Notice of Pre-AIA  or AIA  Status
1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
2.	A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 3/31/2021 has been entered.  Claims 1, 8 and 15 are amended.  Claims 22-27 are added.  Claims 6-7, 13-14 and 20-21 were previously canceled.  Claims 1-5, 8-12, 15-10 and 22-27 are pending.
 
Response to Arguments
3.	Applicant’s arguments with respect to amended claimed limitation “wherein the security agent does not terminate or re-establish the transport layer connection” have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Claim Rejections - 35 USC § 103


A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
 	Claims 1-5, 8-12 and 15-19 are rejected under 35 U.S.C. 103 as being unpatentable over Sah et al. (U.S. Patent Application Publication No. 2016/0219420, hereinafter Sah) in view of Kelson et al. (U.S. Patent Application Publication No. 2014/0337614, hereinafter Kelson).
 	With respect to claim 1, Sah discloses a method for a security agent to perform secure communication protocol processing in a network environment that includes the security agent, a first endpoint and a second endpoint, the method comprising: 
 	in response to detecting a first transport protocol packet that is addressed for transmission via a transport layer connection from the first endpoint to the second endpoint wherein the first transport protocol packet includes unencrypted payload data and a first sequence number; based on the first transport protocol packet, generating and sending a first secure communication protocol packet that includes encrypted payload data corresponding to the payload data in the first transport protocol packet and a second sequence number(e.g. Sah, Abstract, paragraphs 0096-0097 and 0107, encryption processor for performing functions related to any encryption protocol such as transport layer security protocol); storing mapping 
 	Sah discloses encrypting data on behalf of the client (meets generating and sending step of encrypting payload) but does not specifically mention receiving the second transport protocol and determining that the second transport protocol packet is a retransmission with the first transport protocol packet wherein the second secure communication protocol packet.
 	However, requesting and resending or retransmitting data packet due to data packet loss or other problems is well-known in the art.  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement Sah’s teaching to derive the claimed feature in order to ensure packet is delivered successfully.
 	Moreover, Sah discloses the cache system of duplicates original data that stored elsewhere or data previously computed, generated or transmitted improve access time, thus suggests without copying to the cache requires longer access time (e.g. Sah, paragraph 0104).   
 	Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to derive the amended feature of the security agent does not store a copy of the encrypted payload data that was sent with Sah’s teaching in order to eliminate memory storage of the cache system (Sah, paragraph 0104). 

 	Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to derive the claimed feature of the security agent to be implemented by a hypervisor of a physical host that support the first endpoint for performing functions related to Secure Sockets Layer processing of data transmitted and received over the network between the clients and/or the servers (Sah, paragraph 0096).
	Sah does not explicitly mention wherein the security agent does not terminate or reestablish the transport layer connection (e.g. Kelson, claim 1, “…the security gateway is transparent and thus does not terminate the encryption layer connection or the underlying transport layer connection…”).
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Sah’s establishing connection between endpoints with Kelson’s teaching of neither the encryption layer connection nor underlying transport layer connection are terminated in the security gateway to provide transparency at the security gateway.	

 	With respect to claim 2, Sah and Kelson disclose the method of claim 1,  wherein generating and sending the first secure communication protocol packet comprises: mapping the first sequence number to the second sequence number based on an offset value associated 
  	However, Sah discloses the sequence numbers may be used to calculate packet checksum of the transport layer protocol (e.g. Sah, paragraph 0124).  
 	Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to derive the claimed feature in order to calculate the checksum according to the size or padding of the packet. 

 	With respect to claim 3, Sah and Kelson disclose the method of claim 1, wherein generating and sending the first secure communication protocol packet comprises: encrypting the unencrypted payload data in the first transport protocol packet using a first encryption initialization vector to generate the encrypted payload data in the first secure communication protocol packet. (e.g. Sah, paragraph 0107).

 	With respect to claims 4, Sah and Kelson do not explicitly disclose wherein: encrypting the unencrypted payload data in the second transport protocol packet to generate the encrypted payload data in the second secure communication protocol packet includes encrypting the unencrypted payload data in the second transport protocol packet using a second encryption initialization vector that is different from the first encryption initialization vector.  However, This feature is old and well-known in the art.  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to derive 

 	With respect to claim 5, Sah and Kelson disclose the method of claim 1, further comprising: in response to detecting an acknowledgement packet for the second secure communication protocol packet from the second endpoint, generating and sending an acknowledgement packet for the second transport protocol packet based on the mapping data (e.g. Sah, paragraphs 0124 and 0246). 


 	With respect to claims 8-12 and 15-19, the claims are non-transitory computer readable medium claims and system claims that are similar to method claims 1-5.  Therefore, claims 8-12 and 15-19 are rejected based on the similar rationale.
	
	With respect to claim 22, Sah and Kelson disclose the computer system of claim 15, wherein the security agent is implemented in a hypervisor that that supports the endpoint (e.g. Sah, paragraph 0159).

	With respect to claim 23, Sah and Kelson disclose the computer system of claim 15, wherein the security agent is implemented in one of: an operating system (OS) of a virtualized computing instance that acts as the first endpoint (e.g. Sah, paragraph 0159), a physical 
 
	With respect to claims 24-27, the claims are method and computer-readable storage medium of claims 22-23.  Therefore the claims are rejected based on the similar rationale. 

 					Conclusion
5.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
 	-Karagiannis et al. (U.S. Patent Application Publication No. 2018/0375644) discloses a method communicating over a network between a first and second endpoints. 
 	Any inquiry concerning this communication or earlier communications from the examiner should be directed to TONGOC TRAN whose telephone number is (571)272-3843.  The examiner can normally be reached on M-F 9:00 AM - 6:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571) 272-3811.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.


/TONGOC TRAN/
Primary Examiner, Art Unit 2434