DETAILED ACTION

1.	This Office Action is in response to an application filed on May 08, 2020. The original filing includes claims 1-20. Therefore, Claims 1-20 are presented for examination. Now claims 1-20 are pending.

Notice of Pre-AIA  or AIA  Status
2.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

Drawings
3.	The drawings filed on May 08, 2020 are accepted.

Priority
4.	Applicant Claims NO priority on the instant application.
 
Oath/Declaration
5.	For the record, the Examiner acknowledges that the Oaths/Declarations submitted on May 08, 2020 have been accepted.

Information Disclosure Statement
6.	The information disclosure statements (IDS) submitted on 04/23/2015 has been considered. The submission is in compliance with the provisions of 37 CFR 1.97. Form PTO-1449 is signed and attached hereto. The US Patent Application 20170404723 A1 published 2017-04-13 by Merritt has not been considered by the Examiner since there is an error or typo regarding the application Number and could not be retrieved.

Claim Rejections - 35 USC § 112
7.	The following is a quotation of 35 U.S.C. 112(b):

 (b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

8.	Claims 3, 11, and 19 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
9.	Claim 1 recites “data is the same as the encrypted data, and the second clear data is the same …”; and lacks antecedent basis. Claims 11 and 19 reciting same limitations as claim 1 and are being rejected with the same rational as claim 1.
Any claim not specifically addressed above is being rejected as incorporating the deficiencies of a claim upon which it depends.

Claim Rejections - 35 USC § 101
10.	35 U.S.C. 101 reads as follows: 


11.	Claims 17-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter. 
Independent claim 17 is directed to non-statutory subject matter.  The claim(s) does/do not fall within at least one of the four categories of patent eligible subject matter because the claim is not directed towards an apparatus/a system/a machine claim as it recites " A computer program product comprising ..." without at least one hardware component in the body of the claim as part of the product, thus claim 17 as a whole is interpreted to be software per se. An attempt to claim a product/machine (i.e. a device or a system) with no tangible structural component in the body of the claim is not patent eligible. See New Interim Patent Subject Matter Eligibility Examination Instructions 35 USC 101, August 24, 2009 (http://www.uspto.gov/patents/law/comments/2009-08- 25_interim_101_instructions.pdf). Although a computer may be patent eligible if it "is programmed to perform particular functions pursuant to instructions from program software," In re Alappat, 33 F.3d 1526, 1545 (Fed. Cir. 1994), here, there is no hardware in the body of the claim that executes the claimed limitation.
Claims 18-20 are being rejected since they do not remedy the deficiencies of claim upon which it depends.

Claim Rejections - 35 USC § 103
12.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
13.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


14.	The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
15.	This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

16.	Claims 1-2, 4-5, 9-10, 12-13, 17-18, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Feroz et al. U.S. 20200225978 hereinafter “Feroz” Filed Mar. 28, 2020 in view of lndiresan et al. US 20200036610 hereinafter “lndiresan” Published  Jan. 30, 2020. 

Regarding claim 1, Peterson teaches: A method (Feroz, see abstract), comprising: 
receiving an outbound payload for output to a requestor as part of a response to a call by the requestor to an application programming interface (API) (Feroz, see FIG. 2-3 along with ¶¶ ; 
selecting, based on policy information, clear data in the outbound payload to encrypt (Feroz, first see ¶ [0053], then see ¶¶ [0059-0060, 0062, 0065 and 0067],  “After trying (at 315) to identify a category for the URL, the security agent 125 examines the access policies in the policy storage 290 to determine whether it should allow or deny the requested connection to the web resource identified by the URL”; “Instead of using SSL encryption to capture the TCP payload, the IP payload can be encrypted by using the IPsec library 530. Accordingly, for IPsec encryption, the data is encrypted after leaving the TCP layer 525 and entering the IP layer 535, which, in tum, allows the transport layer filtering ( e.g., the TDI filtering) to capture the data before it enters the TCP stack. Hence, through this filtering, the network introspector can capture the unencrypted data before entering the L3 IPsec security stack”) ; 
encrypting the clear data to generate encrypted data (Feroz, see ¶¶ [0062 and 0065], “the network introspector 155 extracts the raw data provided by the application for encryption.”); 
and sending the response to the requestor, the response comprising the updated outbound payload (Feroz, see ¶¶ [0089-0090], “the process distributes any configuration data that it generates at 910-920 to the YM configurator agent 860 and GI configurators 850 of each host that has a GYM, SYM, or guest introspector that has to be configured to account for the new or updated compute cluster membership and/or a new or updated set of network access filtering rules that are received at 905.”).
Feroz does not explicitly disclose: inserting the encrypted data into the outbound payload in place of the clear data to generate an updated outbound payload
 	However Indiresan teaches: inserting the encrypted data into the outbound payload in place of the clear data to generate an updated outbound payload (lndiresan, see ¶ [0050], “an encapsulated secure packet 224 to transmit over the secure tunnel 204 to the egress switch 206. The 
inserted as a string ( e.g., as one or more encrypted data strings or unencrypted data strings) into one or more predefined fields in the encapsulation header 226”) 
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Feroz with the teaching of Indiresan because the use of Indiresan’s idea (Indiresan, see abstract) could provide Feroz (Feroz, abstract) the ability to modify the header of the packet in a secure encrypted payload such that metadata from the header is retrieved from the header of received packets and inserting encrypted data into the defined field, “a secure payload (e.g., shown as "Encrypted Payload" 228) that includes the header 220 and payload 222. Notably, the encapsulated secure packet 224 includes metadata information ( e.g., shown as "Metadata (IP traffic data)" 230) derived, or retrieved, from the header or the payload of the received packet 218 and is inserted as a string ( e.g., as one or more encrypted data strings or unencrypted data strings) into one or more predefined fields in the encapsulation header 226” (Indiresan, ¶ [0050]). 

Regarding claim 2, the combination of Feroz and  Indiresan teach all the limitations of claim 1. Feroz further teaches: receiving the call to the API, the call to the API comprising an inbound payload that includes second encrypted data (Feroz, see ¶ [0035], then see ¶¶ [0038-0039], “Through these calls, the network introspection module captures (1) every new connection request (e.g., both incoming and outgoing connection requests) that is made by an application that is operating on the GYM 102, and (2) contextual information (e.g., user identity, application context, etc.) for the new connections”; “To capture the outgoing TCP connection and disconnection event”; where examiner ;       
decrypting the second encrypted data to generate second clear data (Feroz, see ¶ [0062],  “Instead of using SSL encryption to capture the TCP payload, the IP payload can be encrypted by using the IPsec library 530. Accordingly, for IPsec encryption, the data is encrypted after leaving the TCP layer 525 and entering the IP layer 535, which, in tum, allows the transport layer filtering ( e.g., the TDI filtering) to capture the data before it enters the TCP stack. Hence, through this filtering, the network introspector can capture the unencrypted data before entering the L3 IPsec security stack”); 
and forwarding the call to the API to a target system, the forwarded call comprising the updated inbound payload (Feroz, see ¶¶ [0063 and 0065], then see ¶ [0084], “One example of such an SFE is a software switch. In some embodiments, an SYM communicates with GYMs on its host through a different forwarding element or through a different communication channel”)
Feroz encloses the second clear data and second encrypted in previous limitations but does not explicitly disclose: inserting the second clear data into the inbound payload in place of the second encrypted data to generate an updated inbound payload
 	However Indiresan teaches: inserting the second clear data into the inbound payload in place of the second encrypted data to generate an updated inbound payload (Examiner note: the BOLD limitations are being disclosed by Feroz in previous limitations; Indiresan, see ¶ [0050], “an encapsulated secure packet 224 to transmit over the secure tunnel 204 to the egress switch 206. The encapsulated secure packet 224 includes a header ( e.g., shown as "Encapsulation Header" 226) and a secure payload (e.g., shown as "Encrypted Payload" 228) that includes the header 220 and payload 222. Notably, the encapsulated secure packet 224 includes metadata information ( e.g., shown as "Metadata (IP traffic data)" 230) derived, or retrieved, from the header or the payload of the received packet 218 and is inserted as a string ( e.g., as one or more encrypted data strings or unencrypted data strings) into one or more predefined fields in the encapsulation header 226”) 


Regarding claim 4, the combination of Feroz and  Indiresan teach all the limitations of claim 2. Feroz further teaches: wherein the second encrypted data includes metadata (Feroz, see ¶ [0035], then see ¶¶ [0038-0039], “Through these calls, the network introspection module captures (1) every new connection request (e.g., both incoming and outgoing connection requests) that is made by an application that is operating on the GYM 102, and (2) contextual information (e.g., user identity, application context, etc.) for the new connections”; “To capture the outgoing TCP connection and disconnection event”; where examiner equates session layer (applications that is operating on the GVM 102) as the second encrypted data for inbound payload);       
Feroz and Indiresan disclose the second clear data and second encrypted in previous limitations but Feroz does not explicitly disclose: and a value of a key used for the decrypting is determined based at least in part on the metadata
 	However Indiresan teaches: and a value of a key used for the decrypting is determined based at least in part on the metadata ( Merritt, see ¶ [0063], “Because the metadata header includes an index value only and does not in itself include an exploitable feature, it may be passed in the clear .
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Feroz with the teaching of Indiresan because the use of Indiresan’s idea (Indiresan, see abstract) could provide Feroz (Feroz, abstract) the ability to identify metadata and indexing the metadata header with a value and each portion either encrypted or unencrypted by supplying the desired encryption key for metadata for each data or the combination thereof in order to achieve the same functionality of applicant’s limitation, “Because the metadata header includes an index value … Passing the metadata encrypted also means that it can optionally be observed and accounted for as well as acted upon at intermediary nodes if and as desired by making the encryption key for the metadata available to such nodes” (Indiresan, ¶ [0063]). 

Regarding claim 5, the combination of Feroz and  Indiresan teach all the limitations of claim 1. Feroz does not explicitly disclose: wherein the clear data is encrypted based at least in part on a value of a key
However Merritt teaches: wherein the clear data is encrypted based at least in part on a value of a key ( Merritt, see ¶ [0063], “Because the metadata header includes an index value only and does not in itself include an exploitable feature, it may be passed in the clear without encryption or authentication or it may be passed as an encrypted string. Passing the metadata encrypted also means that it can optionally be observed and accounted for as well as acted upon at intermediary nodes if and as desired by making the encryption key for the metadata available to such nodes”).
 

Regarding claim 9, this claim defines a system claim that corresponds to method claim 1 and does not define beyond limitations of claim 1. Therefore, claim 9 is rejected with the same rational as in the rejection of claim 1. Furthermore, Feroz in ¶ [0104] discloses processors for executing computer readable instructions.

Regarding claim 10, this claim defines a system claim that corresponds to method claim 2 and does not define beyond limitations of claim 2. Therefore, claim 10 is rejected with the same rational as in the rejection of claim 2. Furthermore, Feroz in ¶ [0104] discloses processors for executing computer readable instructions.

Regarding claim 12, this claim defines a system claim that corresponds to method claim 4 and does not define beyond limitations of claim 4. Therefore, claim 12 is rejected with 

Regarding claim 13, this claim defines a system claim that corresponds to method claim 5 and does not define beyond limitations of claim 5. Therefore, claim 13 is rejected with the same rational as in the rejection of claim 5. Furthermore, Feroz in ¶ [0104] discloses processors for executing computer readable instructions.

Regarding claim 17, this claim defines a computer program product comprising a computer readable storage medium claim that corresponds to method claim 1 and does not define beyond limitations of claim 1. Therefore, claim 17 is rejected with the same rational as in the rejection of claim 1. Furthermore, Feroz in ¶ [0104] discloses computer program product that includes a computer readable storage medium with instructions that a processors executing computer readable instructions.

Regarding claim 18, this claim defines a computer program product comprising a computer readable storage medium claim that corresponds to method claim 2 and does not define beyond limitations of claim 2. Therefore, claim 18 is rejected with the same rational as in the rejection of claim 2. Furthermore, Feroz in ¶ [0104] discloses computer program product that includes a computer readable storage medium with instructions that a processors executing computer readable instructions.
Regarding claim 20, this claim defines a computer program product comprising a computer readable storage medium claim that corresponds to method claim 4 and does not .
17.	Claims 3, 6-7, 11, 14-15, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Feroz et al. U.S. 20200225978 hereinafter “Feroz” Filed Mar. 28, 2020 in view of lndiresan et al. US 20200036610 hereinafter “Indiresan” Published  Jan. 30, 2020 further in view of Morris Merritt 20170104723 Published Apr. 13, 2017. 

Regarding claim 3, the combination of Feroz and  Indiresan teach all the limitations of claim 2. The combination of Feroz and Indiresan do not explicitly disclose: further teaches: wherein the second encrypted data is the same as the encrypted data, and the second clear data is the same as the clear data
However Merritt teaches: wherein the second encrypted data is the same as the encrypted data, and the second clear data is the same as the clear data (Merritt, see ¶ [0069], “decrypting partially encrypted data using selective encryption delineation in accordance with this disclosure. In some embodiments, decrypting partially encrypted data using selective encryption delineation may be implemented on a device, such as the proxy 310 shown in FIG. 3. In some embodiments, decrypting partially encrypted data using selective encryption delineation may include receiving the partially encrypted data at 500, identifying an unencrypted portion at 510, identifying an encrypted portion sentinel at 520, decrypting an encrypted portion at 530”). 
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Feroz and Indiresan with the teaching of Merritt because the use of Merritt’s idea (Merritt, see abstract) could provide Feroz (Feroz, see abstract)in view of Indiresan (Indiresan, see abstract) the ability to identify encrypted and unencrypted from the same string and modify each portion accordingly and output each data or the combination thereof in order to achieve the same functionality of  

Regarding claim 6, the combination of Feroz and  Indiresan teach all the limitations of claim 1. The combination of Feroz and Indiresan do not explicitly disclose: wherein the clear data selected for encryption is a subset of the contents of the outbound payload
However Merritt teaches: wherein the clear data selected for encryption is a subset of the contents of the outbound payload (Merritt, see ¶¶ [0068-0069], “partially encrypted data corresponding to the outbound data received at 400 may be output at 440. For example, the partially encrypted output data stream, or the content of the output buffer, may be stored in memory or transmitted to an external device, such as a sever in another domain. For example, the outbound data received at 400 may include an HTTP GET request, or an HTTP POST, which may include a combination of insensitive and sensitive data in unencrypted form”; “decrypting partially encrypted data using selective encryption delineation in accordance with this disclosure. In some embodiments, decrypting partially encrypted data using selective encryption delineation may be implemented on a device”). 
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Feroz and Indiresan with the teaching of Merritt because the use of Merritt’s idea (Merritt, see abstract) could provide Feroz (Feroz, see abstract)in view of Indiresan (Indiresan, see abstract) the ability to identify metadata and indexing the metadata header with a value and each portion either encrypted or unencrypted by supplying the desired encryption key for metadata for each data or the combination thereof in order to achieve the same functionality of applicant’s limitation, “Because the metadata header includes an index value … Passing the metadata encrypted also means that it can optionally be observed and accounted for as well as acted upon at intermediary 

Regarding claim 7, the combination of Feroz and  Indiresan teach all the limitations of claim 1. The combination of Feroz and Indiresan do not explicitly disclose: wherein the clear data selected for encryption is a subset of the clear data in the outbound payload
However Merritt teaches: wherein the clear data selected for encryption is a subset of the clear data in the outbound payload (Merritt, see ¶¶ [0045 and 0055], “a first portion of the outbound data may be an insensitive portion and may be identified at 410. In some embodiments, the proxy may receive the outbound data at 400, may enter an unencrypted state in response to receiving the outbound data, may determine that a first portion of the outbound data does not include sensitive information, and may include the corresponding portion of the outbound data in a partially encrypted output data stream, or an output buffer for subsequent inclusion in the output data stream. For example, the outbound data may include an HTTP GET request that includes a URL that includes parameters as shown in Equation 1, and a first portion of the outbound data, such as "HTTP://www.example.com/path?paraml =", may be identified as an insensitive portion”). 
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Feroz and Indiresan with the teaching of Merritt because the use of Merritt’s idea (Merritt, see abstract) could provide Feroz (Feroz, see abstract)in view of Indiresan (Indiresan, see abstract) the ability to identify metadata and indexing the metadata header with a value and each portion either encrypted or unencrypted by supplying the desired encryption key for metadata for each data or the combination thereof in order to achieve the same functionality of applicant’s limitation, “Because the metadata header includes an index value … Passing the metadata encrypted also means that it can optionally be observed and accounted for as well as acted upon at intermediary 

Regarding claim 11, this claim defines a system claim that corresponds to method claim 3 and does not define beyond limitations of claim 3. Therefore, claim 11 is rejected with the same rational as in the rejection of claim 3. Furthermore, Feroz in ¶ [0104] discloses processors for executing computer readable instructions.

Regarding claim 14, this claim defines a system claim that corresponds to method claim 6 and does not define beyond limitations of claim 6. Therefore, claim 14 is rejected with the same rational as in the rejection of claim 6. Furthermore, Feroz in ¶ [0104] discloses processors for executing computer readable instructions.

Regarding claim 15, this claim defines a system claim that corresponds to method claim 7 and does not define beyond limitations of claim 7. Therefore, claim 15 is rejected with the same rational as in the rejection of claim 7. Furthermore, Feroz in ¶ [0104] discloses processors for executing computer readable instructions.

Regarding claim 19, this claim defines a computer program product comprising a computer readable storage medium claim that corresponds to method claim 3 and does not define beyond limitations of claim 3. Therefore, claim 19 is rejected with the same rational as in the rejection of claim 3. Furthermore, Feroz in ¶ [0104] discloses computer program product that .
18.	Claims 8 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Feroz et al. U.S. 20200225978 hereinafter “Feroz” Filed Mar. 28, 2020 in view of lndiresan et al. US 20200036610 hereinafter “Indiresan” Published  Jan. 30, 2020 further in view of Wadhwa et al. 20180054490 Published Feb. 22, 2018. 

Regarding claim 8, the combination of Feroz and  Indiresan teach all the limitations of claim 1. The combination of Feroz and Indiresan do not explicitly disclose: wherein the API is a RESTful API
However Wadhwa teaches: wherein the API is a RESTful API (Wadhwa, see ¶ [0144]). 
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Feroz and Indiresan with the teaching of Wadhwa because the use of Wadhwa’s idea (Wadhwa, see abstract) could provide Feroz (Feroz, see abstract) in view of Indiresan (Indiresan, see abstract) the ability to
Provide modern RESTful and Streaming Application Programming Interfaces (APis) to enable powerful integration between enterprise systems and connected devices, “The platform engine 101 provides highly customizable, machine learning empowered, real-time device actors with streaming decision pipelines to help integrate physical devices into, for example, enterprise business processes” (Wadhwa, ¶ [0144]).

Regarding claim 16, this claim defines a system claim that corresponds to method claim 8 and does not define beyond limitations of claim 8. Therefore, claim 16 is rejected with the same rational as in the rejection of claim 7. Furthermore, Feroz in ¶ [0104] discloses processors for executing computer readable instructions.


Examiner note:
19.	In the case of amending the Claimed invention, Applicant is respectfully requested to indicate the portion(s) of the specification which dictate(s) the structure relied on for proper interpretation and also to verify and ascertain the metes and bounds of the claimed invention. This will assist in expediting compact prosecution.  MPEP 714.02 recites: “Applicant should also specifically point out the support for any amendments made to the disclosure. See MPEP § 2163.06. An amendment which does not comply with the provisions of 37 CFR 1.121(b), (c), (d), and (h) may be held not fully responsive. See MPEP § 714.”  Amendments not pointing to specific support in the disclosure may be deemed as not complying with provisions of 37 C.F.R.  1.131(b), (c), (d), and (h) and therefore held not fully responsive. Generic statements such as “Applicants believe no new matter has been introduced” may be deemed insufficient.

Conclusion
20.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Verzun et al. US 2019/0386969 discloses a dynamic list of the client devices that are connected to the cloud, a "task" function, which entails the receipt and transmission of the packets.
Fielding et al. 2019 IP.com, “Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing (RFC7230)” discloses which uses extensible semantics and self-descriptive message payloads for flexible interaction with network-based hypertext information systems.

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, KRISTINE L KINCAID can be reached on (571) 272-4063. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272- 1000.
/KHALIL NAGHDALI/Primary Examiner, Art Unit 2437