DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


The following is a final office action in response to communications received 11/18/2022. Claims 1-19 have been previously cancelled. None of the claims have been amended. Therefore, claims 20-31 are pending and addressed below.


Response to Arguments
Applicant’s arguments filed 11/18/2022 have been fully considered but they are not persuasive. Applicant argues that (1) the combination of Weihl and Reilly does not disclose when receiving the first message, receiving first data from at least one network security device that passed the first message from the client to the server…, (2) Reilly does not teach incorporating the first data into the data field in the response, wherein said incorporation comprises: combining the first data and the second data to create combined data, such that the at least one network security device is able to extract the first data from a location in the combined data.

In response to argument (1), Examiner respectfully disagrees. Weihl discloses a copy of the customer’s SSL certificate must reside on the secure edge servers…see par. 46…edge servers are not authorized to access and use SSL certificates until they have been first authenticated…and secure connection is established between edge server and origin server…see par. 49…the edge serer maintains a secure session and serves SSL content…to the requesting end user…fig. 5…Claim language recites receiving first data from at least one network security device (fig. 5: serving SSL certificate from edge server to the end user) that passed the first message from the client to the server (client sends a message to the server…see par. 38)…Since there is no specific language in the instant application claim as to whether first data is being sent directly and/or in what order from the edge server to the origin server, Examiner interprets that as long as SSL certificate gets send back to the origin server, it reads on the claim’s limitation. Examiner maintains that the combination of Weihl and Reilly does teach this limitation.

In response to argument (2), Examiner respectfully disagrees. Reilly discloses a security token (second data) from the security token service for a new user of the web application…and further including pulling the SSL certificate (first data) from the web application (a location in the combined data). There is no clear language of the nature of first data to second data and how they are related and/or different from each other. Examiner maintains that Reilly does disclose this limitation.

Claim Rejections - 35 USC § 103

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 20-31 are rejected under 35 U.S.C. 103 as being unpatentable over Weihl et al (Pub. No. US 2004/0093419) in view of Reilly et al (Pub. No. US 2017/0019410).

As per claim 20, Weihl discloses a method operable at a server, comprising: receiving a first message from a client in order to establish a secure session between the client and the server (…an SSL connection is established and client sends a message to the server…see par. 38); when receiving the first message, receiving first data from at least one network security device that passed the first message from the client to the server (…client sends a message to the server…the secure edge server (interpreted as network security device) establishes a secure origin session…while maintaining the session with the browser, the secure edge server connects to the site’s origin server…the origin site presents a server certificate (certificate interpreted as first data) to the secure edge server…see par. 37-39… fig. 5: serving SSL certificate from edge server to the end user… client sends a message to the server…see par. 38); generating a response to the first message; wherein the response includes a data field holding second data generated by the server (…in the ensuing SSL handshake, the origin site presents a server certificate to the secure edge server…in this certificate, the common name can be the same as the common name in the certificate that the CDN service provider provides to the client, but an organizational name, which is a data element specified in the certificate…see par. 39); sending the response towards the client in order to establish the secure session (…a copy of the customer’s SSL certificate must reside on the secure edge servers to allow them to serve SSL content on the customer’s behalf…see par. 46); closing the secure session (…a server that cannot be fully monitored by the CDN service provider will remove the certificate from its memory and no longer serve the SSL traffic…see par. 46); receiving a second message from the client that seeks to resume the secure session, the second message being received from the at least one network security device after validation of the first data (see par. 51-53). Weihl does not explicitly disclose incorporating the first data into the data field in the response, wherein said incorporation comprises: combining the first data and the second data to create combined data, such that the at least one network security device is able to extract the first data from a location in the combined data; and extracting the second data from the data field for use in resuming the secure session. However Reilly discloses incorporating the first data into the data field in the response, wherein said incorporation comprises: combining the first data and the second data to create combined data, such that the at least one network security device is able to extract the first data from a location in the combined data; and, extracting the second data from the data field for use in resuming the secure session (…the module requests and receives a security token from the STS for a new user…the module further includes pulling a secure sockets layer (SSL) certificate from the web application and sending the SSL certificate to the STS…extracting a web proxy, vendor-specific token from http headers from the web application, creating a WS-Federation request security token using the vendor-specific token to build the binary security token to authenticate the request…see par. 33-34). Therefore one ordinary skill in the art would have found it obvious before the effective filling date of the claimed invention to use Reilly in Weihl for including the above limitations because one ordinary skill in the art would recognize it would further maintain a continuing knowledge of web security access changes and update each web application to accommodate such changes…see Reilly, par. 3.



As per claim 24, Weihl discloses a server comprising circuitry forming one or more processors and memory holding computer program instructions for execution on the one of more processors to operate the server to: receive a first message from a client in order to establish a secure session between the client and the server (…an SSL connection is established and client sends a message to the server…see par. 38); when receiving the first message, receive first data from at least one network security device that passed the first message from the client to the server (…client sends a message to the server…the secure edge server (interpreted as network security device) establishes a secure origin session…while maintaining the session with the browser, the secure edge server connects to the site’s origin server…the origin site presents a server certificate (certificate interpreted as first data) to the secure edge server…see par. 37-39… fig. 5: serving SSL certificate from edge server to the end user… client sends a message to the server…see par. 38); generate a response to the first message; wherein the response includes a data field holding second data generated by the server (…in the ensuing SSL handshake, the origin site presents a server certificate to the secure edge server…in this certificate, the common name can be the same as the common name in the certificate that the CDN service provider provides to the client, but an organizational name, which is a data element specified in the certificate…see par. 39); send the response towards the client in order to establish the secure session (…a copy of the customer’s SSL certificate must reside on the secure edge servers to allow them to serve SSL content on the customer’s behalf…see par. 46); close the secure session (…a server that cannot be fully monitored by the CDN service provider will remove the certificate from its memory and no longer serve the SSL traffic…see par. 46); receive a second message from the client that seeks to resume the secure session, the second message being received from the at least one network security device after validation of the first data (see par. 51-53). Weihl does not explicitly disclose incorporate the first data into the data field in the response, wherein said incorporation comprises: combining the first data and the second data to create combined data, such that the at least one network security device is able to extract the first data from a location in the combined data; and, extract the second data from the data field for use in resuming the secure session. However Reilly discloses incorporate the first data into the data field in the response, wherein said incorporation comprises: combining the first data and the second data to create combined data, such that the at least one network security device is able to extract the first data from a location in the combined data; and, extract the second data from the data field for use in resuming the secure session (…the module requests and receives a security token from the STS for a new user…the module further includes pulling a secure sockets layer (SSL) certificate from the web application and sending the SSL certificate to the STS…extracting a web proxy, vendor-specific token from http headers from the web application, creating a WS-Federation request security token using the vendor-specific token to build the binary security token to authenticate the request…see par. 33-34). Therefore one ordinary skill in the art would have found it obvious before the effective filling date of the claimed invention to use Reilly in Weihl for including the above limitations because one ordinary skill in the art would recognize it would further maintain a continuing knowledge of web security access changes and update each web application to accommodate such changes…see Reilly, par. 3.



As per claim 28, Weihl discloses a non-transitory computer readable medium holding computer program instructions for operating a server, the computer readable instructions comprising instructions for: receiving a first message from a client in order to establish a secure session between the client and the server (…an SSL connection is established and client sends a message to the server…see par. 38); when receiving the first message, receiving first data from at least one network security device that passed the first message from the client to the server (…client sends a message to the server…the secure edge server (interpreted as network security device) establishes a secure origin session…while maintaining the session with the browser, the secure edge server connects to the site’s origin server…the origin site presents a server certificate (certificate interpreted as first data) to the secure edge server…see par. 37-39… fig. 5: serving SSL certificate from edge server to the end user… client sends a message to the server…see par. 38); generating a response to the first message; wherein the response includes a data field holding second data generated by the server (…in the ensuing SSL handshake, the origin site presents a server certificate to the secure edge server…in this certificate, the common name can be the same as the common name in the certificate that the CDN service provider provides to the client, but an organizational name, which is a data element specified in the certificate…see par. 39); sending the response towards the client in order to establish the secure session (…a copy of the customer’s SSL certificate must reside on the secure edge servers to allow them to serve SSL content on the customer’s behalf…see par. 46); closing the secure session (…a server that cannot be fully monitored by the CDN service provider will remove the certificate from its memory and no longer serve the SSL traffic…see par. 46); receiving a second message from the client that seeks to resume the secure session, the second message being received from the at least one network security device after validation of the first data (see par. 51-53). Weihl does not explicitly disclose incorporating the first data into the data field in the response, wherein said incorporation comprises: combining the first data and the second data to create combined data, such that the at least one network security device is able to extract the first data from a location in the combined data; and extracting the second data from the data field for use in resuming the secure session. However Reilly discloses incorporating the first data into the data field in the response, wherein said incorporation comprises: combining the first data and the second data to create combined data, such that the at least one network security device is able to extract the first data from a location in the combined data; and extracting the second data from the data field for use in resuming the secure session (…the module requests and receives a security token from the STS for a new user…the module further includes pulling a secure sockets layer (SSL) certificate from the web application and sending the SSL certificate to the STS…extracting a web proxy, vendor-specific token from http headers from the web application, creating a WS-Federation request security token using the vendor-specific token to build the binary security token to authenticate the request…see par. 33-34). Therefore one ordinary skill in the art would have found it obvious before the effective filling date of the claimed invention to use Reilly in Weihl for including the above limitations because one ordinary skill in the art would recognize it would further maintain a continuing knowledge of web security access changes and update each web application to accommodate such changes…see Reilly, par. 3.


As per claims 21, 25, 29, the combination Weihl and Reilly discloses wherein the at least one network security device comprises a set of multiple network security devices (Weihl: see par. 33).


As per claims 22, 26, 30, the combination Weihl and Reilly discloses wherein the first message is received via a first network security device, and the second message is received via a second network device (Weihl: see par. 48-49).


As per claims 23, 27, 31, the combination Weihl and Reilly discloses wherein the location in the combined data is a predetermined location in the combined data (Reilly: see par. 23, 37-38). The motivation for claims 23, 27, 31 is the same motivation as in claims 20, 24, 28 above.




Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure (see PTO-form 892).
The following Patents and Papers are cited to further show the state of the art at the time of Applicant’s invention with respect to network security.

Hindawi et al (Pub. No. US 2015/0271285); “Data Catching and Distribution in a Local Network”;
-Teaches the data distribution module extracts a manifest from the system management message received from a server, generates a plurality of data requests, identifies or receives respective specific data…see par. 107-110.

THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to GHAZAL B SHEHNI whose telephone number is (571)270-7479. The examiner can normally be reached Mon-Fri 9am-5pm PCT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Philip Chea can be reached on 5712723951. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/GHAZAL B SHEHNI/Primary Examiner, Art Unit 2499