DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The Amendment filed 08 June 2022 has been received and considered.
Claims 21-26 are pending.
This Action is Final.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 21-26 are rejected under 35 U.S.C. 103 as being unpatentable over Gabrielson (US 10454899) in view of Nathan (Github blog post, “Client Side Certificate Auth in Nginx”, May 29, 2013) and further in view of (Assmann “SSL Client Certificate Management at Application Level” Oct 3, 2012).
As per claims 21, 23, and 25, Gabrielson discloses a host, medium and method of reducing the size of host computer's open port fingerprint, comprising: 
closing all ports on a host computer except for one or more ports, each associated with a respective application layer service (see column 8 line 55 through column 9 line 45 showing the opening and closing of multiple different ports; and  column and column 5 line 57 through column 6 line 24 showing various application layer services being provided); 
the host computer providing, via the at least one of the one or more ports, the private application layer service only to authenticated and authorized clients (see column 17 lines 1-61 where authenticated and authorized clients are allowed access to the private server at the designated port); 
wherein said authentication comprises: the host computer requesting a certificate from a given client at the beginning of a transport layer connection between the given client and the host computer, the connection being directed to the at least one port of the one or more ports; receiving the certificate and validating the certificate to authenticate the given client; wherein said authorization comprises: authorizing the given client for the private application layer service, based at least in part on an identifier for the given client as indicated in the certificate (see column 18 line 65 through column 19 line 39 and column 20 lines 5-33).
The Gabrielson system teaches the granting of access to private services available at ports to authorized clients, but blocks access to unauthorized clients and therefore fails to explicitly disclose the use of both public and private services available at ports where the host computer providing, via the at least one of the one or more ports, the private application layer service only to authenticated and authorized clients, and providing the respective public application layer service via the at least one of the one or more ports when any of said authentication and authorization fails.
However, Nathan teaches the host computer providing, via the at least one of the one or more ports, the private application layer service only to authenticated and authorized clients, and providing the respective public application layer service via the same at least one of the one or more ports when any of said authentication and authorization fails (see page 3 where the nginx server is listening on the ssl port 443, and therefore this port is open and the remaining ports, e.g. port 80, are closed.  The server uses the “ssl_verify_client” parameter set to “optional” to allow a service that is provided on port 443 at the “/” location to “allow[s] both authenticated and unauthenticated requests”.  As such, when the client is verified as authenticated they are provided the private type service and when the client is not authenticated they are provided the public type service).
At a time before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to provide a publicly available service to the unauthenticated clients in the Gabrielson system.
Motivation, as recognized by one of ordinary skill in the art, to do so would have been to allow both authenticated and unauthenticated clients access content without additional steps to be taken by the client.
While the modified Gabrielson and Nathan system discloses responsive to a request from the client to verify the client certificate and providing content to both authenticated and not authenticated clients (see Nathan where the nginx server determines whether the client provided a valid certificate or not and sets that value in the $ssl_client_verify variable which is then passed to fastcgi as the VERIFIED variable which is used to provide the content), there lacks an explicit recitation of the different content being provided in response to the verification of the specific request.
However, Assmann teaches responsive to a request from a client, the host computer providing, either (i) the private application layer service , upon successful authentication and authorization of the client or (ii) the particular public application layer service , when any of said authentication and authorization of the client fails (see pages 8-9 where when no certificate is provided the webmail content is provided, when the certificate fails for any reason static non-sensitive content is provided and when the certificate is provided, and proper, the application is provided).
At a time before the effective filing date of the invention, it would have been obvious to provide different content based on the authentication status of the client request in the modified Gabrielson and Nathan system.
Motivation, as recognized by one of ordinary skill in the art, to do so would have been to allow for granularity of the content provided to different clients.
As per claims 22, 24, and 26, the modified Gabrielson, Nathan, and Assmann system discloses the beginning of the transport layer connection comprises a transport layer comprises a transport layer security (TLS) protocol handshake (see Gabrielson column 6 lines 25-61).

Response to Arguments
Applicant’s arguments with respect to claim(s) 21-26 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL J PYZOCHA whose telephone number is (571)272-3875.  The examiner can normally be reached on Monday-Thursday 7:30am-5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Hadi Armouche can be reached on (571) 270-3618.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/Michael Pyzocha/Primary Examiner, Art Unit 2419