DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
2.	This communication is in response to the amendment filed on 11/23/2020. No Claims have been amended or cancelled. Claims 1-3, 5, 8-15 and 17-20 are pending and Claims 1-3, 5, 8-15 and 17-20 are rejected.

Response to Arguments
3.	Applicant's Arguments (Remarks) filed 11/23/2020 have been fully considered but they are not persuasive. 

4.	Applicant’s arguments with respect to 35 U.S.C. 103 have been fully considered, but they are not persuasive, therefore the rejection is maintained.
	Applicant argues “ The cited references fail to teach or suggest at least “identify at least one secure communication packet from the network packets received by the network interface by decapsulating a record header associated with an application layer payload of the network packets to determine whether the network packets have a legitimate secure communication
protocol record header,” as recited in claim 1 (emphasis added).” and 
“Kumar fails to disclose Kumar's SSL termination or termination procedure comprises or is related to “decapsulating a record header associated with an application layer payload of the to determine whether the network packets have a legitimate secure communication protocol record header.” and
“Kumar fails to teach or suggest at least “identify at least one secure communication packet from the network packets received by the network interface by decapsulating a record header associated with an application layer payload of the network packets to determine whether the network packets have a legitimate secure communication protocol record header," as recited in claim 1 (emphasis added)” and
Applicant further argues “Kumar's IP header and TCP header do not correspond to the claimed “record header associated with an application layer payload” by decapsulating which whether the network packets have a legitimate secure communication protocol record header can be determined.” 
	However, the examiner respectfully disagrees. It is noted that Manapragada discloses “identifying at least one communication secure packet.” For example, Manapragada discloses that service/perform SSL operations on network packet traffic offloaded from applications (Manapragada: ¶ [0018]), and match and tag/identify (encrypted) packets coming in from the remote client device over the network for SSL processing by looking up a flow table…, the flow table 400 includes flow attributes field 402…, For packets that are identified for SSL processing, they are provided to the SSL proxy engine 118 via the TCP/IP connecting component 120 to perform the required SSL processing (Manapragada: ¶ [0030]). 
Kumar, on the other hand, discloses assembling one or more of the data packets to determine application layer messages contained in the payload portions (Kumar: ¶ [0083]), after the application layer message has been generated, the application layer message may be encapsulated according to one or more protocols such as HTTP, TCP, and IP. For example, an HTTP header (Kumar: ¶ [0084]), and further discloses that protocol/access methods 810 include: TCP/SSL, 

Claim Rejections - 35 USC § 103
5.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.



6.	The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.

4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

7.	Claims 1-3, 5, 8-9, 12, 14-15, 17 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Manapragada et al. (US 2016/0352870 A1, hereinafter Manapragada) in view of Kumar et al. (US 2006/0123479 A1, hereinafter Kumar). 

Regarding Claim 1,
Manapragada discloses a System-on-Chip (SoC) for performing secure communication operations (Manapragada: ¶ [0017] System-on-Chip (SoC) chip comprising one or more of coprocessors, ¶ [0012] a Network Interface Card (NIC), which serves as a hardware accelerator for all applications running on the server that need to have a secure connection with a remote client device over a network), the SoC comprising: 
a peripheral interface configured to communicate with a host system (Manapragada: ¶ [0017] the host 102 and the NIC 104 are configured to communicate with each other over a Peripheral Component Interconnect (PCI) bus, also see [0019], Fig. 1 – PCI); 
a network interface configured to receive network packets in a secure communication session (Manapragada: ¶ [0012] the embedded networking device is configured to process all SSL operations of the secure connection inline, i.e., the SSL operations are performed as packets are transferred between the host and the client over the network, ¶ [0018] the NIC 104 is configured to service/perform SSL operations on network packet traffic offloaded from applications running on the host 102 that requires a secured connection with a remote client device over a network (not shown) following certain communication protocols such as TCP/IP protocol, also see ¶ [0019]); 
a processor configured to execute an Operating System (OS) software and a secure communication software stack to process at least one received network packet in the secure communication session (Manapragada: ¶ [0017] the NIC 104 can be a multi-core embedded hardware module/process engine or a single System-on-Chip (SoC) chip comprising one or more of coprocessors, ¶ [0019] The NIC 104 and its software components are also configured to run a complete SSL stack on the NIC 104 to provide inline SSL processing for all of the secured connections, ¶ [0036] the SSL proxy engine 118 is implemented as a Linux user space application, which runs on a subset of cores of the NIC 104 that run Linux, ¶ [0034] SSL processing is performed and packets are decrypted by the SSL proxy engine 118. The decrypted plain packets are then pushed to host 102, ¶ [0018]); 
a secure communication engine configured to perform cryptographic operations and generate at least one decrypted packet in the secure communication session (Manapragada: ¶ [0030] packets that are identified for SSL processing, they are provided to the SSL proxy engine 118 via the TCP/IP connecting component 120 to perform the required SSL processing before the decrypted data packets are being forwarded to the network socket handling module 112 on the host 102, ¶ [0033], ¶ [0034] SSL processing is performed and packets are decrypted by the SSL proxy engine 118), wherein the at least one decrypted packet is provided to the host system via the peripheral interface (Manapragada: See ¶ [0017] the host 102 and the NIC 104 are configured to communicate with each other over a Peripheral Component Interconnect (PCI) bus, ¶ [0030] the SSL proxy engine 118 is configured to utilize one or more PCI output rings (not shown) to send the data and information about the flow and its context to the socket handling module 112, ¶ [0034] SSL processing is performed and packets are decrypted by the SSL proxy engine 118. The decrypted plain packets are then pushed to host 102 with the appropriate connection identification information); and
a network operation offloading engine configured to (Manapragada: ¶ [0017] the host 102 and the NIC 104 are configured to communicate with each other over a Peripheral Component Interconnect (PCI) bus, ¶ [0018] the NIC 104 is configured to service/perform SSL operations on network packet traffic offloaded from applications running on the host 102 that requires a secured connection with a remote client device over a network):
identify at least one secure communication packet from the network packets received by the network interface by decapsulating a record header associated with an application layer payload of the network packets to determine whether the network packets have a legitimate secure communication protocol record header (Manapragada: ¶ [0018] the NIC 104 is configured to service/perform SSL operations on network packet traffic offloaded from applications, ¶ [0024] packetize the data and to include relevant information about the data packets and its context that would be used by the SSL proxy engine 118 to perform the required SSL processing on the data and send it out over the network,  ¶ [0030] the NIC 104 is configured to match and tag/identify (encrypted) packets coming in from the remote client device over the network for SSL processing by looking up a flow table…, the flow table 400 includes flow attributes field 402…, For packets that are identified for SSL processing, they are provided to the SSL proxy engine 118 via the TCP/IP connecting component 120 to perform the required SSL processing, ¶¶ [0017, 0036]), and
forward the identified at least one secure communication packet to the processor for processing (Manapragada: ¶ [0019] The NIC 104 and its software components are also configured to run a complete SSL stack on the NIC 104 to provide inline SSL processing for all of the secured connections, ¶ [0030] packets that are identified for SSL processing, they are provided to the SSL proxy engine 118 via the TCP/IP connecting component 120 to perform the required SSL processing before the decrypted data packets are being forwarded to the network socket handling module 112 on the host 102, ¶ [0034],¶ [0036]).
However, it is noted that Manapragada does not explicitly disclose:
identify at least one secure communication packet from the network packets received by the network interface by decapsulating a record header associated with an application layer payload of the network packets to determine whether the network packets have a legitimate secure communication protocol record header. 
However, Kumar et al. from the same field of endeavor as the claimed invention discloses protecting a network against a denial-of-service attack by inspecting application layer messages at a network element (Kumar: [Abstract]), assemble one or more of the data packets to determine application layer messages contained in the payload portions (Kumar: ¶ [0083]), an "application layer message" is a message that one application generates and sends toward another application. …, after the application layer message has been generated, the application layer message may be encapsulated according to one or more protocols such as HTTP, TCP, and IP. For example, an HTTP header (Kumar: ¶ [0084]), one or more data packets are received or intercepted at a network element. The data packets collectively contain an application layer message (Kumar: ¶ [0093], also see ¶ [0094]), packets, containing messages from clients to servers, are received…, Secure Sockets Layer (SSL) termination is performed on the packets if necessary (Kumar: ¶ [0111]), based on one or more information items indicated in the headers of the data packets, an application layer protocol that was used to transmit a message contained in the payload portions of the data packets  (hereinafter "the message") is determined (Kumar: ¶ [0118]), and protocol/access methods 810 include: TCP /SSL, HTTP/HTTPS, SOAP/HTTP (Kumar: ¶ [0207] also see ¶ [0244]).
 (Kumar: ¶ [0086], also see ¶¶ [0074, 0111]).
Regarding Claim 2,
Claim 2 is dependent on Claim 1, and the combination of Manapragada and Kumar discloses all the limitations of Claim 1. Manapragada further discloses wherein the OS software includes a network software stack and the processor is configured to execute the network software stack to process the at least one received network packet in the secure communication session (Manapragada: ¶ [0036] the SSL proxy engine 118 is implemented as a Linux user space application, which runs on a subset of cores of the NIC 104 that run Linux…, SSL proxy engine 118 is configured to use the TCP/IP stack of the Linux running on the NIC processor cores to establish the proxy connections on behalf of the applications 106 running on the host 102 that require SSL offloading,  ¶ [0034] SSL processing is performed and packets are decrypted by the SSL proxy engine 118. The decrypted plain packets are then pushed to host 102, ¶ [0019]).



Regarding Claim 3,
Claim 3 is dependent on Claim 2, and the combination of Manapragada and Kumar discloses all the limitations of Claim 2. Manapragada further discloses wherein the network software stack includes a Transmission Control Protocol/Internet Protocol (TCP/IP) software stack (Manapragada: ¶ [0036] SSL proxy engine 118 is configured to use the TCP/IP stack of the Linux running on the NIC processor cores, also see ¶ [0019]), and the processor is configured to execute the TCP/IP software stack to process the at least one received network packet and deliver the processed at least one network packet to the secure communication software stack (Manapragada: ¶ [0036] SSL proxy engine 118 is configured to use the TCP/IP stack of the Linux running on the NIC processor cores, ¶ [0030] packets that are identified for SSL processing, they are provided to the SSL proxy engine 118 via the TCP/IP connecting component 120 to perform the required SSL processing before the decrypted data packets are being forwarded to the network socket handling module 112 on the host 102,  ¶ [0019]). 

Regarding Claim 5,
Claim 5 is dependent on Claim 1, and the combination of Manapragada and Kumar discloses all the limitations of Claim 1. Manapragada further discloses wherein the network operation offloading engine is further configured to identify the at least one secure communication packet by inspecting a destination port of each network packet received by the network interface (Manapragada: ¶ [0030] the flow table 400 used for SSL processing lookup, wherein the flow table 400 includes flow attributes field 402 and destination field 404..., perform the required SSL processing before the decrypted data packets are being forwarded to the network socket handling module 112 on the host 102, ¶ [0034] decrypted plain packets are then pushed to host 102 with the appropriate connection identification information, also see ¶[0033]). 
Regarding Claim 8,
Claim 8 is dependent on Claim 2, and the combination of Manapragada and Kumar discloses all the limitations of Claim 2. Manapragada further discloses wherein the processor is configured to execute the network software stack to process handshaking packets during a handshaking process in the secure communication session (Manapragada: ¶ [0012] embedded networking device, in effect, acts as a proxy on behalf of applications running on the server and perform the SSL operations (e.g., handshake and record processing) for the connection established with the remote client device on behalf of the hosted applications, ¶ [0036] SSL proxy engine 118 is configured to use the TCP/IP stack of the Linux running on the NIC processor cores to establish the proxy connections on behalf of the applications 106 running on the host 102 that require SSL offloading). 
Regarding Claim 9,
Claim 9 is dependent on Claim 1, and the combination of Manapragada and Kumar discloses all the limitations of Claim 1. Manapragada further discloses wherein the secure communication software stack includes an Open Secure Sockets Layer (OpenSSL) software stack (Manapragada: ¶ [0012] SSL may use the existing OpenSSL and Linux TCP/IP stack and bypass the offload capabilities of the NIC 104 as the SSL accelerator (although the client applications can still use the NIC 104 as the network interface to connect to the network, ¶ [0026]). 



Regarding Claim 12,
Manapragada discloses a hardware computer peripheral card for performing secure communication operations (Manapragada: ¶ [0012] a Network Interface Card (NIC), which serves as a hardware accelerator for all applications running on the server that need to have a secure connection with a remote client device over a network), the hardware computer peripheral card comprising: a hardware connector configured to be coupled with a host system (Manapragada: ¶ [0017] the host 102 and the NIC 104 are configured to communicate with each other over a Peripheral Component Interconnect (PCI) bus, ¶ [0024]) and a System-on-Chip (SoC), comprising (Manapragada: ¶ [0017] System-on-Chip (SoC) chip comprising one or more of coprocessors), a network interface configured to receive network packets from a client device in a secure communication session (Manapragada: ¶ [0018] the NIC 104 is configured to service/perform SSL operations on network packet traffic offloaded from applications running on the host 102 that requires a secured connection with a remote client device over a network (not shown) following certain communication protocols such as TCP/IP protocol, ¶ [0012], ¶ [0019]) and discloses all the limitations of Claim 12, in combination with Kumar, as discussed in Claim 1. Therefore, Claim 12 is rejected using the same rationales as discussed in Claim 1.

Regarding Claim 14,
Manapragada discloses a method, conducted by a System-on-Chip (SoC) coupled to a host system, of performing secure communication operations (Manapragada: [Abstract] systems and methods to support a mechanism to offload all aspects of inline SSL processing of an application running on a server/host to an embedded networking device such as a Network Interface Card (NIC), ¶ [0017]), the method comprising: 
(Manapragada: ¶ [0017] System-on-Chip (SoC), ¶ [0030] the NIC 104 is configured to match and tag/identify ( encrypted) packets coming in from the remote client device over the network for SSL processing); 
determining whether the received network packet is a secure communication packet (Manapragada: ¶ [0018] the NIC 104 is configured to service/perform SSL operations on network packet traffic offloaded from applications,  ¶ [0030] the NIC 104 is configured to match and tag/identify (encrypted) packets coming in from the remote client device over the network for SSL processing by looking up a flow table…, the flow table 400 includes flow attributes field 402…, For packets that are identified for SSL processing, they are provided to the SSL proxy engine 118 via the TCP/IP connecting component 120 to perform the required SSL processing, ¶ [0024] packetize the data and to include relevant information about the data packets and its context that would be used by the SSL proxy engine 118 to perform the required SSL processing on the data and send it out over the network, ¶¶ [0017, 0036])) by decapsulating a record header associated with an application layer payload of the received network packet to determine whether the received network packet has a legitimate secure communication protocol record header; 
 in response to the determination that the network packet is a secure communication packet, sending the secure communication packet to a secure communication software stack executed on the SoC (Manapragada: ¶ [0030] For packets that are identified for SSL processing, they are provided to the SSL proxy engine 118 via the TCP/IP connecting component 120 to perform the required SSL processing, ¶ [0032] the SSL proxy engine 118 is a simple application running on top of the NIC driver firmware 116, which is configured to create a simple proxy
between the host application 106 and SSL stack (not shown) implemented on the NIC 104); and 
(Manapragada: [Abstract] a hardware accelerator for all applications running on the server that need to have a secure connection with a remote client device over a network, ¶ [0033] Once an SSL handshake is established with the remote client device, a successful notification is sent to the host 102 through, an API call, e.g., accept( ) call and connection related information is also passed to the host 102 at the same time, see also ¶ [0030], [0034]). 
However, it is noted that Manapragada does not explicitly disclose:
determining whether the received network packet is a secure communication packet by decapsulating a record header associated with an application layer payload of the received network packet to determine whether the received network packet has a legitimate secure communication protocol record header. 
However, Kumar et al. from the same field of endeavor as the claimed invention discloses protecting a network against a denial-of-service attack by inspecting application layer messages at a network element (Kumar: [Abstract]), assemble one or more of the data packets to determine application layer messages contained in the payload portions (Kumar: ¶ [0083]), an "application layer message" is a message that one application generates and sends toward another application. …, after the application layer message has been generated, the application layer message may be encapsulated according to one or more protocols such as HTTP, TCP, and IP. For example, an HTTP header (Kumar: ¶ [0084]), one or more data packets are received or intercepted at a network element. The data packets collectively contain an application layer message (Kumar: ¶ [0093], also see ¶ [0094]), packets, containing messages from clients to servers, are received…, Secure Sockets Layer (SSL) termination is performed on the packets if necessary (Kumar: ¶ [0111]), based on one (Kumar: ¶ [0118]), and protocol/access methods 810 include: TCP /SSL, HTTP/HTTPS, SOAP/HTTP (Kumar: ¶ [0207] also see ¶ [0244]).
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Kumar in the teachings of Manapragada. A person having ordinary skill in the art would have been motivated to do so because if the particular message satisfies any of the attack detection criteria in any of the attack detection criteria sets that are associated with the particular message classification, then the network element that made the determination takes a specified protective action, such as dropping all of the data packets that contain a portion of the message so that the packets do not reach the packets' destination (e.g., server application 112) (Kumar: ¶ [0086], also see ¶¶ [0074, 0111]).

Regarding Claim 15,
Claim 15 is dependent on Claim 14, and the combination of Manapragada and Kumar discloses all the limitations of Claim 14. Manapragada further discloses all the limitations of Claim 15 as discussed in Claim 5. Therefore, Claim 15 is rejected using the same rationales as in Claim 5.

Regarding Claim 17,
Claim 17 is dependent on Claim 14, and the combination of Manapragada and Kumar discloses all the limitations of Claim 14. Manapragada further discloses decrypting, by the secure communication engine, encrypted network packets received from the client device in the established secure communication session (Manapragada: ¶ [0034] the NIC 104 is configured to match and tag/identify (encrypted) packets coming in from the remote client device over the network for SSL processing, ¶ [0034] SSL processing is performed and packets are decrypted by the SSL proxy engine 118. The decrypted plain packets are then pushed to host 102 with the appropriate connection identification information); and 
sending the decrypted network packets to the host system (Manapragada: ¶ [0034] SSL processing is performed and packets are decrypted by the SSL proxy engine 118. The decrypted plain packets are then pushed to host 102 with the appropriate connection identification information). 

Regarding Claim 20,
Manapragada discloses a method, conducted by a System-on-Chip (SoC) coupled to a host system, of performing secure communication operations (Manapragada: [Abstract] systems and methods to support a mechanism to offload all aspects of inline SSL processing of an application running on a server/host to an embedded networking device such as a Network Interface Card (NIC), ¶ [0017]), the method comprising:
receiving, by a network interface of the SoC, a network packet from a client device (Manapragada: ¶ [0017] System-on-Chip (SoC), ¶ [0030] the NIC 104 is configured to match and tag/identify ( encrypted) packets coming in from the remote client device over the network for SSL processing); 
determining whether the received network packet is a secure communication packet (Manapragada: ¶ [0018] the NIC 104 is configured to service/perform SSL operations on network packet traffic offloaded from applications, ¶ [0024] packetize the data and to include relevant information about the data packets and its context that would be used by the SSL proxy engine 118 to perform the required SSL processing on the data and send it out over the network, ¶ [0030] the NIC 104 is configured to match and tag/identify (encrypted) packets coming in from the remote client device over the network for SSL processing by looking up a flow table…, the flow table 400 includes flow attributes field 402…, For packets that are identified for SSL processing, they are provided to the SSL proxy engine 118 via the TCP/IP connecting component 120 to perform the required SSL processing, ¶¶ [0017, 0036]) by decapsulating a record header associated with an application layer payload of the received network packet to determine whether the received network packet has a legitimate secure communication protocol record header;
in response to the determination that the received network packet is a secure communication packet, sending the secure communication packet to a secure communication software stack executed on the SoC (Manapragada: ¶ [0030] For packets that are identified for SSL processing, they are provided to the SSL proxy engine 118 via the TCP/IP connecting component 120 to perform the required SSL processing, ¶ [0032] the SSL proxy engine 118 is a simple application running on top of the NIC driver firmware 116, which is configured to create a simple proxy between the host application 106 and SSL stack (not shown) implemented on the NIC 104); 
forwarding, by the secure communication software stack, one or more parameters associated with the secure communication packet to a secure communication engine of the SoC (Manapragada: ¶ [0024] send the data packets to the SSL proxy engine 118 running on the NIC 104 for inline SSL processing. The socket handling module 112 is configured to packetize the data and to include relevant information about the data packets and its context that would be used by the SSL proxy engine 118 to perform the required SSL processing on the data, ¶ [0019] NIC 104 and its software components are also configured to run a complete SSL stack on the NIC 104 to provide inline SSL processing for all of the secured connections); 
 (Manapragada: ¶ [0034] the NIC 104 is configured to match and tag/identify (encrypted) packets coming in from the remote client device over the network for SSL processing, ¶ [0034] SSL processing is performed and packets are decrypted by the SSL proxy engine 118. The decrypted plain packets are then pushed to host 102 with the appropriate connection identification information, ¶ [0033] selection of a cipher suite for the encryption/decryption can be controlled by the SSL proxy engine 118 via a socket option and certificates required for SSL processing can be placed to the NIC driver firmware 116 or be pushed through another socket option); and 
sending the decrypted network packet to the host computer via a peripheral interface (Manapragada: ¶ [0034] SSL processing is performed and packets are decrypted by the SSL proxy engine 118. The decrypted plain packets are then pushed to host 102 with the appropriate connection identification information, ¶ [0017] the host 102 and the NIC 104 are configured to communicate with each other over a Peripheral Component Interconnect (PCI) bus). 
However, it is noted that Manapragada does not explicitly disclose:
determining whether the received network packet is a secure communication packet by decapsulating a record header associated with an application layer payload of the received network packet to determine whether the received network packet has a legitimate secure communication protocol record header. 
However, Kumar et al. from the same field of endeavor as the claimed invention discloses protecting a network against a denial-of-service attack by inspecting application layer messages at a network element (Kumar: [Abstract]), assemble one or more of the data packets to determine (Kumar: ¶ [0083]), an "application layer message" is a message that one application generates and sends toward another application. …, after the application layer message has been generated, the application layer message may be encapsulated according to one or more protocols such as HTTP, TCP, and IP. For example, an HTTP header (Kumar: ¶ [0084]), one or more data packets are received or intercepted at a network element. The data packets collectively contain an application layer message (Kumar: ¶ [0093], also see ¶ [0094]), packets, containing messages from clients to servers, are received…, Secure Sockets Layer (SSL) termination is performed on the packets if necessary (Kumar: ¶ [0111]), based on one or more information items indicated in the headers of the data packets, an application layer protocol that was used to transmit a message contained in the payload portions of the data packets  (hereinafter "the message") is determined (Kumar: ¶ [0118]), and protocol/access methods 810 include: TCP /SSL, HTTP/HTTPS, SOAP/HTTP (Kumar: ¶ [0207] also see ¶ [0244]).
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Kumar in the teachings of Manapragada. A person having ordinary skill in the art would have been motivated to do so because if the particular message satisfies any of the attack detection criteria in any of the attack detection criteria sets that are associated with the particular message classification, then the network element that made the determination takes a specified protective action, such as dropping all of the data packets that contain a portion of the message so that the packets do not reach the packets' destination (e.g., server application 112) (Kumar: ¶ [0086], also see ¶¶ [0074, 0111]).

9.	Claims 10, 13 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Manapragada et al. (US 2016/0352870 A1, hereinafter Manapragada) in view of Kumar et al. (US Kumar) and further in view of Manapragada et al. (US 2017/0063808 A1, hereinafter Manapragada ‘808). 
Regarding Claim 10,
Claim 10 is dependent on Claim 1, and the combination of Manapragada and Kumar discloses all the limitations of Claim 1. Manapragada further discloses wherein the peripheral interface includes a Peripheral Component Interconnect Express (PCIe) interface (Manapragada: ¶ [0034] SSL processing is performed and packets are decrypted by the SSL proxy engine 118. The decrypted plain packets are then pushed to host 102, ¶ [0017] the host 102 and the NIC 104 are configured to communicate with each other over a Peripheral Component Interconnect (PCI) bus, also see Fig. 1 – PCI, ¶ [0024]). 
However, it is noted that the combination of Manapragada and Kumar does not explicitly disclose wherein the peripheral interface includes a Peripheral Component Interconnect Express (PCIe) interface. 
However, Manapragada et al. (Manapragada ‘808) from the same field of endeavor as the claimed invention discloses systems and methods to support a mechanism to offload IPSec/IKE processing of virtual machines (VMs) running on a host to an embedded networking device (Manapragada ‘808: [Abstract]), the embedded networking device (or hardware accelerator) is a network interface card (NIC), which may include a multi-core network data packet processing engine to support flexible packet processing (Manapragada ‘808: ¶ [0013]), and the host 102 and the NIC 104 are configured to communicate with each other over a communication interface (not shown) such as a high-speed Peripheral Component Interconnect Express (PCIe) (Manapragada ‘808: ¶ [0016], also see ¶¶ [0018~0019]).
(Manapragada ‘808: ¶ [0016]).

Regarding Claim 13,
Claim 13 is dependent on Claim 12, and the combination of Manapragada and Kumar discloses all the limitations of Claim 12. The combination of Manapragada, Kumar and Manapragada ‘808 discloses all the limitations of Claim 13 as discussed in Claim 10. Therefore, Claim 13 is rejected using the same rationales as in Claim 10.

Regarding Claim 18,
Claim 18 is dependent on Claim 17, and the combination of Manapragada and Kumar discloses all the limitations of Claim 17. The combination of Manapragada, Kumar and Manapragada ‘808 discloses all the limitations of Claim 17 as discussed in Claim 10. Therefore, Claim 18 is rejected using the same rationales as in Claim 10.

10.	Claims 11 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Manapragada et al. (US 2016/0352870 A1, hereinafter Manapragada) in view of Kumar et al. (US 2006/0123479 A1, hereinafter Kumar), and further in view of Araujo et al. (US 2005/0251856A1, hereinafter Araujo). 

Regarding Claim 11,
Claim 11 is dependent on Claim 1, and the combination of Manapragada and Kumar discloses all the limitations of Claim 1. However, it is noted the combination of Manapragada and Kumar does not explicitly disclose wherein the secure communication engine includes at least one of an RSA cipher, an Elliptic Curve (EC) cipher, or an Advanced Encryption Standard (AES) cipher. 
However, Araujo et al. from the same field of endeavor as the claimed invention discloses SSL tunneling system permits fat clients to access the private network through an SSL connection (Araujo: [Abstract]), server-proxy 1110 includes control entity 1130, Point-to-Point Protocol (PPP) module 1135, Secure Sockets Layer (SSL) module 1140 (Araujo: ¶ [0231]), and SSL module 1140 provides a secure tunnel by using SSL to encrypt traffic between the client and the VPN server. In some embodiments, SSL module 1140 uses an OpenSSL…, SSL library may support RC4, DES, and 3DES for the symmetric cipher; MD5 and SHA1 for the digest; and RSA, DSA, and DH for the public key cipher (Araujo: ¶ [0234]).
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Araujo in the combined the teachings of Manapragada and Kumar. A person having ordinary skill in the art would have been motivated to do so because to reduce the overall size of the SSL module, the SSL libraries are recompiled without some encryption algorithms (Araujo: ¶ [0234]) and further security can be provided to multiple network realms that uses different types of encryption algorithms.

Regarding Claim 19,
Claim 19 is dependent on Claim 14, and the combination of Manapragada and Kumar discloses all the limitations of Claim 14. The combination of Manapragada, Kumar and Araujo .


Conclusion
11.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
US-6725371-B1
US-20080022094-A1
US-20100131750-A1
US-20140165196-A1
US-2015/0113264 A1
f.	US 2011/0208867 A1

THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jung W. Kim can be reached on 571-272-3804.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/SAMEERA WICKRAMASURIYA/
Examiner, Art Unit 2494
/ROBERT B LEUNG/Primary Examiner, Art Unit 2494                                                                                                                                                                                                        1-29-2021