Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
                                                   DETAILED ACTION 
This is in response to the communication filed on 12/05/2019. Claims 1-24 are pending in the application.  Claims 1 and 14 are independent. Claims 1-24 are rejected. 
Claim Objections
Claims 1-13 are objected to because of the following informalities:  
Claim 1 recites limitations “at least some data received from the second computer over the computer by network”. However, limitations “over the computer by network” appear to have typographical error. Appropriate correction is required. Claims 2-13 are objected because of their dependencies on the independent claim 1.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-13 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for 
Regarding claim 1, it recites limitations “wherein the second data in the second format is included as a part of the first data in the first format”. However, it is unclear whether the “first data in first format” is actually different from the “second data in second format”, or both the first format and the second format are meant to be same format/ type.  As best understood, “second data” is interpreted to be part of “first data”. Further clarification is needed to determine the scope of the claim languages and perform a meaningful search. 
Furthermore, claim 1 recites “a first keying material” without specifying a particular type of keying material or associating it with any other types of keying material. It is unclear whether “a first keying material” is part of a plurality of keying material or implying to any type of keying material. As best understood, “a first keying material” is interpreted to be any type of keying material.
Claims 2-13 are rejected under 35 U.S.C. 112(b) because of their dependencies on the independent claim 1.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed 

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1-6 and 8-9 are rejected under 35 U.S.C. 103 as being unpatentable over US 2010/0281251 A1 (hereinafter  Arauz Rosado) in view of US 20190020684 A1 (hereinafter QIAN et al)
Regarding claim 1, Arauz Rosado teaches a method of forwarding data in a computer network, the method comprising: 
receiving, by a first module of a first computer (note figure 3.306: IPSec dev 2; para. [0010], [0017]-[0018]: peer IMS device; also see figure 7A: terminating IMS device) from a second module of a second computer over the computer network (note figure 3.303: IPSec dev 1; para. [0010], [0017] - [0018]: initiating IMS device; also see figure 7A: initiating IMS device), at least one incoming message with a first data in a first format (note para. [0010], [0018], [0023]: message including particular data structure  format/ type to include various types of SA data such as destination address, cryptographic/ keying data etc.), the first format being defined to contribute to derivation of a first keying material (note para. [0023], [0046]: message including keying information), and with a second data in a second format, the second format being defined to specify at least one forwarding destination for at least some data received by the first module of the first computer from the second computer (note para.  [0018], [0046]: message including a format/ type of a destination IP address)
extracting, by the first module, at least part of the second data from the first data (note para. [0006]- [0008], [0023]: decrypting/ extracting packet at receiver node);
determining, by the first module, at least one forwarding destination from the extracted data (note figure 3: IPSec devices; para.  [0012], [0018], [0058]: determining destination/ forwarding address from SA/ message; see also figure 7A: SA set up); and 
forwarding, by the first module, to a third module of a third computer (note figure 3.17: forwarding to Host C; para.  [0010], [0058]; see also figure 7A: forwarding to Host B) referenced by the at least one forwarding destination (note para. [0018], [0053], [0058]), at least some data received from the second computer over the computer by network (note para. [0008], [0018], [0058])
Arauz Rosado fails to disclose expressly wherein the second data in the second format is included as a part of the first data in the first format.
However, QIAN et al teaches wherein the second data in the second format is included as a part of the first data in the first format (note para. [0038], [0043]: inner header data included in outer header or the encapsulated original packet)
QIAN et al and Arauz Rosado   are analogous art because they are from the same field of endeavor of securely exchanging communication data between different network nodes/ endpoints.  Therefore, before the time of effective filing of the claimed invention, it would have been obvious to a person of ordinary skill in art to modify Arauz Rosado   method to further include the features of wherein the second data in the second format is included as a part of the first data in the first format taught by  QIAN et al since such arrangement would allow users to securely exchange various types of  header/ packetized data in a IPsec protocol  based communication scheme (note QIAN et al, para.  [0001], [0036])
Regarding claim 2, Arauz Rosado teaches the method of claim 1, wherein the forwarding the at least some data from the first module to the third module comprises forwarding the at least some data through a local connection between the first module (note figure 3.306: IPSec dev 2)  and the third module (note figure 3.17: forwarding to Host C), without sending the at least some data to a public internet protocol (IP) address (note fig 3: connection between IPSec dev 2  and Host C in  private network 2 without using public network/ internet; para. [0008])
Regarding claim 3, Arauz Rosado  teaches the method of claim 1, where the first computer and the third computer reside on a same local network (note fig 3: connection between IPSec dev 2  and Host C in  private network 2; para. [0008])
Regarding claim 4, Arauz Rosado  fails to teach expressly the method where the first module and the third module reside in different Virtual Machines (VMs) on the same local network.
However, QIAN et al teaches the method where the first module and the third module reside in different Virtual Machines (VMs) on the same local network (note para. [0013], [0038]: source and destination being virtual machines)
QIAN et al and Arauz Rosado   are analogous art because they are from the same field of endeavor of securely exchanging communication data between different network nodes/ endpoints.  Therefore, before the time of effective filing of the claimed invention, it would have been obvious to a person of ordinary skill in art to modify Arauz Rosado   method to further include the features of wherein the first module and the third module reside in different Virtual Machines (VMs) on the same local network taught by  QIAN et al since such arrangement would allow users to securely exchange data in  a virtualized environment (note QIAN et al, para.  [0001])
Regarding claim 5, Arauz Rosado   fails to teach expressly teaches the method where the first module and the third module reside in different containers on the first computer, the first computer being the same as the third computer.
However, QIAN et al teaches the method where the first module and the third module reside in different containers on the first computer, the first computer being the same as the third computer (note figure 3: various VM/ containers in a host machine 300 connected to a physical network; also see para. [0033], [0038])
QIAN et al and Arauz Rosado   are analogous art because they are from the same field of endeavor of securely exchanging communication data between different network nodes/ endpoints.  Therefore, before the time of effective filing of the claimed invention, it would have been obvious to a person of ordinary skill in art to modify Arauz Rosado   method to further include the features of the where the first module and the third module reside in different containers on the first computer, the first computer being the same as the third computer taught by  QIAN et al in order to provide users with an alternative and virtualized network infrastructure/ arrangement  for securely exchanging communication data (note QIAN et al, para.  [0001], [0033])
Regarding claim 6, Arauz Rosado   teaches the method of claim 1, wherein forwarding the at least some data from the first module to the third module is performed without forwarding an internet protocol (IP) address of the second computer (note fig 3: connection between IPSec dev 2  and Host C in  private network 2 can be performed outside of internet/ public network) 
Regarding claim 8, it is rejected applying as same motivation and rationale applied above rejecting claim 7, furthermore, Arauz Rosado   teaches the method further comprising: decrypting, by the third module, the at least some data to obtain decrypted data (note para. [0006], [0012]: decrypting IPSec packets) Furthermore, Shetty et al additionally teaches sending, by the third module, the decrypted data to one or more content servers over the computer network (note para. [0031], [0035]: content or application  server, repository in communication with the host devices) 
Regarding claim 9, Arauz Rosado   teaches the method of claim 1, further comprising: deriving, by the first module, the first keying material and decrypting the at least some data received from the second computer by using the first keying material (note para. [0006], [0012]: decrypting IPSec packets), without sharing the first keying material with the third module (note para. [0051], [0056]: device’s own secret/ derived key)

Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over Arauz Rosado  in view of QIAN et al further in view of US 2010/0095121 A1 (hereinafter  Shetty et al)
Regarding claim 7, Arauz Rosado   teaches the method of claim 1, wherein forwarding the at least some data from the first module to the third module is performed (note fig 3: connection between IPSec dev 2 and Host C in private network 2; para. [0008])
Modified QIAN et al-Arauz Rosado   fails to teach expressly wherein forwarding the at least some data from the first module to the third module is performed without decrypting the at least some data.
However, Shetty et al teaches wherein forwarding the at least some data from the first module to the third module is performed without decrypting the at least some data (note figure 1.135 and 1.150a; handshake process, and non-encrypted session between client computer and server computer would require no decryption; and para. [0039])
Shetty et al and Arauz Rosado   are analogous art because they are from the same field of endeavor of securely exchanging communication data between different network nodes/ endpoints.  Therefore, before the time of effective filing of the claimed invention, it would have been obvious to a person of ordinary skill in art to further modify QIAN et al-Arauz Rosado   method to include the features of wherein forwarding the at least some data from the first module to the third module is performed without decrypting the at least some data taught by  Shetty et al since such arrangement would allow users securely and efficiently exchange communication data based on pre-established authentication/ keying information (note Shetty et al, para.  [0011], [0021])

Claims 10-13 are rejected under 35 U.S.C. 103 as being unpatentable over Arauz Rosado in view of  QIAN et al further in view of  US 10,951,652 B1 (hereinafter Sharifi Mehr)
Regarding claim 10, Modified QIAN et al- Arauz Rosado  method fails to teach expressly where the first format is defined in accordance with Transport Level Security (TLS) protocol, while the first incoming message is selected from the group consisting of messages according to TLS protocol including Client Hello and Client Finished.
However,   Sharifi Mehr teaches where the first format is defined in accordance with Transport Level Security (TLS) protocol, while the first incoming message is selected from the group consisting of messages according to TLS protocol including Client Hello and Client Finished (note column 4, starts at line 20: TLS “client hello” message)
Sharifi Mehr and Arauz Rosado   are analogous art because they are from the same field of endeavor of securely exchanging communication data between different network nodes/ endpoints.  Therefore, before the time of effective filing of the claimed invention, it would have been obvious to a person of ordinary skill in art to further modify QIAN et al -Arauz Rosado   method to include the features of where the first format is defined in accordance with Transport Level Security (TLS) protocol, while the first incoming message is selected from the group consisting of messages according to TLS protocol including Client Hello and Client Finished taught by  QIAN et al since such arrangement would allow users to create secure communication sessions efficiently utilizing TLS connections (note Sharifi Mehr, col. 3, starts at line 13)
Regarding claim 11, it is rejected applying as same motivation and rationale applied above rejecting claim 10, furthermore, Sharifi Mehr teaches the method wherein the second data is included as at least part of a field selected from the group consisting of Client Random, Session ID and Session Ticket (note column 3, lines 15-20: session ticket; and column 4, lines 20-35: session identifier)
Regarding claim 12, it is rejected applying as same motivation and rationale applied above rejecting claim 11, furthermore, QIAN et al  teaches  wherein the second data is selected from the group consisting of an identifier of a Virtual Machine and an identifier of a container  (note para. [0040]: VNI) Furthermore, Sharifi Mehr additionally teaches the method wherein the second data is selected from the group consisting of an internet protocol (IP) address, a domain name, an identifier of a Virtual Machine and an identifier of a container  (note column 4, lines 10-35: IP address ranges; qualified domain names of servers)
Regarding claim 13, it is rejected applying as same motivation and rationale applied above rejecting claim 11, furthermore, Sharifi Mehr additionally teaches the method wherein the first data comprises a session resumption data, the method further comprising: extracting the at least the part of the second data from the first data without using the first data for session resumption (note column 7, starts at line 9: handling of session resumption requests)
Claims 14-19 and 22 are rejected under 35 U.S.C. 103 as being unpatentable over Arauz Rosado in view of  Shetty et al.
Regarding claim 14, Arauz Rosado teaches a method of forwarding data in a computer network, the method comprising: 
receiving, by a first module of a first computer (note figure 3.17: forwarding to Host C; para.  [0010], [0058]; see also figure 7A: forwarding to Host B), first encrypted data (note para. [0006]), the first data being forwarded to the first module after being received by a second module of a second computer (note figure 3.303: IPSec dev 2; para. [0010], [0017] - [0018]: initiating IMS device; also see figure 7A: initiating IMS device) from a third module of a third computer over the computer network (note figure 3.303: IPsec dev 1; para. [0010], [0017] - [0018]: initiating IMS device; also see figure 7A: initiating IMS device), the first data being encrypted with a first key known to the first module but not to the second module (note para. [0051], [0056]: device’s own secret/ derived key), 
decrypting, by the first module, the first data (note para. [0006], [0012]: decrypting IPSec packet); and 
determining, by the first module, whether at least part of the decrypted first data is addressed to the second module (note figure 3: IPSec devices; para.  [0012], [0018], [0058]: determining destination/ forwarding address from SA/ message; see also figure 7A: SA set up); 
in response to determining that the at least the part of the decrypted first data is addressed to the second module (note para. [0012], [0018]), sending second data derived from the at least the part of the first data to a fourth module (note figure 3.17: forwarding to Host C; para.  [0010], [0058]; see also figure 7A: forwarding to Host B)
Arauz Rosado  fails to teach expressly sending second data derived from the at least the part of the first data to a fourth module without encrypting the second data with the first key; and the fourth module being programmed to change a state of the second module.
However, Shetty et al teaches sending second data derived from the at least the part of the first data to a fourth module without encrypting the second data with the first key (note figure 1.135 and 1.150a; handshake process, and non-encrypted session between client computer and server computer; and para. [0039]); and the fourth module being programmed to change a state of the second module (note para. [0064], [0068]: changing state variables)
Shetty et al and Arauz Rosado   are analogous art because they are from the same field of endeavor of securely exchanging communication data between different network nodes/ endpoints.  Therefore, before the time of effective filing of the claimed invention, it would have been obvious to a person of ordinary skill in art to modify Arauz Rosado   method to further include the features of sending second data derived from the at least the part of the first data to a fourth module without encrypting the second data with the first key; and the fourth module being programmed to change a state of the second module taught by  Shetty et al since such arrangement would allow users securely and efficiently exchange communication data based on pre-established authentication and state information  (note Shetty et al, para.  [0021], [0042])
Regarding claim 15, Arauz Rosado teaches the method of claim 14, wherein: receiving, by the first module, the first data by receiving the first data over one or more first connections in a first direction; and sending, by the first module, the second data to the fourth module comprises sending the second data over the one or more first connections in a reverse direction opposite the first direction (note figure 7B. 715 and 716: bidirectional processing of data blocks; see also para. [0062])
Regarding claim 16, Arauz Rosado teaches the method of claim 14, wherein the second data includes a first message from the third computer  (note figure 3.303: IPsec dev 1; para. [0010], [0017] - [0018]: initiating IMS device; also see figure 7A: initiating IMS device) to the second computer (note figure 3.303: IPSec dev 2; para. [0010], [0017] - [0018]: initiating IMS device; also see figure 7A: initiating IMS device)
Regarding claim 17, Arauz Rosado teaches the method of claim 16, wherein the first message is effective to cause the second computer to change a forwarding destination for at least some future data received from the third computer (note figure 3: IPSec devices; para.  [0012], [0018], [0058]: determining destination/ forwarding address from SA/ message; see also figure 7A: SA set up), such that at least some of the future data will be forwarded to a fifth module of a fifth computer, without being forwarded to the first module of the first computer (note para.  [0012], [0018], [0058]: Arauz Rosado  suggests selective communication with various forwarding/ destination addresses based on determined SA information)
Regarding claim 18, Arauz Rosado teaches the method of claim 17, wherein the at least some of the future data forwarded to the fifth module is encrypted with a second key, the first key being different from the second key (note para.  [0018], [0056], [0058]: selective communication with various forwarding/ destination addresses based on determined SA information), the first key being known to the first module but not to the second module and the fifth module, the second key being known to the fifth module but not to the first module and the second module (note para. [0051], [0056]:  specific secret/ derived key associated with a particular network node/ communication device)
Regarding claim 19, Arauz Rosado  teaches the method of claim 17, wherein the forwarding the at least some of the future data to the fifth module is performed without forwarding the internet protocol (IP) address of the third computer (note fig 3: connection between IPSec dev 2  and Host C in  private network 2 without using public network/ internet; para. [0008])

Regarding claim 22, Arauz Rosado teaches the method of claim 14, where the second computer and at least one of the first computer and the fifth computer reside on a same local network (note fig 3: connection between IPSec dev 2  and Host C in  private network 2; para. [0008])

Claim 20 is rejected under 35 U.S.C. 103 as being unpatentable over Arauz Rosado in view of  Shetty et al further in view of Sharifi Mehr.
Regarding claim 20, Arauz Rosado  fails to teach expressly the method of claim 16, where the first message is effective to inform the second module whether to continue data exchange with the third computer.
However, Sharifi Mehr teaches the method where the first message is effective to inform the second module whether to continue data exchange with the third computer (note figure 2: communicating “server list”  to client 202 regarding resuming a communication session; and figure 12.1218: notification to client regarding session establishment; see also col 11, lines 15-25)
Sharifi Mehr and Arauz Rosado   are analogous art because they are from the same field of endeavor of securely exchanging communication data between different network nodes/ endpoints.  Therefore, before the time of effective filing of the claimed invention, it would have been obvious to a person of ordinary skill in art to further modify Shetty et al -Arauz Rosado   method to include the features of the method where the first message is effective to inform the second module whether to continue data exchange with the third computer taught by  Sharifi Mehr since such arrangement would allow users to efficiently share status of latest content/ data exchange information (note Sharifi Mehr, col 11, lines 15-25)

Claim 21 is rejected under 35 U.S.C. 103 as being unpatentable over Arauz Rosado in view of  Shetty et al further in view of  US 8,396,799 B2 (hereinafter Hurry)
Regarding claim 21, Arauz Rosado  fails to teach expressly  the method wherein the first message contains information about the payment received from a user of the third computer.
However, Hurry teaches the method wherein the first message contains information about the payment received from a user of the third computer (note column 16, lines 41-65; and column 19, lines 7-17: message to client/ media device including payment/ account information)
Hurry and Arauz Rosado   are analogous art because they are from the same field of endeavor of securely exchanging communication/ media data between different network nodes/ endpoints.  Therefore, before the time of effective filing of the claimed invention, it would have been obvious to a person of ordinary skill in art to further modify Shetty et al -Arauz Rosado   method to include the features of the method wherein the first message contains information about the payment received from a user of the third computer taught by  Hurry since such arrangement would allow a media/ content server to efficiently and securely share payment related information with a user/ client (note Hurry, column 19, lines 7-17)
Claims 23-24 are rejected under 35 U.S.C. 103 as being unpatentable over Arauz Rosado in view of  Shetty et al further in view of QIAN et al.
Regarding claim 23, Arauz Rosado  fails to teach expressly the method of claim 14, where the second module and at least one of the first module and the fifth module reside in different Virtual Machines (VMs) on a same local network.
However, QIAN et al teaches the method of claim 14, where the second module and at least one of the first module and the fifth module reside in different Virtual Machines (VMs) on a same local network (note para. [0013], [0038]: source and destination being virtual machines)
QIAN et al and Arauz Rosado   are analogous art because they are from the same field of endeavor of securely exchanging communication data between different network nodes/ endpoints.  Therefore, before the time of effective filing of the claimed invention, it would have been obvious to a person of ordinary skill in art to modify Arauz Rosado   method to further include the features of where the second module and at least one of the first module and the fifth module reside in different Virtual Machines (VMs) on a same local network taught by  QIAN et al since such arrangement would allow users to securely exchange data in  a virtualized environment (note QIAN et al, para.  [0001])
Regarding claim 24, Arauz Rosado  fails to teach expressly the method of claim 14, where the second module and at least one of the first module and the fifth module reside in different containers on the second computer, the second computer being the same as at least one of the first computer and the fourth computer.
However, QIAN et al teaches where the second module and at least one of the first module and the fifth module reside in different containers on the second computer, the second computer being the same as at least one of the first computer and the fourth computer (note figure 3: various VM/ containers in a host machine 300 connected to a physical network; also see para. [0033], [0038])
QIAN et al and Arauz Rosado   are analogous art because they are from the same field of endeavor of securely exchanging communication data between different network nodes/ endpoints.  Therefore, before the time of effective filing of the claimed invention, it would have been obvious to a person of ordinary skill in art to modify Arauz Rosado   method to further include the features of where the second module and at least one of the first module and the fifth module reside in different containers on the second computer, the second computer being the same as at least one of the first computer and the fourth computer taught by  QIAN et al in order to provide users with an alternative and virtualized network infrastructure/ arrangement  for securely exchanging communication data (note QIAN et al, para.  [0001], [0033])

           Conclusion
A shortened statutory period for response to this action is set to expire in 3 (Three) months and 0 (Zero) days from the mailing date of this letter. Failure to respond within the period for response will result in ABANDOMENT of the application (see 35 U.S.C 133, M.P.E.P 710.02(b)). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHANTO ABEDIN whose telephone number is 571-272-3551.  The examiner can normally be reached on M-F from 8:30 AM to 6:30 PM. If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Jung (Jay) Kim, can be reached on 571-272-3804. The RightFax number for faxing directly to the examiner is 571-273-3551. 
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http:// www.uspto.gov/interviewpractice.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).

/SHANTO ABEDIN/               Primary Examiner, Art Unit 2494