DETAILED ACTION
	Claims 1-20 are presented on 05/27/2020 for examination on merits.  Claims 1, 8, and 15 are independent base claims.  

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Examiner's Instructions for filing Response to this Office Action
When the Applicant submits amendments regarding to the claims in response the Office Action, the Examiner would prefer that Applicant submit two sets of claims: 
Set #1 that includes indicators for the status of claim and all marked amendments to the claims; and 
Set #2 comprising a clean version of the claims with all the markups removed for entry, as an appendix to the Applicant Arguments/Remarks or a section following the Remarks.

Objection to Specification
The disclosure is objected to because of the following informalities:
At paragraph [0020] of the Specification, it is disclosed that “For example, the security device may selectively perform the SSL processing on the SSL/HTTPS session when the computing resource utilization level indicates that over 80% of the computing resources associated with the security device are being utilized, that less than 25% of the computing resources associated with the security device are available to perform SSL proxy functions on the SSL/HTTPS session…” (Emphasis added on the percentages).  It appears that the Applicant meant less than 20% of the computing resources associated with the security device are available to perform SSL proxy functions because over 80% of the computing resources .
Appropriate correction is required.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):

(B)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. 


Claims 1-7 and 15-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.

The rejection(s) under 35 U.S.C. 112(b) is/are determined by the following reasons:
Claim 1 recites a limitation “determining, … that the level of available computing resources fails to satisfy the threshold level” unclearly after the step of receiving, by the network device, a second data packet, because the second data packet should have a different level of available computing resources associated with it.  It is understood that the level of available computing resources associated with the first data packet already satisfies the threshold level, and cannot fail to satisfy the threshold level at the same time.
Claim 15 recites a limitation “determine that the level of available computing resources fails to satisfy the threshold level of available computing resources during a second time period” .  For the same reason as that given to claim 1, the two levels of available computing resources should have been differentiated in the claim.
Claims 2-7 and 16-20 are also rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, because they depend from the rejected base claims 1 and 15, respectively.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.


In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Claims 1-9, 11-13, 15-16, and 18-20 are rejected under 35 U.S.C. 103 as being unpatentable over Reddy (US 20180234388 A1) in view of Clemons (US 9930012 B1; hereinafter “Clem”), and further in view of Yang (US 20200084029 A1).

As per claim 1, Reddy teaches a method, comprising: 
receiving, by a network device, a first data packet (Reddy, par. 0041-0041: [receiving] packets … at the Input component 380 which is to process incoming traffic; see also par. 0022: a proxy device …for inspecting the encrypted traffic… in an example secure session for securing communications between the client device and the server device, with the proxy device positioned between the client device and the server device); 
determining, by the network device, that a level of available computing resources satisfies a threshold level (Reddy, par. 0023-0025: identifies a level of access to the encrypted traffic that is needed by the security service to apply the security service); 
performing, by the network device, a secure socket layer (SSL) proxy function based on the level of available computing resources satisfying the threshold level (Reddy, par. 0064: SSL; par. 0083-0084: identify a threshold amount of data to be inspected; after which 230 may bypass traffic in the S2C direction. In this example, proxy device 230 may also determine that the offload service includes allowing encrypted traffic, travelling in the C2S direction, to be offloaded.  This bypassing function of the proxy device is the SSL proxy function; see also par. 0001 and 0012); 
forwarding, by the network device, the first data packet based on performing the SSL proxy function (Reddy, par. 0083-0084: identify a threshold amount of data to be inspected; after which 230 may bypass traffic in the S2C direction.); 
receiving, by the network device, a second data packet (Reddy, par. 0041-0041: packets from the incoming traffic); 
Reddy, par. 0100-0101 and 0109: If the threshold amount of data has not been inspected, proxy device 230 may decrypt the encrypted traffic and re-encrypt the traffic after inspection); 
While Reddy discloses negotiating parameters for a secure session (par. 0051-0053) and determining a level of access to the encrypted traffic that is needed by each security service (par. 0025), Reddy does not explicitly disclose generating a security rating based on a security characteristic of a data packet.  This aspect of the claim is identified as a difference.
In a related art, Clem teaches:
determining, by the network device, a security characteristic associated with the second data packet based on the level of available computing resources failing to satisfy the threshold level (Clem, col. 7, lines 43-50: col. 10, lines 65-67: determining, by the first delivery node, a risk level for a data packet based upon one or more characteristics of the data packet), wherein the security characteristic is based on: an application vulnerability indication associated with the second data packet, and a user identity indication associated with the second data packet (Clem, col. 2, lines 1-14 and col. 12, lines 19-43: risk level and risk score; token of data packet. The disclosed missing header elements in the data packet is also a user identity indication associated with the second data packet); 
determining, by the network device, a security rating associated with the second data packet based on the security characteristic (Clem, col. 11, lines 63-65 and col. 13, lines 27-29: the risk score is determined according to at least one threat value for at least one characteristic of the data packet); and 
selectively performing, by the network device, the SSL proxy function based on the security rating (Clem, par. 2, lines 4-14: transmitting packets with low risk levels and dropping packets with high risk levels are selective routing based on security ratings), and 
before the effective filing date of the claimed invention, to combine them and to use Clem to modify Reddy with the teachings of using security rating for selective routing and performing SSL proxy function based on the security rating. For this combination, the motivation would have been to improve the level of security with selective routing with SSL proxy function based on the security rating.
However, the combination of Reddy and Clem does not explicitly disclose performing the SSL proxy function based on different security ratings.  This aspect of the claim is identified as a further difference.
In a related art, Yang teaches:
wherein the network device forwards the second data packet without performing the SSL proxy function based on the security rating comprising a first security rating (Yang, par. 0091-0094: establishing establish a first secure proxy session between the security gateway and the server, wherein the server session is based on server security parameters in the one or more server extension fields; see also SSL Session 1112 of FIG. 11)
wherein the network device performs the SSL function when the security rating comprises a second security rating (Yang, par. 0091-0094: the second secure session based on client security parameters in the one or more server extension fields; see also SSL Session 1110 of FIG. 11).
Yang is analogous art to the claimed invention in a similar field of endeavor in improving the network security functions on traffic.  Thus, it would have been obvious to one of ordinary in the art, before the effective filing date of the claimed invention, to combine them and to modify the Reddy-Clem system with Yang’s teachings of secure session routing based on different security ratings. For this combination, the motivation would have been to improve the level of security with optimized use of computing resources based on different security ratings.

As per claim 2, the references as combined above teach the method of claim 1, wherein the security characteristic is further based on a security characteristic that is associated with a client device that is associated with the second data packet (Clem, col. 7, lines 43-50: col. 10, lines 65-67: one or more characteristics of the data packet).

As per claim 3, the references as combined above teach the method of claim 1, wherein determining the security characteristic comprises: 
determining a vulnerability level associated with a user associated with the second data packet based on the user identity indication (Clem, col. 2, lines 1-14 and col. 12, lines 19-43: The missing header elements in the data packet is also a user identity indication associated with the second data packet; col. 2, lines 21-38: users banking via public network poses risks or a vulnerability).

As per claim 4, the references as combined above teach the method of claim 1, wherein determining that the level of available computing resources fails to satisfy the threshold level comprises: determining that an amount of available memory associated with the network device fails to satisfy a threshold amount of available memory (Reddy, par. 0078: For example, the offload service may include bypassing (e.g., forwarding without decrypting, inspecting, and re-encrypting) the encrypted traffic after a threshold amount of traffic (e.g., 5 MB, a particular number of messages, or the like) has been inspected. Here the exemplary 5 MB is the threshold amount of available memory).

As per claim 5, the references as combined above teach the method of claim 1, wherein the security rating comprises the second security rating, the method further comprising: 
Clem, col. 2, lines 6-8: a determination that a risk level (e.g., risk determination value) corresponding to the request is at or above a threshold level (e.g., the risk poses a “high risk”); 
dropping the second data packet based on identifying the vulnerability (Clem, col. 2: lines 10-12: for instance, dropping the request (e.g., preventing the request from being forwarded)); and 
storing information identifying the vulnerability in a memory associated with the network device (Clem, col. 7, lines 40-50: risk calculation based on historical trends associated with the request inherently involves storing information identifying the risk or the vulnerability in a memory associated with the network device).

As per claim 6, the references as combined above teach the method of claim 1, further comprising: 
obtaining a health rating associated with an application associated with the second data packet from a server device (Clem, col. 1, lines 50-51: not a threat; and col. 12, lines 1-3: satisfies a threshold score for the risk threshold.  Clem discloses a health rating obtained by analysis based on a security score); and 
determining the application vulnerability indication based on the health rating (Clem, col. 1, lines 50-51: does not pose a threat, which means a health rating; col. 12, lines 1-3: transmits the data packet to the provider node via the second delivery node upon determining the risk score for the data packet satisfies a threshold score for the risk threshold.).

As per claim 7, the references as combined above teach the method of claim 1, further comprising: 
one or more of (note: optional limitations are recited herein): 
validating a client certificate associated with the second data packet (Reddy, par. 0055-0056: determine whether the server certificate is valid and, if so, may send a certificate, associated with proxy device 230); or 
authenticating a user associated with the second data packet (Note: this optional limitation is omitted for examination).

As per claim 8, Reddy teaches a device, comprising:
 one or more memories (Reddy, par. 0044); and 
one or more processors (Reddy, par. 0043) to: 
receive a data packet (Reddy, par. 0041-0041: [receiving] packets … at the Input component 380 which is to process incoming traffic; see also par. 0022: a proxy device); 
determine that a level of available computing resources fails to satisfy a threshold level of available computing resources (Reddy, par. 0023-0025: identifies a level of access to the encrypted traffic that is needed by the security service in order to apply the security service; see also par. 0078-0080); 
While Reddy discloses negotiating parameters for a secure session (par. 0051-0053) and determining a level of access to the encrypted traffic that is needed by each security service (par. 0025), Reddy does not explicitly disclose generating a security rating based on a security characteristic of a data packet.  This aspect of the claim is identified as a difference.
In a related art, Clem teaches:
determine a security characteristic associated with the data packet based on the level of available computing resources failing to satisfy the threshold level of available computing resources (Clem, col. 7, lines 43-50: col. 10, lines 65-67: determining, by the first delivery node, 
determine a security rating associated with the data packet based on the security characteristic (Clem, col. 11, lines 63-65 and col. 13, lines 27-29: the risk score is determined according to at least one threat value for at least one characteristic of the data packet); and 
selectively perform a secure socket layer (SSL) proxy function based on the security rating (Clem, par. 2, lines 4-14: transmitting packets with low risk levels and dropping packets with high risk levels are selective routing based on security ratings).
Reddy and Clem are analogous art in a similar field of endeavor in improving the routing functions of network communications.  Thus, it would have been obvious to one of ordinary in the art, before the effective filing date of the claimed invention, to combine them and to use Clem to modify Reddy with the teachings of using security rating for selective routing and performing SSL proxy function based on the security rating. For this combination, the motivation would have been to improve the level of security with selective routing with SSL proxy function based on the security rating.
However, the combination of Reddy and Clem does not explicitly disclose performing the SSL proxy function based on different security ratings.  This aspect of the claim is identified as a further difference.
In a related art, Yang teaches:
wherein the data packet is forwarded without performing the SSL proxy function based on the security rating comprising a first security rating (Yang, par. 0091-0094: establishing establish a first secure proxy session between the security gateway and the server, wherein the server session is based on server security parameters in the one or more server extension fields; see also SSL Session 1112 of FIG. 11), and wherein the SSL function is performed when the security rating comprises a second security rating (Yang, par. 0091-0094: the second 
Yang is analogous art to the claimed invention in a similar field of endeavor in improving the network security functions on traffic.  Thus, it would have been obvious to one of ordinary in the art, before the effective filing date of the claimed invention, to combine them and to modify the Reddy-Clem system with Yang’s teachings of secure session routing based on different security ratings. For this combination, the motivation would have been to improve the level of security with optimized use of computing resources based on different security ratings.

As per claim 9, the references as combined above teach the device of claim 8, and Reddy teaches: wherein the one or more processors, when determining the security rating, are to: determine that the security rating associated with the data packet comprises the first security rating based on the user having been authenticated (Reddy, par. 0055-0058: authentication by exchanging certificates).
In the combination above, Clem also teaches:
wherein the one or more processors, when determining the security characteristic, are to: determine that a user associated with the data packet has been authenticated (Clem, col. 2, lines 1-14 and col. 12, lines 19-43: The missing header elements in the data packet is also a user identity indication associated with the second data packet; col. 2, lines 21-38: users banking via public network poses risks or a vulnerability).

As per claim 11, the references as combined above teach the device of claim 8, wherein the one or more processors, when determining the security characteristic, are to: 
identify an application associated with the data packet (Clem, col. 1, lines 50-51: not a threat; and col. 12, lines 1-3: satisfies a threshold score for the risk threshold.  Clem discloses a health rating obtained by analysis based on a security score); 
Clem, col. 1, lines 50-51: does not pose a threat, which means a health rating; col. 12, lines 1-3: transmits the data packet to the provider node via the second delivery node upon determining the risk score for the data packet satisfies a threshold score for the risk threshold); and 
determine the security characteristic based on the health rating (Clem, par. 2, lines 4-14: transmitting packets with low risk levels and dropping packets with high risk levels are selective routing based on security ratings).

As per claim 12, the references as combined above teach the device of claim 8, wherein the one or more processors, when determining the security characteristic, are to: 
determine a website associated with the data packet (Clem, col. 2, lines 21-32: website); and 
obtain information identifying a security assessment associated with the website (Clem, col. 2, lines 1-8: a risk level (e.g., risk determination value) corresponding to the request); and 
determine the security characteristic based on the security assessment (Clem, par. 2, lines 4-14: transmitting packets with low risk levels and dropping packets with high risk levels are selective routing based on security ratings).

As per claim 13, the references as combined above teach the device of claim 8, wherein the one or more processors, when determining the security characteristic, are to: 
determine an application associated with the data packet (Clem, col. 2, lines 63-66: request for service; generated by a number of users. A request for services can be a hypertext transfer protocol (http) request, for example. A request can include packets; As used herein, services can be services provided to a user through a website. For example, a content provider entity such as a banking entity can provide banking related services to users; col. 2, lines 66-67); 
Clem, col. 2, lines 63-66: request for service from a user of, for example, a bank… wherein the request includes packets);; and 
determine the security characteristic based on the application and the user (Clem, col. 3, lines 3-7: A user can interact with a number of entities in a public network 102 through computing devices 108 coupled to the public network 102. For example, a user can send a request through a computing device 108-1, which inherently poses security risks and characteristics).

As per claim 15, Reddy teaches a non-transitory computer-readable medium storing instructions, the instructions (Reddy, par. 0046-0047: a computer-readable medium) comprising: one or more instructions that, when executed by one or more processors, cause the one or more processors to: 
determine that a level of available computing resources satisfies a threshold level of available computing resources during a first time period (Reddy, par. 0023 and 0071: a time period during which traffic is to be inspected; par. 0023-0025: identifies a level of access to the encrypted traffic that is needed by the security service to apply the security service); 
perform a secure socket layer (SSL) proxy function for each data packet received during the first time period based on the level of available computing resources satisfying the threshold level of available computing resources (Reddy, par. 0064: SSL; par. 0083-0084: identify a threshold amount of data to be inspected; after which 230 may bypass traffic in the S2C direction. In this example, proxy device 230 may also determine that the offload service includes allowing encrypted traffic, travelling in the C2S direction, to be offloaded.  This bypassing function of the proxy device is the SSL proxy function; see also par. 0001 and 0012); 
determine that the level of available computing resources fails to satisfy the threshold level of available computing resources during a second time period (Reddy, par. 0100-0101 and 0109: If the threshold amount of data has not been inspected, proxy device 230 may decrypt the 
While Reddy discloses negotiating parameters for a secure session (par. 0051-0053) and determining a level of access to the encrypted traffic that is needed by each security service (par. 0025), Reddy does not explicitly disclose generating a security rating based on a security characteristic of a data packet.  This aspect of the claim is identified as a difference.
In a related art, Clem teaches:
selectively perform the SSL proxy function for each data packet received during the second time period based on the level of available computing resources failing to satisfy the threshold level of available computing resources (Clem, col. 7, lines 43-50: col. 10, lines 65-67: determining, by the first delivery node, a risk level for a data packet based upon one or more characteristics of the data packet), wherein the security characteristic is based on: an application vulnerability indication associated with the second data packet, and a user identity indication associated with the second data packet (Clem, col. 2, lines 1-14 and col. 12, lines 19-43: risk level and risk score; token of data packet. The disclosed missing header elements in the data packet is also a user identity indication associated with the second data packet), 
Reddy and Clem are analogous art in a similar field of endeavor in improving the routing functions of network communications.  Thus, it would have been obvious to one of ordinary in the art, before the effective filing date of the claimed invention, to combine them and to use Clem to modify Reddy with the teachings of using security rating for selective routing and performing SSL proxy function based on the security rating. For this combination, the motivation would have been to improve the level of security with selective routing with SSL proxy function based on the security rating.
However, the combination of Reddy and Clem does not explicitly disclose performing the SSL proxy function based on different levels of security risks.  This aspect of the claim is identified as a further difference.
In a related art, Yang teaches:
wherein the SSL proxy function is not performed for a first data packet received during the second time period based the first data packet being classified as a low security risk data packet (Yang, par. 0091-0094: establishing establish a first secure proxy session between the security gateway and the server, wherein the server session is based on server security parameters in the one or more server extension fields; see also SSL Session 1112 of FIG. 11); and 
wherein the SSL proxy function is performed for a second data packet received during the second time period based the second data packet being classified as a high security risk data packet (Yang, par. 0091-0094: the second secure session based on client security parameters in the one or more server extension fields; see also SSL Session 1110 of FIG. 11).
Yang is analogous art to the claimed invention in a similar field of endeavor in improving the network security functions on traffic.  Thus, it would have been obvious to one of ordinary in the art, before the effective filing date of the claimed invention, to combine them and to modify the Reddy-Clem system with Yang’s teachings of secure session routing based on different security ratings. For this combination, the motivation would have been to improve the level of security with optimized use of computing resources based on different security ratings.

As per claim 16, the references as combined above teach the non-transitory computer-readable medium of claim 15, wherein the one or more instructions, when executed by the one or more processors, further cause the one or more processors to: 
determine that the level of available computing resources satisfies the threshold level of available computing resources during a third time period (Clem, par. 2, lines 4-14: transmitting 
perform the SSL proxy function for each data packet received during the third time period based on the level of available computing resources satisfying the threshold level of available computing resources (Clem, col. 7, lines 43-50: col. 10, lines 65-67: determining, by the first delivery node, a risk level for a data packet based upon one or more characteristics of the data packet; col. 2, lines 1-14 and col. 12, lines 19-43: risk level and risk score).

As per claim 18, the references as combined above teach the non-transitory computer-readable medium of claim 15, wherein the one or more instructions, that cause the one or more processors to selectively perform the SSL proxy function for each data packet received during the second time period, cause the one or more processors to: determine an application associated with the second data packet (Clem, col. 2, lines 1-14 and col. 12, lines 19-43: risk level and risk score; token of data packet. The disclosed missing header elements in the data packet is also a user identity indication associated with the second data packet); 
determine that the application is associated with a security vulnerability (Clem, col. 2, lines 1-14 and col. 12, lines 19-43: The missing header elements in the data packet is also a user identity indication associated with the second data packet; col. 2, lines 21-38: users banking via public network poses risks or a vulnerability); and
 classify the second data packet as the high security risk data packet based on the application being associated with the security vulnerability (Clem, col. 2, lines 6-8: a determination that a risk level (e.g., risk determination value) corresponding to the request is at or above a threshold level (e.g., the risk poses a “high risk”).

As per claim 19, the references as combined above teach the non-transitory computer-readable medium of claim 15, wherein the one or more instructions, that cause the one or more Reddy, par. 0078-0082: the amount of available processor resources ); and 
determine that the level of available computing resources satisfies the threshold level of available computing resources during the first time period based on the amount of available processor resources (Reddy, par. 0080-0081: saves processor resources of proxy device 230 by not requiring inspection of some encrypted traffic).

As per claim 20, the references as combined above teach the non-transitory computer-readable medium of claim 15, wherein the one or more instructions, when executed by the one or more processors, further cause the one or more processors to: 
identify a security vulnerability associated with the second data packet based on performing the SSL proxy function (Clem, col. 2, lines 6-8: a determination that a risk level (e.g., risk determination value) corresponding to the request is at or above a threshold level (e.g., the risk poses a “high risk”); and 
determine not to forward the second data packet based on identifying the security vulnerability (Clem, col. 2: lines 10-12: for instance, dropping the request (e.g., preventing the request from being forwarded)).

Claim 14 is rejected under 35 U.S.C. 103 as being unpatentable over Reddy and Clem and Yang, as applied to claim 8, and further in view of Black (US 20200100106 A1).

As per claim 14, the references of Reddy and Clem and Yang as combined above teach the device of claim 8, but do not explicitly disclose the steps of obtaining a username and a password associated with a user associated with the data packet and authenticating the user 
In a related art, Black teaches:
wherein the one or more processors, when determining the security characteristic, are to: 
obtain a username and a password associated with a user associated with the data packet (Black, par. 0075 and 0077: obtaining credentials such as password for authentication process wherein the routing system 106 acts as a secure router between the secure network 108 and the public network 104; see par. 0249: including username, password); 
authenticate the user based on the username and the password (Black, par. 0245: include user authentication, for example verifying user credentials such as the user name and the corresponding password); and 
determine the security characteristic based on authenticating the user (Black, par. 0083-0085: As a result of [user authentication], there is virtually no way a malicious attacker can hijack the routing system 208 and execute malicious code or implement any other nefarious attack. The routing system 208 enforces security rules that are extremely robust).
Black is analogous art to the claimed invention in a similar field of endeavor in improving the network security functions on routing devices.  Thus, it would have been obvious to one of ordinary in the art, before the effective filing date of the claimed invention, to combine them and to modify the Reddy-Clem-Yang system with Black to include user authentication procedure for securely routing the network traffic. For this combination, the motivation would have been to improve the level of security with user authentication.


Allowable Subject Matter
Claim 10 and 17 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all the limitations of the base claim and any intervening claims.

The claim 10 recites elements of “wherein the one or more processors, when determining the security characteristic, are to: determine that the data packet is associated with a valid client certificate; and wherein the one or more processors, when determining the security rating, are to: determine that the security rating associated with the data packet comprises the first security rating based on the data packet being associated with the valid client certificate.” These elements, when considered in combination with the other limitations in the claim 8, are not anticipated by, nor made obvious over the prior art of record.
The claim 17 recites elements of “selectively perform the SSL proxy function for each data packet received during the second time period, cause the one or more processors to: obtain information identifying a group of users associated with a security risk rating; determine that a user associated with the second data packet is associated with the security risk rating based on the information identifying the group of users; and classify the second data packet as the high security risk data packet based on the user being associated with the security risk rating.” These elements, in combination with the other limitations in the claim 15, are not anticipated by, nor made obvious over the prior art of record.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure as the prior art additionally discloses certain parts of the claim features (See “PTO-892 Notice of Reference Cited”).

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl G Colin can be reached on 571.272.3862.  The fax phone number for the organization where this application or proceeding is assigned is 571.273.8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866.217.9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800.786.9199 (IN USA OR CANADA) or 571.272.1000.


/Don G Zhao/Primary Examiner, Art Unit 2493                                                                                                                                                                                                        02/16/2022