DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Claim Objections
Claim 17 is objected to because of the following informalities:  Claim 17 is a Computer Program product, dependent on claim 6, a method claim. Claim 17 should probably be dependent on claim 16.  Appropriate correction is required.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1, 2, 13-15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Bronshtein et al., (US Publication No. 2017/0310670), hereinafter “Bronshtein”, and further in view of Enokida, (US Publication No. 2004/0243805).

Regarding claims 1, 13 and 14, Bronshtein discloses
receiving, by the server, a request from a client to participate in a TLS (Transport Layer Security) session with the server [Bronshtein, paragraphs 23, 27; a client may request that the server return a security certificate, figure 1]; and 
providing a signed server certificate from among the signed server certificates to the client [Bronshtein, paragraphs 23, 27; The server may return the security certificate… as part of TLS setup, figure 1], 
the signed server certificate selected for provision to the client based on an indicator determined from the request [Bronshtein, paragraphs 23-272, figure 1], 
the client and server thereupon participating in the TLS session using the signed server certificate [Bronshtein, paragraphs 23-272, figure 1].

Bronshtein does not specifically disclose, however Enokida teaches
storing, by the server, multiple signed server certificates associated with respective clients and issued using respective root certificates of the respective clients [Enokida, paragraph 418, client certificate and root key certificate stored for each system]. 
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide a root certificate for creating signed certificates from in order to provide the security needed to protect the systems.

Regarding claims 2 and 15, Bronshtein-Enokida further discloses
the server associating the signed server certificates with respective identifiers, wherein the signed server certificate is selected for provision to the client based on matching the indicator with one of the identifiers [Enokida, paragraph 418, the new client certificate and the new root key certificate and cause them to be stored for each of these client apparatuses individually].
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to assign the certificate with a client (as in an associated identifier) in order to provide security for the individual client.

Claim(s) 3-5 is/are rejected under 35 U.S.C. 103 as being unpatentable over Bronshtein-Enokida as applied to claim 2 above, and further in view of Pabari, (US Publication No. 2007/0043860).

Regarding claim 3, Bronshtein-Enokida further discloses
a plurality of clients over TLS via respective signed server certificates [Bronshtein, paragraphs 23, 27; The server may return the security certificate… as part of TLS setup, figure 1].

Bronshtein-Enokida does not specifically disclose, however Pabari teaches
wherein the client includes a management console for managing virtual machines, wherein the server includes a data storage appliance, and wherein the method further comprises the server hosting multiple virtual machine disks Pabari, paragraph 43, 58 and figures 1, 2, 5].
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide a virtual manager to manage virtual machines connected to a network (WAN, LAN, etc.) in order to communicate with the virtual machines in a secure manner over TLS.

Regarding claim 4, Bronshtein-Enokida-Pabari further discloses
wherein the management console manages multiple virtual machine host computers [Pabari, paragraph 43, 58 and figures 1, 2, 5], and wherein the method further comprises the server participating in another TLS session [Bronshtein, paragraphs 23, 27; The server may return the security certificate… as part of TLS setup, figure 1] with one of the virtual machine host computers [Pabari, paragraph 43, 58 and figures 1, 2, 5] using the signed server certificate provided to the client [Bronshtein, paragraphs 23, 27; The server may return the security certificate… as part of TLS setup, figure 1].

Regarding claim 5, Bronshtein-Enokida-Pabari further discloses
the server storing, in connection with at least one signed server certificate, (i) a respective root certificate and (ii) a respective signed client certificate [Enokida, paragraph 418, client certificate and root key certificate stored for each system].

Claim(s) 6, 11, 16 and 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Bronshtein-Enokida as applied to claims 1, 14 above, and further in view of Schnellbaecher, (US Publication No. 2008/0263215).

Regarding claims 6 and 16, Bronshtein-Enokida does not disclose, however Schnellbaecher teaches
wherein the indicator determined from the request is a Server Name Indication (SNI) provided in the request, and wherein the server associates the multiple signed server certificates with respective SNIs [Schnellbaecher, paragraph 70].
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to use a Server Name Indication to corollate with a certificate in order to match a request for the security of the system.

Regarding claims 11 and 19, Bronshtein-Enokida-Schnellbaecher further discloses
wherein the indicator determined from the request includes an IP (Internet Protocol) address to which the request is directed, the server associating the signed server certificates with respective IP addresses [Schnellbaecher, paragraphs 62, 70].

Claim(s) 7, 8, 17 and 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Bronshtein-Enokida-Schnellbaecher as applied to claims 6, 16 above, and further in view of Watanabe, (US Publication No. 2018/0332031).

Regarding claims 7 and 17, Bronshtein-Enokida-Schnellbaecher further discloses
receiving a second request from a second client to participate in a second TLS session with the server, [Bronshtein, paragraphs 23, 27; a client may request that the server return a security certificate, figure 1; The server may return the security certificate… as part of TLS setup] the second request including a second SNI [Schnellbaecher, paragraph 70]; 
storing, by the server, a second signed server certificate based on a second root certificate [Enokida, paragraph 418, client certificate and root key certificate stored for each system] of the second client, the server associating the second signed server certificate with the second SNI [Schnellbaecher, paragraph 70].
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention for multiple TLS connections to a TLS server in order to provide multiple clients access to the system.

Bronshtein-Enokida-Schnellbaecher does not specifically disclose, however Watanabe teaches
determining, by the server, that none of the signed server certificates stored by the server is associated with the second SNI [Watanabe, paragraph 3, and sends a server certificate corresponding to the host name to the client]. 
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to use determine if a certificate matched a SNI, and if not to acquire one on demand in order to provide a secure system for communication.

Regarding claims 8 and 18, Bronshtein-Enokida-Schnellbaecher-Watanabe further discloses
the second client and the server participating in the second TLS session using the second signed server certificate [Bronshtein, paragraphs 23-272, figure 1].

Claim(s) 9-10 is/are rejected under 35 U.S.C. 103 as being unpatentable over Bronshtein-Enokida-Schnellbaecher as applied to claim 6 above, and further in view of Ithal et al., (US Publication No. 2018/0309795), hereinafter “Ithal”.

Regarding claim 9, Bronshtein-Enokida-Schnellbaecher does not specifically disclose, however Ithal teaches
when receiving the request, the SNI includes a UUID (universally unique identifier) generated by the client [Ithal, paragraph 118, UUID].
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to incorporate a unique ID for use in order to determine the associated systems for security.

Regarding claim 10, Bronshtein-Enokida-Schnellbaecher-Ithal further discloses
when receiving the request, the SNI further includes a name associated with the client [Schnellbaecher, paragraphs 39, 70].

Claim(s) 12 and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Bronshtein-Enokida as applied to claim 1 and 14 above, and further in view of Ovsiannikov, (US Publication No. 2011/0264905).

Regarding claims 12 and 20, Bronshtein-Enokida do not disclose, however Ovsiannikov teaches
wherein the indicator determined from the request includes a TCP (Transport Control Protocol) port number to which the request is directed, the server associating the signed server certificates with respective TCP port numbers [Ovsiannikov, paragraphs 326, 328, TCP connection / Port].
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to include using TCP as communication channel using port numbers to ensure a connection for security.

Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to WILLIAM J GOODCHILD whose telephone number is (571)270-1589. The examiner can normally be reached M-F 8am-4:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeff Pwu can be reached on 571-272-6798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/William J. Goodchild/Primary Examiner, Art Unit 2433