DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Application # 18/753,183 was filed on 6/25/2024.
Claims 1-20 are subject to examination.
An IDS filed on 6/25/2024 has been fully considered and entered by the Examiner.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The filing of a terminal disclaimer by itself is not a complete reply to a nonstatutory double patenting (NSDP) rejection. A complete reply requires that the terminal disclaimer be accompanied by a reply requesting reconsideration of the prior Office action. Even where the NSDP rejection is provisional the reply must be complete. See MPEP § 804, subsection I.B.1. For a reply to a non-final Office action, see 37 CFR 1.111(a). For a reply to final Office action, see 37 CFR 1.113(c). A request for reconsideration while not provided for in 37 CFR 1.113(c) may be filed after final for consideration. See MPEP §§ 706.07(e) and 714.13.
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The actual filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/apply/applying-online/eterminal-disclaimer.
Claims 1, 3, 4, 5, 6, 7, 8, 12, 13, 14, 15, 16, 17, 19, 20 rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1, 4, 3, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 of U.S. Patent No. 11,516,205 (hereinafter ‘205 Patent).
With respect to claim 1, 8, 15 respectively, contain similar subject matter as claims the instant 1, 8, 12 respectively of ‘205 Patent as follows: receive, from a client device, a communication indicative of a request to establish a network connection to a server; prior to initiating a network connection between the network appliance and the server: access a server certificate associated with the server, wherein the accessing includes: querying a server certificate cache at the network appliance using an identifier extracted from the communication received from the client device, and responsive to the querying of the server certificate cache not returning the server certificate, extracting an address from the communication received from the client device and querying the server certificate cache using the extracted address; responsive to a determination, based on the server certificate, not to decrypt data transmitted between the client device and the server, establish a single connection between the network appliance and the server; and transmit the data between the client device and the server only over the single connection.
With respect to claims 3, 4, 5, 6, 7, 12, 13, 14, 16, 17, 19, 20 respectively of the instant application, they contain similar subject matter as claims 4, 3, 5, 6, 7, 9, 10, 11, 13, 14, 15, 16 respectively of ‘205 Patent.
Claims 1, 2, 3, 4, 5, 6, 8, 12, 13, 14, 15, 16, 17, 19, 20 rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1, 2, 4, 3, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 of U.S. Patent No. 12,028,332 (hereinafter ‘32 Patent).
With respect to claim 1, 8, 15 respectively, contain similar subject matter as claims the instant 1, 7, 14 respectively of ‘332 Patent as follows: receive, from a client device, a communication indicative of a request to establish a network connection to a server; prior to initiating a network connection between the network appliance and the server: access a server certificate associated with the server, wherein the accessing includes: querying a server certificate cache at the network appliance using an identifier extracted from the communication received from the client device, and responsive to the querying of the server certificate cache not returning the server certificate, extracting an address from the communication received from the client device and querying the server certificate cache using the extracted address; responsive to a determination, based on the server certificate, not to decrypt data transmitted between the client device and the server, establish a single connection between the network appliance and the server; and transmit the data between the client device and the server only over the single connection.
With respect to claims 2, 3, 4, 5, 6, 9, 10, 11, 12, 13, 16, 17, 18, 19, 20 respectively of the instant application, they contain similar subject matter as claims 2, 3, 4, 5, 6, 8, 9, 10, 11, 12, 15, 16, 17, 18, 19 respectively of ‘332 Patent.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 1-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Parthasarathy et al. U.S. Patent Publication # 20160255047 (hereinafter Parthasarathy) in view of Uehara et al. U.S. Patent # Publication # 2019/0253260 (hereinafter Uehara)
With respect to claim 1, Parthasarathy teaches a network appliance comprising: a processor; and a memory storing computer program instructions, execution of which by the processor causes the network appliance to:
-receive, from a client device, a communication indicative of a request to establish a network connection to a server (i.e. upon receiving the client hello message from the client to establish SSL/TLS session) (Paragraph 37, 38, 39-40);
-prior to initiating a network connection between the network appliance and the server: access a server certificate associated with the server (i.e. obtaining a security certificate from the server) (Paragraph 39-40) wherein the accessing includes:
-querying a server certificate cache at the network appliance using an identifier extracted (i.e. session ID, server name indication (SNI))(Paragraph 37) from the communication received from the client device (Paragraph 37), and responsive to the querying of the server certificate cache not returning the server certificate (i.e. an abbreviated handshake between the client and server can occur, wherein server does not send server certificate message hence, the site textual identification information of the server is not available) (Paragraph 44-45), extracting an address from the communication received from the client device and querying the server certificate cache using the extracted address (i.e. since the site textual identification information not readily available, using previously obtained site textual information by using parameters which can be queried from the database. These parameters include session ID which were included in the client hello messages) (Paragraph 45-46)
- establish a single connection between the network appliance and the server (Paragraph 47); and transmit the data between the client device and the server only over the single connection (Paragraph 47)
Parthasarathy implicitly teach not to decrypt data transmitted between the client and the server (i.e. because it does not mention decrypting data which means it is not decrypting data) but Parthasarathy does not explicitly state responsive to a determination, based on the server certificate, not to decrypt data transmitted between the client device and the server.
Uehara teaches based on the server certificate not to decrypt data transmitted between the client and the server (Paragraph 11). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement Uehara’s teaching in Parthasarathy’s teaching to come up with not decrypting data transmitted between the server and the client and establishing a single connection. The motivation for doing so would be to keep the bidirectional communications between the server and client secure and client-side public key is transmitted to the server in a similar manner (Paragraph 11).
With respect to claim 2, Parthasarathy and Uehara teaches the network appliance of claim 1, but Uehara further teaches wherein the computer program instructions further cause the processor to: responsive to determining the server certificate is not stored in the server certificate cache, transmit the communication from the client to the server (Paragraph 13); receive the server certificate associated with the server in response to transmitting the communication from the client to the server (i.e. server registering electronic certificate) (Paragraph 91, 94); and store the received server certificate in the server certificate cache (i.e. server includes electronic certificate registration means to register certificate containing public key of the server) (Paragraph 91,94).
With respect to claim 3, Parthasarathy and Uehara teaches the network appliance of claim 1, but Parthasarathy further teaches wherein the computer program instructions further cause the processor to: after establishing the single connection between the network appliance and the server, receive a new server certificate associated with the server (Paragraph 71, 73); and responsive to receiving the new server certificate, replace the stored server certificate in the server certificate cache with the new server certificate (Paragraph 42, 43)
With respect to claim 4, Parthasarathy and Uehara teaches the network appliance of claim 1, but Uehara further teaches wherein the computer program instructions further cause the processor to: responsive to determining to decrypt the data transmitted between the client device and the server (Paragraph 63, 64)transmit the communication from the client to the server (Paragraph 63, 64)
With respect to claim 5, Parthasarathy and Uehara teaches the network appliance of claim 1, but Parthasarathy further teaches wherein the server comprises a proxy device between the network appliance and one or more data sources that serve data requested by the client device (Paragraph 32-33), and wherein determining not to decrypt data transmitted between the client device and the server comprises: determining not to decrypt the data transmitted between the client device and the proxy device responsive to the server certificate not being signed by the proxy device (Paragraph 36) ; and Parthasarathy does not explicitly teach determining to decrypt the data transmitted between the client device and the proxy device responsive to the server certificate being signed by the proxy device.
Uehara teaches determining not to decrypt the data transmitted between the client device and the proxy device responsive to the server certificate not being signed by the proxy device (Paragraph 11); determining to decrypt the data transmitted between the client device and the proxy device responsive to the server certificate being signed by the proxy device (Paragraph 63, 64). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement Uehara’s teaching in Parthasarathy’s teaching to come up with not to decrypt the data transmitted between the client device and the proxy device responsive to the server certificate not being signed by the proxy device and determining to decrypt the data transmitted between the client device and the proxy device responsive to the server certificate being signed by the proxy device. The motivation for doing so would be to keep the bidirectional communications between the server and client secure and client-side public key is transmitted to the server in a similar manner (Paragraph 11).
With respect to claim 6, Parthasarathy and Uehara teaches the network appliance of claim 1, but Uehara further teaches wherein determining not to decrypt data transmitted between the client device and the server comprises: determining not to decrypt the data transmitted between the client device and the server responsive to the server certificate being self-signed by the server (Paragraph 94, 101); and determining to decrypt the data transmitted between the client device and the server responsive to the server certificate not being self-signed by the server (Paragraph 94-96, 101)
With respect to claim 7, Parthasarathy and Uehara teaches the network appliance of claim 1, but Parthasarathy further teaches wherein the address comprises one or more of a source internet protocol (IP) address, a destination IP address, or a socket address (Paragraph 19, 20)
With respect to claims 8-14 respectively, they recite similar limitations as claims 1-7 respectively, therefore rejected under same basis.
With respect to claims 15-20 respectively, they recite similar limitations as claims 1-6 respectively, therefore rejected under same basis.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
A). Mistry et al. U.S. Patent Publication # 20180367530 which teaches about certificate pinning operation when user device receives response from the server and extract the set of public key certificates.
B). Williams et al. U.S. Patent # 11,418,352 which teaches about key management service to receive first, second and third certificate by the certificate authority.
C). Jiang et al. U.S. Patent Publication # 2017/0163736.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DHAIRYA A PATEL whose telephone number is (571)272-5809. The examiner can normally be reached M-F 7:30am-4:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kamal B Divecha can be reached at 571-272-5863. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
DHAIRYA A. PATEL
Primary Examiner
Art Unit 2453
/DHAIRYA A PATEL/Primary Examiner, Art Unit 2453