DETAILED ACTION
This action is in response to the application filed on May 18, 2021. Claims 1-20 are pending. Of such, claims 1-7 represents a method, claims 8-14 represent a non-transitory machine readable medium, and claims 15-20 represent a device directed to secure network communication. 
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

Claim(s) 1-20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Vora et al. (US 2020/0028946), hereinafter referred to as Vora.
	Regarding Claim 1, Vora discloses:
A method (In ¶ 133, Vora discloses “The direct communication method connects clients directly to servers using internet protocol (IP) addresses and port numbers”), comprising: receiving, by a security module of a first computing device, an application programming interface (API) call to authenticate a certificate received from a second computing device to establish a secured communication session between the first computing device and the second computing device (In ¶ 146, Vora discloses “Servers may require clients to present valid certificates for authentication and validation purposes.” And in ¶ 201, Vora further discloses “This provides certificate-based authentication so that servers can authenticate devices and devices can authenticate the servers”); selecting, by the security module, an authentication module to authenticate the certificate (In ¶ 170, Vora discloses “Authentication algorithm: The authentication algorithm provides a way to define which mechanism will be used to validate the server's certificate and the digital signature on the client's side, and vice versa.”); generating, by an encryption module of the security module, a shared secret key for the communication session based on a private key of the first computing device and a public key of the second computing device (In ¶ 159, Vora discloses “When the client receives the server's certificate, it will verify the certificate and then use the server's public key to encrypt the data to calculate a shared secret. The server can only generate a shared secret if it can properly decrypt the data sent by the client using its own private key.”); encrypting, by the encryption module, the shared secret key using an algorithm negotiated between the first computing device and the second computing device (In ¶ 142, Vora discloses “Select cryptographic algorithms and parameters (4) Use asymmetric encryption techniques to generate a shared secret (to negate key distribution and man-in-the-middle attacks).”); generating, by the security module, an encrypted message for the second computing device; and transmitting, by the first computing device, the encrypted shared secret key and the encrypted message to the second computing device (In ¶ 152, Vora discloses “The TLS server sends the client a “finished” message, also encrypted with the secret key, indicating that the server part of the handshake is complete.” And in ¶ 153, Vora further discloses “For the duration of the TLS session, the server and client can now exchange messages that are symmetrically encrypted with the shared secret key.”).	
Regarding Claim 2, Vora discloses:
The method of Claim 1, further comprising: generating, by a processor executable application of the first computing device, the API call for the security module (In ¶ 119, Vora discloses “Server system 150 includes a logic machine 152 and data storage machine 154. Storage machine 154 may include instructions 156 stored thereon that are executable by logic machine 152. Instructions 156 may include a protocol module 158 that defines aspects of one or more protocols that may be implemented by server system 150, including the messaging protocol and the various other protocols described herein”).
	Regarding Claim 3, Vora discloses:
The method of Claim 2, further comprising: providing, by the processor executable application, a list of encryption algorithms to the second computing device that the security module can execute during the communication session (In ¶ 145, Vora discloses “The TLS client sends a “client hello” message that lists cryptographic information such as the TLS version and, in the client's order of preference, the cipher suites supported by the client (see 2.1.4. Cipher Suites).”); and receiving, by the processor executable application, a list of encryption algorithms that are supported by the second computing device for the communication session (In ¶ 146, Vora discloses “The TLS server responds with a “server hello” message that contains the cipher suite chosen by the server from the list provided by the client, the session ID, and another random byte string.”).
Regarding Claim 4, Vora discloses:
The method of Claim 1, further comprising: transmitting, by the first computing device, a certificate to the second computing device for authenticating the first computing device by a security module of the second computing device for establishing the communication session (In ¶ 161, Vora discloses “When the server receives a digital certificate from the client, or vise versa, both will verify the certificate. The following steps provides an overview of certificate verification: (1) The digital signature of the certificate is checked: (1.A) A digital signature is calculated using some hashing algorithm for the entire message being transferred between client and server;”).
Regarding Claim 5, Vora discloses:
The method of Claim 1, further comprising: transmitting, by the first computing device, an encrypted public key of the first computing device to the second computing device upon establishing the communication session (In ¶ 174, Vora discloses “The server will send its ephemeral ECDHE public key and specification/parameters required for ECDHE in the server-key-exchange message during handshake and will be signed with ECDSA using the server's private key corresponding to the public key in the server's certificate. The client generates an ECDHE key pair on the same curve as the server's ephemeral ECDHE key and sends its public key in the client's key-exchange message. Encryption: AES with 256-bit symmetric encryption key with Galois Counter Mode (GCM). It is defined in more detail in RFC 5288. Message Authentication Code: SHA384 algorithm will be used to generate a MAC.”).
Regarding Claim 6, Vora discloses:
The method of Claim 5, wherein the second computing device extracts the public key from the encrypted public key and uses the public key to encrypt a message for the first computing device during the communication session (In ¶ 159, Vora discloses “In final steps of the handshake, server and client exchange “finished” messages, which are encrypted using the shared secret. If server and client can both decrypt these messages using the shared secret, the key-exchange is confirmed and the authentication process is successfully completed.”).
Regarding Claim 7, Vora discloses:
The method of Claim 1, wherein the communication session is based on a Transport Layer Security (TLS) protocol (In ¶ 133, Vora discloses “Supported direct-connection methods include TLS (transport layer security) over TCP (transmission control protocol) and DTLS (datagram transport layer security) over UDP (user datagram protocol) as well as TCP and UDP directly.”).
Regarding Claim 8, Vora discloses:
A non-transitory machine-readable storage medium having stored thereon instructions for performing a method, comprising machine executable code which when executed by one or more machine, causes the one or more machine to (In ¶ 421, Vora discloses “A data storage machine includes one or more physical, non-transitory, machines or devices configured to hold data in data store and/or instructions executable by the logic machine to implement the herein described methods and operations.”): receive, by a security module of a first computing device, an application programming interface (API) call to authenticate a certificate received from a second computing device to establish a secured communication session between the first computing device and the second computing device (In ¶ 146, Vora discloses “Servers may require clients to present valid certificates for authentication and validation purposes.” And in ¶ 201, Vora further discloses “This provides certificate-based authentication so that servers can authenticate devices and devices can authenticate the servers”); select, by the security module, an authentication module to authenticate the certificate (In ¶ 170, Vora discloses “Authentication algorithm: The authentication algorithm provides a way to define which mechanism will be used to validate the server's certificate and the digital signature on the client's side, and vice versa.”); 20Attorney Docket No.: MP13255 Customer No. 160543 Via EFS generate, by an encryption module of the security module, a shared secret key for the communication session based on a private key of the first computing device and a public key of the second computing device (In ¶ 159, Vora discloses “When the client receives the server's certificate, it will verify the certificate and then use the server's public key to encrypt the data to calculate a shared secret. The server can only generate a shared secret if it can properly decrypt the data sent by the client using its own private key.”); encrypt, by the encryption module, the shared secret key using an algorithm negotiated between the first computing device and the second computing device (In ¶ 142, Vora discloses “Select cryptographic algorithms and parameters (4) Use asymmetric encryption techniques to generate a shared secret (to negate key distribution and man-in-the-middle attacks).”); generate, by the security module, an encrypted message for the second computing device; and transmit, by the first computing device, the encrypted shared secret key and the encrypted message to the second computing device (In ¶ 152, Vora discloses “The TLS server sends the client a “finished” message, also encrypted with the secret key, indicating that the server part of the handshake is complete.” And in ¶ 153, Vora further discloses “For the duration of the TLS session, the server and client can now exchange messages that are symmetrically encrypted with the shared secret key.”).	
Regarding Claim 9, Vora discloses:
The non-transitory machine-readable storage medium of Claim 8, wherein a processor executable application of the first computing device generates the API call for the security module (In ¶ 119, Vora discloses “Server system 150 includes a logic machine 152 and data storage machine 154. Storage machine 154 may include instructions 156 stored thereon that are executable by logic machine 152. Instructions 156 may include a protocol module 158 that defines aspects of one or more protocols that may be implemented by server system 150, including the messaging protocol and the various other protocols described herein”).
	Regarding Claim 10, Vora discloses:
The non-transitory machine-readable storage medium of Claim 9, wherein the machine executable code further causes the one or more machine to: provide, by the processor executable application, a list of encryption algorithms to the second computing device that the security module can execute during the communication session (In ¶ 145, Vora discloses “The TLS client sends a “client hello” message that lists cryptographic information such as the TLS version and, in the client's order of preference, the cipher suites supported by the client (see 2.1.4. Cipher Suites).”); and receive, by the processor executable application, a list of encryption algorithms that are supported by the second computing device for the communication session (In ¶ 146, Vora discloses “The TLS server responds with a “server hello” message that contains the cipher suite chosen by the server from the list provided by the client, the session ID, and another random byte string.”).
	Regarding Claim 11, Vora discloses:
The non-transitory machine-readable storage medium of Claim 8, wherein the machine executable code further causes the one or more machine to: transmit, by the first computing device, a certificate to the second computing device for authenticating the first computing device by a security module of the second computing device to establish the communication session (In ¶ 161, Vora discloses “When the server receives a digital certificate from the client, or vise versa, both will verify the certificate. The following steps provides an overview of certificate verification: (1) The digital signature of the certificate is checked: (1.A) A digital signature is calculated using some hashing algorithm for the entire message being transferred between client and server;”).
	Regarding Claim 12, Vora discloses:
The non-transitory machine-readable storage medium of Claim 8, wherein the machine executable code further causes the one or more machine to: transmit, by the first computing device, an encrypted public key of the first computing device to the second computing device, upon establishing the communication session (In ¶ 174, Vora discloses “The server will send its ephemeral ECDHE public key and specification/parameters required for ECDHE in the server-key-exchange message during handshake and will be signed with ECDSA using the server's private key corresponding to the public key in the server's certificate. The client generates an ECDHE key pair on the same curve as the server's ephemeral ECDHE key and sends its public key in the client's key-exchange message. Encryption: AES with 256-bit symmetric encryption key with Galois Counter Mode (GCM). It is defined in more detail in RFC 5288. Message Authentication Code: SHA384 algorithm will be used to generate a MAC.”).
	Regarding Claim 13, Vora discloses:
The non-transitory machine-readable storage medium of Claim 12, wherein the second computing device extracts the public key from the encrypted public key and uses the public key to encrypt a message for the first computing device during the communication session (In ¶ 159, Vora discloses “In final steps of the handshake, server and client exchange “finished” messages, which are encrypted using the shared secret. If server and client can both decrypt these messages using the shared secret, the key-exchange is confirmed and the authentication process is successfully completed.”).
	Regarding Claim 14, Vora discloses:
The non-transitory machine-readable storage medium of Claim 8, wherein the communication session is based on a Transport Layer Security (TLS) protocol  (In ¶ 133, Vora discloses “Supported direct-connection methods include TLS (transport layer security) over TCP (transmission control protocol) and DTLS (datagram transport layer security) over UDP (user datagram protocol) as well as TCP and UDP directly.”).
	Regarding Claim 15, Vora discloses:
A security module of a first computing device, comprising: a processor executing instructions out of a memory and interfacing with an encryption engine having a plurality of encryption modules and an authentication engine having a plurality of authentication modules (In ¶ 420, Vora discloses “A logic machine may include one or more physical devices configured to execute instructions, such as instructions held in a data storage machine.” And in ¶ 117, Vora further discloses “protocol module 118 may be referred to as a client-side protocol module for implementing a client-side portion of the supported protocols. Instructions 116 may include a feature module 120 that defines aspects of one or more client-side features, including one or more applications,”), the security module configured to: receive an application programming interface (API) call to authenticate a certificate received from a second computing device to establish a secured communication session between the first computing device and the second computing device  (In ¶ 146, Vora discloses “Servers may require clients to present valid certificates for authentication and validation purposes.” And in ¶ 201, Vora further discloses “This provides certificate-based authentication so that servers can authenticate devices and devices can authenticate the servers”); select an authentication module to authenticate the certificate by verifying a certificate signature of the certificate (In ¶ 170, Vora discloses “Authentication algorithm: The authentication algorithm provides a way to define which mechanism will be used to validate the server's certificate and the digital signature on the client's side, and vice versa.”); generate, by an encryption module, a shared secret key for the communication session based on a private key of the first computing device and a public key of the second computing device (In ¶ 159, Vora discloses “When the client receives the server's certificate, it will verify the certificate and then use the server's public key to encrypt the data to calculate a shared secret. The server can only generate a shared secret if it can properly decrypt the data sent by the client using its own private key.”); encrypt, by the encryption module, the shared secret key using an algorithm negotiated between the first computing device and the second computing device (In ¶ 142, Vora discloses “Select cryptographic algorithms and parameters (4) Use asymmetric encryption techniques to generate a shared secret (to negate key distribution and man-in-the-middle attacks).”); and 22Attorney Docket No.: MP13255 Customer No. 160543 Via EFS generate, by the encryption module, an encrypted message for the second computing device; wherein the first computing device transmits the encrypted shared secret key and the encrypted message to the second computing device (In ¶ 152, Vora discloses “The TLS server sends the client a “finished” message, also encrypted with the secret key, indicating that the server part of the handshake is complete.” And in ¶ 153, Vora further discloses “For the duration of the TLS session, the server and client can now exchange messages that are symmetrically encrypted with the shared secret key.”).	
Regarding Claim 16, Vora discloses:
The security module of Claim 15, wherein a processor executable application of the first computing device generates the API call for the security module (In ¶ 119, Vora discloses “Server system 150 includes a logic machine 152 and data storage machine 154. Storage machine 154 may include instructions 156 stored thereon that are executable by logic machine 152. Instructions 156 may include a protocol module 158 that defines aspects of one or more protocols that may be implemented by server system 150, including the messaging protocol and the various other protocols described herein”).
Regarding Claim 17, Vora discloses:
The security module of Claim 16, wherein the processor executable application provides a list of encryption algorithms to the second computing device that the security module can execute during the communication session (In ¶ 145, Vora discloses “The TLS client sends a “client hello” message that lists cryptographic information such as the TLS version and, in the client's order of preference, the cipher suites supported by the client (see 2.1.4. Cipher Suites).”); and receives a list of encryption algorithms that are supported by the second computing device for the communication session (In ¶ 146, Vora discloses “The TLS server responds with a “server hello” message that contains the cipher suite chosen by the server from the list provided by the client, the session ID, and another random byte string.”).
Regarding Claim 18, Vora discloses:
The security module of Claim 15, wherein the first computing device transmits a certificate to the second computing device for authenticating the first computing device by a security module of the second computing device to establish the communication session (In ¶ 161, Vora discloses “When the server receives a digital certificate from the client, or vise versa, both will verify the certificate. The following steps provides an overview of certificate verification: (1) The digital signature of the certificate is checked: (1.A) A digital signature is calculated using some hashing algorithm for the entire message being transferred between client and server;”).
Regarding Claim 19, Vora discloses:
The security module of Claim 15, wherein the first computing device transmits an encrypted public key of the first computing device to the second computing device, upon establishing the communication session (In ¶ 174, Vora discloses “The server will send its ephemeral ECDHE public key and specification/parameters required for ECDHE in the server-key-exchange message during handshake and will be signed with ECDSA using the server's private key corresponding to the public key in the server's certificate. The client generates an ECDHE key pair on the same curve as the server's ephemeral ECDHE key and sends its public key in the client's key-exchange message. Encryption: AES with 256-bit symmetric encryption key with Galois Counter Mode (GCM). It is defined in more detail in RFC 5288. Message Authentication Code: SHA384 algorithm will be used to generate a MAC.”).
Regarding Claim 20, Vora discloses:
The security module of Claim 15, wherein the communication session is based on a Transport Layer Security (TLS) protocol  (In ¶ 133, Vora discloses “Supported direct-connection methods include TLS (transport layer security) over TCP (transmission control protocol) and DTLS (datagram transport layer security) over UDP (user datagram protocol) as well as TCP and UDP directly.”).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Devarajan et al. (US 20210344511) discloses a method of monitoring a TLS handshake between two endpoints. 
Nix, John (US 20190097793) discloses a method of secure machine to machine communication using public key infrastructure. 
Sczepczenski et al.  (US 20210266154) discloses a method for secure key exchange authentication to initiate a secure communication.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHADI H KOBROSLI whose telephone number is (571)272-1952. The examiner can normally be reached M-F 9am-5pm ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on 571-272-4006. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SHADI H KOBROSLI/Examiner, Art Unit 2492                                                                                                                                                                                                        

/SALEH NAJJAR/Supervisory Patent Examiner, Art Unit 2492