DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Priority
Acknowledgment is made of applicant’s claim for foreign priority under 35 U.S.C. 119 (a)-(d). The certified copy has been filed in parent Application No. 
19155746.1   
  02/06/2019   
  EUROPEAN PATENT OFFICE (EPO)  


Status of Claims
CLAIMS 1—20, filed on 10/03/2019 are presented for examination; and are examined.

EXAMINER’S AMENDMENT
Authorization for this examiner’s amendment was given in an interview with,
Attorney Gregory S. Rosenblatt
REG. No.: 32,489
04/26/2021


The application has been amended as follows: 
In The CLAIMS,
Please AMEND independent CLAIMS 1, 12 & 20; and, Cancel claims 5 & 14.

1. (Currently Amended) A method of assessing latency of a ciphering end point of a secured communication channel, the method comprising: 
a) generating, by a traffic analyzer, a test traffic comprising a series of original data packets, wherein, for each original data packet, a size of a given packet is uniquely indicative of the packet’s place in a sequence of data packets in the series and enables unique correspondence with a size of the given packet upon its encryption, and wherein the sizes of the sequential original packets in the series are distributed in accordance with a monotonic function;
b) successively transmitting the original packets in the generated series to the ciphering end point, whilst associating the transmitted original packets with respective departure time stamps;
c) receiving, by the traffic analyzer, encrypted packets from the ciphering end point and associating the received encrypted packet with respective arrival time stamps, wherein the ciphering end point encrypts the original packets using a ciphering algorithm characterized by a plaintext alignment size (PTAS); and
d) for each packet of at least part of the received encrypted packet, using a size of a given encrypted packet with a timestamp TSa to identify a size of a matching original packet, its place in the sequence of original packets and, thereby, its departure timestamp TSd, thus giving rise to a plurality of timestamps pairs (TSd; TSa), each timestamp pair indicative of delay in delivery for a respective pair of matching packets, the plurality of timestamp pairs usable for latency assessment.

e = sizeo+ Δ , where sizeo is the size of the given packet before encryption and Δ is an AEE (authentication, encryption and encapsulation) overhead corresponding to a protocol applied when creating the secured communication channel.

3. (Original) The method of Claim 2, wherein the protocol is Encapsulating Security Payload (ESP) protocol, WindGuard® protocol or Media Access Control Security (MACsec) protocol.

4. (Original) The method of Claim 1, wherein the ciphering end point encrypts the original packets using a block cipher algorithm or stream cipher algorithm.

5. (Cancelled) 

6. (Currently Amended) The method of Claim 1, wherein a size of each original packet is a unique multiple of PTAS, and the original packets of different unique sizes are distributed in the series in accordance with a predefined function. 

7. (Original) The method of Claim 6, wherein the predefined function is a monotonically increasing sequence of multiples of PTAS.



9. (Original) The method of Claim 8, wherein each two series are separated by a plurality of data packets identifiable by the traffic analyzer as “idle” packets, wherein time of transmission of the idle packets between two series significantly exceeds the maximal registered and/or expected latency.

10. (Original) The method of Claim 9, wherein the idle packets are identifiable by their size.

11. (Original) The method of Claim 6, wherein the test traffic comprises a plurality of series   of original data packets, each two series are separated by a plurality of equal-size data packets identifiable as “idle” packets by their size being the multiple of PTAS, and wherein the respective size is excluded from the sizes of original packets. 

12. (Currently Amended) A traffic analyzer connectable to a ciphering end point of a secured communication channel, the traffic analyzer comprising a processor and memory block (PMB), wherein the PMB is configured to: 
a) generate a test traffic comprising a series of original data packets, wherein, for each original data packet, a size of a given packet is uniquely indicative of the packet’s place in a sequence of data packets in the series and enables unique correspondence with a size of the given , and wherein the sizes of the sequential original packets in the series are distributed in accordance with a monotonic function;
b) successively transmit the original packets in the generated series to the ciphering end point, whilst associating the transmitted original packets with respective departure time stamps;
c) receive encrypted packets from the ciphering end point and associate the received encrypted packet with respective arrival time stamps, wherein the ciphering end point encrypts the original packets using a ciphering algorithm characterized by a plaintext alignment size (PTAS); 
d) for each packet of at least part of the received encrypted packet, use a size of a given encrypted packet with an arrival timestamp TSa to identify a size of a matching original packet, its place in the sequence of original packets and, thereby, its departure timestamp TSd, thus giving rise to a plurality of timestamps pairs (TSd; TSa), each timestamp pair indicative of delay in delivery for a respective pair of matching packets; and
e) use the plurality of timestamp pairs for assessing latency of the ciphering end point.

13. (Original) The traffic analyzer of Claim 12, wherein, for any encrypted packet, the size a given encrypted  packet is sizee = sizeo+ Δ , where sizeo is the size of the given packet before encryption and Δ is an AEE (authentication, encryption and encapsulation) overhead corresponding to a protocol applied when creating the secured communication channel.

14. (Cancelled).

Currently Amended) The traffic analyzer of Claim 12, wherein a size of each original packet is a unique multiple of PTAS, and the original packets of different unique sizes are distributed in the series in accordance with a predefined function. 

16. (Original) The traffic analyzer of Claim 15, wherein the predefined function is a monotonically increasing sequence of multiples of PTAS.

17. (Original) The traffic analyzer of Claim 12, wherein the test traffic comprises a plurality of series   of original data packets, the method further comprising repeating operations a) – d) for each series of the plurality of series.

18. (Original) The traffic analyzer of Claim 17, wherein each two series are separated by a plurality of data packets identifiable by the traffic analyzer as “idle” packets, wherein time of transmission of the idle packets between two series significantly exceeds the maximal registered and/or expected latency, the idle packets are identifiable by their size.

19. (Original) The traffic analyzer of Claim 15, wherein the test traffic comprises a plurality of series   of original data packets, each two series are separated by a plurality of equal-size data packets identifiable as “idle” packets by their size being the multiple of PTAS, and wherein the respective size is excluded from the sizes of original packets. 

20. (Currently Amended) A non-transitory computer-readable medium comprising instructions that, when executed by a computer, cause the computer to:  
, and wherein the sizes of the sequential original packets in the series are distributed in accordance with a monotonic function;
b) successively transmit  the original packets in the generated series to a ciphering end point of a secured communication channel, whilst associating the transmitted original packets with respective departure time stamps;
c) receive encrypted packets from the ciphering end point and associate the received encrypted packet with respective arrival time stamps, wherein the ciphering end point encrypts the original packets using a ciphering algorithm characterized by a plaintext alignment size (PTAS);
d) for each packet of at least part of the received encrypted packet, using a size of a given encrypted packet with a timestamp TSa to identify a size of a matching original packet, its place in the sequence of original packets and, thereby, its departure timestamp TSd, thus giving rise to a plurality of timestamps pairs (TSd; TSa), each timestamp pair indicative of delay in delivery for a respective pair of matching packets; and
e) use the plurality of timestamp pairs for assessing latency of the ciphering end point.

Allowable Subject Matter
Claims 1—4, 6—13 and 15—20 are allowed.
The following is an examiner’s statement of reasons for allowance: 
Regarding Independent Claims 1, 12 & 20: With Examiner’s thorough search, the closest prior arts found are: 
“Ramanujan” et al. (US 10659476 B2), 
“Casas-Sanchez” et al. (US 9338146 B2) and 
“Chen” et al. (US 9615258 B2); wherein:
Ramanujan is directed to A first computing device may be situated in a plain-text portion of a first enclave behind a first inline network encryption (INE); A second device may be positioned in a plain-text portion of a second enclave behind a second INE; wherein: The two enclaves may be separated by a cipher-text WAN, over which the two enclaved may communicate, The first computing device may receive a data packet from the second computing device, The first computing device may then determine contents of a header of the data packet; and The first computing device may, based at least in part on the contents of the header of the data packet, determine a status of the cipher-text WAN;
Casas-Sanchez is directed to A method for monitoring transmission characteristics in a network; that: send a probing message to the data processor over the channel, the probing message carrying a timestamp indicating the sending and receiving time of the probing message, derive latency information, including an upstream latency between media client and the data processor, 
Chen is directed to Methods, devices, systems, techniques, and computer program products to secure timing synchronization to network nodes connected over an inherently insecure best effort public network with mechanisms to improve accuracy of timing protocols such as a statistically estimated edge timestamp offset encoded into the timing message to account for network jitter and processing latency variances incurred due to the security packet processing and encryption; that: ensure slave network nodes shall only accept timing messages from trusted timing sources, establish a secure tunnel with a trusted timing source for exchange of timing packets, provide authentication and security for timing packets over the insecure public network, and enhance message anonymity with variable payload padding.
However, neither Ramanujan nor Casas-Sanchez et al., nor Chen et al., either alone or in combination, teach or suggest A method, traffic analyzer, and medium of assessing latency of a ciphering end point of a secured communication channel; that: “generate a test traffic comprising a series of original data packets, wherein, for each original data packet, a size of a given packet is uniquely indicative of the packet’s place in a sequence of data packets in the series and enables unique correspondence with a size of the given packet upon its encryption, and wherein the sizes of the sequential original packets in the series are distributed in accordance with a monotonic function; … receive encrypted packets from the ciphering end point and associating the received encrypted packet with respective arrival time stamps, wherein the ciphering end point encrypts the original packets using a ciphering algorithm characterized by a plaintext alignment size (PTAS) …” with these and other elements of the claims as a whole.
Claims 2—4, 6—11, 13, and 15—19 are allowed based on their dependence.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. (See PTO—892).

Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to AMARE F TABOR whose telephone number is (571) 270-3155.  The examiner can normally be reached on Mon.—Fri.: 8:00 AM to 5:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/AMARE F TABOR/Primary Examiner, Art Unit 2434