DETAILED ACTION
This is a non-final Office action in response to communications received on 4/03/2020 and 12/13/2021.  Claims 1-6 and 13-18 were selected in the response filed on 12/13/2021 in response to a restriction requirement and claims 7-12 and 19-24 were withdrawn.  Claims 1-6 and 13-18 are pending and are examined.  The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Drawings
The drawings filed 4/03/2020 are acknowledged.

Restriction
Applicant’s selection of the group comprising claims 1-6 and 13-18 without traversal is acknowledged.  Accordingly, the restriction is made FINAL.  

Objections
Claims 2-4 and 14-16 are objected to for the following reasons: the claim phrase “determining that the salt is greater than or equal to a salt threshold T; and updating the value of T to an incremented value of the salt” is unclear because in the scenario that the salt is already equal to the salt threshold, wouldn’t the value of T not need to be incremented?  Is the value of T updated only in the scenario where the salt is greater than the salt threshold, or is it updated in both scenarios?  Appropriate clarification or correction is required.
Claims 3 and 15 are objected to for the following reasons: the claim phrase “determining that the salt is greater than or equal to a salt threshold T that a counter is less” is grammatically incorrect.  Did Applicant intend to claim “a salt threshold T and that a counter is less”?  Appropriate clarification/correction is required.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


	The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1.	Determining the scope and contents of the prior art.
2.	Ascertaining the differences between the prior art and the claims at issue.
3.	Resolving the level of ordinary skill in the pertinent art.
4.	Considering objective evidence present in the application indicating obviousness or nonobviousness.


This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of 
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.   
Claims 1, 5-6, 13, and 17-18 are rejected under 35 U.S.C. 103 as being unpatentable over Simon (US 2008/0301435) in view of Erik Sy et al., Tracking Users across the Web via TLS Session Resumption, in Proceedings of the 34th Annual Computer Security Applications Conference, Pages 289–299 (December 2018), available at https://doi.org/10.1145/3274694.3274708 (hereafter “Sy”) (Prior Art Disclosed in Applicant’s IDS).
Regarding claim 1, Simon discloses the limitations substantially as follows:
A method for, by a device, a secure communication session with a server, comprising: 
sending a message to the server requesting a secure communication session (paras. [0018]-[0020], Fig. 3: sending a message to the server with the userID in order to obtain a session key for a secure session); 
receiving from the server, a server nonce, and a salt (paras. [0020]-[0021], [0025], Fig. 3: receiving, from the server, a user salt and a random value (i.e. server nonce) as a challenge);  
determining that the received salt is valid (paras. [0021]-[0022], [0026]: verifying that the received salt can be used to decrypt the challenge sent from the server); 
calculating a salted identifier based upon the shared key and the salt (paras. [0021]-[0022]: calculating a salted hash identifier based upon the hash received from the server (i.e. shared key) and the salt); 
sending the salted identifier to the server (paras. [0023]: sending the salted hash identifier to the server); and 
secure communication session with the server (para. [0024]: secure session with server is established).
Simon does not explicitly disclose the remaining limitations of claim 1 as follows:
resuming, by a device, a secure communication session with a server, comprising: 
		sending a message to the server requesting the resumption of a secure communication session
receiving from the server a server identifier; 
determining that the device has a shared key with the server based upon the server identifier; 
resuming the secure communication session with the server.

resuming, by a device, a secure communication session with a server (Section 2.3: resuming, by a Client device, a secure communication session), comprising: 
sending a message to the server requesting the resumption of a secure communication session (Section 2.3, Figs. b) and c): sending ClientHello message to server requesting resumption of secure communication session)
receiving from the server a server identifier (Section 2.3: receiving from server a pre-shared key containing a database lookup key or ticket); 
determining that the device has a shared key with the server based upon the server identifier (Section 2.3, Figs. b) and c) determining that the client device shares a ticket/lookup key and server key with the server based upon the pre-shared key); 
resuming the secure communication session with the server (Section 2.3, Figs. b) and c): resuming the secure communication with the server).
Sy is combinable with Simon because both are from the same field of endeavor of generating secure sessions between a client and server.  It would have been obvious to one of ordinary skill in the art at the time of the invention to integrate Sy’s method of determining that the device has a shared key with the server based upon the server identifier with the system of Simon in order to enable the device to resume a secure communication session with the server by subsequently sending the shared key to the server.  

	Regarding claims 5 and 17, Simon and Sy disclose the limitations of the method of claim 1 and the device of claim 13.
Simon teaches the limitations of claims 5 and 17 as follows:
	further comprising establishing a new session key (paras. [0022]: generating new session key).

	Regarding claims 6 and 18, Simon and Sy disclose the limitations of the method of claim 1 and the device of claim 13.
Simon teaches the limitations of claims 6 and 18 as follows:
	wherein the salted identifier is a hash of the salt and the shared key (paras. [0026]: salted hash identifier is generated from a hash of the salt and the user password/shared key).

	Regarding claim 13, Simon teaches the limitations substantially as follows;
A device configured to a secure communication session with a server, comprising: 
	a memory; and 
	a processor coupled to the memory, wherein the processor is further configured to: 
send a message to the server requesting a secure communication session (paras. [0018]-[0020], Fig. 3: sending a message to the server with the userID in order to obtain a session key for a secure session); 
receive from the server, a server nonce, and a salt (paras. [0020]-[0021], [0025], Fig. 3: receiving, from the server, a user salt and a random value (i.e. server nonce) as a challenge);  
determine that the received salt is valid (paras. [0021]-[0022], [0026]: verifying that the received salt can be used to decrypt the challenge sent from the server); 
calculate a salted identifier based upon the shared key and the salt (paras. [0021]-[0022]: calculating a salted hash identifier based upon the hash received from the server (i.e. shared key) and the salt); 
send the salted identifier to the server (paras. [0023]: sending the salted hash identifier to the server); and 
secure communication session with the server (para. [0024]: secure session with server is established).
Simon does not explicitly disclose the remaining claim 13 limitations as follows:
resume a secure communication session with a server, comprising: 
		send a message to the server requesting the resumption of a secure communication session
receive from the server a server identifier; 
determine that the device has a shared key with the server based upon the server identifier; 
resume the secure communication session with the server.
However, in the same field of endeavor, Sy discloses the remaining limitations of claim 13 as follows:
resuming a secure communication session with a server (Section 2.3: resuming, by a Client device, a secure communication session), comprising: 
send a message to the server requesting the resumption of a secure communication session (Section 2.3, Figs. b) and c): sending ClientHello message to server requesting resumption of secure communication session)
receive from the server a server identifier (Section 2.3: receiving from server a pre-shared key containing a database lookup key or ticket); 
determine that the device has a shared key with the server based upon the server identifier (Section 2.3, Figs. b) and c) determining that the client device shares a ticket/lookup key and server key with the server based upon the pre-shared key); 
resume the secure communication session with the server (Section 2.3, Figs. b) and c): resuming the secure communication with the server).
Sy is combinable with Simon because both are from the same field of endeavor of generating secure sessions between a client and server.  It would have been obvious to one of ordinary skill in the art at the time of the invention to integrate Sy’s method of determining that the device has a shared key with the server based upon the server identifier with the system of Simon in order to enable the device to resume a secure communication session with the server by subsequently sending the shared key to the server.  

Claims 2 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Simon (US 2008/0301435) in view of Erik Sy et al., Tracking Users across the Web via TLS Session Resumption, in Proceedings of the 34th Annual Computer Security Applications Conference, Pages 289–299 (December 2018), available at https://doi.org/10.1145/3274694.3274708 (hereafter “Sy”), as applied to claims 1 and 13, further in view of Marelas (US 2019/0332597).
	Regarding claims 2 and 14, Simon and Sy disclose the limitations of the method of claim 1 and the device of claim 13.
Simon discloses the limitations of claims 2 and 14 as follows:
	wherein determining that the received salt is valid further comprises (paras. [0021]-[0022], [0026]: verifying that the received salt can be used to decrypt the challenge sent from the server):
Neither Simon or Sy disclose the remaining limitations of claims 2 and 14 as follows:
	determining that the salt is greater than or equal to a salt threshold T; and updating the value of T to an incremented value of the salt
Marelas teaches the limitations of claims 2 and 14 as follows:
	 determining that the salt is greater than or equal to a salt threshold T; and updating the value of T to an incremented value of the salt (paras. [0075], [0077], [0080]: determining whether the retention/expiration period of the user salt needs to be made longer/greater than the current retention/expiration period of the user salt (i.e. salt threshold T) and updating the retention/expiration period of all the user salt (i.e. updating the value of T) to the longer/incremented retention/expiration period of the new user salt).  
Marelas is combinable with Simon and Sy because all three are from the same field of endeavor of generating secure sessions between a client and server.  It would have been obvious to one of ordinary skill in the art at the time of the invention to integrate Marelas’ method of updating the value of the retention/expiration date of the user salt when it is determined that the current retention/expiration period of the user salt is not long enough with the system of Simon and Sy in order to enable increasing the lifetime in which a group of user content is stored by simultaneously updating the expiration period of the user salt for all of the user content stored at once.    

Allowable Subject Matter
Claims 3-4 and 15-16 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Conclusion
For the above-stated reasons, claims 1-6 and 13-18 are rejected.
Prior art considered but not relied upon includes:
1) Cortez (US 2007/0180230) form a secure session between a server and a client device by generating a private server key, public client-key and a server session ID at the server, sending the client-key and server session ID to 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHARON S LYNCH whose telephone number is (571)272-4583.  The examiner can normally be reached on 10AM-6PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi T Arani can be reached on 571-272-3787.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/SHARON S LYNCH/Primary Examiner, Art Unit 2438