DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The present application, filed on September 24, 2020, is accepted.
Claims 1 – 25 are being considered on the merits.

Drawings
The drawings, filed on September 24, 2020, are accepted.

Specification
The specification, filed on September 24, 2020, is accepted.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1 – 25 are rejected under 35 U.S.C. 103 as being unpatentable over US 20210352067 A1 to Chen et al., (hereinafter, “Chen”) in view of US 10951652 B1 to Sharifi Mehr.
Regarding claim 1, Chen teaches a non-transitory computer readable medium comprising instructions which, when executed by one or more hardware processors, causes performance of operations comprising: executing, by each of a plurality of servers, a deterministic process to independently generate a first symmetric key for encryption and decryption of session tickets, [Chen, para. 70 discloses the platform authentication server and the cluster authentication server of each one of the plurality of clusters may determine the current time, and then determine the same key generation factor and the key generation algorithm according to the current time. After that, the key generation factor is used as an input parameter of the key generation algorithm to output the authentication key. Specifically, the cycle of the key generation and the key generation algorithm can be set by modifying the authentication source files of the platform authentication server and the cluster authentication server of each one of the plurality of clusters] wherein each of a first server and a second server of the plurality of servers independently generate the same first symmetric key using the deterministic process; [Chen, para. 58 discloses the platform authentication server and the cluster authentication server of each one of the plurality of cluster respectively generate the authentication key according to the preset key generation manner.] executing, by the first server, a first authentication process to authenticate a client device; [Chen, para. 85 discloses if the authentication information is successfully authenticated, the target cluster authentication server may send an authentication success message to the target cluster management server, so that the target management server may execute the cluster management request after receiving the authentication success message, referring to the steps 11 and 12 in FIG. 3. After executing the cluster management request, the cluster management server can feed back the cluster management result to the cloud management platform. After that, the cloud management platform can forward the cluster management result to the client terminal of the cloud management platform], but Chen does not teach based on the authentication of the client device using the first authentication process: generating, by the first server, a session ticket that can be used for re-authenticating the client device using a second authentication process that is less computationally expensive than the first authentication process; encrypting, by the first server, the session ticket using the first symmetric key to generate an encrypted session ticket; and transmitting, by the first server, the encrypted session ticket to the client device; receiving, by the second server from the client device, an authentication request comprising the encrypted session ticket; decrypting, by the second server, the encrypted session ticket using the first symmetric key generated by the second server to obtain the session ticket; and executing, by the second server, the second authentication process using the session ticket to re-authenticate the client device.  
However, Sharifi Mehr does teach based on the authentication of the client device using the first authentication process: generating, by the first server, a session ticket that can be used for re-authenticating the client device using a second authentication process that is less computationally expensive than the first authentication process; [Sharifi Mehr, col. 5 lines 61- 67 to col. 6 lines 1 – 3 discloses the client computer system 202 stores corresponding TLS session parameters in a client database 216. The client computer system 202 and the first server 206 identify the TLS session parameters with a session ID. The session ID may be established in a number of ways. In some examples, the client computer system 202 generates a pseudo-unique identifier, such as a global unique ID (“GUID”), for use as a session ID, and the client computer system 202 provides the generated session ID to the first server 206. Col. 2 lines 49 - 59 discloses  Resuming the communication session allows the client computer system and the other server to reuse previously negotiated cryptographic material or session parameters. By enabling session resumption across the set of related servers, communication sessions are established more quickly and with less computational overhead. Session resumption is supported by providing the client computer system with a session identifier (“ID”) or session ticket as a result of establishing a communication session, and by sharing corresponding session resumption information across the set of related servers.] encrypting, by the first server, the session ticket using the first symmetric key to generate an encrypted session ticket; [Sharifi Mehr, col. 3 lines 3 – 12 discloses The session ticket includes cryptographic material such as session keys and shared secrets that are associated with the communication session. The session ticket is encrypted with a cryptographic key by the server, and the cryptographic key is shared with other servers within the set of related servers. The client computer system retains the cryptographic information and session parameters associated with the communication session, and the session ticket provided by the server, together with the list of related servers with which the information may be used.] and transmitting, by the first server, the encrypted session ticket to the client device; [Sharifi Mehr, col. 2 lines 64 – 67 to col. 3 lines 1 – 2 discloses The client computer system establishes a communication session with a server, and the server provides the client computer system with a server list and a session ticket. The server list identifies a set of related servers for which the session ticket may be used to resume the communication session.] receiving, by the second server from the client device, an authentication request comprising the encrypted session ticket; [Sharifi Mehr, col. 3 lines 13 – 17 discloses If the client computer system determines to resume a communication session with a different server in the set of related servers, the client computer system searches local storage and retrieves the session ticket and the previously used session parameters for the different server.] decrypting, by the second server, the encrypted session ticket using the first symmetric key generated by the second server to obtain the session ticket; [Sharifi Mehr, col. 3 lines 17 – 21 discloses The session ticket is provided to the different server, and the different server uses the cryptographic key to decrypt the cryptographic information and session parameters contained within the ticket.] and executing, by the second server, the second authentication process using the session ticket to re-authenticate the client device. [Sharifi Mehr, col. 3 lines 21 – 25 discloses the client computer system and the different server establish a communication session that reuses the stored session parameters, and in many instances, are able to avoid renegotiation of session keys and shared secret information.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combing Sharifi Mehr’s system with Chen’s system, with a motivation for renegotiation of session parameters may be unnecessary, saving the associated computing time and resources. [Sharifi Mehr, col. 3 lines 53 – 55]

As per claim 2, modified Chen teaches the medium of Claim 1, wherein executing, by each of the plurality of servers, the deterministic process to independently generate the first symmetric key comprises: each of the plurality of servers obtaining a same set of input data for the deterministic process. [Chen, para. 58 discloses the platform authentication server and the cluster authentication server of each one of the plurality of cluster respectively generate the authentication key according to the preset key generation manner. When receiving the cluster management instruction for the target cluster, the cloud management platform sends the authentication information acquisition request to the platform authentication server, such that the platform authentication server generates the authentication information according to the authentication key and feeds back the authentication information to the cloud management platform. The cloud management platform sends the cluster management request carrying the authentication information to the target management server of the target cluster.]

As per claim 3, modified Chen teaches the medium of Claim 2, wherein obtaining the same set of input data for the deterministic process comprises: obtaining, by the first server, a first value obtained by the first server based on a first clock or a first counter accessible to the first server; [Chen, para. 70 discloses a method of periodically generating the authentication key may be generating every 12 hours or 24 hours starting from the same time, so that the authentication key can be valid only in the current period. When the next cycle comes, the platform authentication server and the cluster authentication server of each one of the plurality of clusters can generate an authentication key again to replace the old authentication key. As such, the authentication key can be replaced frequently, thereby further improving the security of the information authentication.] applying, by the first server, a hash function to at least the first value, to obtain the set of input data for the deterministic process; [Chen, para. 70 discloses in the process of generating the authentication key, the platform authentication server and the cluster authentication server of each one of the plurality of clusters may determine the current time, and then determine the same key generation factor and the key generation algorithm according to the current time. After that, the key generation factor is used as an input parameter of the key generation algorithm to output the authentication key. Para. 73 discloses  in order to improve the security of authentication, different key generation algorithms, such as a consistent HASH algorithm and a consistent Paxos algorithm, etc. can be configured. These different key generation algorithms can be associated with the coordinated world time in advance to generate the correspondence relationship between the coordinated world time and the key generation algorithm.] obtaining, by the second server, a second value obtained by the second server based on a second clock or a second counter accessible to the second server, wherein the second value is different than the first value; [Chen, para. 70 discloses a method of periodically generating the authentication key may be generating every 12 hours or 24 hours starting from the same time, so that the authentication key can be valid only in the current period. When the next cycle comes, the platform authentication server and the cluster authentication server of each one of the plurality of clusters can generate an authentication key again to replace the old authentication key. As such, the authentication key can be replaced frequently, thereby further improving the security of the information authentication. Para. 72 discloses the platform authentication server and cluster authentication servers of the clusters A and B can acquire the coordinated world time corresponding to the current time, thereby periodically generating the authentication key based on the coordinated world time. Since the coordinated world time has different time units, such as year, month, day, hour, minute, second, etc., a certain time unit of the coordinated world time can be determined as the key generation factor.]  and applying, by the second server, the hash function to at least the second value, to obtain the set of input data for the deterministic process.  [Chen, para. 70 discloses in the process of generating the authentication key, the platform authentication server and the cluster authentication server of each one of the plurality of clusters may determine the current time, and then determine the same key generation factor and the key generation algorithm according to the current time. After that, the key generation factor is used as an input parameter of the key generation algorithm to output the authentication key. Para. 73 discloses  in order to improve the security of authentication, different key generation algorithms, such as a consistent HASH algorithm and a consistent Paxos algorithm, etc. can be configured. These different key generation algorithms can be associated with the coordinated world time in advance to generate the correspondence relationship between the coordinated world time and the key generation algorithm.]

As per claim 4, modified Chen teaches the medium of Claim 2, wherein obtaining the same set of input data for the deterministic process comprises: obtaining, by the first server, a first clock value of a first clock; [Chen, para. 70 discloses a method of periodically generating the authentication key may be generating every 12 hours or 24 hours starting from the same time, so that the authentication key can be valid only in the current period. When the next cycle comes, the platform authentication server and the cluster authentication server of each one of the plurality of clusters can generate an authentication key again to replace the old authentication key. As such, the authentication key can be replaced frequently, thereby further improving the security of the information authentication.] applying, by the first server, the first clock value to a hash function to generate the set of input data; [Chen, para. 70 discloses in the process of generating the authentication key, the platform authentication server and the cluster authentication server of each one of the plurality of clusters may determine the current time, and then determine the same key generation factor and the key generation algorithm according to the current time. After that, the key generation factor is used as an input parameter of the key generation algorithm to output the authentication key. Para. 73 discloses  in order to improve the security of authentication, different key generation algorithms, such as a consistent HASH algorithm and a consistent Paxos algorithm, etc. can be configured. These different key generation algorithms can be associated with the coordinated world time in advance to generate the correspondence relationship between the coordinated world time and the key generation algorithm.] obtaining, by the second server, a second clock value of a second clock; [Chen, para. 70 discloses a method of periodically generating the authentication key may be generating every 12 hours or 24 hours starting from the same time, so that the authentication key can be valid only in the current period. When the next cycle comes, the platform authentication server and the cluster authentication server of each one of the plurality of clusters can generate an authentication key again to replace the old authentication key. As such, the authentication key can be replaced frequently, thereby further improving the security of the information authentication. Para. 72 discloses the platform authentication server and cluster authentication servers of the clusters A and B can acquire the coordinated world time corresponding to the current time, thereby periodically generating the authentication key based on the coordinated world time. Since the coordinated world time has different time units, such as year, month, day, hour, minute, second, etc., a certain time unit of the coordinated world time can be determined as the key generation factor.] and applying. by the second server, the second clock value to the hash function to generate the set of input data. [Chen, para. 70 discloses in the process of generating the authentication key, the platform authentication server and the cluster authentication server of each one of the plurality of clusters may determine the current time, and then determine the same key generation factor and the key generation algorithm according to the current time. After that, the key generation factor is used as an input parameter of the key generation algorithm to output the authentication key. Para. 73 discloses  in order to improve the security of authentication, different key generation algorithms, such as a consistent HASH algorithm and a consistent Paxos algorithm, etc. can be configured. These different key generation algorithms can be associated with the coordinated world time in advance to generate the correspondence relationship between the coordinated world time and the key generation algorithm.]

As per claim 5, modified Chen teaches the medium of Claim 4, wherein the first clock and the second clock are independently and respectively maintained by the first server and the second server. [Chen, para. 72 discloses the platform authentication server and cluster authentication servers of the clusters A and B can acquire the coordinated world time corresponding to the current time, thereby periodically generating the authentication key based on the coordinated world time. Since the coordinated world time has different time units, such as year, month, day, hour, minute, second, etc., a certain time unit of the coordinated world time can be determined as the key generation factor.]

As per claim 6, modified Chen teaches the medium of Claim 4, wherein the first clock and the second clock correspond to a same clock, [Chen, para. 70 discloses the platform authentication server and each cluster authentication server can periodically generate an authentication key according to the above updating cycle. Para. 72 discloses the coordinated world time is also known as the world unified time. The network standards of many countries in the world abide by this time, unify the network services according to the common time. For example, when the current time of the coordinated world time is 11:50, the actual time in China is 19:50, and the actual time in the United States is 7:50, China and the United States can jointly carry out network services in accordance with the coordinated world time 11:50. When the platform authentication server and the cluster authentication server of each one of the plurality of clusters are deployed in various counties in the world, for example, the cloud service platform can be deployed in China, a cluster A can be deployed in the United States, a cluster B can be deployed in the United Kingdom] and wherein the first clock value obtained by the first server is based on when the first server transmitted a first request for the first clock value, and wherein the second clock value obtained by the second server is based on when the second server transmitted the second request for the second clock value. [Chen, para. 70 discloses a method of periodically generating the authentication key may be generating every 12 hours or 24 hours starting from the same time, so that the authentication key can be valid only in the current period. When the next cycle comes, the platform authentication server and the cluster authentication server of each one of the plurality of clusters can generate an authentication key again to replace the old authentication key. As such, the authentication key can be replaced frequently, thereby further improving the security of the information authentication. In the process of generating the authentication key, the platform authentication server and the cluster authentication server of each one of the plurality of clusters may determine the current time, and then determine the same key generation factor and the key generation algorithm according to the current time. Para. 16 discloses the platform authentication server and the cluster authentication server of each one of the plurality of clusters periodically determine a target coordinated world time corresponding to the current time as the key generation factor, and determine the key generation algorithm corresponding to the target coordinated world time, according to a locally stored correspondence relationship between a coordinated world time and the key generation algorithm.]

As per claim 7, modified Chen teaches the medium of Claim 1, wherein executing, by each of the plurality of servers, the deterministic process to independently generate a first symmetric key comprises: applying a first counter value, corresponding to a first time interval, to the deterministic process;Attorney Docket No. R00589NP [Chen, para. 70 discloses the key generation factor is used as an input parameter of the key generation algorithm to output the authentication key. Para. 71 discloses the key generation factor may be a coordinated world time, and the process of determining the key generation factor and the key generation algorithm periodically according to the current time may be as follows: the platform authentication server and the cluster authentication server of each one of the plurality of clusters periodically determine the target coordinated world time corresponding the current time as the key generation factor, and determine the key generation algorithm corresponding to the determined target coordinated world time, according to correspondence relationship between the locally stored coordinated world time and the key generation algorithm.] wherein the operations further comprise: executing, by each of the plurality of servers, the deterministic process to independently generate a second symmetric key at least by: applying a second counter value, corresponding to a second time interval, to the deterministic process. [Chen, para. 70 discloses a method of periodically generating the authentication key may be generating every 12 hours or 24 hours starting from the same time, so that the authentication key can be valid only in the current period. When the next cycle comes, the platform authentication server and the cluster authentication server of each one of the plurality of clusters can generate an authentication key again to replace the old authentication key. As such, the authentication key can be replaced frequently, thereby further improving the security of the information authentication. In the process of generating the authentication key, the platform authentication server and the cluster authentication server of each one of the plurality of clusters may determine the current time, and then determine the same key generation factor and the key generation algorithm according to the current time.]

Regarding claim 8, modified Chen teaches the medium of Claim 1, wherein the operations further comprise: executing, by each of the plurality of servers, the deterministic process to independently generate a second symmetric key for encryption and decryption of session tickets, [Chen, para. 70 discloses the platform authentication server and the cluster authentication server of each one of the plurality of clusters may determine the current time, and then determine the same key generation factor and the key generation algorithm according to the current time. After that, the key generation factor is used as an input parameter of the key generation algorithm to output the authentication key. Specifically, the cycle of the key generation and the key generation algorithm can be set by modifying the authentication source files of the platform authentication server and the cluster authentication server of each one of the plurality of clusters] wherein the operations further comprise: wherein each of the first server and the second server of the plurality of servers independently generate the same second symmetric key using the deterministic process; [Chen, para. 77 discloses after receiving the authentication information acquisition request, the platform authentication server may extract the cluster management information, and then use the locally generated authentication key and the locally pre-stored authentication algorithm to encrypt the cluster management information, so as to generate the authentication information.] executing, by the second server, the first authentication process to authenticate a second client device; [Chen, para. 85 discloses if the authentication information is successfully authenticated, the target cluster authentication server may send an authentication success message to the target cluster management server, so that the target management server may execute the cluster management request after receiving the authentication success message, referring to the steps 11 and 12 in FIG. 3. After executing the cluster management request, the cluster management server can feed back the cluster management result to the cloud management platform. After that, the cloud management platform can forward the cluster management result to the client terminal of the cloud management platform. Para. 64 discloses Each cloud service cluster can include multiple cloud servers and/or multiple virtual cloud servers, and each cloud service cluster can be configured to provide one or more cloud services to users, such as a cloud computing service, a cloud storage service, etc. Each cloud service cluster may include a management server and a cluster authentication server.] but modified Chen does not teach based on the authentication of the second client device using the first authentication process: generating, by the second server, a second session ticket that can be used for re- authenticating the second client device using the second authentication process; encrypting, by the second server, the second session ticket using the second symmetric key to generate an encrypted second session ticket; transmitting, by the second server, the encrypted second session ticket to the second client device; receiving, by the first server from the second client device, a second authentication request comprising the encrypted second session ticket; decrypting, by the first server, the encrypted second session ticket using the second symmetric key generated by the first server to obtain the second session ticket; and executing, by the first server, the second authentication process using the second session ticket to re-authenticate the second client device.  
	However, does teach based on the authentication of the second client device using the first authentication process: generating, by the second server, a second session ticket that can be used for re-authenticating the second client device using the second authentication process; [Sharifi Mehr, col. 5 lines 61- 67 to col. 6 lines 1 – 3 discloses the client computer system 202 stores corresponding TLS session parameters in a client database 216. The client computer system 202 and the first server 206 identify the TLS session parameters with a session ID. The session ID may be established in a number of ways. In some examples, the client computer system 202 generates a pseudo-unique identifier, such as a global unique ID (“GUID”), for use as a session ID, and the client computer system 202 provides the generated session ID to the first server 206.] encrypting, by the second server, the second session ticket using the second symmetric key to generate an encrypted second session ticket; [Sharifi Mehr, col. 3 lines 3 – 12 discloses The session ticket includes cryptographic material such as session keys and shared secrets that are associated with the communication session. The session ticket is encrypted with a cryptographic key by the server, and the cryptographic key is shared with other servers within the set of related servers. The client computer system retains the cryptographic information and session parameters associated with the communication session, and the session ticket provided by the server, together with the list of related servers with which the information may be used.] transmitting, by the second server, the encrypted second session ticket to the second client device; [Sharifi Mehr, col. 2 lines 64 – 67 to col. 3 lines 1 – 2 discloses The client computer system establishes a communication session with a server, and the server provides the client computer system with a server list and a session ticket. The server list identifies a set of related servers for which the session ticket may be used to resume the communication session.] receiving, by the first server from the second client device, a second authentication request comprising the encrypted second session ticket; [Sharifi Mehr, col. 3 lines 13 – 17 discloses If the client computer system determines to resume a communication session with a different server in the set of related servers, the client computer system searches local storage and retrieves the session ticket and the previously used session parameters for the different server.] decrypting, by the first server, the encrypted second session ticket using the second symmetric key generated by the first server to obtain the second session ticket; [Sharifi Mehr, col. 3 lines 17 – 21 discloses The session ticket is provided to the different server, and the different server uses the cryptographic key to decrypt the cryptographic information and session parameters contained within the ticket.] and executing, by the first server, the second authentication process using the second session ticket to re-authenticate the second client device. [Sharifi Mehr, col. 3 lines 21 – 25 discloses the client computer system and the different server establish a communication session that reuses the stored session parameters, and in many instances, are able to avoid renegotiation of session keys and shared secret information.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combing Sharifi Mehr’s system with Chen’s system, with a motivation for renegotiation of session parameters may be unnecessary, saving the associated computing time and resources. [Sharifi Mehr, col. 3 lines 53 – 55]

As per claim 9, modified Chen teaches the medium of Claim 1, wherein executing the deterministic process, by each of the plurality of servers, to independently generate the first symmetric key is based on: a respective clock event triggering the generation, by a corresponding server of the plurality ofAttorney Docket No. R00589NP servers, of the first symmetric key. [Chen, para. 70 discloses the technicians can set an updating cycle of the authentication key in the platform authentication server and the cluster authentication server of each one of the plurality of clusters in advance, so that the platform authentication server and each cluster authentication server can periodically generate an authentication key according to the above updating cycle. For example, a method of periodically generating the authentication key may be generating every 12 hours or 24 hours starting from the same time, so that the authentication key can be valid only in the current period. When the next cycle comes, the platform authentication server and the cluster authentication server of each one of the plurality of clusters can generate an authentication key again to replace the old authentication key.]

Regarding claim 10, modified Chen teaches the medium of claim 1, wherein the operations further comprise: subsequent to executing, by each of the plurality of servers, the deterministic process to independently generate the first symmetric key: executing, by each of the plurality of servers, the deterministic process to independently generate a second symmetric key for encryption and decryption of session tickets, [Chen, para. 88 discloses a successful authentication may be that the decrypting is successful, that is, after the target cluster authentication server decrypts the authentication information, the cluster management information is successfully obtained. If the target cluster authentication server cannot decrypt the authentication information, or what obtained after decrypting is not the cluster management information. After the authentication information is successfully decrypted, the target cluster authentication server may feed back the decrypted cluster management information to the target management server. In this way, the target management server can execute the cluster management request based on the received cluster management information.] wherein each of the first server and the second server of the plurality of servers independently generate the same second symmetric key using the deterministic process; [Chen, para. 89 discloses when the target cluster authentication server is restarted, the target cluster authentication server may timely generate an authentication key corresponding to the current time, and the corresponding processing may be as follows: when the target cluster authentication server is restarted, the target cluster authentication server determines the key generation factor and the key generation algorithm according to the current time, and generates the authentication key using the key generation factor and the key generation algorithm.] attempting to decrypt, by the first server, the encrypted second session ticket using the second symmetric key; [Chen, para. 88 discloses a successful authentication may be that the decrypting is successful, that is, after the target cluster authentication server decrypts the authentication information, the cluster management information is successfully obtained. If the target cluster authentication server cannot decrypt the authentication information, or what obtained after decrypting is not the cluster management information, and if the information obtained by the decrypting is not the information in the preset format, the decryption fails.], but Chen does not teach receiving, by the first server from a second client device, a second authentication request comprising an encrypted second session ticket; and responsive to determining that the attempt to decrypt the second session ticket using the second symmetric key failed: decrypting the second session ticket using the first symmetric key
However, Sharifi Mehr does teach receiving, by the first server from a second client device, a second authentication request comprising an encrypted second session ticket; [Sharifi Mehr, col. 3 lines 13 – 17 discloses If the client computer system determines to resume a communication session with a different server in the set of related servers, the client computer system searches local storage and retrieves the session ticket and the previously used session parameters for the different server.] and responsive to determining that the attempt to decrypt the second session ticket using the second symmetric key failed: decrypting the second session ticket using the first symmetric key [Sharifi Mehr, col. 15 lines 43 – 56 discloses As a result of receiving the session ticket, the server attempts to resume a TLS session. At block 1206, the server accesses a shared database containing cryptographic keys for decrypting session tickets. If the server cannot locate a cryptographic key for decrypting the session ticket, the server negotiates a new TLS session with the client computer system. If the server can locate a cryptographic key for decrypting the session ticket, the server decrypts the session ticket and validates session information contained within the ticket. In one example, the session ticket has a format as shown in FIG. 10, and is validated using a message authentication code and an initialization vector included in the session ticket. At block 1208, the server imports the session keys from the session ticket.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combing Sharifi Mehr’s system with Chen’s system, with a motivation for renegotiation of session parameters may be unnecessary, saving the associated computing time and resources. [Sharifi Mehr, col. 3 lines 53 – 55]

Regarding claim 11, modified Chen teaches the medium of claim 1, wherein the operations further comprise: receiving, by the second server from the client device, a key index value with the encrypted session ticket; [Chen, para. 75 discloses When receiving the cluster management instruction of the user for the target cluster, the cloud management platform can send authentication information acquisition request to the platform authentication server, referring to step 2 in FIG. 3. After receiving the authentication information acquisition request, the platform authentication server can read the authentication key stored locally and generate the corresponding authentication information according to the authentication key, for example, referring to step 3 in FIG. 3. After that, the platform authentication server can feed back the authentication information to the cloud management platform, referring to step 4 in FIG. 3.], but Chen does not teach wherein the operations further comprise: receiving, by the second server from the client device, a key index value with the encrypted session ticket; and selecting the first symmetric key, from a plurality of symmetric keys, based on the key index value.  
However, Sharifi Mehr does teach and selecting the first symmetric key, from a plurality of symmetric keys, based on the key index value. [Sharifi Mehr, col. 7 lines 9 – 15 discloses TLS session information retained within a sharing zone may be indexed by session ID so that session information for incoming session resumption requests, which contain session IDs, can be quickly and efficiently accessed. TLS session information retained by a client computer system may be indexed using the list of servers for which the session information record is valid.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combing Sharifi Mehr’s system with Chen’s system, with a motivation for renegotiation of session parameters may be unnecessary, saving the associated computing time and resources. [Sharifi Mehr, col. 3 lines 53 – 55]

Regarding claim 12, modified Chen teaches the medium of claim 1, , but Chen does not teach attempting to decrypt, by the first server, the encrypted second session ticket using the first symmetric key; wherein the operations further comprise: receiving, by the first server from a second client device, a second authentication request comprising an encrypted second session ticket and responsive to determining that the attempt to decrypt the encrypted second session ticket using the first symmetric key failed: authenticating the second client device using the first authentication process. 
However, Sharifi Mehr does teach attempting to decrypt, by the first server, the encrypted second session ticket using the first symmetric key; [Sharifi Mehr, col. 9 lines 36 – 41 discloses the shared database 514 contains information that allows the servers within the sharing zone 504 to decrypt session tickets. The information contained in the shared database 514 may be a single cryptographic key such as a symmetric cryptographic key or a private cryptographic key of a public-private cryptographic key pair.] wherein the operations further comprise: receiving, by the first server from a second client device, a second authentication request comprising an encrypted second session ticket; [Sharifi Mehr, col. 3 lines 13 – 17 discloses If the client computer system determines to resume a communication session with a different server in the set of related servers, the client computer system searches local storage and retrieves the session ticket and the previously used session parameters for the different server.] and responsive to determining that the attempt to decrypt the encrypted second session ticket using the first symmetric key failed: authenticating the second client device using the first authentication process. [Sharifi Mehr, col. 15 lines 43 – 56 discloses As a result of receiving the session ticket, the server attempts to resume a TLS session. At block 1206, the server accesses a shared database containing cryptographic keys for decrypting session tickets. If the server cannot locate a cryptographic key for decrypting the session ticket, the server negotiates a new TLS session with the client computer system. If the server can locate a cryptographic key for decrypting the session ticket, the server decrypts the session ticket and validates session information contained within the ticket. In one example, the session ticket has a format as shown in FIG. 10, and is validated using a message authentication code and an initialization vector included in the session ticket. At block 1208, the server imports the session keys from the session ticket.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combing Sharifi Mehr’s system with Chen’s system, with a motivation for renegotiation of session parameters may be unnecessary, saving the associated computing time and resources. [Sharifi Mehr, col. 3 lines 53 – 55]

Regarding claim 13, modified Chen teaches the medium of claim 1, wherein executing, by each of the plurality of servers, the deterministic process to independently generate the first symmetric key comprises: each of the plurality of servers obtaining a same set of input data for the deterministic process, [Chen, para. 58 discloses the platform authentication server and the cluster authentication server of each one of the plurality of cluster respectively generate the authentication key according to the preset key generation manner. When receiving the cluster management instruction for the target cluster, the cloud management platform sends the authentication information acquisition request to the platform authentication server, such that the platform authentication server generates the authentication information according to the authentication key and feeds back the authentication information to the cloud management platform. The cloud management platform sends the cluster management request carrying the authentication information to the target management server of the target cluster.] but Chen does not teach and wherein the operations further comprise: programming a third server to perform the deterministic process; obtaining, by the third server, (a) the same set of input data and (b) a key index value; and generating, by the third server, the first symmetric key by applying (a) the same set of input data and (b) the key index value to the deterministic process. 
However, Sharifi Mehr does teach and wherein the operations further comprise: programming a third server to perform the deterministic process; obtaining, by the third server, (a) the same set of input data and (b) a key index value; and generating, by the third server, the first symmetric key by applying (a) the same set of input data and (b) the key index value to the deterministic process. [Sharifi Mehr, col. 7 lines 9 – 15 discloses TLS session information retained within a sharing zone may be indexed by session ID so that session information for incoming session resumption requests, which contain session IDs, can be quickly and efficiently accessed. TLS session information retained by a client computer system may be indexed using the list of servers for which the session information record is valid.] 
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combing Sharifi Mehr’s system with Chen’s system, with a motivation for renegotiation of session parameters may be unnecessary, saving the associated computing time and resources. [Sharifi Mehr, col. 3 lines 53 – 55]

Regarding claims 14 – 25, they recite features similar to features within claims 1 – 12, therefore, they are rejected in a similar manner.

Conclusion
Pertinent prior art made of record however not replied upon:
US 20120331088 A1 to O'Hare et al.
“Systems and methods are provided for directing a client computing device to data portions stored on a plurality of storage locations. A registration/authentication server receives a request from a client computing device to retrieve portions of data stored at multiple storage locations. The registration/authentication server provides pointers to available storage locations to the client computing device based on criteria, whereupon the client computing device may retrieve the data portions and reconstitute a desired data set.”
US 20160105290 A1 to Khalil et al. 
“The device may receive user information associated with a user. The device may generate a user profile for the user that stores user information and authentication confirmation information. The device may provide a particular cryptographic key and information identifying the user profile. The device may receive a request to authenticate a secure session for a user device from an application server. The device may obtain, based on the user identifier, the authentication confirmation information associated with the user from a data structure storing one or more user profiles. The device may validate the particular response to the particular challenge code based on the authentication confirmation information. The device may provide information to the application server indicating that the secure session is validated for the user device based on validating the authentication information.”

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Phuc Pham whose telephone number is (571)272-8893. The examiner can normally be reached Monday - Thursday 7:30 AM - 4:30 PM; Friday 8:00 AM - 12:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571)272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/P.P./Patent Examiner, Art Unit 2434                                                                                                                                                                                                        
/NOURA ZOUBAIR/Primary Examiner, Art Unit 2434