Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
1.	This action is responsive to:  an original application filed on 5 March 2020.
2.	Claims 1-20 are currently pending.  Claims 1, 9, and 16, are independent claims. 
3.	The IDS submitted on 5 March 2020 has been considered. 
Claim Rejections - 35 USC § 101
4.	35 U.S.C. 101 reads as follows: 
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

5.	Claims 9-15 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  The claims are directed to “A computer program product comprising: a computer readable medium” these claims are rejected under 101 because computer program product and computer-readable medium can be interpreted as a signal, which is non-statutory subject matter.  
		In order to overcome the 101 rejection, the Examiner recommends that the language of the claim be modified to include "non-transitory" or "computer readable device".  Appropriate Correction is required.
Claim Rejections – 35 USC § 103
6.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


7.	Claims 1, 4, 9, and 11, are rejected under 35 U.S.C. 103 as being unpatentable over Schnellbaecher U.S. Patent Application No. 2008/0263215 (hereinafter ‘215) in view of Gero et al. U.S. Patent Application Publication No. 2013/0156189 (hereinafter ‘189).
	As to independent claim 1, “A computer-implemented method for performing transport layer security (TLS) protocol functions in separate processing instances, the computer-implemented method comprising: receiving, by a handshake processor instance, a TLS connection request from a client to a server, the handshake processor instance configured to perform TLS handshake protocol functions” is taught in ‘215 paragraphs 24 and 36, note the ‘handshake processor instance’ is interpreted to be the ‘transparent proxy’;
	“establishing, by the handshake processor instance, a TLS connection including connection secrets” is shown in ‘215 paragraphs 37, 40 and 52, note a secure connection is established with the SSL handshake which includes a certificate (i.e. connection secrets) as well as client key exchange (i.e. secrets); 
	“transmitting, by the handshake processor instance, the connection secrets to a connection processor instance, the connection processor configured to perform TLS record protocol functions” is disclosed in ‘215 paragraph 53;
	“and processing, by the connection processor instance, application data used during communication with the client” is taught in ‘215 paragraph 53;
the following is not explicitly taught in ‘215:
	“deleting the connection secrets stored on the handshake processor instance”
however ‘189 teaches a RSA proxy server (i.e. handshake processor) which improves SSL encryption because if a proxy machine is compromised the credentials (i.e. connection secrets) can be removed in paragraphs 36-38.
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention of a transparent secure socket layer including a transparent proxy taught in ‘215 to include a means to delete connection secrets.  One of ordinary skill in the art would have been motivated to perform such a modification to easily protect secrets in SSL connections see ‘189 (paragraphs 7and 38). 
	As to dependent claim 4, “The computer-implemented method of claim 1, wherein deleting the connection secrets includes performing a deletion technique to a memory location where the connection secrets were stored on the handshake processor instance” is taught in ‘189 paragraphs 36-38.
	As to independent claim 9, this claim is directed to a computer program product executing the method of claim 1; therefore, it is rejected along similar rationale.
	As to dependent claim11, this claim contains substantially similar subject matter as claim 4; therefore, it is rejected along similar rationale.


8.	Claims 2 and 10, and  are rejected under 35 U.S.C. 103 as being unpatentable over Schnellbaecher U.S. Patent Application No. 2008/0263215 (hereinafter ‘215) in view of Gero et al. U.S. Patent Application Publication No. 2013/0156189 (hereinafter ‘189) in further view of Shah et al. U.S. Patent Application Publication No. 2016/0277372 (hereinafter ‘372).
	As to dependent claim 2, “The computer-implemented method of claim 1, wherein establishing the TLS connection comprises: transmitting server information to the client; transmitting a server certificate to the client, wherein the server certificate includes a server identification and a public key to the client” is taught in ‘215 paragraph 34;
	“transmitting a server hello done message to the client” is shown in ‘215 paragraph 48;the following is not explicitly taught in ‘215 and ‘189: 
	“receiving a client certificate and a client key exchange from the client; receiving a pre-master secret from the client, wherein the pre-master secret is encrypted using the public key; decrypting the pre-master secret using a private key; computing the connection secrets; and receiving a first encrypted message from the client using the connection secrets” however ‘372 teaches the client providing a client certificate as well as pre-master secret exchange in paragraphs 46-49.
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention of a transparent secure socket layer including a transparent proxy taught in ‘215 and ‘189 to include a means to exchange client certificates and pre-master secrets.  One of ordinary skill in the art would have been motivated to perform such a modification to accelerate secure communications without exposing private cryptographic keys see ‘372 (paragraphs 1-5). 
	As to dependent claim 10, this claim contains substantially similar subject matter as claim 2; therefore, it is rejected along similar rationale.


9.	Claims 3, 5, 6, 8, 10, 12, 13, and 15, are rejected under 35 U.S.C. 103 as being unpatentable over Schnellbaecher U.S. Patent Application No. 2008/0263215 (hereinafter ‘215) in view of Gero et al. U.S. Patent Application Publication No. 2013/0156189 (hereinafter ‘189) in further view of Kravitz et al. U.S. Patent Application Publication No. 2012/0284506 (hereinafter ‘506).
	As to dependent claim 3, “The computer-implemented method of claim 1, wherein processing the application data comprises: accessing the connection secrets received from the handshake processor instance; receiving encrypted client data from the client; decrypting the encrypted client data into client data using the connection secrets” is taught in ‘189 Abstract and paragraphs 6-9; the following is not explicitly taught in ‘215 and ‘189: 
	“encrypting the application data generated in response to the client; and transmitting the encrypted application data to the client” however ‘506 teaches encrypting and transmitting encrypted application data in paragraphs 138-139.
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention of a transparent secure socket layer including a transparent proxy taught in ‘215 and ‘189 to include a means for isolated instances as well as encrypting application data.  One of ordinary skill in the art would have been motivated to perform such a modification to prevent crimeware attacks see ‘506 paragraphs 9-11.
	As to dependent claim 5, “The computer-implemented method of claim 1, further comprising: severing a communication connection between the handshake processor instance and the connection processor instance upon transmitting the connection secrets” is taught in ‘506 Abstract.
	As to dependent claim 6, “The computer-implemented method of claim 1, wherein the handshake processor instance and the connection processor instance operate on separate containers within a distributed system” is shown in ‘506 paragraphs 29-30 and 36.
	As to dependent claim 8, “The computer-implemented method of claim 1, wherein transmitting comprises: establishing a secure connection between the handshake processor instance and the connection processor instance; encrypting the connection secrets using physical security controls; and transmitting the encrypted connection secrets to the connection processor instance” is disclosed in ‘506 paragraph 56.
	As to dependent claims 10, 12, 13, and 15, these claims contain substantially similar subject matter as claims 3, 5, 6, and 8; therefore, they are rejected along similar rationale. 	

10.	Claims 7 and 14, and  are rejected under 35 U.S.C. 103 as being unpatentable over Schnellbaecher U.S. Patent Application No. 2008/0263215 (hereinafter ‘215) in view of Gero et al. U.S. Patent Application Publication No. 2013/0156189 (hereinafter ‘189) in further view of Burgess et al. U.S. Patent Application Publication No. 2018/0241728(hereinafter ‘728).
	As to dependent claim 7, the following is not explicitly taught in ‘215 and ‘189: “The computer-implemented method of claim 1, wherein the handshake processor instance and the connection processor instance operate on separate virtual machines within a computing environment” however ‘728 teaches establishing secure connection i.e. TLS using a virtual environment in paragraphs 32, 53, and 74-83.
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention of a transparent secure socket layer including a transparent proxy taught in ‘215 and ‘189 to include a means to utilize virtual machines.  One of ordinary skill in the art would have been motivated to perform such a modification to enhance client computing capabilities see ‘728 paragraphs 77-79.
	As to dependent claim 14, this claim contains substantially similar subject matter as claim 7; therefore, it is rejected along similar rationale.

11.	Claims 16-20 are rejected under 35 U.S.C. 103 as being unpatentable over Schnellbaecher U.S. Patent Application No. 2008/0263215 (hereinafter ‘215) in view of Kravitz et al. U.S. Patent Application Publication No. 2012/0284506 (hereinafter ‘506).

	As to independent claim 16, “A Transport Layer Security (TLS) separation system comprising: at least one processor; at least one memory component; a handshake processor instance configured to perform a TLS handshake between a server and a client”
the following is not explicitly taught in ‘215:
	“and a connection processor instance configured to process communication between the server and the client during a TLS session, wherein the connection processor instance is isolated from the handshake processor instance” however ‘506 teaches a central system that mediates communications between user-controlled devices such that secure communication are separate and distinct in paragraphs 29-30 and 36.
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention of a transparent secure socket layer including a transparent proxy taught in ‘215 to include a means for isolated instances.  One of ordinary skill in the art would have been motivated to perform such a modification to prevent crimeware attacks see ‘506 paragraphs 9-11.
	As to dependent claim 17, “The TLS separation system of claim 16, wherein the handshake processor instance is further configured to transmit connection secrets generated during the TLS handshake between the server and the client” is taught in ‘215 paragraphs 37, 40 and 52.
	As to dependent claim 18, “The TLS separation system of claim 17, wherein the handshake processor instance is further configured to delete the connection secrets upon transmitting the connection secrets to the connection processor instance” is shown in ‘506 Abstract, note “Optionally, after the communications are established between the devices, the server can withdraw from the communications”, this suggests removing the connection secrets.
	As to dependent claim 19, “The TLS separation system of claim 16, wherein the handshake processor instance and the connection processor instance operate within separate containers” is disclosed in ‘506 paragraphs 29-30 and 36.
	As to dependent claim 20, “The TLS separation system of claim 16 further comprising: a physical security control configured to manage digital keys and provide encryption processing between the handshake processor instance and the connection processor instance” is taught in ‘506 paragraph 56.
Conclusion
12.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to ELLEN C TRAN whose telephone number is (571) 272-3842.  The examiner can normally be reached from M-F 9 AM to 6PM.
Examiner interviews are available via telephone and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
		If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeff Pwu can be reached at 571-272-6798.  The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/ELLEN TRAN/Primary Examiner, Art Unit 2433                                                                                                                                                                                                        11 May 2022