.  The submissions are in compliance with the provisions of 37 CFR 1.97.  Accordingly, initialed and dated copies of Applicant’s IDS forms 1449 filed 12/05/2019 and 08/10/2020 are attached to the instant Office action. 
Claim Objections
Claims 18 and 20 are objected to because of the following informalities:
Claims 18 recites the limitation “the data encrypted using the second keying material” (claim 18, ln. 5-6).  Examiner suggests replacing “the data encrypted” with “the first data encrypted” to clarify that this is referring to the same “first data encrypted using the second keying material” (claim 1, ln. 15) recited in the claim that this claim depends on.  
Claims 20 recites the limitation “the data encrypted using the second keying material” (claim 20, ln. 1-6).  Examiner suggests replacing “the data encrypted” with “the first data encrypted” to clarify that this is referring to the same “first data encrypted using the second keying material” (claim 1, ln. 15) recited in the claim that this claim depends on.  
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):


Claims 3-4, 6 and 13-14 are rejected under 35 U.S.C. 112(b), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor regards as the invention.
Claims 3-4 and 13-14 recites the element “the group” (claim 3, ln. 3; claim 13, ln. 3).  There is insufficient antecedent basis for this element in the claim.  Examiner suggests replacing “the group” with “a group”.  
Claims 6 recites the element “the data in the first outgoing message” (claim 6, ln. 2).  There is insufficient antecedent basis for this element in the claim.  Examiner suggests replacing “the data” with “data”.  
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-9, 11-14, and 17-19 are rejected under 35 U.S.C. 103 as being unpatentable over Pahl et al. (US Patent No. 8,966,267) (hereinafter “Pahl”) in view of Willock et al. (US Patent No. 8,542,825) (hereinafter “Willock”).

As per claim 1, Pahl teaches a method of encryption data exchange over a computer network, the method comprising: composing, by a first computer, a first outgoing message in a first format, the first format being defined to contribute to derivation of a first keying material; ([Pahl, col. 60, ln. 37-44] the client device [a first computer] sends a Client Key Exchange message [a first outgoing message in a first format] that includes information necessary [contribute to derivation of] to generate the same premaster secret as the client generated, which is used to generate a master secret, and then the master secret is used to generate a session key [a first keying material] – see [col. 60, ln. 47-59])
composing, by the first computer, a second outgoing message in a second format, the second format being defined to contribute to derivation of a second keying material, ([Pahl, col. 64, ln. 1-7] the client device sends a Client Hello message [a second outgoing message in a second format] which includes a Session Ticket.  The Session Ticket contributes to the process of creating a second session key different from the first session key [a second keying material] – see col. 64, ln. 8-31) 
[wherein composing the second outgoing message includes embedding at least part of the first outgoing message into content of the second outgoing message while preserving the second format of the second outgoing message;] (this limitation is taught by Whillock below)
sending, by the first computer to a second computer over the computer network, the second outgoing message [containing the at least the part of the first outgoing message;] ([Pahl, col. 64, ln. 1-7] the client device sends to a session server [a second computer] over a computer network the Client Hello message [the second outgoing message].  The second outgoing message containing part of the first outgoing message is taught by Whillock below)
receiving, by the first computer from the second computer over the computer network, at least one incoming message containing data in at least one third format, the at least one third format being defined to contribute to derivation of the first keying material; ([Pahl, col. 60, ln. 29-31] the client device receives the Server Key Exchange message [data in at least one third format] from the session server.  [Col. 59, ln. 63-67 to col. 1-6., ln. 4] the key exchange message includes cryptographic information that includes the ECDHE public key that’s used to generate the premaster secret, the master secret, and the first session key [see col. 60, ln. 47-59])
([Pahl, col. 60, ln. 47-53] the client device derives the first keying material using the Diffie-Hellman public value of the server [the data in the third format], and the Diffie-Hellman public value of the client the [part of the first outgoing message].  See pg. 5 of TLS handshake; OS Dev.org [online], October 13, 2016 [retrieved on August 28, 2021]; retrieved from the Internet <URL: https://web.archive.org/web/20161013094047/ https://wiki.osdev.org/TLS_Handshake> [hereinafter, “TLS Handshake”] for the definition of the key exchange mechanism as referred to by Pahl.  [Col. 60, ln. 47-59] As mentioned above, the session secret [first keying material] is generated from the master secret, which is generated from the premaster secret, which is derived using the public values of the server and the client)
sending, by the first computer to the second computer over the computer network, data encrypted using the first keying material. ([Pahl, col. 60, ln. 47-59] the session secret [first keying material] is used to encrypt and decrypt information during the secure session.  [Col. 61, ln. 55-58] the client sends to the server future data communications encrypted by the session secret)
Pahl does not teach wherein composing the second outgoing message includes embedding (or containing) at least part of the first outgoing message into content of the second outgoing message while preserving the second format of the second outgoing message.  
However, Whillock teaches wherein composing the second outgoing message includes embedding at least part of the first outgoing message into content of the second outgoing message while preserving the second format of the second outgoing message.  ([Whillock, col. 5, ln. 53-58] cryptographic information [part of the first outgoing message] is included in a previously existing section of the handshake known to contain random bytes [the second outgoing message]. [Fig. 3, col. 5, ln. 39-48] the integrity of the network communication is intact as the checksum and addressing is unchanged, and so the format of the handshake message is preserved) 
such a method can handicap reverse engineering attempts and provide interoperability with previously written software. (Whillock, col. 3, ln. 58-60)

As per claim 2, Pahl in view of Whillock teaches claim 1.  
Pahl does not teach wherein embedding the at least the part of the first outgoing message into the content of the second outgoing message while preserving the second format comprises including the at least the part of the first outgoing message inside at least one data field of the second outgoing message.
However, Whillock teaches wherein embedding the at least the part of the first outgoing message into the content of the second outgoing message while preserving the second format comprises including the at least the part of the first outgoing message inside at least one data field of the second outgoing message.  ([Whillock, col. 5, ln. 21-26] the cryptographic information may be included inside the payload section of the network communication [at least one data field])
At the time of filing it would have been obvious for one of ordinary skill in the art to combine the teachings of Pahl and Whillock for the same reasons as disclosed above.

As per claim 3, Pahl in view of Whilllock teaches claim 1.  
Pahl also teaches where the second format is defined in accordance with Transport Level Security (TLS) protocol, ([Pahl, col. 6, ln. 9-11; col. 64, ln. 1-7] the Client Hello message format with the Session Ticket extension that the client device uses to communicate in a TLS session is described in the request for comments 5077 of the TLS protocol)  while the second outgoing message is a message according to TLS protocol selected from the group consisting of Client Hello, Client Finished, Server Hello and Server Finished. ([col. 64, ln. 1-7] the second outgoing message is a message of the Client Hello format)

As per claim 4, Pahl in view of Whilllock teaches claim 3.  
Pahl also teaches [wherein the at least the part of the first outgoing message is embedded into] at least one field of the second outgoing message selected from the group consisting of Client Random, Server Random, Session ID and Session Ticket.  ([Pahl, col. 1, ln. 24-35; col. 64, ln. 1-7] the TLS handshake protocol includes a Client/Server Hello message that contains random data used for cryptographic purposes, i.e. a Client/Server Random and a Session Ticket [see col. 64, ln. 1-7], and a Session ID [see col. 63, ln. 25-35].  Wherein the at least the part of the first outgoing message is embedded into at least one field of the second outgoing message is taught by Whillock below)  
Pahl does not teach wherein the at least the part of the first outgoing message is embedded into at least one field of the second outgoing message. 
However, Whillock teaches wherein the at least the part of the first outgoing message is embedded into at least one field of the second outgoing message.  ([Whillock, col. 5, ln. 11-16; col. 3, ln. 53-58] the cryptographic information is a Diffie Hellman Key exchange protocol parameter that is inserted into a field of random data in a network communication message)  
At the time of filing it would have been obvious for one of ordinary skill in the art to combine the teachings of Pahl and Whillock for the same reasons as disclosed above.

	As per claim 5, Pahl in view of Whillock teaches claim 1.  
([Pahl, col. 60, ln. 37-44] the Client Key Exchange message includes the client’s Diffie-Hellman public value [a coordinate of an elliptic curve point, without including a value derived from another coordinate of the elliptic curve point – see pg. 24 of ECC Cipher Suites for TLS; Internet Engineering Task Force, May 2006, [retrieved on August 28, 2021]; retrieved from the Internet <URL: https://datatracker.ietf.org/doc/html/rfc4492>; hereinafter “RFC 4492”; see “ecdh_Yc”, the Diffie Hellman public value/key that is derived from an elliptic curve point) 

	As per claim 6, Pahl in view of Whillock teaches claim 1.  
	Pahl also teaches wherein the first keying material is derived only from the data in the first outgoing message and the data in the at least one third format, while a size of the first outgoing message does not exceed 32 bytes. ([Pahl, col. 60, ln. 47-53] the client device derives the first keying material using the Diffie-Hellman public value of the server [the data in the third format], and the Diffie-Hellman public value of the client the [part of the first outgoing message].  See pg. 7 of TLS Handshake: the public value, or the data in the first outgoing message, is a 32 byte value)

As per claim 7, Pahl in view of Whillock teaches claim 1.  
	Pahl also teaches wherein the second outgoing message comprises a session resumption message ([Pahl, col. 64, ln. 1-7] the Client Hello message includes a Session Ticket which is a message that allows the TLS session to be resumed [a session resumption message, see col. 63, ln. 25-35].  [RFC 5077 referenced by Pahl, col. 63, ln. 50-51] the Session Ticket is a random byte section of a network communication – pg. 10 of TLS Session Resumption without Server-Side State; Internet Engineering Task Force, January 2008, [retrieved on August 28, 2021]; retrieved from the Internet <URL: https://datatracker.ietf.org/doc/html/rfc5077>)
Pahl does not teach embedding the at least the part of the first outgoing message comprises including the at least the part of the first outgoing message in place of the session resumption message.
However, Whillock teaches embedding the at least the part of the first outgoing message comprises including the at least the part of the first outgoing message in place of the session resumption message. ([Whillock, col. 3, ln. 53-58] the cryptographic information [first outgoing message] may be placed in the random byte section of the network communication) 
At the time of filing it would have been obvious for one of ordinary skill in the art to combine the teachings of Pahl and Whillock for the same reasons as disclosed above.

As per claim 8, Pahl in view of Whillock teaches claim 1.  
	Pahl also teaches receiving, by the first computer, an incoming message containing data in at least one fourth format, the at least one fourth format being defined to contribute to derivation of the second keying material. ([Pahl, col. 64, ln. 32-37] the client device receives a Server Hello message that includes a ServerHello.random value [a fourth format] which contributes to derivation of the new session key for a resumed session [see col. 64, ln. 8-31])

	As per claim 9, Pahl in view of Whillock teaches claim 8.  
	Pahl also teaches where the data in the at least one third format and the data in the at least one fourth format are both received [in the incoming message]. ([Pahl, 59, ln. 63-67 to col. 1-6, ln. 4; col. 60, ln. 29-31] the client device receives a ECDH public key that [data in at least one third format].  [Col. 64, ln. 32-37] the client device receives a Server Hello message that includes a ServerHello.random value [data in the at least one fourth format].  The combining cryptographic data and a random data in one incoming message is taught by Whillock below)
	Pahl does not teach combining cryptographic data and random data in one incoming message.  
However, Whillock teaches combining cryptographic data and random data in one incoming message.  ([Whillock, col. 3, ln. 53-58] the cryptographic information [first outgoing message] may be placed in the random byte section of the network communication) 
At the time of filing it would have been obvious for one of ordinary skill in the art to combine the teachings of Pahl and Whillock for the same reasons as disclosed above.

As per claim 11, Pahl in view of Whillock teaches a method of encrypting data exchange over a computer network, the method comprising: receiving, by a first computer from a second computer over the computer network, at least one incoming message containing a first data in a first format, the first format being defined to contribute to derivation of a first keying material, ([Pahl, col. 60, ln. 37-44] the secure session server [the first device] receives a Client Key Exchange message from the client device [the second device] which includes the Diffie-Hellman public value [a first data in a first format] that is used to generate a premaster secret, which is used to generate master secret, which is used to generate a session key [the first keying material, see col. 60, ln. 47-59]) and a second data in a second format, the second format being defined to contribute to derivation of a second keying material, ([Pahl, col. 64, ln. 1-7] the client device sends a Client Hello message [a second outgoing message in a second format] which includes a Session Ticket.  The Session Ticket contributes to the process of creating a second session key different from the first session key [a second keying material] – see col. 64, ln. 8-31)) [wherein the second data in the second format is included as a part of the first data in the first format;] (this limitation is taught by Whillock below) 
([Pahl, col. 64, ln. 8-31] the key server uses the session ticket [the second data] to derive the new secure session key.  An embodiment where the session server uses the session ticket to derive the session key is further elaborated on in RFC 5077, which is incorporated by Pahl [see Pahl, col. 63, ln. 50-51].  The session ticket contains encrypted state information which may be used by the server to determine the master secret, and accordingly, the session key [see RFC 5077, pg. 10-11])  
and sending, by the first computer to the second computer over the computer network, first data encrypted using the second keying material. ([Pahl, col. 65, ln. 56-59] future messages between the client device and the secure session server are encrypted over the secure session using the new session key [the second keying material - see col. 64, ln. 8-31])
Pahl does not teach wherein the second data in the second format is included as a part of the first data in the first format, and extracting, by the first computer, at least part of the second data from the first data.  
However, Whillock teaches wherein the second data in the second format is included as a part of the first data in the first format, and ([col. 3, ln. 53-58] ([Whillock, col. 5, ln. 53-58] cryptographic information [second data in the second format] is included in a previously existing section of the handshake known to contain random bytes [first data in the first format])
extracting, by the first computer, at least part of the second data from the first data; ([Whillock, col. 6, ln. 65-67 to col. 7, ln. 1-4] the cryptographic information [second data] can be extracted, by a computer, from the random byte section [the first data] by using various algorithms)
At the time of filing it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Pahl with the teachings of Whillock to include wherein the second data in the second format is included as a part of the first data in the first format, and extracting, by the first re-using the random byte section in this way can handicap reverse engineering attempts and provide interoperability with previously written software. (Whillock, col. 3, ln. 58-60)

As per claim 12, Pahl in view of Whillock teaches claim 11.  
Pahl also teaches composing, by the first computer, at least one outgoing message with a third data in a third format, the third format being defined to contribute to derivation of the second keying material; ([Pahl, col. 60, ln. 29-31; col. 59, ln. 56-67] the server device creates a Server Key Exchange message in accordance to  RFC 4492.  See RFC 4492, pg. 21, under actions of the sender, where the server selects elliptic curve domain parameters and an ephemeral ECDH public key [a third data in a third format].  [Col. 59, ln. 63-67 to col. 60., ln. 1-4] the key exchange message includes cryptographic information that includes the ECDHE public key that’s used to generate the premaster secret, the master secret [see col. 60, ln. 47-59], and the second session key [see col. 64, ln. 8-31])
sending, by the first computer to the second computer over the computer network, the at least one outgoing message with the third data; and ([Pahl, col. 60, ln. 29-31] the server device sends the Server Key Exchange message [the outgoing message] that contains ephemeral ECDH public key [data in at least one third format] to the client device over the computer network)
receiving, by the first computer from the second computer, second data encrypted using the second keying material.  ([Pahl, col. 65, ln. 56-59] future messages between the client device and the secure session server are encrypted over the secure session using the new session key [the second keying material - see col. 64, ln. 8-31])



As per claim 14, the claim language is identical or substantially similar to that of claim 3. Therefore, it is rejected under the same rationale applied to claim 4.

	As per claim 17, Pahl in view of Whillock teaches claim 11.  
	Pahl also teaches [extracting, by the first computer, at least part of the second data from the first data] without using the first data for session resumption.  ([Pahl, col. 64, ln. 8-25] the master secret used to resume the session is the prior master secret, and so the client public key is not used for session resumption.  Extracting, by the first computer, at least part of the second data from the first data is taught by Whillock below)
	Pahl does not teach extracting, by the first computer, at least part of the second data from the first data.  
	However, Whillock teaches extracting, by the first computer, at least part of the second data from the first data.  ([Whillock, col. 6, ln. 65-67 to col. 7, ln. 1-4] the cryptographic information [second data] can be extracted, by a computer, from the random byte section [the first data] by using various algorithms)
At the time of filing it would have been obvious for one of ordinary skill in the art to combine the teachings of Pahl and Whillock for the same reasons as disclosed above.

	As per claim 18, Pahl in view of Whillock teaches claim 11.  
	Pahl also teaches deriving, by the first computer, the first keying material while using at least part of the first data as one of inputs used to derive the first keying material; and ([Pahl, Col. 60, ln. 47-53] the key server generates the premaster secret using the client’s Diffie-Hellman public value and its Diffie-Hellman private value, and uses the premaster secret to calculate the master secret, which is used to generate the first session key [see col. 60, ln. 47-59].  The same process performed by a client-server system without a key server is commonly known and described in RFC 4492, which is referenced by Pahl [see RFC 4492, pg. 8, section 2.2 describing the same process performed by the secure server])
	sending, by the first computer to the second computer over the computer network, data encrypted using the first keying material in addition to the data encrypted using the second keying material.  ([Pahl, col. 60, ln. 47-59] the old session secret [first keying material] is used to encrypt and decrypt information during the secure session when a session is not to be resumed.  [Col. 61, ln. 55-58] the server sends to the client future data communications encrypted by the old session secret.  [Col. 65, ln. 56-59] if there is a Session Ticket, and the server allows for a session to be resumed, future messages between the client device and the secure session server are encrypted over the secure session using the new session key [the second keying material - see col. 64, ln. 8-31])

	As per claim 19, Pahl in view of Whillock teaches claim 11.  
	Pahl also teaches forwarding, by the first computer, the second data to a third computer over the computer network, and then ([Pahl, Fig. 19A] the Client Hello message that contains the session ticket [second data] is forwarded to the Key Server [the third computer])
deriving the second keying material on the third computer without deriving it on the second computer. ([Pahl, col. 73, ln. 60-67 to col. 74, ln. 1-8] the session key is generated by the key server using the client’s Diffie-Hellman public value, the key server’s public value, the and other data in the Client Hello message to derive the new session key)

Claim 10 is rejected under 35 U.S.C. 103 as being unpatentable over Pahl in view of Willock as applied to claim 8 above, and further in view of Johansson et al. (US Patent No. 9,961,055) (hereinafter “Johansson”). 

	As per claim 10, Pahl in view of Whillock teaches claim 8.  
	Pahl also teaches deriving, by the first computer, the second keying material while using the at least the part of the first outgoing message and the data in the at least one fourth format as two of a plurality of second inputs; ([Pahl, col. 73, ln. 60-67 to col. 74, ln. 1-8] the client server uses the client’s Diffie-Hellman public value [part of the first outgoing message] and the ServerHello.random value [the data in the at least one fourth format] to derive the second keying material)
	sending, by the first computer to the second computer over the computer network, data encrypted using the second keying material; ([Pahl, Fig. 19B; col. 65, ln. 56-59] the client computer sends to the secure server data encrypted with the new session secret)
	sending, by the first computer to the second computer over the computer network, the data encrypted using the first keying material ([Pahl, col. 60, ln. 47-59] the session secret [first keying material] is used to encrypt and decrypt information during the secure session.  [Col. 61, ln. 55-58] the client sends to the server future data communications encrypted by the session secret)
	Pahl in view of Willock does not teach wherein the data encrypted using the first keying material is forwarded by the second computer to a third computer, different from the second computer. 
	However, Johansson teaches wherein the data encrypted using the first keying material is forwarded by the second computer to a third computer, different from the second computer.  ([Johansson, Fig. 1; col. 5, ln. 29-43] the client [the first computer] transmits the data encrypted with the old session secret to a front end server [the second computer] to a third computer [the third computer] different from the second computer)
 in this manner, the frontend server is prevented from accessing data in plain text form, and the backend server may be protected in case the front end server is compromised.  (Johansson, col. 5, ln. 43-52)

Claims 15 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Pahl in view of Willock as applied to claim 12 above, and further in view of TLS Protocol Version 1.3; Internet Engineering Task Force, August 2018, [retrieved on August 30, 2021]; retrieved from the Internet <URL: https://datatracker.ietf.org/doc/html/rfc8446> (hereinafter “RFC 8446”) 

	As per claim 15, Pahl in view of Whillock teaches claim 12.  
	Pahl also teaches wherein [the second data] and the third data includes values derived from only one coordinate of an elliptic curve point, without including a value derived from another coordinate of the elliptic curve point.  ([Pahl, col. 59, ln. 56-67] the Server Key Exchange message includes the server’s ECDH public key [see RFC 4492, pg. 21, under actions of the sender, where it is disclosed that the server selects elliptic curve domain parameters and creates a based on these parameters, the ephemeral ECDH public key [a third data in a third format].  The second data includes values derived from only one coordinate of an elliptic curve point, without including a value derived from another coordinate of the elliptic curve point is taught by RFC 8446 below)
 the second data includes values derived from only one coordinate of an elliptic curve point, without including a value derived from another coordinate of the elliptic curve point.
	However, RFC 8446 teaches wherein the second data includes values derived from only one coordinate of an elliptic curve point, without including a value derived from another coordinate of the elliptic curve point. ([RFC 8446, pg. 15, sec. 2.2] in TLS 1.3, PSK replaced and obsoleted session tickets, which is used to resume a connection.  [Pg. 16, Fig. 3 ] the PSK data set includes, instead of a session ticket, the pre_shared_key and the key_share [the second data].   [Pg. 48, sec. 4.2.8.2] the key_share parameter includes key_exchange information – the public Q value associated with the elliptic curve point of the client so that the secure server may can confirm that the correct solution to the curve equation is received, and thus, the previous session is a valid previous session)
At the time of filing it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Pahl with the teachings of RFC 8446 to include wherein the second data includes values derived from only one coordinate of an elliptic curve point, without including a value derived from another coordinate of the elliptic curve point.  One of ordinary skill in the art would have been motivated to make this modification because this updated protocol allows client/server applications to communicate over the internet in a way that is designed to prevent eavesdropping, tampering, and message forgery, as reuse of a session ticket in the old protocol allows attacks passive observers to correlate different connections (see, RFC 8446, pg. 137, sec. C4). The updated protocol, instead, uses the equivalent key_share data parameter that is dynamically exchanged in the ClientHello to establish a resumed connection that allows the resuming message to allow for forward secrecy.  (RFC 8446, pg. 16, Fig. 3 under Subsequent Handshake)

	As per claim 16, Pahl in view of Whillock teaches claim 12.  

	However, RFC 8446 teaches wherein the second keying material is derived from only the second and the third data, ([RFC 8446, pg. 142, sec. E.1; pg. 92-93] a set of session keys [the second keying material] is derived from a master secret which is derived from the ECDHE shared secret.  The ECDHE shared secret is a parameter which includes key_exchange information – the public Q value associated with the elliptic curve point of the client and server [the second and third data].  [RFC 8446, pg. 99, sec. 8.1] the ECDHE shared secret does not utilize the initially sent first data, which was a client public key value to derive the previous master key/ session key as the corresponding PSKs are deleted upon a single use to provide forward secrecy) while the size of both the second and the third data does not exceed 32 bytes ([pg. 51, sec. 4.2.8.2] the contents of the public value involved in the key exchange is a 32 byte value for the X25519 curve, and so does not exceed 32 bytes)
At the time of filing it would have been obvious for one of ordinary skill in the art to combine the teachings of Pahl and RFC 8446 for the same reasons as disclosed above.

Claim 20 is rejected under 35 U.S.C. 103 as being unpatentable over Pahl in view of Willock as applied to claim 19 above, and further in view of Wang et al. (US Pub. 2019/0356694) (hereinafter “Wang”). 
As per claim 20, Pahl in view of Whillock teaches claim 19.  
Pahl in view of Whillock does not teach receiving, by the second computer, the data encrypted using the second keying material, from the third computer; and forwarding the data encrypted using the second keying material to the first computer. 
([Wang, Fig. 7; para. 0073] application data encrypted by key exchange information [the second keying material] is received by a proxy [the second computer] from a server [the third computer.  [Para. 0075] the proxy device maintains two separate TLS sessions, one with the server and one with the client device, and so, the data passed from the server to the proxy is encrypted by a keying material from the third computer)
and forwarding the data encrypted using the second keying material to the first computer. ([Wang, Fig. 7; para. 0075] the proxy device receives the encrypted application data from the server, and then forwards/sends the application data to the client device)
At the time of filing it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Pahl with the teachings of Wang to include receiving, by the second computer, the data encrypted using the second keying material, from the third computer; and forwarding the data encrypted using the second keying material to the first computer.  One of ordinary skill in the art would have been motivated to make this modification because a proxy allows analyzing of encrypted traffic, such as TLS protected traffic, in order to protect the communication passing from the server to the client.  (Wang, para. 0015) 
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Gero et al. (US Pub. 2015/0067338) discloses providing forward secrecy in a TLS connection using EDHKE in a manner similar to that described by instant application.  MacCarthaigh et al. (US Pub. 2016/0373414) discloses a TLS handshake offload protocol where the keying material is not generated by the server.  An overview of TLS 1.3 and Q&A; The Cloudflare Blog, September 23, 2016, [retrieved on September 1, 2016]; retrieved from the Internet <URL: https://blog.cloudflare.com/tls-1-3-overview-and-q-and-a/>, pg. 8 .  
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZHE LIU whose telephone number is (571) 272-3634.  The examiner can normally be reached on Monday - Friday: 8:30 AM to 5:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on (571) 272-3862.  The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at (866) 217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call (800) 786-9199 (IN USA OR CANADA) or (571) 272-1000.
/Z.L./Examiner, Art Unit 2493                                                                                                                                                                                                        

/CARL G COLIN/Supervisory Patent Examiner, Art Unit 2493