Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
This action is responsive to RCE filed on 3/4/2021. Claims 1, 7 and 13 are independents. Claims 1, 7 and 13 are amended. Claims 4, 5, 10, 11, 16 and 17 are canceled. Claims 1-3, 6-9, 12-15, and 18 are currently pending.

RESPONSE TO ARGUMENTS
Applicant’s argument with respect to rejection under 35 U.S.C. 103 have
been fully considered. The amendment overcomes the prior art of record and the argument is persuasive. However, a new rejection is given upon a new round of search. 
.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to 
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103(a) are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1-3, 7-9 and 13-15 are rejected under 35 U.S.C. 103 as being unpatentable over Buruganahalli et al. (US 9419942 B1), hereinafter Buruganahalli, in view of Higgins et al. (US 9967292 B1), hereinafter Higgins, further in view of McHale et al. (WS-I* compliant web service SOAP message security performance, Int. J. Web Science, Vol. 1, No. 4, 2012), hereinafter McHale. 

Regarding claims 1, 7 and 13, Buruganahalli teaches a computer-implemented method for managing network communication, comprising:
responsive to receipt at a security device of a connection request from a client to a server (col6 ln66-col7 ln15, col8 ln9-27 and col14 ln44-col15 ln19, client sends a request to create a secure connection with the remote server is performed):

extracting from a memory associated with the client a secret for performing decryption of application messages communicated from the server to the client (col14 ln62-col15 ln19 and col11 ln50-col12 ln33, sending an encrypted session response to the client on behalf of the remote server using a session key [session key is shared by the parties in this secure communication] associated with the firewall device is performed); and
using the secret to decrypt the application messages to perform at least one of monitoring and inspection of the application messages as decrypted in accordance with a security policy (col14 ln62-col15 ln19, monitoring decrypted session traffic between the client and the remote server over the tunnel based on one or more firewall policies is performed). 
Buruganahalli does not explicitly disclose allowing the client and the server to maintain an end-to-end connection without intermediate termination at the security device. However, in an analogous art, Higgins teaches allowing the client and the server to maintain an end-to-end connection without intermediate termination at the security device (FIG 7, it can be seen from FIG 7 that client and the server maintains end-to-end connection without intermediate termination at the NMC. NMC is only monitoring the traffic between the client and the server, such as at step 716, col27 ln34-36, the NMC may be arranged to monitor some or all of the network traffic exchanged between the client and the server. FIG 7 step 720, col62-65, the NMC may monitor application data sent by the server).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to combine the teachings of Buruganahalli and Higgins because this will provide way for packets to be selectively captured for analysis to prevent high number of network packets captured and to prevent cryptographically secure communication from interfere with network monitoring (Higgins col2 ln15-34).
The combination of Buruganahalli and Higgins does not explicitly disclose wherein the secret is included in a handshake message from the client to the server. . However, in an analogous art, McHale teaches wherein the secret is included in a handshake message from the client to the server (p.297 and p.309, exchange of a symmetric key between a SOAP client and web service in an initial handshake message).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to combine the teachings of Buruganahalli, Higgins and McHale because this symmetric key can then be used to secure ongoing web service message exchanges with less processing overhead than WS-Security (McHale p.297).

Regarding claims 2, 8 and 14, the combination of Buruganahalli, Higgins and McHale teaches all of the limitations of claim 1, 7 and 13, respectively, as shown above. Buruganahalli further teaches wherein the secret comprises one of a Transport Layer Security premaster secret, a Transport Layer Security master secret, and a negotiated encryption key (col8 ln9-27, destination domain extraction for secure protocols further includes intercepting a request to establish an encrypted session from the client to the remote server; sending a request to establish the encrypted session on behalf of the client to the remote server; sending an encrypted session response to the client on behalf of the remote server using a session key associated with the firewall device [in the context of TLS, session is shared secret]).

Regarding claims 3, 9 and 15, the combination of Buruganahalli, Higgins and McHale teaches all of the limitations of claim 1, 7 and 13, respectively, as shown above. Buruganahalli further teaches wherein decrypting the application messages comprises decrypting the messages using Transport Layer Security decryption (col8 ln9-27, destination domain extraction for secure protocols further includes intercepting a request to establish an encrypted session from the client to the remote server; sending a request to establish the encrypted session on behalf of the client to the remote server; sending an encrypted session response to the client on behalf of the remote server using a session key associated with the firewall device [in the context of TLS, session is shared secret]).

Claims 6, 12 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Buruganahalli in view of Higgins and McHale, as applied in the claims above, further in view of Brugger et al. (US 2014/0195798 A1), hereinafter Brugger.

Regarding claims 6, 12 and 18, the combination of Buruganahalli, Higgins and McHale teaches all of the limitations of claim 1, 7 and 13, respectively, as shown above. Higgins further teaches further comprising responsive to receiving an application message prior to extracting the secret (FIG 7 col27 ln31-33, the client may provide application data over the secure connection. FIG 7 col27 ln50-57, the secret sharing engine of the client or server (or both) may establish or use a previously established communication channel directly to the NMC to provide key information to the NMC); storing the application message for later (FIG 7 and col27 ln41-49, if the secret sharing engine of the client has include additional information for the NMC in the network traffic, the NMC may be arranged to remove the additional information before the network traffic is allowed to continue to the server. In one or more of the various embodiments, the NMC may be arranged to locally store some or all the removed information and associate it with one or more of the network flows comprising the secure connection), once the secret is extracted (FIG 7 col27 ln50-55, the secret sharing engine of the client or server (or both) may establish or use a previously established communication channel directly to the NMC to provide key information to the NMC). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to combine the teachings of Buruganahalli, Higgins and McHale because this will provide way for packets to be selectively captured for analysis to prevent high number of network packets captured and to prevent cryptographically secure communication from interfere with network monitoring (Higgins col2 ln15-34).
The combination of Buruganahalli, Higgins and McHale does not explicitly disclose storing the application message for later decryption. However, in an analogous art, Brugger teaches for storing the application message for later decryption (para 0044, the gateway device may store in step 209 newly intercepted data packets in the storage pool 255. para 0048, the gateway device may extract the payload content of the data file depending on the protocol and/or client's application used. For example, the gateway may use at least one of these techniques: decoding (e.g. base 64, identity, deflate, etc.), decompression (e.g. gzip, tar, zip, etc.), decryption of foreign encryption). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to combine the teachings of Buruganahalli, Higgins, McHale and Brugger because The Cloud computing adoption continues to grow and companies such as financial companies are willing to trust their data to cloud-based software (Brugger, para 0002).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHU CHUN GAO whose telephone number is (571)270-5999. The examiner can normally be reached on Monday - Thursday 6:00-4:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, KRISTINE KINCAID can be reached on 571-272-4063. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/SHU CHUN GAO/Examiner, Art Unit 2437 

/ALI S ABYANEH/Primary Examiner, Art Unit 2437