DETAILED ACTION
	The instant application having Application No. 16/230,806 filed on 12/21/2018 is presented for examination by the Examiner.
	Authorization for this Examiner’s Amendment was given by the attorney of record, Mr. William E. Jacklin on 03/05/2021.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

			EXAMINER’S AMENDMENTS
             Amend claims 1, 4-54 and add claims 55-66 as follow:

Claim 1:
	A non-transitory computer readable medium comprising computer readable instructions which, when executed, cause at least one processor implementing a first network security platform to at least: 	determine a platform selection value based on a first parameter value in a first message from a client and a second parameter value in a second message from a server, the first and second messages associated with establishment of an encrypted network traffic flow between the client and the server;  	identify a selected one of a cluster of network security platforms when the selected one of the cluster of network security platforms identified by the platform selection value is not the first network security platform:
send a query to the selected one of the cluster of network security platforms identified by the platform selection value; and 	access a response from the selected one of the cluster of network security platforms, the response including a cryptographic session key associated with the encrypted network traffic flow; and
analyze network traffic associated with the encrypted network traffic flow based on the cryptographic session key.

Claim 4:	(Cancelled)  
Claim 5:
	The non-transitory computer readable medium of claim 1, wherein the query includes the first parameter value and the second parameter value.




	The non-transitory computer readable medium of claim 1, wherein the computer readable instructions, when executed, further cause the at least one processor to: 	buffer a third message from the server to the client until at least the response including the cryptographic session key is received from the selected one of the cluster of network security platforms;
	pass the third message to the client in response to receipt of the response including the cryptographic session key; and 	generate an error message in response to an elapse of a timeout period without receipt of the response including the cryptographic session key from the selected one of the cluster of network security platforms.

Claim 7:
	The non-transitory computer readable medium of claim 6, wherein the computer readable instructions, when executed, further cause the at least one processor to: 	buffer a fourth message from the client to the server until at least the response including the cryptographic session key is received from the selected one of the cluster of network security platforms, the fourth message received at the first network security platform before the third message from the server to the client is received; and 	

Claims: 8-54	(Cancelled)  
Claim 55:
	A first network security platform comprising:
	a platform selector to determine a platform selection value based on a first parameter value in a first message from a client and a second parameter value in a second message from a server, the first and second messages associated with establishment of an encrypted network traffic flow between the client and the server; 	a key retriever to: 
identify a selected one of a cluster of network security platforms based on the platform selection value, the first network security platform included in the cluster of network security platforms; and 	when the selected one of the cluster of network security platforms identified by the platform selection value is not the first network security platform:
send a query to the selected one of the cluster of network security platforms identified by the platform selection value; and 	access a response from the selected one of the cluster of network security platforms, the response including a cryptographic session key associated with the encrypted network traffic flow; and
a traffic analyzer to analyze network traffic associated with the encrypted network traffic flow based on the cryptographic session key; wherein at least one of the platform selector, the key retriever or the traffic analyzer is implemented by hardware or at least a computer processor.  

Claim 56:
	The first network security platform of claim 55, wherein the first message is a first hello message sent by the client to establish the encrypted network traffic flow between the client and the server, the first parameter value is a first random number included in the first hello message, the second message is a second hello message sent by the server in response to the first hello message, and the second parameter value is a second random number included in the second hello message.

Claim 57:
	The first network security platform of claim 56, wherein the platform selector is to: 	hash the first random number and the second random number to determine a hash value; and
	process the hash value with a modulo operation based on a number of network security platforms included in the cluster to determine the platform selection value.
Claim 58:
	The first network security platform of claim 55, wherein the query includes the first parameter value and the second parameter value.

Claim 59:
	The first network security platform of claim 55, wherein the traffic analyzer is to: 	buffer a third message from the server to the client until at least the response including the cryptographic session key is received from the selected one of the cluster of network security platforms; 	pass the third message to the client in response to receipt of the response including the cryptographic session key; and 	generate an error message in response to an elapse of a timeout period without receipt of the response including the cryptographic session key from the selected one of the cluster of network security platforms.



	The first network security platform of claim 59, wherein the traffic analyzer is to: 	buffer a fourth message from the client to the server until at least the response including the cryptographic session key is received from the selected one of the cluster of network security platforms, the fourth message received at the first network security platform before the third message from the server to the client is received; and 	generate the error message in response to unsuccessful validation of the fourth message based on the cryptographic session key.

Claim 61:
	A method comprising: 	determining, by executing an instruction with at least one processor of a first network security platform, a platform selection value based on a first parameter value in a first message from a client and a second parameter value in a second message from a server, the first and second messages associated with establishment of an encrypted network traffic flow between the client and the server;  	identifying a selected one of a cluster of network security platforms based on the platform selection value, the first network security platform included in the cluster of network security platforms;  	when the selected one of the cluster of network security platforms identified by the platform selection value is not the first network security platform:
sending a query to the selected one of the cluster of network security platforms identified by the platform selection value; and 	accessing a response from the selected one of the cluster of network security platforms, the response including a cryptographic session key associated with the encrypted network traffic flow; and
analyzing, by executing an instruction with the at least one processor, network traffic associated with the encrypted network traffic flow based on the cryptographic session key.

Claim 62:
	The method of claim 61, wherein the first message is a first hello message sent by the client to establish the encrypted network traffic flow between the client and the server, the first parameter value is a first random number included in the first hello message, the second message is a second hello message sent by the server in response to the first hello message, and the second parameter value is a second random number included in the second hello message.




	The method of claim 62, wherein the determining of the platform selection value includes: 	hashing the first random number and the second random number to determine a hash value; and 	processing the hash value with a modulo operation based on a number of network security platforms included in the cluster to determine the platform selection value.

Claim 64:
	The method of claim 61, wherein the query includes the first parameter value and the second parameter value.

Claim 65:
	The method of claim 61, further including: 	buffering a third message from the server to the client until at least the response including the cryptographic session key is received from the selected one of the cluster of network security platforms; 	passing the third message to the client in response to receiving the response including the cryptographic session key; and
generating an error message in response to an elapse of a timeout period without receipt of the response including the cryptographic session key from the selected one of the cluster of network security platforms.

Claim 66:
	The method of claim 65, further including:	buffering a fourth message from the client to the server until at least the response including the cryptographic session key is received from the selected one of the cluster of network security platforms, the fourth message received at the first network security platform before the third message from the server to the client is received; and 	generating the error message in response to unsuccessful validation of the fourth message based on the cryptographic session key.

			      ALLOWABLE SUBJECT MATTER
	Claims 1-3, 5-7 and 55-66 are allowed, while claims 4, and 8-54 are cancelled.
	The following is an examiner’s statement of reasons for allowance:
	The present invention is directed to non-transitory computer readable medium, security platform and method of intrusion prevention by ensuring a network security platform has the capability to receive a cryptographic session key associated with an encrypted network traffic to be monitored, and to decrypt the encrypted network traffic using the associated cryptographic session key.

Therefore, the claims are allowed for the above reason.
	Any comments considered necessary by applicant must be submitted no later
than the payment of the issue fee and, to avoid processing delays, should preferably
accompany the issue fee. Such submissions should be clearly labeled "Comments on
Statement of Reasons for Allowance."

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to PHY ANH TRAN VU whose telephone number is (571)270-7317.  The examiner can normally be reached on Monday-Friday 7 am-1 pm.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi T Arani can be reached on (571) 272-3787.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/PHY ANH T VU/           Primary Examiner, Art Unit 2438