Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
The instant application having Application No. 16/939,646 is presented for examination by the examiner.  Claims 1-20 are pending.  Claims 1, 3, 6, 8, 10, 13, 15, 17, and 20 are amended.
Response to Arguments
Applicant’s arguments with respect to claim(s) 1, 8, and 15 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.


Claim Rejections - 35 USC § 103
Claim(s) 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over USP 10,193,698 to Das et al., hereinafter Das in view of USP Application Publication 2003/0081783 to Adusumilli et al., hereinafter Adusumilli and in view of USP Application Publication 2006/0005239 to Mondri et al., hereinafter Mondri.


As per claims 1, 8, and 15, Das teaches a system comprising: a processor; and a memory including instructions that are executable by the processor for causing the processor to: 
receive a request [the request from the server to the security device] associated with a handshake procedure for establishing a secure session between a client device and a server [server mapped to the security device 220; col. 12, lines 59-64], wherein the request includes an identifier of a trusted certificate authority (TCA) that issues signed digital certificates [server certificate chain indicates the Certificate Authority; col. 3, lines 9-10 and col. 13, lines 20-25]
in response to receiving the request, determine that a local key store that is local to the server does not have a signed digital certificate issued by the TCA (col. 13, lines 23-25); 
in response to determining that the local key store does not have the signed digital certificate, obtain the signed digital certificate from the TCA (col. 15 lines 53-60); and 
return the signed digital certificate back to the client device as part of the handshake procedure to establish the secure session (col. 16, lines 35-40).  
Das is silent in explicitly teaching that the request is from a client device.  Das teaches an SSL connection initiated by a client with a server device (col. 7, 27-28).  Therefore, technically Das does teach a request from a client device but that request which initiates a handshake procedure does not contain the identifier of a trusted certificate authority (TCA) that issues signed digital certificates.  However, Adusumilli teaches a client hello message can include supported security features included trusted certificates.  This message does not include the client’s certificate because the server requests it in the next step.  Thus, it is presumed these trusted certificates correspond to the CA’s trusted by the client which could include identifiers.  Mondri also teaches an SSL certificate proxy device between client and server (Fig. 5), Mondri teaches that the proxy server 425 includes the client’s list of trusted certificate authorities (0028).  Mondri teaches that a server must use a certificate issued by one of CAs on the client’s list.  It would have been obvious for the client hello message to include client’s list of trusted CAs given these two teachings.  Das could have provided his proxy device 220 with the list of trusted CAs in order to increase the level of authentication to the server.  The session between the client and security device 220 would already include a client hello message because it is part of the SSL protocol and that is the type of session formed (col. 3, lines 35-38).  One of ordinary skill in the art could have made this combination because it would not lead to any unpredictable results.  Das uses SSL which has client hello messages.  Adusumilli teaches client hello messages carry supported security features including trusted certificates.  Mondri stores a list of trusted certificates authorities in the same type of SSL proxy device taught by Das.  The claim is obvious because one of ordinary skill in the art can combine known methods which do not produce unpredictable results.  

As per claims 2, 9, and 16, Das teaches the request is for initiating the handshake procedure (col. 4, lines 10-13).  Das does not explicitly teach the handshake procedure is a Transport Layer Security (TLS) handshake.  Das does mention that both TSL and SSL “are cryptographic protocols designed to provide communications security over a communication network. SSL and TLS may use asymmetric cryptography to authenticate devices associated with the secure communications and/or to negotiate a symmetric key associated with encrypting traffic between the devices” (Background).  Das uses SSL in the described embodiment and caching certificates at a proxy between the server and client.  Adusumilli teaches his protocol can be implemented during a Transport Layer Security (TLS) handshake (0108) and is related to SSL (0041).  The claim is obvious because one of ordinary skill in the art can substitute known methods which do not produce unpredictable results.  Substituting one known protocol for another does not yield any unpredictable results and is well within the capabilities of one of ordinary skill in the art.

As per claims 3, 10, and 17, the combination of Das, Adusumilli, and Mondri as modified above, teaches the request includes a plurality of identifiers of a plurality of TCAs [Mondri: 0028].
As per claims 4, 11, and 18, Das teaches determining a distinguished name associated with the server from an existing certificate already stored in the local key store (col. 14, line 65-col. 15, line 5); generating a private key and a certificate signing request that includes the distinguished name (col. 16, line 19); and transmitting the certificate signing request to the TCA [teaches the created chain is signed by the CA so it must sent it to the TA for it to sign with its private key – “generate an interdicted certificate chain that includes the interdicted certificate, a certificate of a CA that signed the interdicted certificate”; col. 16, lines 17-20], the TCA being configured to automatically respond to the certificate signing request with the signed digital certificate (col. 16, lines 12-25).
As per claims 5, 12, and 19, Das teaches subsequent to obtaining the signed digital certificate: store the generated private key along with the signed digital certificate in the local key store (col. 16, lines 45-53), the stored signed digital certificate being usable for responding to subsequent requests from one or more client devices (col. 18, lines 23-30 and 50-55).
As per claims 6, 13, and 20, Das teaches the request is a first request, the client device is a first client device, the handshake procedure is a first handshake procedure, the secure session is a first secure session [Das teaches the certificates are cached for future requests so there are requests which identify cached certificates and proceeds as shown below], and the memory further includes instructions that are executable by the processor for causing the processor to: 
receive a second request from a second client device to initiate a second handshake procedure for establishing a second secure session with the server, the second request indicating the TCA [example of when a certificate is stored in 320]; 
in response to receiving the second request, determine that the signed digital certificate is stored in the local key store [col. 18, lines 23-25];
 in response to determining that the signed digital certificate is stored in the local key store, obtain the signed digital certificate from the local key store (col. 18, lines 29-31); and 
transmit the signed digital certificate back to the second client device as part of the second handshake procedure to establish the second secure session (col. 18, lines 43-45).  This process is interpreted as to what happens when another device which uses the security device to communicate with the same server which was cached after being sent by the server to the security device before or during the first device’s session.  The security device would still have a stored copy of the certificate and would proceed in that manner described in steps 560, 570, and 580.
As per claims 7 and 14, Das teaches the processor and the memory are parts of the server (col. 11, lines 30-35).

Conclusion

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL R. VAUGHAN whose telephone number is (571)270-7316.  The examiner can normally be reached on Monday - Thursday, 7:30am - 5:00pm, EST. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571) 272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/MICHAEL R VAUGHAN/
Primary Examiner, Art Unit 2431