DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Information Disclosure Statement
The information disclosure statement (IDS) submitted 05/29/2020 and 11/06/2021 are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 1, 4-20 are rejected under 35 U.S.C 103 as being unpatentable over Hongqian et al. EP (1692667) [Attached by Examiner], hereon referred to as Hongqian, 
	In regards to claims 1, 9 & 18, Hongqian discloses obtaining a first memory space for establishing a transport layer security (TLS) connection ("RAM area 2003" + "NVM buffer 2103"); "during the handshake process when a lot more information needs to be kept in memory than the allocated RAM pool will allow "two buffers are the TLScontext  buffer  which  holds  information  about  the  state
of TLShandshake"; Fig. 21; Paragraph 213; 218); obtaining a second memory space that is smaller than the first memory space (All memory required for maintaining TLS context  state  and for performing  cryptographic operations is allocated dynamically on the heap; 11TLS record ... RAM ...  buffer ... is limited to 2 0 0 bytes; The dynamically allocated RAM buffer for the TLS record protocol in (corresponding to the second memory space ) is part of the RAM and consequently is smaller than the size of the RAM area plus the NVM buffer (corresponding to the first memory space) allocated to the Handshake protocol; Paragraphs 0227-0228; 0323); after the TLS connection is established, copying cryptographic keys and TLS session information from the first memory space to the second memory space; releasing the first memory space (Once	TLS handshake is complete, the	TLS module establishes a set of session keys; a set of session keys, which can be used to encrypt and decrypt application data, from the first memory space to the second memory space ; Paragraphs 0226); and indicating the second memory space for asynchronous communications over the established TLS connection (TLS records  ...  using  a  small  TLSbuffer; Paragraph 231; Fig.23).
	Any interpretations of differences between the claim(s) and the prior art are only minor in nature, design elements and could not establish novelty or an inventive step. It would be obvious to an ordinary skill in the art, that before the filing date of the invention, any minor differences of the claim are still functionally addressed in the prior art, which discloses the same object matter and same type of solution as the instant application, as currently presented. The prior art does not explicitly teach "copying cryptographic keys and TLS session information from the first memory space to the second memory space". However, Hongqian discloses the technical effect of reducing TLS memory footprint (see paragraph 0228); since D1 discloses dynamic memory allocation for each protocol part of the TLS (see paragraph 0160/0211); and, since it is obvious that the memory required for deriving the keys utilizing the handshake protocol is much bigger that the memory requirements during the record protocol (paragraphs 0213, Figs 21 and 22), it would be obvious for an ordinary person skilled in the art to assign a lower memory space for the record protocol that for the handshake protocol and copying only the results of the handshake protocol to the memory/heap part allocated to the record protocol.
	In regards to claims 4 & 13, Hongqian discloses wherein the first and second memory spaces are obtained from a memory pool allocated for TLS connections (The memory spaces can be allocated for TLS connections; Paragraph 160). 
	In regard to claims 5 & 11, Hongqian discloses branching to a second program code to implement the record sub-protocol of TLS from a first program code that implements the handshake sub-protocol of TLS, wherein an executing instance of the second program code uses the second memory space for data communications over the established TLS connection (Handshake protocols and record protocols are utilized; Paragraphs 0213; 0231).
	In regards to claims 6 & 14, Hongqian discloses wherein the TLS connection complies with version 1.3 of the TLS protocol (The connection can compile with specific versions of protocols; Paragraph 204).
	In regards to claim 7, 15-16 & 20, Hongqian discloses cleaning the first memory space prior to releasing the first memory space, wherein the cleaning comprises at least cleaning cryptographic keys and a shared secret from the first memory space (RAM is a critical resource on smart cards and on other resource-constrained devices. One of the approaches to reducing RAM usage is to cut down on the process stack size required to support TLS layer. A preferred embodiment of the invention uses a customized heap management sub-system so that buffers can be dynamically allocated and de-allocated as needed. All memory required for maintaining TLS context state and for performing cryptographic operations is allocated dynamically on the heap. There are very few local variables in functions, and the call stack depth is intentionally kept as low as possible. This allows the TLS layer to use no more than 200 bytes of stack space. The heap space for the TLS layer is fixed and allocated at start up time from a RAM pool. The TLS server implementation requests buffers from this heap on an as needed basis and then frees them once the task is complete. The same RAM space can then be used for other operations. Since the TLS state machine knows exactly when it is safe to free a buffer, pre-mature and accidental buffer release is not an issue; Paragraph 211).
	In regards to claims 8 & 17, Hongqian discloses detecting a renegotiation request; obtaining a third memory space, wherein the third memory space has a size substantially similar to the first memory space; and after renegotiation of the TLS connection, copying renegotiated cryptographic keys from the third memory space to the second memory space; and releasing the third memory space (RAM is a critical resource on smart cards and on other resource-constrained devices. One of the approaches to reducing RAM usage is to cut down on the process stack size required to support TLS layer. A preferred embodiment of the invention uses a customized heap management sub-system so that buffers can be dynamically allocated and de-allocated as needed. All memory required for maintaining TLS context state and for performing cryptographic operations is allocated dynamically on the heap. There are very few local variables in functions, and the call stack depth is intentionally kept as low as possible. This allows the TLS layer to use no more than 200 bytes of stack space. The heap space for the TLS layer is fixed and allocated at start up time from a RAM pool. The TLS server implementation requests buffers from this heap on an as needed basis and then frees them once the task is complete. The same RAM space can then be used for other operations. Since the TLS state machine knows exactly when it is safe to free a buffer, pre-mature and accidental buffer release is not an issue; Paragraph 211).
	In regards to claim 12, Hongqian discloses wherein the program code further comprises program code to execute first party program code that implements the record layer sub-protocol of the TLS protocol after the TLS connection is established (RAM is a critical resource on smart cards and on other resource-constrained devices. One of the approaches to reducing RAM usage is to cut down on the process stack size required to support TLS layer. A preferred embodiment of the invention uses a customized heap management sub-system so that buffers can be dynamically allocated and de-allocated as needed. All memory required for maintaining TLS context state and for performing cryptographic operations is allocated dynamically on the heap. There are very few local variables in functions, and the call stack depth is intentionally kept as low as possible. This allows the TLS layer to use no more than 200 bytes of stack space. The heap space for the TLS layer is fixed and allocated at start up time from a RAM pool. The TLS server implementation requests buffers from this heap on an as needed basis and then frees them once the task is complete. The same RAM space can then be used for other operations. Since the TLS state machine knows exactly when it is safe to free a buffer, pre-mature and accidental buffer release is not an issue; Paragraph 211).
	In regards to claims 13 & 19, Hongqian discloses wherein the first and second memory spaces are obtained from a memory pool allocated for TLS connections (RAM is a critical resource on smart cards and on other resource-constrained devices. One of the approaches to reducing RAM usage is to cut down on the process stack size required to support TLS layer. A preferred embodiment of the invention uses a customized heap management sub-system so that buffers can be dynamically allocated and de-allocated as needed. All memory required for maintaining TLS context state and for performing cryptographic operations is allocated dynamically on the heap. There are very few local variables in functions, and the call stack depth is intentionally kept as low as possible. This allows the TLS layer to use no more than 200 bytes of stack space. The heap space for the TLS layer is fixed and allocated at start up time from a RAM pool. The TLS server implementation requests buffers from this heap on an as needed basis and then frees them once the task is complete. The same RAM space can then be used for other operations. Since the TLS state machine knows exactly when it is safe to free a buffer, pre-mature and accidental buffer release is not an issue; Paragraph 211).
Claims 2-3 are rejected under 35 U.S.C 103 as being unpatentable over Hongqian et al. EP (1692667) [Attached by Examiner], hereon referred to as Hongqian, in view of Kenyan et al. (US 2019/0199683), hereon referred to as Kenyan. 
	In regards to claim 2, Hongqian does not disclose comprising loading an OpenSSL library into the first memory space, wherein the TLS connection is established using the OpenSSL library. However, in an analogous art Hongqian discloses comprising loading an OpenSSL library into the first memory space, wherein the TLS connection is established using the OpenSSL library (Retrieving the handshake keys from an implementation of openssl library can be implemented; Paragraph 0068). 
At the time before the effective filing date of the invention, it would have been obvious to the one with ordinary skill in the art to combine the teachings disclosed by Hongqian, with the teachings disclosed by Kenyan regarding loading an OpenSSL library into the first memory space, wherein the TLS connection is established using the OpenSSL library. The suggestion/motivation of the combination would have been to provide improved inbound secure socket layer (IBSSL) to support stronger ciphers and security enhancements for providing malware and virus protection (Kenyan; Paragraph 0002). 
	In regards to claim 3, Kenyan discloses executing program code distinct from the OpenSSL library for the record layer sub-protocol of the TLS protocol(Retrieving the handshake keys from an implementation of openssl library can be implemented; Paragraph 0068). 








Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHARIF E ULLAH whose telephone number is (571)272-5453. The examiner can normally be reached Mon-Fri 7:00-5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 571-272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SHARIF E ULLAH/Primary Examiner, Art Unit 2495