DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statements (IDS) submitted on 11/25/2020, 02/22/2021 and 07/22/2021 are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Majumder et al. (US Pub No. 2018/0351970) in view of Guo et al. (US Patent No. 9,800,560).
Regarding independent claim 1, Majumder teaches a method comprising: by a dynamic session key acquisition (DSKA) engine residing in a 5virtual environment: receiving session decryption information extraction instructions that configure the DSKA engine to obtain session decryption information for at least one communication session involving a virtual machine (Majumder, page 4, paragraphs 0034 and 0032; the decryption manager obtains cryptographic key information; the decryption manager in part of the monitoring manager included in the virtual tap, which is provisioned by the virtual tap controller (page 4, paragraph 0030 instructions/rules  to monitor/decrypt));  10obtaining the session decryption information from a server instance hosted by the virtual machine in accordance with the session decryption information extraction instructions, wherein the session decryption information includes cryptographic keys utilized by an application server instance in the virtual machine to establish the at least one communication 15session (Majumder, page 4, paragraph 0034 and page 3, paragraph 0023; the decryption manager obtains cryptographic key information to decrypt encrypted packets; key obtained from virtual machine); storing the session decryption information obtained from the virtual machine (Majumder, page 4, paragraph 0029; key store stores cryptographic keys corresponding to encrypted packet flow communication between virtual machines). 
Majumder does not explicitly teach providing the session decryption information to a network traffic monitoring (NTM) agent, wherein the NTM agent utilizes the session 20decryption 
	Guo teaches providing the session decryption information to a network traffic monitoring (NTM) agent, wherein the NTM agent utilizes the session 20decryption information to decrypt copies of encrypted network traffic flows belonging to the at least one communication session involving the virtual machine (Guo, column 10, lines 61-67, column 11, lines 40-58 and column 13, lines 25-33; remote monitoring agent receives symmetric key from the local monitoring agent and utilize the symmetric key to decrypt data).
	It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Majumder with the teachings of Guo to receive a symmetric key and decrypt information to provide the advantage of an improved system for monitoring encrypted data transmission (Guo, column 1, lines 20-31).
	Regarding claim 2, Majumder in view of Guo teaches the method wherein the session decryption information extraction instructions are received by the DSKA engine from a virtual tap instance or the NTM agent (Majumder, page 4, paragraphs 0031-0032; virtual tap instance).
Regarding claim 3, Majumder in view of Guo teaches the method wherein obtaining the session decryption information from the virtual machine includes acquiring the session decryption information via a direct access to a key store in the server instance hosted by the virtual machine (Majumder, pages 2-3, paragraphs 0021-0022).
claim 4, Majumder in view of Guo teaches the method wherein the DSKA engine utilizes a query function that sends a request message to server instance requesting the session decryption information stored in the key store (Majumder, page 5, paragraph 0043).
Regarding claim 5, Majumder in view of Guo teaches each and every claim limitation of claim 1, however, Guo teaches the method wherein the NTM agent is a virtual instance hosted by a second virtual machine in the virtual environment (Guo, column 19, lines 31-51 and column 6, lines 44-66; remote monitored node implemented as a virtual environment).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Majumder with the teachings of Guo to receive a symmetric key and decrypt information to provide the advantage of an improved system for monitoring encrypted data transmission (Guo, column 1, lines 20-31).
Regarding claim 6, Majumder in view of Guo teaches each and every claim limitation of claim 1, however, Guo teaches the method wherein the NTM agent is configured to use the session decryption information to decrypt copies of encrypted network traffic flow records to produce decrypted network traffic flow records (Guo, column 13, lines 2-33).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Majumder with the teachings of Guo to receive a symmetric key and decrypt information to provide the advantage of an improved system for monitoring encrypted data transmission (Guo, column 1, lines 20-31).
Regarding claim 7, Majumder in view of Guo teaches each and every claim limitation of claim 1, however, Guo teaches the method wherein the DSKA engine is configured to 10forward Guo, column 15, lines 50-65).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Majumder with the teachings of Guo to receive a symmetric key and decrypt information to provide the advantage of an improved system for monitoring encrypted data transmission (Guo, column 1, lines 20-31).
Regarding claim 8, Majumder in view of Guo teaches the method wherein the server instance includes a secure sockets layer (SSL) enabled server instance or a transport layer security (TLS) enabled server instance (Majumder, page 2, paragraph 0021).
Regarding independent claim 9, Majumder teaches a system comprising: at least one virtual tap instance residing in a virtual environment configured to capture encrypted network traffic flows 15belonging to at least one communication session involving an application server instance hosted by a virtual machine, wherein the at least one virtual instance of a software-based monitoring agent application that executed by a processor of a computing platform supporting the virtual environment (Majumder, 2, paragraphs 0015-0016 and 0021; virtual tap monitor packet flow between virtual machines); and a dynamic session key acquisition (DSKA) engine residing in the virtual environment configured to receive session decryption information extraction instructions that configure the DSKA engine to 20obtain session decryption information for at least one communication session involving a virtual machine (Majumder, page 4, paragraphs 0034 and 0032; the decryption manager obtains cryptographic key information; the decryption manager in part of the monitoring manager included in the virtual tap, which is provisioned by the virtual tap controller (page 4, paragraph 0030 instructions/rules  to monitor/decrypt)),10 to obtain the session decryption information from the virtual machine in accordance with the session decryption information extraction instructions, wherein the session decryption information includes cryptographic keys utilized by the 25application server instance to establish the at least one communication session (Majumder, page 4, paragraph 0034 and page 3, paragraph 0023; the decryption manager obtains cryptographic key information to decrypt encrypted packets; public key obtained from virtual machine), to store the session decryption information obtained from the virtual machine (Majumder, page 4, paragraph 0029; key store stores cryptographic keys corresponding to encrypted packet flow communication between virtual machines). 
Majumder does not explicitly teach provide the session decryption information to a network traffic monitoring (NTM) agent, wherein the NTM agent utilizes the session decryption information to 30decrypt copies of encrypted network traffic flows belonging to the at least one communication session involving the virtual machine.
	Guo teaches provide the session decryption information to a network traffic monitoring (NTM) agent, wherein the NTM agent utilizes the session 20decryption information to decrypt copies of encrypted network traffic flows belonging to the at least one communication session involving the virtual machine (Guo, column 10, lines 61-67, column 11, lines 40-58 and column 13, lines 25-33; remote monitoring agent receives symmetric key from the local monitoring agent and utilize the symmetric key to decrypt data).
	It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Majumder with the teachings of Guo to receive a Guo, column 1, lines 20-31).
Regarding claim 10, Majumder in view of Guo teaches the system wherein the session decryption information extraction instructions are received by the DSKA engine from a virtual tap instance or the NTM agent (Majumder, page 4, paragraphs 0031-003; virtual tap instance 2).
Regarding claim 11, Majumder in view of Guo teaches the system wherein the DSKA engine is configured to 5acquire the session decryption information from the virtual machine includes acquiring the session decryption information via a direct access to a key store in the server instance hosted by the virtual machine (Majumder, pages 2-3, paragraphs 0021-0022).
Regarding claim 12, Majumder in view of Guo teaches the system wherein the DSKA engine utilizes a query function that sends a request message to server instance requesting the session decryption information stored in the key store (Majumder, page 5, paragraph 0043).
Regarding claim 13, Majumder in view of Guo teaches each and every claim limitation of claim 9, however, Guo teaches the system wherein the NTM agent is a virtual instance hosted by a second virtual machine in the virtual environment (Guo, column 19, lines 31-51 and column 6, lines 44-66; remote monitored node implemented as a virtual environment).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Majumder with the teachings of Guo to receive a symmetric key and decrypt information to provide the advantage of an improved system for monitoring encrypted data transmission (Guo, column 1, lines 20-31).
claim 14, Majumder in view of Guo teaches each and every claim limitation of claim 9, however, Guo teaches the system wherein the NTM agent is configured to use the session decryption information to decrypt copies of encrypted network traffic flow records to produce decrypted network traffic flow records (Guo, column 13, lines 2-33).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Majumder with the teachings of Guo to a receive symmetric key and decrypt information to provide the advantage of an improved system for monitoring encrypted data transmission (Guo, column 1, lines 20-31).
Regarding claim 15, Majumder in view of Guo teaches each and every claim limitation of claim 9, however, Guo teaches the system wherein the DSKA engine is configured to 10forward the session decryption information to the NTM agent via at least one virtual tap instance and a virtual network interface card (Guo, column 15, lines 50-65).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Majumder with the teachings of Guo to receive a symmetric key and decrypt information to provide the advantage of an improved system for monitoring encrypted data transmission (Guo, column 1, lines 20-31).
Regarding claim 16, Majumder in view of Guo teaches the system wherein the server instance includes a secure sockets layer (SSL) enabled server instance or a transport layer security (TLS) enabled server instance (Majumder, page 2, paragraph 0021).
Regarding independent claim 17, Majumder teaches a non-transitory computer readable medium having stored thereon executable instructions embodied in the computer readable medium that when executed by at least one processor of a computer cause 25the Majumder, page 4, paragraphs 0034 and 0032; the decryption manager obtains cryptographic key information; the decryption manager in part of the monitoring manager included in the virtual tap, which is provisioned by the virtual tap controller (page 4, paragraph 0030; instructions/rules  to monitor/ decrypt));  10obtaining the session decryption information from the virtual machine in accordance with the session decryption information extraction instructions, wherein the session decryption information includes cryptographic keys utilized by an application server instance in the virtual machine to establish the at least one communication 15session (Majumder, page 4, paragraph 0034 and page 3, paragraph 0023; the decryption manager obtains cryptographic key information to decrypt encrypted packets; public key obtained from virtual machine); storing the session decryption information obtained from the virtual machine (Majumder, page 4, paragraph 0029; key store stores cryptographic keys corresponding to encrypted packet flow communication between virtual machines). 
Majumder does not explicitly teach providing the session decryption information to a network traffic monitoring (NTM) agent, wherein the NTM agent utilizes the session 20decryption information to decrypt copies of encrypted network traffic flows belonging to the at least one communication session involving the virtual machine.
	Guo teaches providing the session decryption information to a network traffic monitoring (NTM) agent, wherein the NTM agent utilizes the session 20decryption information to Guo, column 10, lines 61-67, column 11, lines 40-58 and column 13, lines 25-33; remote monitoring agent receives symmetric key from the local monitoring agent and utilize the symmetric key to decrypt data).
	It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Majumder with the teachings of Guo to receive a symmetric key and decrypt information to provide the advantage of an improved system for monitoring encrypted data transmission (Guo, column 1, lines 20-31).
Regarding claim 18, Majumder in view of Guo teaches the non-transitory computer readable medium wherein obtaining the session decryption information from the virtual machine includes acquiring the session decryption information via a direct access to a key store in the server instance hosted by the virtual machine (Majumder, pages 2-3, paragraphs 0021-0022).
Regarding claim 19, Majumder in view of Guo teaches the non-transitory computer readable medium wherein the DSKA engine utilizes a query function that sends a request message to server instance requesting the session decryption information stored in the key store (Majumder, page 5, paragraph 0043).
Regarding claim 20, Majumder in view of Guo teaches the non-transitory computer readable medium wherein the server instance includes a secure sockets layer (SSL) enabled server instance or a transport layer security (TLS) enabled server instance (Majumder, page 2, paragraph 0021).

Prior Art
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure are Shankar et al. (US Pub No. 2017/0289104) and CARAGEA (US Pub No. 2019/0068561).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHAQUEAL D WADE whose telephone number is (571)270-0357.  The examiner can normally be reached on M-F 8:00-5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on 571-272-4063.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you 


/SHAQUEAL D WADE-WRIGHT/             Examiner, Art Unit 2437