DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The text of those sections of Title 35 U.S. Code not included in this section can be found in the prior office action.
The prior office actions are incorporated herein by reference. In particular, the observations with respect to claim language, and response to previously presented arguments.	
Claims 1-4, 7-14 and 17-20, now renumbered as claims 1-16, have been examined.

EXAMINER’S AMENDMENT
Authorization for this examiner’s amendment was given in an interview with Mr. Robert C. Okonowski on 01/07/2022.
Claims 1, 2, 4 and 11 have been amended as follows:
1. (Currently Amended) A method for selectively encrypting and decrypting portions of a network flow by intermediary devices, the method comprising: 
(a) receiving, by a first device intermediary to a plurality of senders and a plurality of receivers, one or more networks packets to be communicated between a sender of the plurality of senders and a receiver of the plurality of receivers, the one or more packets comprising a first portion that is encrypted and a second portion that has clear text information;
(b) the first device comprising the one or more packets traversing the first device or the sender of the one or more packets, via the one or more packets 
(c) the sender, that [[a]] the first portion of the one or more network packets of the network flow is encrypted and that a level of encryption for the first portion fails to meet a predetermined threshold; 

(d) encrypting, by the first device based on the level of encryption failing to meet the predetermined threshold, the first portion of the one or more packets and the second portion of the one or more packets; and 
(e) forwarding, by the first device, the one or more network packets with the encrypted first portion and the encrypted second portion via a tunnel to a second device intermediary to the plurality of senders and the plurality of receivers for decryption of the encrypted first portion and the encrypted second portion for forwarding to the receiver.

2.	(Currently Amended) The method of claim 1, wherein [[(a)]] (b) further comprises identifying a protocol of the network flow during one of negotiation or renegotiation of the protocol between the sender and the receiver. 

4. 	(Currently Amended) The method of claim 1, wherein 

11. (Currently Amended) A system for selectively encrypting and decrypting portions of a network flow by intermediary devices, the system comprising:
a first device comprising one or more processors, coupled to memory and intermediary to a plurality of senders and a plurality of receivers; 
wherein the first device is configured to: 
receive one or more networks packets to be communicated between a sender of the plurality of senders and a receiver of the plurality of receivers, the one or more packets comprising a first portion that is encrypted and a second portion that has clear text information; 
identify an application of a network flow comprising the one or more packets traversing the first device or the sender of the one or more packets, via the one or more packets
determine, based at least on the application or the sender, that [[a]] the first portion of the one or more network packets of the network flow is encrypted and that a level of encryption for the first portion of fails to meet a predetermined threshold; 

encrypt, based on the level of encryption failing to meet the predetermined threshold, the first portion of the one or more packets and the second portion of the one or more packets; and 
forward, the one or more network packets with the encrypted first portion and the encrypted second portion via a tunnel to a second device intermediary to the plurality of senders and the plurality of receivers for decryption of the encrypted first portion and the encrypted second portion for forwarding to the receiver.

Allowable Subject Matter
Claims 1-4, 7-14 and 17-20 are allowed over prior art of record.

Response to Arguments
Applicant’s arguments, see Remarks filed on 08/11/2021, have been fully considered.

Examiner's Statement of Reasons for Allowance
The following is an examiner’s statement of reasons for allowance: 
Independent claims 1 and 11 are allowed in view of the examiner’s amendment and for reasons presented by the applicant in the Remarks. Claims 2-4, 7-10, 12-14 and 17-20 depend on one of the above independent claims and are therefore, allowed by virtue of their dependency.
Prior art of record Kurmala teaches: A gateway receives data packets from a sender device. A deep packet inspector (DPI) on the gateway determines whether the data packets are encrypted based on the application or service that transmitted the data packets. If the session that corresponds to the data packets is classified as end-to-end encrypted, the gateway determines that no additional encryption or a lower level of encryption such as header-only encryption is appropriate for the data packets. The gateway maps application/processes/classes of data to a preferred virtual tunnel through which the data packets should be transferred. If, based on the mapping, the gateway determines that the data packets should transmitted through a header-only encryption tunnel which only applies encryption to the plaintext IP headers of data packets, the data packets are transferred via a header-only encryption tunnel to a second gateway. 
Kurmala fails to teach: “determining, by the first device based at least on the application or the sender, that the first portion of the one or more network packets of the network flow is encrypted and that a level of encryption for the first portion fails to meet a predetermined threshold and encrypting, by the first device based on the level of encryption failing to meet the predetermined threshold, the first portion of the one or more packets and the second portion of the one or more packets”, i.e., Kurmala teaches determining whether the received data packets are encrypted or unencrypted and transmitting the data packets through a header-only encryption tunnel or a full encryption tunnel based on the determination but fails to teach encrypting the data packets when the encryption level of an encrypted portion of the data packets comprising an encrypted portion and clear text portion fails to meet a predetermined threshold. 
None of the prior art of record, either taken by itself or in any combination, would have anticipated or made obvious the invention of the present application at or before the time it was filed.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
	
	
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: 
WO 2019107794 to Park: A communication management apparatus according to an embodiment comprises: a router that switches so as to connect to any one of a public internet network and an encrypted network; a communication unit that receives a packet from an internet of things terminal; an analysis unit that analyses an encryption level that is applied to the received packet; an encryption unit that does not encrypt the received packet if the analysed encryption level meets a predefined criteria, and that applies an encryption algorithm that is supported in the encrypted network to the received packet so as to encrypt the same if the analysed encryption level does not meet the criteria; and a control unit that controls switching of the router so that the encrypted packet is transmitted to a destination via the encrypted network, and that controls switching of the router so that the unencrypted packet is transmitted to the destination via the public internet network.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MADHURI R HERZOG whose telephone number is (571)270-3359. The examiner can normally be reached 8:30AM-5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi Arani can be reached on (571)272-3787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

MADHURI R. HERZOG
Primary Examiner
Art Unit 2438



/MADHURI R HERZOG/           Primary Examiner, Art Unit 2438