DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-4, 6, 8-16, 18 and 20 are pending in this application.
Claims 1, 6, 8, 10, 13, 18 and 20 are currently amended.
Claims 5, 7, 17 and 19 are canceled.
No new IDS was submitted.


Specification
The specification is objected to as failing to provide proper antecedent basis for the claimed subject matter.  See 37 CFR 1.75(d)(1) and MPEP § 608.01(o).  Correction of the following is required: Claim 1, 10 and 13 recites steps, “responsive to determining that a match does not exist between the first security digest and the second security digest…connection for a Transport Layer Security session with the peer device” followed by added steps “selecting a segment of Transport Layer Security data….”, “sending information…”, “generating the first security digest…”. It seems as if all these new steps where taken after the connection for Transport Layer Security session with the peer device is terminated. There is no support in the specification for the steps as claimed. Applicant’s specification, FIG. 4A and Fig. 4B describe that all these added steps were executed before generating the first security digest and before deciding to terminate the network connection with the peer device.
.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-4, 6, 8, 10-16, 18 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Cha et al. (US 2013/0080769 A1) (hereinafter, “Cha”) in view of Palekar et al. (US 2003/0226017 A1) (hereinafter, “Palekar”) and further in view of Todorov (US 2011/0296509 A1).

As to claim 1, Cha discloses a method for preventing Transport Layer Security session man-in-the-middle attacks, the method comprising: 
comparing a first security digest generated by an endpoint device with a second security digest received from a peer device (“As illustrated at 626, the authentication request may include the private identity information, the realm, the nonce, a cnonce, the qop value, a nonce count, an authentication algorithm, a digest uri, and the opaque. In an example embodiment, the cnonce, the nonce count, and/or the digest uri may be illustrated, by the IETF, in RFC document 2617. At 628, the BSF 604 may calculate a response and compare the values received from the UE 602 with the calculated values at the BSF 604.” –e.g. see, [0085]; herein, BSF compares its calculated digest with the received digest from UE; UE is comparable to a peer device; see also, [0088] which discloses applying a digest algorithm as part of authentication challenge-response, [0090] which discloses SIP-Digest authentication); 
determining whether a match exists between the first security digest and the second security digest based on the comparing (“At 630, the BSF 604 may send a message (e.g., a 200 OK message) to the UE 602 that confirms to the UE 602 that authentication was successful. The message at 630 may include a binding trusted identifier (B_TID) and/or a key Ks lifetime, as illustrated at 632.” –e.g. see, [0085]; herein, Bootstrap Server Function determines whether there is a match between its calculated response with the received response from UE and identifies if there is a match. An OK message is sent to the UE when there is a match); and 
responsive to determining that a match does not exist between the first security digest and the second security digest, detecting a man-in-the-middle attack … (“Verification and/or recalculation of B.sub.re, may fail if performed by an MitM, because the MitM may not know how to derive an acceptable B.sub.res value, while recalculation of the GBA response by the MitM may succeed. In this way, the MitM may be detected.” –e.g. see, [0086]; herein, a mismatch is found when the response came from a MitM). 
selecting a segment of Transport Layer Security data corresponding to the Transport Layer Security session (“The request at 610 may include an authorization the Zh BSF 604 may use the Zh reference point to retrieve authentication vectors (AVs) and/or user profile information from HSS 606” -e.g. see, [0084]; herein, retrieving authentication vector and/or user profile information is equivalent to selecting a segment of Transport Layer Security data corresponding to the Transport Layer Security session; Cha further discloses in para 85 that the authentication vectors are included as part of the authentication challenge and response; Cha further discloses in para [0090]: “The authentication challenge may include an authentication header and/or a randomly generated nonce. In addition to the nonce, the authentication header may include additional parameters such as a private identity, a realm, a qop value, algorithm information, and/or a domain.”; herein, “a randomly generated nonce” is selected as part of the challenge);
sending information regarding selection of the selected segment of Transport Layer Security data to the peer device via the network connection (Cha: “At 618, BSF 604 may send an authentication challenge (e.g., an authentication challenge in an HTTP 401 unauthorized response) to UE 602. As illustrated at 620, the message at 618 may include private identity information, a realm, a nonce, a quality of protection (qop) value, an authentication algorithm, a domain, and/or an opaque. In an example embodiment, this information may be included in the authentication header of the message.” –e.g. see, Cha: [0085]; herein “nonce” is selected to send as part of the challenge which is part of TLS data; Cha further discloses: “The UE 702 may also generate a messages authentication code (MAC) value B.sub.res, using both the TLS tunnel session key and a session key for example. The TLS tunnel session key and/or the session key may include the integrity key (IK) or the confidentiality key (CK) for example. In an example embodiment, the IK may be used instead of the CK, as the IK may be designated to be used for integrity protection purposes. These keys may be generated from the authentication challenge RAND taken from the AV the UE 702 has received. This may bind the TLS tunnel authentication with the GBA protocol. Both the authentication challenge response, and B.sub.res, may be put into the authorization header and sent back to the BSF 704 in a request message (e.g., an HTTP GET request message) at 720. B.sub.res may be calculated by the same algorithm as the authentication response, however it may be calculated with different input parameters as described.” -e.g. see, [0091]; herein Cha, discloses sending a “RAND” as part of authentication challenge which was retrieved (i.e. selected) from AV (Authentication Vectors)); and
generating the first security digest based on a hash of … the selected segment of Transport Layer Security data corresponding to the Transport Layer Security session (“The UE may send the authentication request to BSF 604 at 624. As illustrated at 626, the authentication request may include the private identity information, the realm, the nonce, a cnonce, the qop value, a nonce count, an authentication algorithm, a digest uri, and the opaque. In an example embodiment, the cnonce, the nonce count, and/or the digest uri may be illustrated, by the IETF, in RFC document 2617. At 628, the BSF 604 may calculate a response and compare the values received from the UE 602 with the calculated values at the BSF 604. At 630, the BSF 604 may send a message (e.g., a 200 OK message) to the UE 602 that confirms to the UE 602 
Cha may not explicitly disclose responsive to determining that a match does not exist between the first security digest and the second security digest … terminating a network connection for a Transport Layer Security session with the peer device; generating the first security digest based on a hash of a retrieved correct answer to a CAPTCHA puzzle.
However, in an analogous art, Palekar discloses responsive to determining that a match does not exist between the first security digest and the second security digest … terminating a network connection for a Transport Layer Security session with the peer device (“If the response from the client is different from the value calculated internally by the authenticator, then the client should not be authenticated. However, the authenticator can determine, at step 710, whether the authentication that was negotiated allows for retries, and how many. If it does allow for retries, and the maximum number of retries has not been exceeded, then the authenticator sends another challenge to the peer. If no retries are allowed, or the maximum number has been reached, the connection is ended at step 712.” –e.g. see, [0079]; herein, the connection is terminated when there is a mismatch with the received digest and calculated digest).

Neither Cha nor Palekar explicitly disclose comprising: generating the first security digest based on a hash of a retrieved correct answer to a CAPTCHA puzzle. However, in an analogous art, Todorov discloses generating the first security digest based on a hash of a retrieved correct answer to a CAPTCHA puzzle (“At block 517, the system determines whether a server hash value matches the hash value received from the client. The system can compare a server hash value for a combination of the password with the CAPTCHA answer to the client hash value. Alternatively or in addition to, the system can compare a server hash value for a combination of the password hash with the CAPTCHA answer to the client hash value.” –e.g. see, Todorov: [0042], see also [0041]).
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Cha and Palekar with the teaching of Todorov to include “generating the first security digest based on a hash of a retrieved correct answer to a CAPTCHA puzzle” in order to prevent an attacker from easily eavesdrop on an insecure HTTP connection, intercept a 

Claims 10 and 13 are rejected for similar rationale as for the rejection of claim 1. 

As to claim 2, Cha discloses further comprising: responsive to determining that a match does exist between the first security digest and the second security digest, sending a security digest validation acknowledgement to the peer device and continuing the Transport Layer Security session with the peer device (Cha: “… the BSF 604 may send a message (e.g., a 200 OK message) to the UE 602 that confirms to the UE 602 that authentication was successful. The message at 630 may include a binding trusted identifier (B_TID) and/or a key Ks lifetime, as illustrated at 632.” –e.g. see, Cha: [0085]). 

As to claims 11 and 14, these are rejected using the similar rationale as for the rejection of claim 2.

As to claim 3, the combination of Cha, Palekar and Todorov disclose comprising: receiving a request to initiate the Transport Layer Security session with the endpoint device from the peer device; performing a Transport Layer Security handshake procedure with the peer device; and establishing the network connection with the peer device for the Transport Layer Security session upon successful completion of the Transport Layer Security handshake procedure (Cha: Fig. 7, [0090]; herein Cha teaches initiating a TLS session and an handshake process between UE and BSF; Furthermore, Palekar: [0062]; herein, Palekar discloses allowance of both communicating endpoints to verify that the other has calculated the same parameters and that the handshake occurred without tampering by a rogue interceptor). 

As to claims 12 and 15, these are rejected using the similar rationale as for the rejection of claim 3.

As to claims 4 and 16, neither Cha nor Palekar explicitly disclose selecting a CAPTCHA puzzle to send to the peer device; and sending the CAPTCHA puzzle to the peer device via the network connection. However, in an analogous art, Todorov discloses selecting a CAPTCHA puzzle to send to the peer device; and sending the CAPTCHA puzzle to the peer device via the network connection (Todorov: “Embodiments of the invention are directed to a method and system for securing passwords with CAPTCHA based hash. A password security system, hosted by a server, sends a web page over a network to a client. The web page includes a CAPTCHA challenge, a request for a CAPTCHA answer for the challenge, a graphical user interface for receiving a user identifier and a password, and a security script. The security script is to be executed by the client to generate a client hash value from password data and a CAPTCHA answer that is received from a user. The system receives the client hash value from the client and computes a server hash value for password data for the user and a CAPTCHA answer that is stored in a data store that is coupled to the server. The system determines whether the server hash value matches the client hash value, and grants data access to the user when the values match and denies data access to the user when the values do not match.” -e.g. see, Todorov: [0011]).
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Cha and Palekar with the teaching of Todorov to include “selecting a CAPTCHA puzzle to send to the peer device; and sending the CAPTCHA puzzle to the peer device via the network connection” in order to prevent an attacker from easily eavesdrop on an insecure HTTP connection, intercept a hash value and/or impersonate a user by reusing the hash value to login to a server as suggested by Todorov (Spec, para 3).

As to claims 6 and 18, Cha discloses wherein the selected segment of Transport Layer Security data is an initial portion of Transport Layer Security data corresponding to the Transport Layer Security session that includes a predetermined number of bytes (Cha: “At 618, BSF 604 may send an authentication challenge (e.g., an authentication challenge in an HTTP 401 unauthorized response) to UE 602. As illustrated at 620, the message at 618 may include private identity information, a realm, a nonce, a quality of protection (qop) value, an authentication algorithm, a domain, and/or an opaque. In an example embodiment, this information may be included in the authentication header of the message.” –e.g. see, Cha: [0085]; herein, identity information or nonce have predetermined number of bytes). 

As to claims 8 and 20, the combination of Cha, Palekar and Todorov disclose wherein the second security digest is generated based on a hash of a user inputted answer to the CAPTCHA puzzle (Todorov: “At block 517, the system determines whether a server hash value matches the hash value received from the client. The system can compare a server hash value for a combination of the password with the CAPTCHA answer to the client hash value. Alternatively or in addition to, the system can compare a server hash value for a combination of the password hash with the CAPTCHA answer to the client hash value.” –e.g. see, Todorov: [0042]) and the selected segment of Transport Layer Security data corresponding to the information regarding the selection received from the endpoint device by the peer device (Cha: “As illustrated at 626, the authentication request may include the private identity information, the realm, the nonce, a cnonce, the qop value, a nonce count, an authentication algorithm, a digest uri, and the opaque. In an example embodiment, the cnonce, the nonce count, and/or the digest uri may be illustrated, by the IETF, in RFC document 2617. At 628, the BSF 604 may calculate a response and compare the values received from the UE 602 with the calculated values at the BSF 604.” –e.g. see, Cha: [0085]; herein, BSF compares its calculated digest with the received digest from UE; UE is comparable to a peer device; see also, [0088] which discloses applying a digest algorithm as part of authentication challenge-response, [0090] which discloses SIP-Digest authentication). 

Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over Cha in view of Palekar in view of Todorov and further in view of Lawrence et al. (US 2014/0108800 A1) (hereinafter, “Lawrence”).


As to claim 9, neither Cha nor Palekar nor Todorov explicitly disclose determining whether the second security digest was received from the peer device within a defined period of time; responsive to determining that the second security digest was not received from the peer device within the defined period of time, terminating the network connection for the Transport Layer Security session with the peer device; and responsive to determining that the second security digest was received from the peer device within the defined period of time, comparing the first security digest generated by the endpoint device with the second security digest received from the peer device. 
However, in an analogous art, Lawrence discloses determining whether the second security digest was received from the peer device within a defined period of time; responsive to determining that the second security digest was not received from the peer device within the defined period of time, terminating the network connection for the Transport Layer Security session with the peer device; and responsive to determining that the second security digest was received from the peer device within the defined period of time, comparing the first security digest generated by the endpoint device with the second security digest received from the peer device (Lawrence: “The validity of time and/or the location 122 of the client device 108 is deduced by at least one of the following: a hash value receiving time (t.sub.1) which is the time of arrival (TOA) of the hash value 152 transmitted from the client device 108 to the authentication processor 300, an estimated transmission signal client receiving time (t.sub.2est) by the client device 108 based on the alleged transmission signal data from at least one transmission source such as the satellite 102-106, the time difference 322 is below a defined time threshold, the calculated hash value 336 is the same as the received hash value 152 transmitted from the client device 108 to the authentication processor 300, and the authentication message 144 based on processing the contents of the alleged transmission signal data from the client receiver that is received at the client device 108 from at least one transmission source.” –e.g. see, Lawrence: [0094]). 
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Cha, Palekar and Todorov by including “determining whether the second security digest was received from the peer device within a defined period of time; responsive to determining that the second security digest was not received from the peer device within the defined period .

Response to Arguments
Applicant has amended independent claims 1, 10 and 13, see rejection above. Applicant's arguments filed on 12/13/21 have been fully considered but they are not persuasive. 

Applicant argues on pages 8-9 of the remark regarding claims 7, 8, 19 and 20 that: 
“On pages 8-9 of the current Office Action, the Examiner alleges that Cha discloses "generating the first security digest based on a hash of ... the selected segment of the Transport Layer Security data corresponding to the Transport Layer Security session" in paragraphs [0085], [0088] and [0090]. Applicant responds as follows. 

Notably, this cited paragraph does not describe generating a first security digest 'based on a hash', whereas per Claim 7 the first security digest is generated based on a hash of 'the selected segment of Transport Layer Security data corresponding to the Transport Layer Security session'.” 

Examiner’s response:
Examiner respectfully disagrees with the Applicant’s argument and would like to point out that Cha in para [0085] calculates a response at BDF 604 which is equivalent to “first security digest” and the calculation includes the private identity information as well as the nonce which was part of authentication challenge; herein, “the nonce” is equivalent to the selected segment of Transport Layer Security data corresponding to the Transport Layer Security session. It should be noted that “At 628, BSF 604 may calculate a response and compare the values received from the UE 602 with the calculated values at the BSF 604.” Herein, “first security digest” was calculated by BSF 604 and the ‘second security digest’ was calculated by UE 602 at step624, herein, “The UE may send the authentication request to BSF 604 at 624. As illustrated at 626, the authentication request may include the private identity information, the realm, the nonce, a cnonce, the qop value, a nonce count, an authentication algorithm, a digest uri, and the opaque. In an example embodiment, the cnonce, the nonce count, and/or the digest uri may be illustrated, by the IETF, in RFC document 2617”; Therefore, UE includes private identity information (i.e. the nonce) as part of the message digest calculation and BSF follows the same message digest calculation. Therefore, it is concluded that Cha discloses generating a first security digest 'based on a hash', whereas per Claim 7 the first security digest is generated based on a hash of 'the selected segment of Transport Layer Security data corresponding to the Transport Layer Security session'.

Applicant argues on pages 9-10 of the remark that: 
“On page 9 of the current Office Action, the Examiner alleges that Todorov discloses all such first security digest generating aspects of Claim 7 in paragraph [0042] and block 517 of Figure 5. Applicant responds as follows. 
To the extent that Todorov describes generating a 'server hash value' by (i) combining (a) a CAPTCHA challenge answer with either (b) a password or password hash, and then (ii) performing a one-way hash on the resulting combination (Todorov paragraph [0041], lines 9-16), this generated 'server hash value' is used differently than what is recited in Claim 7. For example, Todorov describes that a determination is made as to whether this generated 'server hash value' matches the 'hash value' received from the client (Todorov paragraph [0042], lines 1-3). If no match is found, the system denies access to the user (Todorov paragraph [0042], lines 8-10). If a match is found, the  step to either grant or deny user access to content.
In contrast, the claimed hash of a retrieved correct answer is instead used as the basis for a subsequent 'generating' step/action, where 'the first security digest' is itself specially generated based on a hash of a retrieved correct answer to a CAPTCHA puzzle.”

Examiner’s response:
Examiner respectfully disagrees with the Applicant’s arguments. Todorov also uses retrieved correct answer as the basis for a subsequent generation step/action. Tadorov in para [0042] and [0041] teaches that the system searches and find the “CAPTCHA answer” that corresponds to the “CAPTCHA challenge” which the server sent to the client (i.e. peer device) and uses the “CAPTCHA answer” to generate a hash using a one-way hash function (i.e. generates a message digest) which is equivalent to generating a first security digest based on a hash of a retrieved correct answer to a CAPTCHA puzzle (“The system can search for the data based on the user name received from the client. At block 513, the system searches the data store for the CAPTCHA answer that corresponds to the CAPTCHA challenge which the server sent to the client. At block 515, the system identifies a one-way hash function that is associated with the user from data stored in the user data. The system combines the CAPTCHA challenge answer with either the password or the password hash and performs the one-way hash function on the combination to generate a server hash value. The system can compute a server hash value for a combination of the 


Applicant argues on page 10 of the remark that: 
“It is further noted that even assuming arguendo that (i) Cha teaches generating the 'first security digest' based on a hash of a selected segment of Transport Layer Security data corresponding to the Transport Layer Security session (which it does not, as shown hereinabove); and (ii) Todorov teaches generating the 'first security digest' based on a hash of a retrieved correct answer to a CAPTCHA puzzle, the resulting combination does not describe generating the 'first security digest using two distinct hashed components ((1) a retrieved correct answer to a CAPTCHA puzzle and (2) the selected segment of Transport Layer Security data corresponding to the Transport Layer Security session). Instead, only one hashed component is used as the basis for the alleged 'generating' step/action - but not two, as claimed.”
   
Examiner’s response:
Examiner respectfully disagrees with the Applicant’s argument and would like to point out that Applicant is arguing about a limitation that was not claimed (“generating the 'first security digest using two distinct hashed components ((1) a retrieved correct answer to a CAPTCHA puzzle and (2) the selected segment of Transport Layer Security data corresponding to the Transport Layer Security session). Instead, only one hashed component is used as the basis for the alleged 'generating' step/action - but not two, as on a hash of a retrieved correct answer to a CAPTCHA puzzle” and “the selected segment of Transport Layer Security data corresponding to the Transport Layer Security Session”. Furthermore, Cha discloses “generating the first security digest based on the selected segment of Transport Layer Security data corresponding to the Transport Layer Security session” and Todorov discloses “generating the first security digest based on a hash of a retrieved correct answer” (See rejection and response to the arguments above). Thus, combination of Cha and Todorov disclose the claimed limitation.

Applicant argues on page 11 and 12 of the remark regarding dependent claim 9 that: 
“In paragraph [0094], Lawrence describes various different ways to ascertain/deduce 'the validity of time and/or location' of the client device. Notably, this cited passage does not describe (1) two 'security digests', (2) a 'comparing' step/action, (3) comparing two security digests, or (4) performing a compare operation with respect to two security digests responsive to determining that the second security digest was received from the peer device within the defined period of time, as claimed. Instead, time/location validity is deduced based on various time-based parameters.”

Examiner’s response:
Examiner would like to point out that primary art, Cha teaches two ‘security digests’, comparing step/action and comparing two security digests. Lawrence was cited to show ‘determining whether … security digest was received from the peer device a hash value receiving time (t.sub.1) which is the time of arrival (TOA) of the hash value 152 transmitted from the client device 108 to the authentication processor 300, an estimated transmission signal client receiving time (t.sub.2est) by the client device 108 based on the alleged transmission signal data from at least one transmission source such as the satellite 102-106, the time difference 322 is below a defined time threshold, the calculated hash value 336 is the same as the received hash value 152 transmitted from the client device 108 to the authentication processor 300, and the authentication message 144 based on processing the contents of the alleged transmission signal data from the client receiver that is received at the client device 108 from at least one transmission source.” –e.g. see, Lawrence: [0094]).


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 

US 2016/0381080 A1 (Reddem et al.) -Reddem teaches establishing SSL or TLS connections (i.e. [0126]), selects authentication schema based on CAPTCHA (i.e. [0329, [0330]).


THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to SUMAN DEBNATH whose telephone number is (571)270-1256. The examiner can normally be reached Mon-Fri; 9:00am-5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 571-272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.


SUMAN DEBNATH
Patent Examiner
Art Unit 2495



/S.D/Examiner, Art Unit 2495        

/FARID HOMAYOUNMEHR/Supervisory Patent Examiner, Art Unit 2495