DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Objections
Claim 21 is objected to because of the following informalities:  
Claim 21 is duplicated. The last claim 21 will be renumbered to claim 22.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-3,6,10,12-15,17,21-22 are rejected under 35 U.S.C. 103 as being unpatentable over Syvanne et al (2019/0166160) in view of Taylor et al (2019/0312846) and Menoher et al (7,992,209).
With respect to claims 1,10,13,22, Syvanne disclose a method comprising: receiving, at a network appliance 118 (fig 2) from a client device 244 or 246 (fig 2), a communication that includes a request to establish a network connection to a server 302 (fig 3); accessing, by the network appliance 118 (fig 2), a server certificate issued 
Syvanne does not disclose the policy indicative of whether to decrypt data transmitted between the client device and the server. Taylor discloses a method for traffic flow comprising: an indication of whether to decrypt data transmitted between the client device and the server 310 (fig 3) (para [0048], “the dynamic whitelist proxy determines whether a whitelist policy for the received traffic flow is active (e.g., whether the dynamic whitelist 135 includes security policies permitting the received traffic flow to bypass decryption/deep inspection at the dynamic whitelistproxy)”). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Syvanne with the indication of Taylor to manage the privacy requirements for the flow (Taylor, para [0004]).
Syvanne does not disclose establishing, by the network appliance, only a single connection between the network appliance and the server; and transmitting the data between the client device and the server over the single connection. Menoher discloses a single connection between devices (fig 1) (col 1, lines 40-46, “One-way data transfer systems based on such one-way data links provide network security to data networks by isolating the networks from potential security breaches (i.e., undesired and unauthorized data flow out of the secure network) while still allowing them to import data from the external source in a controlled fashion”) based on different security policy (col 2, lines 30-35, “It is yet another object of the present invention to apply separate security policy to each one-way data link”). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify 

With respect to claims 2,14, Syvanne discloses querying a cache 304 (fig 3) maintained by the network appliance for the server certificate; responsive to determining the server certificate is not stored in the cache (para [0030], “ responsive to an entry for the server identified in the client handshake being absent from intermediate verification cache 236, intermediate verification system 118 may hold open the client handshake and open a connection between intermediate verification system 118 and the server in which intermediate verification system 118 issues its own server verification handshake to the server. In some embodiments, holding open the client handshake may be optional. For example, an intrusion detection system in a capture mode may not be able to hold packets. As another example, an intrusion prevention system may be able to terminate connections (as detailed below) as soon as an answer from the server is received, without any need to hold open the handshake while waiting”), transmitting the communication from the client to the server; receiving the server certificate from the server in response to transmitting the communication from the client to the server; and storing 316 (fig 3) the received server certificate in the cache (para [0032], “intermediate verification system 118 may store an entry in intermediate verification cache 236 setting forth information regarding the server identity and the security policy decision rendered by intermediate verification system 118”). 
If so ("yes"), the dynamic whitelist proxy selectively decrypts the received traffic flow at 315. At 320, the dynamic whitelist proxy learns decrypted traffic flow attributes of the received traffic flow”) the data transmitted between the client device and the server, transmitting the communication from the client to the server. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Syvanne with the determining step of Taylor to control the condition of the traffic flow.

With respect to claims 6,12,17, Syvanne discloses determining not to decrypt the data transmitted between the client device and the server responsive to the server certificate being self-signed by the server; and determining to decrypt the data transmitted between the client device and the server responsive to the server certificate not being self-signed by the server (para [0029], “responsive to an entry for the server identified in the client handshake existing within intermediate verification cache 236, intermediate verification system 118 may read the entry from intermediate verification cache 236 and render a security policy decision regarding traffic between the server and the client. In some embodiments, such security policy decision may be based on a security policy decision set forth in the cache entry retrieved from intermediate verification cache 236, wherein such existing security policy decision resulted from a prior verification or attempted verification of the server. In these and other embodiments, the security policy decision may include a security action such as, for example, allowing traffic between the server and the client, disallowing traffic between the server and the client, or decrypting and inspecting traffic between the server and the client and determining whether to allow or disallow based on such inspection After completion of step 306, method 300 may proceed again to step 302”).

With respect to claim 21, Syvanne discloses a plurality of instrument ports each coupled to an instrument configured to monitor network traffic (para [0017], “Additional components of the information handling system may include one or more storage systems, one or more communications ports for communicating with networked devices, external devices, and various input and output (I/O) devices, such as a keyboard, a mouse, and a video display”). 
Claims 1- XXX are rejected under 35 U.S.C. 103 as being unpatentable over Syvanne et al (2019/0166160) in view of Taylor et al (2019/0312846) and Menoher et al (7,992,209) and Official Notice.
With respect to claim 4, Syvanne does not disclose issuing a new server certificate by the server; and replacing the stored server certificate at the network appliance with the new server certificate. The Official Notice is taken that, issuing a new server certificate by the server; and replacing the stored server certificate with the new server certificate, would have been known. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify 

With respect to claims 5,11,16, Syvanne discloses using a proxy device as an intermediated device (para [0003], “While TLS has the advantage of enabling trusted communications between a server and a client, one disadvantage of TLS and similar protocols may be that with encrypted data being communicated between a server and a client, a firewall or proxy-based gateway device interfaced as an intermediate device between the server and the client may not be able to make policy decisions to prevent malicious attacks by inspecting the encrypted data. In such existing intermediate devices, data payloads of network traffic may be analyzed to make security policy decisions for the network traffic. Typically, such an intermediate device may be enabled to make policy decisions such as allowing or disallowing a network communication, and more modem devices may be capable of performing decryption”). Syvanne does not disclose the server certificate being signed by the proxy device. The Official Notice is taken that ,using a proxy device to sign the server certificate, would have been known. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Syvanne by using the server certificate being signed by the proxy device to determine to decrypt the data for different intended uses.

With respect to claims 7-9,18-20, Syvanne does not discloses wherein accessing the server certificate comprises: extracting from the communication received from the client device, a server name indication (SNI); and querying a server certificate cache at 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to TU T NGUYEN whose telephone number is (571)272-2424.  The examiner can normally be reached on M-F 8:00-5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kamal B Divecha can be reached on (571) 272-5863.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/TU T NGUYEN/Primary Examiner, Art Unit 2453                                                                                                                                                                                             03/25/2021