DETAILED ACTION
This action is in response to amendments filed 3/05/2021. Claims 1-24 were received for consideration with claims 1-3, 5, 7, 8, 11-13, 15, 17, 18 and 22-24 having been amended. 

EXAMINER'S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in an interview with Gregory Hunt (REG# 41,085) on 3/17/2021.
The application has been amended as follows: 

1.	(Currently Amended) A method to protect a network, comprising: 
monitoring packet traffic for an application instance;
forming a traffic session between the application instance and a network client based upon a connection request from the network client;
monitoring, by an agent instance located in-line between the network client and the application instance, the traffic session to detect one or more events;
detecting, by the agent instance, the one or more events during the traffic session based upon the monitoring, wherein detecting the one or more events includes receiving, by the agent instance and during the traffic session, a request from the network client to the application instance to establish a secure communications link between the network client and the application instance;
only after receiving the request to establish the secure communications that is separate from the application instance, and initiating a proxied session between the proxied application instance and the network client such that no proxy for the traffic session is initiated before the detecting; and
communicating with the network client using the proxied session, wherein communicating with the network client using the proxied session includes operating, by the agent instance, as a transparent proxy and a man-in-the-middle device by receiving packets from the network client, modifying or encapsulating the packets to include a destination address of the proxied application instance, forwarding the packets to the proxied application instance, receiving return packets from the proxied application instance, modifying or unencapsulating the return packets so that the return packets appear to be from the application instance, and forwarding the return packets to the network client.

9.	(Currently Amended) The method of claim 8, further comprising decrypting and re-encrypting packets within the first secure connection using the first set of security keys, and decrypting and re-encrypting packets within the second secure connection using the second set of security keys.


13.	(Currently Amended) A system to protect a network, comprising: 
an application instance configured to receive packet traffic; and
one or more programmable integrated circuits, including at least one of a processor or a configurable logic device, programmed to:
implement  an agent instance located in-line between the network client and the application instance to monitor the packet traffic for the application instance including a traffic session formed between a network client and the  application instance based upon a connection request from the network client;

only after receiving the request to establish the secure communications link between the network client and the application instance, creating a proxied application instance that is separate from the application instance, and initiate a proxied session between the network client and the proxied application instance such that no proxy for the traffic session is initiated before the detection; and
communicate with the network client using the proxied session, wherein communicating with the network client using the proxied session includes operating, by the agent instance, as a transparent proxy and a man-in-the-middle device by receiving packets from the network client, modifying or encapsulating the packets to include a destination address of the proxied application instance, forwarding the packets to the proxied application instance, receiving return packets from the proxied application instance, modifying or unencapsulating the return packets so that the return packets appear to be from the application instance, and forwarding the return packets to the network client.

19.	(Currently Amended) The system of claim 18, wherein the one or more programmable integrated circuits are further programmed to decrypt and re-encrypt packets within the first secure connection using the first set of security keys, and decrypt and re-encrypt packets within the second secure connection using the second set of security keys.

Allowable Subject Matter
Claims 1-24 are allowable over the prior art.

Reasons for Allowance
The following is an examiner’s statement of reasons for allowance: The prior art does not show with respect to independent claim 1 and 11 “only after receiving the request to establish the secure communications session between the network client and the application instance, creating a proxied application instance that is separate from the application instance, and initiating a proxied session between the proxied application instance and the network client such that no proxy for the traffic session is initiated before the detecting; and communicating with the network client using the proxied session, wherein communicating with the network client using the proxied session includes operating, by the agent instance, as a transparent proxy and a man-in-the-middle device by receiving packets from the network client, modifying or encapsulating the packets to include a destination address of the proxied application instance, forwarding the packets to the proxied application instance, receiving return packets from the proxied application instance, modifying or unencapsulating the return packets so that the return packets appear to be from the application instance, and forwarding the return packets to the network client” with the other limitations of the claim. 

The closest art Cavanaugh (US 2004/0255161) in view of Merugu et al (US 2009/0083538) and Bronstein (2017/0310670) does not teach these limitation. 

Conclusion
	Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
	Any inquiry concerning this communication or earlier communications from the examiner should be directed to Devin Almeida whose telephone number is 571 -270-1018. The examiner can normally be reached on Monday-Thursday from 7:30 A.M. to. 5:00 P.M. The examiner can also be reached on alternate Fridays from 7:30 A.M. to 4:00 P.M.
	If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Saleh Najjar, can be reached on 571-272-4006. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.
/DEVIN E ALMEIDA/Examiner, Art Unit 2492                                                                                                                                                                                                        

/SALEH NAJJAR/Supervisory Patent Examiner, Art Unit 2492