DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-4, 6, 8-16, 18 and 20 are pending in this application.
Claims 3, 7, 17 and 19 were cancelled.
No new IDS has been filed.

Specification
The previous objection to the specification has been withdrawn in response to the applicant’s remarks.

Allowable Subject Matter
Claims 1-4, 6, 8-16, 18 and 20 are allowed.

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additional be unacceptable to applicants, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of issue fee.
Authorization for this examiner's amendment was given in electronic mail communication with Wayne P. Bailey (Reg. no. 34,289) on 5/7/2022.

The application has been amended as follows:
IN THE CLAIMS

1. (Currently Amended) A method for preventing Transport Layer Security session man-in-the-middle attacks, the method comprising:
 comparing a first security digest generated by an endpoint device with a second security digest received from a peer device;
 determining whether a match exists between the first security digest and the second security digest based on the comparing;
 responsive to determining that a match does not exist between the first security digest and the second security digest, detecting a man-in-the-middle attack and terminating a network connection for a Transport Layer Security session with the peer device; 
selecting a segment of Transport Layer Security data corresponding to the Transport Layer Security session; 
sending information regarding selection of the selected segment of Transport Layer Security data to the peer device via the network connection; and 
generating the first security digest based on both a hash of a retrieved correct answer to a CAPTCHA puzzle and the selected segment of Transport Layer Security data corresponding to the Transport Layer Security session.

10. (Currently Amended) A computer system for preventing Transport Layer Security session man-in-the-middle attacks, the computer system comprising: 
a bus system; Page 3 of 15 
Hsiung et al. - 16/185,111a storage device connected to the bus system, wherein the storage device stores program instructions; and 
a processor connected to the bus system, wherein the processor executes the program instructions to: 
compare a first security digest generated by the computer system with a second security digest received from a peer device; 
determine whether a match exists between the first security digest and the second security digest based on comparing the first security digest and the second security digest; 
detect a man-in-the-middle attack and terminate a network connection for a Transport Layer Security session with the peer device in response to determining that a match does not exist between the first security digest and the second security digest; 
select a segment of Transport Layer Security data corresponding to the Transport Layer Security session; 
send information regarding selection of the selected segment of Transport Layer Security data to the peer device via the network connection; and 
generate the first security digest based on both a hash of a retrieved correct answer to a CAPTCHA puzzle and the selected segment of Transport Layer Security data corresponding to the Transport Layer Security session.

13. (Currently Amended) A computer program product for preventing Transport Layer Security session man-in-the-middle attacks, the computer program product comprising a computer readable storage medium having program instructions embodied therewith, the program instructions executable by a computer to cause the computer to perform a method comprising:
 comparing a first security digest generated by the computer with a second security digest received from a peer device; 
determining whether a match exists between the first security digest and the second security digest based on the comparing; 
responsive to determining that a match does not exist between the first security digest and the second security digest, detecting a man-in-the-middle attack and terminating a network connection for a Transport Layer Security session with the peer device; 
selecting a segment of Transport Layer Security data corresponding to the Transport Layer Security session; 
sending information regarding selection of the selected segment of Transport Layer Security data to the peer device via the network connection; and 
generating the first security digest based on both a hash of a retrieved correct answer to a CAPTCHA puzzle and the selected segment of Transport Layer Security data corresponding to the Transport Layer Security session.

Examiner’s Statement for Reasons for Allowance
The following is an examiner’s statement of reasons for allowance:

Regarding independent claims 1, 10 and 13,

Cha et al. (US 2013/0080769 A1) teaches calculating response which comprises a digest and compares the calculated response value with a received value; determining whether a match exists between the calculated digest and received digest based on comparing; a mismatch is found when the response came from a man-in-the middle attack -e.g. see, [0085], [0086], [0088], [0090] of Cha.

Palekar et al. (US 2003/0226017 A1) teaches responsive to determining that a match does not exist between the first security digest and the second security digest … terminating a network connection for a Transport Layer Security session with the peer device -e.g. see, [0062], [0079] of Palekar.

Todorov (US 2011/0296509 A1) teaches generating a first security digest based on a hash of a retrieved correct answer to a CAPTCHA puzzle -e.g. see, [0041], [0042] of Todorov.

However, the prior art of record does not teach or render obvious:
the limitations in independent claims 1, 10 and 13 specific to the other limitations combination with:

select a segment of Transport Layer Security data corresponding to the Transport Layer Security session; 
send information regarding selection of the selected segment of Transport Layer Security data to the peer device via the network connection; and 
generate the first security digest based on both a hash of a retrieved correct answer to a CAPTCHA puzzle and the selected segment of Transport Layer Security data corresponding to the Transport Layer Security session.

Dependent claims 2-4, 6, 8, 9, 11, 12, 14-16, 18 and 20 are allowed as they depend from allowable independent claim 1 or 10 or 13.

	Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled "Comments on Statement of Reasons for Allowance".

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SUMAN DEBNATH whose telephone number is (571)270-1256. The examiner can normally be reached Mon-Fri; 9:00am-5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 571-272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

SUMAN DEBNATH
Patent Examiner
Art Unit 2495



/S.D/Examiner, Art Unit 2495                                                                                                                                                                                                        6185

/FARID HOMAYOUNMEHR/Supervisory Patent Examiner, Art Unit 2495