DETAILED ACTION
This Office Action is in response to the Amendment filed on 01/04/2021
Claims 1, 2, 5, 9, 13, and 14 have been amended.
Claims 1-20 are pending in the application.

Response to Arguments
Applicant's arguments filed on 01/04/2021 have been fully considered but they are not persuasive.

On page 13 of Amendment’s Remarks, Applicant appears to argue that Buruganahalli, does not teach accessing, by a private network server within a private network, at least a portion of source node content within the private network before the source node content exits the private network via a source node, wherein the source node content is indicative of an attempt to initiate a secure connection between the source node and a destination node external to the private network; responsive to the accessing at least the portion of the source node content, performing a security threat assessment of the destination node based on the source node content, wherein the security threat assessment comprises accessing, by the private network server, the destination node: determining whether to permit the secure connection between the source node and the destination node based on the security threat assessment comprising the accessing, by the private network server, of the destination node; and responsive to determining to permit the secure connection between the source node and the destination node, communicating the source node 
This argument is unpersuasive because Buruganahalli discloses accessing, by a private network server (Fig. 2 and 4, security device 202/402 including firewall 412) within a private network (col. 5, lines 44-45, protected network 210/420), at least a portion of source node content (hostname/destination domain/URL) within the private network before the source node content exits the private network via a source node (Fig. 2 and 4, client) (claim 1, the security device extracts a destination domain from the request and col. 7, lines 25-35, applying a security policy based on the destination domain to filter traffic at a security device between a client and a remote server. For example, the security policy can include a malware detection policy, a whitelist/blacklist policy, and/or a uniform resource locator (URL)/category filtering policy), 
wherein the source node content is indicative of an attempt to initiate a secure connection between the source node and a destination node (Fig. 2 and 4, remote servers 216-220/408) external to the private network (col. 4, lines 63-67, SNI is an extension to the TLS protocol that indicates what hostname (e.g., destination domain) that the client is attempting to connect to at the start of the handshaking process for setting a secure TLS communication channel/session between a client and a remote server); 
responsive to the accessing at least the portion of the source node content (claim 1, the security device extracts a destination domain from the request), 

	wherein the security threat assessment comprises accessing, by the private network server, the destination node (claim 1, security device extracts a domain identified in the public certificate sent from the remote server and applies a security policy based on the destination domain to filter traffic in the event that destination domain matches the domain identified in the public certificate, and Fig. 8 and claim 9, the security device intercepts a request from client and sends a request to establish the encrypted session on behalf of the client to the remote server…. block the session traffic using the security device if a violation of a first firewall policy is determined based on the firewall policy, and col. 7, lines 25-36, the security/firewall policy can include a malware detection policy, whitelist/blacklist policy, and URL/category filtering policy; and 
determining whether to permit the secure connection between the source node and the destination node based on the security threat assessment comprising the accessing of the destination node (col. 6, lines 2-26, determine whether a new session using a secure protocol should be initially allowed based on a policy and Fig. 8, claim 9, the security device sending a request to establish the encrypted session on behalf of the client to the remote server…monitoring decrypted session traffic between the client and the remote server over the tunnel based on one or more firewall policies, and blocking the session traffic using the security device if a violation of a first firewall policy is determined based on a firewall policy for verifying that the extracted destination domain matches the domain associated with the URL for the session); and responsive to determining to permit the secure connection between the source node and the destination node, communicating the source node content indicative of an attempt to initiate a secure connection between the source node and a destination node, via the secure connection to the destination node (col. 5, lines 58-67, Bob who is a user (e.g., an employee) of ACME Company may attempt to logon using a web browser executing on his desktop office computer to a remote server that is associated with the online banking site (e.g., web site) of Banking Corporation. If the firewall policy of ACME Company has white listed the domain associated with the Banking Corporation as a trusted domain, then Bob's connection (e.g., an SSL/TLS session) with the web site for the Banking Corporation can be allowed).
	For at least the above reasons, the rejection is maintained.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.


(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.


Claims 1-5, 7, 9-17, and 19 are rejected under 35 U.S.C. 102(a)(1) and/or 102(a)(2) as being anticipated by Buruganahalli et al. (US Patent No. 9,419,942 B1) hereinafter Buruganahalli.

Regarding Claim 1, Buruganahalli discloses a method comprising: 
accessing, by a private network server (Fig. 2 and 4, security device 202/402 including firewall 412) within a private network (col. 5, lines 44-45, protected network 210/420), at least a portion of source node content (hostname/destination domain/URL) within the private network before the source node content exits the private network via a source node (Fig. 2 and 4, client) (claim 1, the security device extracts a destination domain from the request and col. 7, lines 25-35, applying a security policy based on the destination domain to filter traffic at a security device between a client and a remote server. For example, the security policy can include a malware detection policy, a 
wherein the source node content is indicative of an attempt to initiate a secure connection between the source node and a destination node (Fig. 2 and 4, remote servers 216-220/408) external to the private network (col. 4, lines 63-67, SNI is an extension to the TLS protocol that indicates what hostname (e.g., destination domain) that the client is attempting to connect to at the start of the handshaking process for setting a secure TLS communication channel/session between a client and a remote server); 
responsive to the accessing at least the portion of the source node content (claim 1, the security device extracts a destination domain from the request), 
performing a security threat assessment of the destination node based on the source node content (claim 1, in the event that the destination domain matches the domain identified in the public certificate sent from the remote server, apply a security policy based on the destination domain to filter traffic at the security device; and col. 7, lines 55-62 and col. 14, lines 55-62, applying a security policy based on the destination domain to filter traffic using a security device to verify that the destination domain name extracted from a server name indication matches the domain associated with a uniform resource locator (URL) for a session associated with the network communications between the client and the remote server, and col. 9, line 65 – col. 10, line 10, firewall policies can be applied to the monitored network traffic using application identification, user identification, and/or other information to match signatures (e.g., file-based, 
	wherein the security threat assessment comprises accessing, by the private network server, the destination node (claim 1, security device extracts a domain identified in the public certificate sent from the remote server and applies a security policy based on the destination domain to filter traffic in the event that destination domain matches the domain identified in the public certificate, and Fig. 8 and claim 9, the security device intercepts a request from client and sends a request to establish the encrypted session on behalf of the client to the remote server…. block the session traffic using the security device if a violation of a first firewall policy is determined based on the firewall policy, and col. 7, lines 25-36, the security/firewall policy can include a malware detection policy, whitelist/blacklist policy, and URL/category filtering policy; and col. 9, line 65 – col. 10, lines 10 and col. 12, lines 1-33, traffic (any data) coming from the server is inspected by the security device to detect malware or suspicious behavior);
determining whether to permit the secure connection between the source node and the destination node based on the security threat assessment comprising the accessing of the destination node (col. 6, lines 2-26, determine whether a new session using a secure protocol should be initially allowed based on a policy and Fig. 8, claim 9, the security device sending a request to establish the encrypted session on behalf of the client to the remote server…monitoring decrypted session traffic between the client and the remote server over the tunnel based on one or more firewall policies, and blocking the session traffic using the security device if a violation of a first firewall policy is determined based on a firewall policy for verifying that the extracted destination 

Regarding Claims 9 and 13, Buruganahalli discloses a computing device and medium (Fig. 4, security device 402) comprising:
 one or more processors (Fig. 5, CPU 502 and/or FPGA 508); and 
memory (Fig. 5, RAM 504 and/or storage 510) comprising instructions that, when executed by the one or more processors (col. a processor configured to execute instructions stored on and/or provided by a memory coupled to the processor), perform operation comprising:
accessing, by a private network server (Fig. 2 and 4, security device 202/402 including firewall 412) within a private network (col. 5, lines 44-45, protected network 210/420), at least a portion of source node content (hostname/destination domain/URL) within the private network before the source node content exits the private network via a 
wherein the source node content is indicative of an attempt to initiate a secure connection between the source node and a destination node (Fig. 2 and 4, remote servers 216-220/408) external to the private network (col. 4, lines 63-67, SNI is an extension to the TLS protocol that indicates what hostname (e.g., destination domain) that the client is attempting to connect to at the start of the handshaking process for setting a secure TLS communication channel/session between a client and a remote server); 
responsive to the accessing at least the portion of the source node content (claim 1, the security device extracts a destination domain from the request), 
performing a security threat assessment of the destination node based on the source node content (claim 1, in the event that the destination domain matches the domain identified in the public certificate sent from the remote server, apply a security policy based on the destination domain to filter traffic at the security device; and col. 7, lines 55-62 and col. 14, lines 55-62, applying a security policy based on the destination domain to filter traffic using a security device to verify that the destination domain name extracted from a server name indication matches the domain associated with a uniform resource locator (URL) for a session associated with the network communications 
	wherein the security threat assessment comprises accessing, by the private network server, the destination node (claim 1, security device extracts a domain identified in the public certificate sent from the remote server and applies a security policy based on the destination domain to filter traffic in the event that destination domain matches the domain identified in the public certificate, and Fig. 8 and claim 9, the security device intercepts a request from client and sends a request to establish the encrypted session on behalf of the client to the remote server…. block the session traffic using the security device if a violation of a first firewall policy is determined based on the firewall policy, and col. 7, lines 25-36, the security/firewall policy can include a malware detection policy, whitelist/blacklist policy, and URL/category filtering policy; and col. 9, line 65 – col. 10, lines 10 and col. 12, lines 1-33, traffic (any data) coming from the server is inspected by the security device to detect malware or suspicious behavior);
determining whether to permit the secure connection between the source node and the destination node based on the security threat assessment comprising the accessing of the destination node (col. 6, lines 2-26, determine whether a new session using a secure protocol should be initially allowed based on a policy and Fig. 8, claim 9, the security device sending a request to establish the encrypted session on behalf of the client to the remote server…monitoring decrypted session traffic between the client 

Regarding Claim 2, Buruganahalli discloses the method of claim 1 comprising:
accessing, by a private network server (Fig. 2 and 4, security device 202/402 including firewall 412) within a private network (col. 5, lines 44-45, protected network 210/420), at least a second portion of source node content (hostname/destination domain/URL) within the private network before the second source node content exits the private network via a second source node (Fig. 2 and 4, clients 204-208/404A-C) (col 7, lines 25-35), wherein the second source node content is indicative of a second attempt to initiate a second secure connection between the second source node and a second destination node (Fig. 2 and 4, remote servers 216-220/408) external to the private network (col. 4, lines 63-67); responsive to the accessing at least the portion of the second source node content, performing a second security threat assessment of the second destination node based on the second source node content (col. 14, lines 55-62) wherein the second security threat assessment comprises accessing, by the private network server, the destination node (col. 7, lines 25-36 and col. 9, line 65 – col. 10, lines 10); determining whether to permit the second secure connection between the second source node and the second destination node based on the second security threat assessment comprising the accessing, by the private network server, of the second destination (Fig. 8 and col. 6, lines 2-5); and responsive to determining to not 

Regarding Claims 3 and 15, Buruganahalli discloses the method of claim 1, the secure connection comprising a Transport Layer Security TLS connection (abstract and col. 5, lines 65-67, TLS). 

Regarding Claims 4, 12, and 16, Buruganahalli discloses the method of claim 1, the secure connection comprising a Secure Sockets Layer SSL connection (abstract and col. 5, lines 65-67, SSL). 

Regarding Claim 5, Buruganahalli discloses the method of claim 1, wherein the security threat assessment comprises receiving, by the private network server, content from destination node after accessing, by the private network server, the destination node (col. 12, lines 1-33, traffic (any data) coming from the server is inspected by the security device) and the determining whether to permit the secure connection between the source node and the destination node based on the content received by private network from the destination node (col. 6, lines 2-5, determine whether a new session using a secure protocol should be initially allowed based on a policy and col. 12, lines 1-33, traffic (any data) coming from the server is inspected by the security device and col. 

Regarding Claims 7 and 19, Buruganahalli discloses the method of claim 1, the accessing performed based on a network policy (abstract, col. 2, lines 54-64). 

Regarding Claims 10, Buruganahalli discloses the method of claim 9, the operations comprising: responsive to determining to permit the secure connection between the source node and the destination node, communicating the source node content via the secure connection to the destination node (col. 5, lines 58-67). 

Regarding Claim 11, Buruganahalli discloses the method of claim 9, the operations comprising: responsive to determining to not permit the secure connection between the source node and the destination node, preventing communications of the source node content to the destination node (col. 15, lines 10-19).

Regarding Claim 14, Buruganahalli discloses the medium of claim 13 comprising:
accessing, by a private network server (Fig. 2 and 4, security device 202/402 including firewall 412) within a private network (col. 5, lines 44-45, protected network 210/420), at least a second portion of source node content (hostname/destination domain/URL) within the private network before the second source node content exits 
responsive to the accessing at least the portion of the source node content (col. 7, lines 25-35), performing a second security threat assessment of the second destination node based on the second source node content (col. 14, lines 55-62); determining whether to permit the second secure connection between the second source node and the second destination node based on the second security threat assessment (col. 6, lines 2-5).

Regarding Claim 17, Buruganahalli discloses the method of claim 1, the source node comprising a computing device including executable instructions for a browser (col. 5, lines 58-60). 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 6, 8, 18, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Buruganahalli as applied to claims 1 and 13 above, and further in view of Brinskelle (US Patent No. 8,856,869 B1) hereinafter Brinskelle.

Regarding Claims 6 and 18, Buruganahalli discloses the method of claims 1 and 13 above, but does not explicitly disclose the private network server separate from the secure connection between the source node and the destination node. However, Brinskelle discloses the private network server (Fig. 22, security agent 105-2) separate from the secure connection (VPN 127) between the source node (Fig. 22, client 100) and the destination node (Fig. 22, VPN server 128). Therefore, it would have been obvious to one of ordinary skill in the art before effective filing date of claimed invention to modify the teachings of Buruganahalli to include the private network server separate from the secure connection between the source node and the destination node as taught by Brinskelle in order to protect the VPN server from unintentionally releasing intranet cookies (Brinskelle, col. 89, lines 5-10).

Regarding Claims 8 and 20, Buruganahalli discloses the method of claims 1 and 13 above, but does not explicitly disclose providing a notice communication to the source node. However, Brinskelle discloses providing a notice communication to the source node (col. 14, lines 25-28, the security agent may take action to inform a user of the potential improper HTTP cookie usage). Therefore, it would have been obvious to one of ordinary skill in the art before effective filing date of claimed invention to modify the teachings of Buruganahalli to include providing a notice communication to the .

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure (see PTO-892).
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to BAOTRAN N TO whose telephone number is (571)272-8156.  The examiner can normally be reached on M-F: 7-3.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



	/BAOTRAN N TO/           Primary Examiner, Art Unit 2435