Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
FINAL ACTION
This action is in response to amendment submitted on 11/13/2020. Claims 1, 2, 3, 10, 11, 12, 19 and 20 are amended. Claims 1-20 are pending. 
Response to Arguments
Examiner’s Remarks – Specification 
The examiner withdraws the objection to applicant’s specification in view of applicant’s new title. 
Examiner’s Remarks - 35 USC § 101 (CRM)
The examiner withdraws the rejection made under 35 USC § 101 in view of applicant’s amendment.
Examiner’s Remarks - 35 USC § 101 (Alice) 
The examiner withdraws the rejection made under 35 USC § 101 in view of applicant’s amendment.
Examiner’s Remarks - 35 USC § 103 
The examiner notes that the applicant has amended each independent claim to further narrow their scope. As such the examiner introduces the teachings of prior art reference Barkie et al. (US Patent 
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-7, 10-16 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Wei et al. (US Patent No. 8,892,766 and Wei hereinafter (cited from IDS 7/30/2018)) in view of Barkie et al. (US Patent Publication No. 2014/0201814 and Barkie hereinafter).

As to claims 1, 10 and 19, Wei teaches a system for performing split tunneling based on content type, comprising: 
a processor of a data appliance configured to:monitor session traffic received at the data appliance (i.e., …teaches as part of his claim 1 the following: “receiving a first network traffic; identifying a first originating application program that originated the first network traffic…illustrates in figure 2 a processor system for the monitoring); 
determine if the session traffic is associated with a first content type (i.e., …teaches as part of his claim 1 the following: “receiving a first network traffic; identifying a first originating application program that originated the first network traffic; determining whether or not to redirect the first network traffic to a cloud security service based on a characteristic of the first originating application program”.); 

and a memory coupled to the processor and configured to provide the processor with instructions (i.e.,. .illustrates in figure 1 memory and processor coupled together).
 
The system of Wei does not expressly teach: 
wherein the session traffic redirect is based on the security policy to perform split tunneling,
 and wherein the split tunneling is based on different content types based on the security policy to reduce bandwidth and computing resources used for performing security inspection of network traffic associated with video network traffic or audio network traffic.
In this instance the examiner notes the teaching of prior reference Barkie.
With regards to applicant’s claim limitation element of, “wherein the session traffic redirect is based on the security policy to perform split tunneling”, Barkie teaches in paragraph 0033 the following: “Moreover, for virtual private network connections, a connection rule can specify a VPN split tunneling connection or a VPN full tunneling connection, whereby if a client is logged into a corporate VPN, for example, all traffic will pass through the corporate VPN (full tunneling) or certain specified traffic will not pass through the corporate VPN but go directly to a destination node ( split tunneling).”. 
With regards to applicant’s claim limitation element of, “and wherein the split tunneling is based on different content types based on the security policy to reduce bandwidth and computing resources used for performing security inspection of network traffic associated with video network traffic or audio network traffic”, Barkie teaches in paragraph 0033 the following: “Other connection rules may be included which specify bandwidth constraints where one type of user may not obtain as much network bandwidth as another type of user based on priority, etc., or inactivity idle timeouts which specify that 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Wei with the teachings of Barkie by including the feature of session flow analysis. Utilizing session flow analysis as taught by Barkie above allows a system to provide comprehensive packet analysis and therefore provides the motivation in this instance to combine the references. The examiner contends that by combining the references, Wei's system will obtain the capability to provide enhanced data flow analysis.

As to claims 2, 11 and 20, Wei teaches a system recited in claim 1, wherein the data appliance comprises a security appliance that includes a VPN client (i.e., …teaches in column 3 lines 30-35 the following: “an additional VPN client application.”.).

As to claims 3 and 12, Wei teaches a system recited in claim 1, wherein the data appliance comprises a gateway that includes a VPN client (i.e., …teaches in column 3 lines 30-35 the following: “an additional VPN client application.”.).

As to claims 4 and 13, Wei teaches a system recited in claim 1, wherein the session traffic is initially routed through a is tunnel (i.e., …teaches in column 8 lines 35-45 the following: “routes the 

As to claims 5 and 14, Wei teaches a system recited in claim 1, wherein the session traffic is initially routed through a tunnel (See figure 2…VPN tunnel), and the session traffic is redirected outside of the tunnel (i.e., …teaches in column 3 lines 60-67 and column 4, lines 1-10the following: “In the example of FIG. 2, the endpoint computer 212 may send network traffic to the cloud security server 214 through a VPN tunnel (e.g., FIG. 4, VPN tunnel 406) over the Internet. In one embodiment, the endpoint computer 212 redirects network traffic to the cloud security server 214 based on the application program ("application") that originated the network traffic. As a particular example, the endpoint computer 212 may be configured to redirect network traffic of some applications to the cloud security server 214 by way of the VPN tunnel (see arrow 204). For other applications, the endpoint computer 212 may be configured to bypass in-the-cloud scanning and send the other applications' network traffic directly to its destination (see arrow 205).” The examiner notes that in accordance to figure 2, the redirected traffic goes outside the VPN channel over the internet to the cloud security server.). 

As to claims 6 and 15, Wei teaches a system recited in claim 1, wherein the session traffic is initially routed through a Virtual Private Network (VPN) tunnel (See figure 2…VPN tunnel).

As to claims 7 and 16, Wei teaches a system recited in claim 1, wherein the session traffic is initially routed through a Virtual Private Network (VPN) tunnel , Wei teaches a, and the session traffic is redirected outside of the VPN tunnel (i.e., …teaches in column 3 lines 60-67 and column 4, lines 1-10the following: “In the example of FIG. 2, the endpoint computer 212 may send network traffic to the cloud security server 214 through a VPN tunnel (e.g., FIG. 4, VPN tunnel 406) over the Internet. In one .

Claims 8, 9, 17 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Wei in view of Barkie as applied to claim 1 above and further in view of Leung et al. (US Patent No. 8,973,088 and Leung hereinafter (cited from IDS 7/30/2018)).

As to claims 8 and 17, the system of Wei and Barkie teaches traffic monitoring however neither reference expressly teaches a system recited in claim 1, wherein the session traffic is encrypted, and wherein the processor is further configured to: decrypt the session traffic.
In this instance the examiner notes the teachings of prior art reference Leung. 
Leung teaches in column 7 lines 35-40 the following: “If the monitored traffic is encrypted (e.g., encrypted using SSL, SSH, or another known encryption protocol), then the monitored traffic can be decrypted using a decrypt engine 110. A known protocol decoder engine 112 decodes and analyzes traffic flows using known protocols (e.g., applying various signatures for the known protocol) and reports the monitored traffic analysis to a report and enforce policy engine”.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Wei and Barkie with the teachings of Leung by 

As to claims 9 and 18, the system of Wei and Barkie teaches traffic monitoring however neither reference expressly teaches a system recited in claim 1, wherein the session traffic is encrypted, and wherein the processor is further configured to: decrypt the session traffic; and decode the session traffic.
In this instance the examiner notes the teachings of prior art reference Leung. 
Leung teaches in column 7 lines 35-40 the following: “If the monitored traffic is encrypted (e.g., encrypted using SSL, SSH, or another known encryption protocol), then the monitored traffic can be decrypted using a decrypt engine 110. A known protocol decoder engine 112 decodes and analyzes traffic flows using known protocols (e.g., applying various signatures for the known protocol) and reports the monitored traffic analysis to a report and enforce policy engine”.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Wei and Barkie with the teachings of Leung by including the feature of packet security. Utilizing packet security as taught by Leung above allows a system to provide comprehensive packet handling and therefore provides the motivation in this instance to combine the references. The examiner contends that by combining the references, the system of Wei and Barkie will obtain the capability to provide enhanced network security.
Conclusion
THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRYAN F WRIGHT whose telephone number is (571)270-3826.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw can be reached on (571)272-3867.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.


/BRYAN F WRIGHT/Examiner, Art Unit 2497