DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This action is in response to communication filed 12/15/2021. Claims 1, 4, 8, 11, 15 and 18 are amended, claims 3, 6, 10, 13, 17 and 20 are canceled. Claims 1-2, 4-5, 7-9, 11-12, 14-16 and 18-19 remain pending.

Double Patenting
Electronic Terminal Disclaimer received on 01/07/2022 is acknowledged. As such, the Double Patenting rejection over co-pending application 16/359,417 is obviated and a requirement for DP rejection over 16/359,223 is rendered moot.

EXAMINER’S AMENDMENT
An Examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to Applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Claims 5 and 7 are amended to correct informalities:

5. (Currently Amended) The method of claim 1, wherein, when the intercepted certificate is determined as being an unknown certificate, the determination of the category of the unknown certificate comprises: determining similarities of the unknown certificate to known certificates for which respective categories have been determined; and assigning, to the unknown certificate, a category of a certificate of a known certificate found as being similar to the unknown certificate based on the similarity determination.

7. (Currently Amended) The method of claim 1, when the intercepted certificate is unknown, distances between the N-dimensional vector of the intercepted certificate and each cluster of the clusters containing vectors of attributes of the known certificates is determined, and the intercepted certificate is found as being similar to known certificates of a cluster if: the distance between the N-dimensional vector of the intercepted certificate and a center of the cluster is less than a radius of the cluster, or a measure of proximity between the N-dimensional vector and the center of the cluster is less than a threshold value.


Allowable Subject Matter
Claims 1-2, 4-5, 7-9, 11-12, 14-16 and 18-19 are allowed.
The following is an examiner’s statement of reasons for allowance in light of an updated search and consideration: 

Per communication received 12/15/2021, amending independent claims 1, 8 and 15 to respectively include features of now canceled claims 3, 10 and 17, indicated as allowable subject matter, the 35 U.S.C. 103 rejection of record is herein withdrawn.



Grebennikov (US2014/0095866A1) discloses a system that collects initial information from information sources within a computer network, analyzes a selected data parameter data to determine suspicious mass for the digital certificates, compares initial data and supplementing data with a set of decision criteria to determine the authenticity of the digital certificates on the basis of an output of the suspect certificate recognition module.

Schmidtler (US2018/0013772A1) discloses receiving an input corresponding to downloading an executable file, determining a format for the executable file, parsing the received input to identify static data based on the determined format, extracting the static data, creating feature vectors using the extracted static data by grouping static data fields, labeling identified anomalies, and converting data into hex representations to determine scores from the feature vectors, and determines whether to terminate a download of the executable file based on the scores.

Pereira (US10924503B1) discloses determining first distance between a first data object and a cluster of data objects that is representative of virtual private cloud (VPC) flow log data for non-malicious network traffic.  Second distance between a second data object and the cluster of 

Amended claim 1 recites:
“…generating clusters of known certificates containing vectors of attributes of the known certificates; 
generating clusters of forbidden certificates containing vectors of attributes of the forbidden certificates; 
intercepting a certificate when a protected connection is being established between a client and a server; 
determining categories of network resources to which a connection of the client is forbidden; 
determining a category of the intercepted certificate, the determination of the category of the intercepted certificate comprising: 
identifying a network resource to which the intercepted certificate corresponds, determining whether the intercepted certificate is unknown or known, and determining the category of the intercepted certificate based on whether the certificate is known or unknown, wherein the intercepted certificate is determined as being an unknown certificate when content of the identified network resource is a network resource of an unknown category, wherein, when the intercepted certificate is determined as being a known certificate, the determination of the category of the known certificate is determined in accordance with a list of certificates, and wherein a given certificate of the list of certificates is assigned a category of an address of a network resource to which the given certificate corresponds; 
extracting attributes from the intercepted certificate; and 
blocking the network connection when the determined category of the intercepted certificate is a category of the determined categories of the network resources to which the connection of the client is forbidden, or when the attributes extracted from the intercepted certificate are found to be similar to attributes of forbidden certificates, 
wherein when the intercepted certificate is unknown, the attributes extracted from the intercepted certificate are transformed into an N- dimensional vector of the intercepted certificate and wherein the N-dimensional vector is used to compare the intercepted certificate to the clusters of known and forbidden certificates”.

The reviewed prior arts fail to anticipate the claimed invention in its entirety and further fail to render obvious the invention in its entirety as recited in claim 1 (shown above), because any such attempt would resort to an “impermissible hindsight”. Same analysis applies to independent claims 8 and 15 as they have a scope similar to claim 1.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue 

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to AREZOO SHERKAT whose telephone number is (571)272-8533. The examiner can normally be reached Monday - Friday 8:30-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jung Kim can be reached on 571 - 272 - 3804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/AREZOO SHERKAT/Examiner, Art Unit 2494