Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
This Office Action is in response to the Amendment filed on 07/26/2022.
In the instant Amendment, Claims 1, 4-7, 9, 12-13 and 17 have been amended and claims 1, 9  and 17 are independent claims.  Claims 1-20 are pending.  This Action is made FINAL.
Response to Arguments
Applicants’ arguments with respect to claims 1-20 have been considered but are moot in view of the new ground(s) of rejection.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C.
102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Goel (US 2019/0182349) and in view of Grobman (US 2005/0091171).
Regarding claim 1, Goel discloses a computer-implemented method for sharing secure communication sessions within a computer network (Goel abstract, par. 0065 and fig. 2A. Goel teaches The TLS handshake will occur as part of creating a TCP connection and thus created a TLS-secured TCP connection between client and server), the method comprising:
 receiving a first ticket from a first server that is included in a first server pool and with which a first secure communication session has been established (Goel par. 0066, 0076, 0079, Fig. 2A and 3A. Goel teaches that the server may or may not set a session ticket during the first handshake, but it is preferable that it does. The client and server A complete a TLS handshake, the client issues object requests and/or server A pushes objects to the client. the server-side client cached object data can be shared amongst groups of servers); 
receiving information indicating that a second server also is included in the first server pool and is associated with a first address (Goel par. 0088 and Fig.3A. Goel teaches that the client receives back the distinct IP address of server B. See also par. 0076); 
establishing a connection with the second server based on the first address (Goel par. 0083, 0088 and Fig. 3A. Goel teaches that the client receives back the distinct IP address of server B, the client makes a GET request for the ticketing object to the server B. This means that the client establishes a new TCP connection to server B with the same TLS session). 
Goel teaches, preferable to set session ticket, establishing a connection with the second server and establishes a new TCP connection to another server with the same TLS (Goel par. 0066, 0088 and Fig.3A). However, Goel does not explicitly disclose wherein the first ticket is shared by a first plurality of servers included in the first server pool, and wherein a second ticket is shared by a second plurality of servers included in a second server pool and wherein receiving a session ticket and restoring the first secure communication session with the second server based on the first ticket.
However, in an analogous art, Grobman teaches wherein the first ticket is shared by a first plurality of servers included in the first server pool, and wherein a second ticket is shared by a second plurality of servers included in a second server pool (Grobman par. 0036-0038 and claim 15. Grobman teaches that the TGS may be capable of receiving a request for a Service Ticket and issue a multi-server service ticket 540. In one embodiment, the TGS may be capable of performing the technique illustrated by FIG. 2. In one embodiment, the Multi-Server Service Ticket may include the fields illustrated by FIG. 3. In one embodiment, the request for a Service Ticket may include or utilize the Ticket-Granting-Ticket issued by the AS. The pool of servers may be capable of receiving and utilizing a multi-server service ticket 540. FIG. 5 shows three network servers 553, 555, & 559 in the server pool, the disclosed subject matter is not limited to any particular number of servers. The client may receive a Ticket-Granting-Ticket (TGT). The client may use this TGI to request a Service Ticket from the Ticket Granting Service (TGS) 530. The TGS may determine that the service is provided by a server pool 550, and issue a Multi-Server Service Ticket 540. The client may present this Service Ticket to the server pool. A managing agent receiving a Service Ticket; the managing agent selecting a receiving server from a server pool having a plurality of servers; routing the Service Ticket to the receiving server. See also par. 0035 and claim 48);
wherein receiving a session ticket ( Grobman par. 0010.  Grobman teaches that Service ticket may be presented to network server 120 by client 100. The Network server may then decrypt the session key using the server's secret key. See also par. 0030).
restoring the first secure communication session with the second server based on the first ticket ( Grobman par. 0008, 0073, 0079 and Fig. 3B.  Grobman teaches that  a session key encrypted with the client's secret key. This session key is used to handle future communications with the KDC. Because the client cannot read the main portion of the TGT contents, it must blindly present the ticket to the Ticket Granting Service 117 for service tickets. See also claim 9).  
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to combine the teachings of  Grobman with the method and system of Goel, wherein receiving a session ticket and restoring the first secure communication session with the second server based on the first ticket to provide users with a means for authenticating a client against a pool of servers utilizing a secure authentication protocol ( Grobman Abstract).
Regarding claim 2, Goel and Grobman disclose the computer-implemented method of claim 1, 
Goel further discloses further comprising storing the first ticket and an association between the first server pool and the first ticket in a cache, wherein restoring the first secure communication session with the second server comprises retrieving the first ticket stored in the cache, and transmitting the first ticket to the second server (Goel par. 0024. Goel teaches that TLS session resumption tickets to store and manage information about objects that a server or a set of servers has previously delivered to a client and therefore that the client is likely to may have in client-side cache. When communicated to a server later, this information can be used to drive server decisions about whether to push an object to a client, e.g., using an HTTP/2 server push function or the like, or whether to send an early hint to the client about an object ).  
 Grobman further teaches wherein receiving a session ticket ( Grobman par. 0006 and Fig. 3B.  Grobman teaches that a server that receives a session ticket from the client identifies the session data. See also par. 0073).
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to combine the teachings of  Grobman with the method and system of Goel, wherein receiving a session ticket to provide users with a means for re-establishing secure application sessions and to establish a secure communication channel based on successful completion of the abbreviated authentication process ( Grobman Abstract).
Regarding claim 3, Goel and Grobman disclose the computer-implemented method of claim 1, 
Goel further discloses further comprising performing a handshake with the second server if the first ticket has expired (Goel par. 0056. Goel teaches that the server preferably performs a “TTL check” before placing or updating the ticket. This means that the server checks the TTL of each object that is in the client cached object data in the existing ticket (if any) or in the client cached object data in the server memory. If an object's TTL has expired, it is removed).  
Regarding claim 4, Goel and Grobman disclose the computer-implemented method of claim 3, 
 Grobman further discloses wherein: the first ticket is generated using a first encryption key shared by the first plurality of servers included in the first server pool; and the first encryption key can be used to encrypt and decrypt session keys during a first period of time and to only decrypt session keys during a second period of time (Grobman par. 0036-0038 and claim 15. Grobman teaches that the TGS may be capable of receiving a request for a Service Ticket and issue a multi-server service ticket 540. In one embodiment, the TGS may be capable of performing the technique illustrated by FIG. 2. In one embodiment, the Multi-Server Service Ticket may include the fields illustrated by FIG. 3. In one embodiment, the request for a Service Ticket may include or utilize the Ticket-Granting-Ticket issued by the AS. The pool of servers may be capable of receiving and utilizing a multi-server service ticket 540. FIG. 5 shows three network servers 553, 555, & 559 in the server pool, the disclosed subject matter is not limited to any particular number of servers. The client may receive a Ticket-Granting-Ticket (TGT). The client may use this TGI to request a Service Ticket from the Ticket Granting Service (TGS) 530. The TGS may determine that the service is provided by a server pool 550, and issue a Multi-Server Service Ticket 540. The client may present this Service Ticket to the server pool. A managing agent receiving a Service Ticket; the managing agent selecting a receiving server from a server pool having a plurality of servers; routing the Service Ticket to the receiving server. See also par. 0035 and claim 48).  
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to combine the teachings of  Grobman with the method and system of Goel, wherein receiving a session ticket to provide users with a means for re-establishing secure application sessions and to establish a secure communication channel based on successful completion of the abbreviated authentication process ( Grobman Abstract).
Regarding claim 5, Goel and Grobman disclose the computer-implemented method of claim 4, 
Goel further discloses further comprising receiving a third ticket from the first server to be used during the second period of time (Goel par. 0060. Goel teaches that to resume the TLS session, the client will send the TLS ticket to the server during the TLS handshake and the ticket will contain the client cached object data about objects sent to the client during the initial part of the session. It would not contain the client cached object data about any objects sent during the second part of the session, but that data is available in the server-side memory. During the third part of the session the server can consult both of these sources to determine whether or not a client is likely to have a particular object cached, and hence whether to push or send an early hint for that object. Once again, the server consults the TTL to determine if a given object has expired).  
 Grobman further discloses wherein the third ticket is generated using a second encryption key shared by first plurality of the servers included in the first server pool (Grobman par. 0036-0038 and claim 15. Grobman teaches that the TGS may be capable of receiving a request for a Service Ticket and issue a multi-server service ticket 540. FIG. 5 shows three network servers 553, 555, & 559 in the server pool, the disclosed subject matter is not limited to any particular number of servers. The client may receive a Ticket-Granting-Ticket (TGT). The client may use this TGI to request a Service Ticket from the Ticket Granting Service (TGS) 530. The TGS may determine that the service is provided by a server pool 550, and issue a Multi-Server Service Ticket 540. The client may present this Service Ticket to the server pool. A managing agent receiving a Service Ticket; the managing agent selecting a receiving server from a server pool having a plurality of servers; routing the Service Ticket to the receiving server. See also par. 0035 and claim 48).  
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to combine the teachings of  Grobman with the method and system of Goel, wherein receiving a session ticket to provide users with a means for re-establishing secure application sessions and to establish a secure communication channel based on successful completion of the abbreviated authentication process ( Grobman Abstract).
Regarding claim 6, Goel and Grobman disclose the computer-implemented method of claim 1, 
Goel further discloses further comprising further comprising: receiving information indicating that a third server is included in the second server pool and a second address associated with the third server; establishing a connection with the third server based on the second address; and establishing a second secure communication session with the third server, wherein establishing the second secure communication session comprises performing a handshake with the third server (Goel par. 0066, 0076, 0079, Fig. 2A and 3A. Goel teaches that the server may or may not set a session ticket during the first handshake, but it is preferable that it does. The client and server A complete a TLS handshake, the client issues object requests and/or server A pushes objects to the client. the server-side client cached object data can be shared amongst groups of servers. The server-side client cached object data can be shared amongst groups of servers. In other words, when a server temporarily stores client cached object data in memory server-side, it can also send this to other servers).  
Regarding claim 7, Goel and Grobman disclose the computer-implemented method of claim 6, 
Goel further discloses wherein the first secure communication session and the second secure communication session comprise Transport Layer Security (TLS) sessions, and the first ticket comprises a TLS ticket (Goel abstract, par. 0024 and Fig.3A. Goel teaches that using TLS session resumption tickets to store and manage information about objects that a server or a set of servers has previously delivered to a client and therefore that the client is likely to have in client-side cache).
Regarding claim 8, Goel and  Grobman disclose the computer-implemented method of claim 1, 
Goel further discloses wherein the first address comprises a uniform resource locator (URL), and the information indicates an identifier (ID) of the first server pool (Goel par. 0081-0083. Goel teaches that The object URL preferably takes the following form https:// <ip_of_server_A> and the <ip_of_server_A> is the IP address of the server to which the client is currently connected).  
Regarding claim 9, Goel discloses a computer-implemented method comprising:
 storing associations between servers and server pools and servers in server pool (Goel par. 0076. Goel teaches that the server-side client cached object data can be shared amongst groups of servers. the other servers can have the data too, if the client resumes the session with one of the other servers, and can combine it with the data in the ticket so that a complete record of the cached objects is obtained); and 
transmitting, to a client application, information indicating an address of a first server from which content can be accessed and the first server pool that is associated with the first server (Goel par. 0018, 0079. Goel teaches that a given CDN server can be implemented as a computer that comprises commodity hardware (e.g., a microprocessor with memory holding program instructions) running an operating system kernel (such as Linux® or variant) that supports one or more applications. To facilitate content delivery services, for example, given computers typically run a set of applications, such as an HTTP (web) proxy server, a name service (DNS), a local monitoring process, a distributed data collection process, and the like. he client and server A complete a TLS handshake, the client issues object requests and/or server A pushes objects to the client).
Goel teaches, storing associations between servers and server pools (Goel par. 0076). However, Goel does not explicitly disclose wherein a first plurality of servers in a first server pool shares a first encryption key that is used to encrypt session keys, and a second plurality of servers in a second server pool shares a second encryption key.
However, in an analogous art,  Grobman teaches wherein a first plurality of servers in a first server pool shares a first encryption key that is used to encrypt session keys, and a second plurality of servers in a second server pool shares a second encryption key ( (Grobman par. 0036-0038 and claim 15. Grobman teaches that the TGS may be capable of receiving a request for a Service Ticket and issue a multi-server service ticket 540. In one embodiment, the TGS may be capable of performing the technique illustrated by FIG. 2. In one embodiment, the Multi-Server Service Ticket may include the fields illustrated by FIG. 3. In one embodiment, the request for a Service Ticket may include or utilize the Ticket-Granting-Ticket issued by the AS. The pool of servers may be capable of receiving and utilizing a multi-server service ticket 540. FIG. 5 shows three network servers 553, 555, & 559 in the server pool, the disclosed subject matter is not limited to any particular number of servers. The client may receive a Ticket-Granting-Ticket (TGT). The client may use this TGI to request a Service Ticket from the Ticket Granting Service (TGS) 530. The TGS may determine that the service is provided by a server pool 550, and issue a Multi-Server Service Ticket 540. The client may present this Service Ticket to the server pool. A managing agent receiving a Service Ticket; the managing agent selecting a receiving server from a server pool having a plurality of servers; routing the Service Ticket to the receiving server. See also par. 0035 and claim 48).
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to combine the teachings of  Grobman with the method and system of Goel, wherein receiving a session ticket to provide users with a means for re-establishing secure application sessions and to establish a secure communication channel based on successful completion of the abbreviated authentication process ( Grobman Abstract).
Regarding claim 10, Goel  and Grobman disclose the computer-implemented method of claim 9, 
Goel further discloses further comprising determining the first server based on a request from the client application (Goel par. 0076 and 0079. Goel teaches that the server-side client cached object data can be shared amongst groups of servers. the other servers can have the data too, if the client resumes the session with one of the other servers, and can combine it with the data in the ticket so that a complete record of the cached objects is obtained. The first client object request is likely to be for the HTML document that defines the presentation of the web page that the end user is seeking to visit).  
Regarding claim 11, Goel and Grobman disclose the computer-implemented method of claim 9, 
Goel further discloses wherein the first server is identified by the client application based on a predictive technique (Goel par. 0039. Goel teaches that the HTML and page objects can be sent in various orders under the HTTP/2 specification.) The pushed objects can be selected based on a prediction algorithm or otherwise configured for the given page or domain, for example. (4) If the client has any of the objects the server will push, e.g., in local cache such as HTML local storage, browser cache, or otherwise, the client can send RST_STREAM frames for these objects as soon as the client receives the PUSH_PROMISE. This will stop the server from sending or continuing to send any objects that the client already has in cache. (5) Client sends separate requests for any other objects needed to render the page).  
Regarding claim 12, Goel and Grobman disclose the computer-implemented method of claim 9, 
 Grobman further discloses wherein the encryption keys are generated by a key generator and distributed to the servers in first and second server pools ( Grobman par. 0020. Grobman teaches that an embodiment of a technique for generating a Service Ticket to facilitate a client to authenticate against a pool of servers utilizing a secure authentication protocol in accordance with the disclosed subject matter. Block 210 illustrates that a Ticket Granting Service may receive a request for a Service Ticket. The Service Ticket may provide access to a client to a particular network service).
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to combine the teachings of  Grobman with the method and system of Goel, wherein receiving a session ticket to provide users with a means for re-establishing secure application sessions and to establish a secure communication channel based on successful completion of the abbreviated authentication process ( Grobman Abstract).
Regarding claim 13, Goel and  Grobman disclose the computer-implemented method of claim 9, 
 Grobman further discloses wherein the first encryption key shared by the first plurality of servers in the first server pool has a different expiration time than the second encryption key shared by the second plurality of servers in the second server pool (Grobman par. 0036-0038 and claim 15. Grobman teaches that the TGS may be capable of receiving a request for a Service Ticket and issue a multi-server service ticket 540. FIG. 5 shows three network servers 553, 555, & 559 in the server pool, the disclosed subject matter is not limited to any particular number of servers. The client may receive a Ticket-Granting-Ticket (TGT). The client may use this TGI to request a Service Ticket from the Ticket Granting Service (TGS) 530. The TGS may determine that the service is provided by a server pool 550, and issue a Multi-Server Service Ticket 540. The client may present this Service Ticket to the server pool. A managing agent receiving a Service Ticket; the managing agent selecting a receiving server from a server pool having a plurality of servers; routing the Service Ticket to the receiving server. See also par. 0035 and claim 48).  
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to combine the teachings of  Grobman with the method and system of Goel, wherein receiving a session ticket to provide users with a means for re-establishing secure application sessions and to establish a secure communication channel based on successful completion of the abbreviated authentication process ( Grobman Abstract).
Regarding claim 14; claim 14 is directed to a computer implemented method associated with the computer implemented method claimed in claim 8. Claim 14 is similar in scope to claim 8 and is therefore rejected under similar rationale respectively.
Regarding claim 15, Goel and Grobman disclose the computer-implemented method of claim 9, 
Goel further discloses wherein the client application is a web browser (Goel par. 0079. Goel teaches that the first client object request is likely to be for the HTML document that defines the presentation of the web page that the end user is seeking to visit).
Regarding claim 16, Goel and Grobman disclose the computer-implemented method of claim 9, 
Goel further discloses wherein the client application is a streaming video application (Goel par. 0014. Goel teaches that The infrastructure is generally used for the storage, caching, or transmission of content—such as web page objects, streaming media and applications—on behalf of such content providers or other tenants).
Regarding claims 17-20; claims 17-20 are directed to a system associated with the computer implemented method claimed in claims 1-3, and 7. Claims 17-20 are similar in scope to claims 1-3 and 7 and are therefore rejected under similar rationale respectively.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SANCHIT K SARKER whose telephone number is (571)270-7907. The examiner can normally be reached M-F 8:30 AM-5:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, FARID HOMAYOUNMEHR can be reached on 571-272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SANCHIT K SARKER/Primary Examiner, Art Unit 2495