DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
This is a reply to the application filed on 06/08/2020, in which, claim(s) 1-23 are pending. Claim(s) 1, 11 and 22 are independent.

Drawings
The drawings filed on 06/08/2020 are accepted by The Examiner.

Claim Objections
Claims 1, 4, 6, 16, 18 and 23 are objected to because of the following informalities:  
Claim 1 recites “a network node” (Lines 4 & 16) and “the node” (Lines 11 & 13). It is confusing if the limitations refer to the same node.
Claim 1 recites “wherein the network proxy device is operable” and claim 4 recites “wherein the proxy is operable”. It is not clear if the proxy device can be operated or not.
Claims 4, 6, 16, 18 and 23 recite “a MAC address” and “a VLAN ID”. The acronyms “MAC” and “VLAN ID” need to be spelled out when they appear in the claims for the very first time to make the limitation clear.
Appropriate correction is required.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Claims 1-3, 10-15 and 22 are rejected under 35 U.S.C. 103 as being unpatentable over Manthiramoorthy et al. (US 2018/0302321 A1) in view of Viswanath Yarangatta Suresh (US 2020/0186502 A1).
Regarding Claim 1, Manthiramoorthy discloses A network proxy device comprising: 
a physical network port through which to receive data traffic being communicated on a network, the data traffic to be received at the physical network port in a one-armed mode from a network node other than the client and the server ([0071], “ports appropriate for communication ”, [0002], “forward data traffic in a network”, [0014], “hosts being communicatively connected to two or more leaf nodes (i.e. a node other than the client and the server) of a network… a “host” may be or may include… inline service nodes, proxies”, see Figure 1, the leaf node receive traffic from the proxy device in one-armed mode); 
Manthiramoorthy does not explicitly teach but Suresh teaches
data traffic is encrypted data traffic being communicated between a client and server ([0006], “traffic may be encrypted…such traffic may pass through multiple components (or proxies, network devices, intermediary devices, etc.) in the path from server to client”);
a processor configured to cause decryption, by the network proxy device, of the encrypted data traffic to produce decrypted data traffic ([0006], “traffic may pass through multiple components, e.g. proxies”, [0007], “traffic is decrypted”); and 
a physical tool port through which to send the decrypted data traffic to a tool that is external to the network proxy device, and through which to receive corresponding decrypted data traffic from the tool after the decrypted data traffic has been processed by the tool, the tool also being external to the node ([0063], “network ports 266 for transmitting and receiving data over a network”, [0006], “relay traffic through a customer's firewall (i.e. the external tool)…Such traffic may be encrypted…such traffic may pass through multiple components (or proxies, network devices, intermediary devices, etc.) in the path from server to client”); 
wherein the processor further is configured to cause corresponding encrypted data traffic to be sent to the node through said physical network port based on the corresponding decrypted data traffic received from the tool; and wherein the network proxy device is operable in a manner that is transparent to the client, the server, the network node and the tool ([0006], “cloud services or other remotely-hosted software may relay traffic through a customer's firewall (i.e. the external tool)…Such traffic may be encrypted…such traffic may pass through multiple components (or proxies, network devices, intermediary devices, etc.) in the path from server to client”, [0007], “traffic is decrypted and re-encrypted”, [0054], “execute transparently”, [0063], “network ports 266 for transmitting and receiving data over a network”).  
Manthiramoorthy and Suresh are analogous art as they are in the same field of endeavor of information security. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Suresh with the disclosure of Manthiramoorthy. The motivation/suggestion would have been for establishing an end-to-end cryptographic context (Suresh, [0004]).

Regarding Claims 2 and 12, the combined teaching of Manthiramoorthy and Suresh teaches 
wherein the tool comprises a network security device (Suresh, [0006], “relay traffic through a customer's firewall”).  

Regarding Claims 3 and 13, the combined teaching of Manthiramoorthy and Suresh teaches 
wherein the tool comprises a firewall (Suresh, [0006], “relay traffic through a customer's firewall”).  

Regarding Claim 10, the combined teaching of Manthiramoorthy and Suresh teaches 
wherein the network proxy device is configured to communicate with the tool bidirectionally via a single tool port of the network proxy device (Suresh, [0063], “network ports 266 for transmitting and receiving data (bidirectionally) over a network”).  

Regarding Claims 11 and 22, Manthiramoorthy discloses A method comprising: 
receiving, by a proxy device, communications on a network, wherein the proxy device is coupled to receive the communications from a node on the network other than the client and the server in one-armed mode ([0002], “forward data traffic in a network”, [0014], “hosts being communicatively connected to two or more leaf nodes (i.e. a node other than the client and the server) of a network… a “host” may be or may include… inline service nodes, proxies”, see Figure 1, the leaf node receive traffic from the proxy device in one-armed mode); 
Manthiramoorthy does not explicitly teach but Suresh teaches
operating the proxy device transparently to the client, the server and the node, including 
processing packets, by the proxy device, of the communications between the client and the server ([0006], “traffic may pass through multiple components (or proxies, network devices, intermediary devices, etc.) in the path from server to client”), and 
communicating, between the proxy device and an external tool coupled to the proxy device, processed packets of said communications between the client and the server, wherein operation of the proxy device also is transparent to the tool ([0006], “cloud services or other remotely-hosted software may relay traffic through a customer's firewall (i.e. the external tool)…Such traffic may be encrypted…such traffic may pass through multiple components (or proxies, network devices, intermediary devices, etc.) in the path from server to client”, [0054], “execute transparently”).  
Manthiramoorthy and Suresh are analogous art as they are in the same field of endeavor of information security. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Suresh with the disclosure of Manthiramoorthy. The motivation/suggestion would have been for establishing an end-to-end cryptographic context (Suresh, [0004]).

Regarding Claim 14, the combined teaching of Manthiramoorthy and Suresh teaches 
wherein: said processing packets by the proxy device comprises performing, by the proxy device, decryption and encryption of packets of the communications between the client and the server; and said communicating processed packets comprises communicating decrypted packets between the proxy device and the tool (Suresh, [0006], “cloud services or other remotely-hosted software may relay traffic through a customer's firewall (i.e. the external tool)…Such traffic may be encrypted…such traffic may pass through multiple components (or proxies, network devices, intermediary devices, etc.) in the path from server to client”, [0007], “traffic is decrypted and re-encrypted”).

Regarding Claim 15, the combined teaching of Manthiramoorthy and Suresh teaches 
wherein said communicating processed packets comprises communicating processed packets between the proxy device and the tool bidirectionally via a single tool port of the proxy device (Suresh, [0063], “network ports 266 for transmitting and receiving data (bidirectionally) over a network”).  

Claims 4 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Manthiramoorthy et al. (US 2018/0302321 A1) in view of Viswanath Yarangatta Suresh (US 2020/0186502 A1) further in view of Jiang et al. (US 2017/0310641 A1).
Regarding Claims 4 and 16, the combined teaching of Manthiramoorthy and Suresh teaches 
wherein the proxy is operable to remain transparent to the client and the server (Suresh, [0054], “execute transparently”),
The combined teaching of Manthiramoorthy and Suresh does not explicitly teach but Jiang teaches
after the tool modifies a MAC address and/or a VLAN ID in the decrypted data traffic ([0101], “the source MAC address of the data packet is modified to the proxy forwarding MAC address of VLAN20 interface of the local firewall”),
Manthiramoorthy, Suresh and Jiang are analogous art as they are in the same field of endeavor of information security. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Jiang with the combined teaching of Manthiramoorthy and Suresh. The motivation/suggestion would have been to provide security service for one or both data center subsystems (Jiang, [0022]).

Claims 5 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Manthiramoorthy et al. (US 2018/0302321 A1) in view of Viswanath Yarangatta Suresh (US 2020/0186502 A1) further in view of Conner et al. (US 2014/0122634 A1).
Regarding Claim 5, the combined teaching of Manthiramoorthy and Suresh teaches 
wherein the encrypted data traffic comprises a plurality of encrypted packets, and for each encrypted packet received by the network proxy device through the physical network port (Suresh, [0006], “traffic may be encrypted”, [0063], “network ports 266 for transmitting and receiving data over a network”), 
The combined teaching of Manthiramoorthy and Suresh does not explicitly teach but Conner teaches
wherein the network proxy device is configured to:
prior to sending a corresponding decrypted packet to the tool, identify a tuple that includes a source IP address of the encrypted packet, a destination IP address of the encrypted packet, a source port number of the encrypted packet, a destination port number of the encrypted packet and a protocol field of the encrypted packet ([0042], “a 5-tuple classification of an Internet Protocol (IP) packet header (source address, destination address, source port, destination port, and transport protocol)”); and 
associate the packet with a particular client-server session based on the tuple ([0044], “packets associated with a client-server connection session into corresponding flows based on a combination of header field values, such as a 5-tuple hash”),  
Manthiramoorthy, Suresh and Conner are analogous art as they are in the same field of endeavor of information security. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Conner with the combined teaching of Manthiramoorthy and Suresh. The motivation/suggestion would have been for employing node aware network interfaces (Conner, Abstract).

Regarding Claim 17, the combined teaching of Manthiramoorthy and Suresh teaches 
wherein the communications between the client and the server include a plurality of encrypted packets, and wherein said processing packets by the proxy device comprises: performing decryption of the encrypted packets; and for each encrypted packet of the plurality of encrypted packets (Suresh, [0006], “traffic may be encrypted”, [0007], “traffic is decrypted”), 
The combined teaching of Manthiramoorthy and Suresh does not explicitly teach but Conner teaches
prior to sending a corresponding decrypted packet to the tool, identifying a tuple that includes a source IP address of the encrypted packet, a destination IP address of the encrypted packet, a source port number of the encrypted packet, a destination port number of the encrypted packet and a protocol field of the encrypted packet ([0042], “a 5-tuple classification of an Internet Protocol (IP) packet header (source address, destination address, source port, destination port, and transport protocol)”); and 
associating the packet with a particular client-server session based on the tuple ([0044], “packets associated with a client-server connection session into corresponding flows based on a combination of header field values, such as a 5-tuple hash”),  
Manthiramoorthy, Suresh and Conner are analogous art as they are in the same field of endeavor of information security. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Conner with the combined teaching of Manthiramoorthy and Suresh. The motivation/suggestion would have been for employing node aware network interfaces (Conner, Abstract).

Claims 6 and 18, 23 are rejected under 35 U.S.C. 103 as being unpatentable over Manthiramoorthy et al. (US 2018/0302321 A1) in view of Viswanath Yarangatta Suresh (US 2020/0186502 A1) further in view of Conner et al. (US 2014/0122634 A1) and further in view of Groves et al. (US 2013/0329578 A1).
Regarding Claims 6 and 18, the combined teaching of Manthiramoorthy, Suresh and Conner does not explicitly teach but Groves teaches
wherein the network proxy device is further configured to: identify a VLAN ID of the packet and at least one of a source MAC address of the packet or a destination MAC address of the packet ([0043], “attributes by which frames can be identified can include the destination MAC address, the port of the relevant switch, at which such frames were received, the Ethernet type of such frames, the VLAN identifier”); and 
associate the packet with a client-side connection of the particular client-server session based further on the VLAN ID of the packet and said at least one of a source MAC address of the packet or a destination MAC address of the packet ([0043], “attributes by which frames can be identified can include the destination MAC address, the port of the relevant switch, at which such frames were received, the Ethernet type of such frames, the VLAN identifier”, “with a particular communicational session”),
Manthiramoorthy, Suresh, Conner and Groves are analogous art as they are in the same field of endeavor of information security. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Groves with the combined teaching of Manthiramoorthy, Suresh and Conner. The motivation/suggestion would have been that data being transmitted among a network of computing devices is provided to analysis mechanisms in an unchanged manner (Groves, [0002]).

Regarding Claim 23, the combined teaching of Manthiramoorthy and Suresh teaches 
such that the communications between the client and the server include a plurality of encrypted packets, and such that said processing packets comprises: performing decryption of the encrypted packets; and for each encrypted packet of the plurality of encrypted packets (Suresh, [0006], “traffic may be encrypted”, [0007], “traffic is decrypted”), 
The combined teaching of Manthiramoorthy and Suresh does not explicitly teach but Conner teaches
prior to sending a corresponding decrypted packet to the tool, identifying a tuple that includes a source IP address of the encrypted packet, a destination IP address of the encrypted packet, a source port number of the encrypted packet, a destination port number of the encrypted packet and a protocol field of the encrypted packet ([0042], “a 5-tuple classification of an Internet Protocol (IP) packet header (source address, destination address, source port, destination port, and transport protocol)”); and 
using the tuple to identify a particular client-server session ([0044], “packets associated with a client-server connection session into corresponding flows based on a combination of header field values, such as a 5-tuple hash”),  
Manthiramoorthy, Suresh and Conner are analogous art as they are in the same field of endeavor of information security. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Conner with the combined teaching of Manthiramoorthy and Suresh. The motivation/suggestion would have been for employing node aware network interfaces (Conner, Abstract).
The combined teaching of Manthiramoorthy, Suresh and Conner does not explicitly teach but Groves teaches
identifying a VLAN ID of the packet and at least one of a source MAC address of the packet or a destination MAC address of the packet ([0043], “attributes by which frames can be identified can include the destination MAC address, the port of the relevant switch, at which such frames were received, the Ethernet type of such frames, the VLAN identifier”); and 
using the VLAN ID, and at least one of the source MAC address of the packet or the destination MAC address of the packet, to associate the packet with a client side or a server side of the particular client-server session ([0043], “attributes by which frames can be identified can include the destination MAC address, the port of the relevant switch, at which such frames were received, the Ethernet type of such frames, the VLAN identifier”, “with a particular communicational session”),
Manthiramoorthy, Suresh, Conner and Groves are analogous art as they are in the same field of endeavor of information security. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Groves with the combined teaching of Manthiramoorthy, Suresh and Conner. The motivation/suggestion would have been that data being transmitted among a network of computing devices is provided to analysis mechanisms in an unchanged manner (Groves, [0002]).

Allowable Subject Matter
Claims 7-9 and 19-21 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
None of the prior art, alone or in combination teaches the claim limitations of claims 7-9 and 19-21 in view of the other limitations of claims 1, 5-6, 11 and 17-18.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHENG-FENG HUANG whose telephone number is (571)272-6186. The examiner can normally be reached Monday-Friday: 9 am - 5 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni A Shiferaw can be reached on (571) 272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is 





/CHENG-FENG HUANG/Primary Examiner, Art Unit 2497