DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Allowable Subject Matter
Claims 1, 3-11 and 13-22 are allowed.

Reasons for Allowance
Examiner’s statement of reasons for allowance for claims 1, 3-11 and 13-22 are stated below.

Regarding independent Claims 1, 11 and 20, the Examiner found neither prior art cited in its entirety, nor based on the prior art, found any motivation to combine any of said prior art that teaches “inspecting, by a processor, payloads of data packets belonging to a new encrypted data flow for a secure sockets layer certificate, wherein evidence of a transport control protocol handshake has been previously detected in the new encrypted data flow by a first device that forwards only data packets belonging to new encrypted data flows to the processor and forwards only data packets belonging to existing encrypted data flows to a different processor; detecting, by the processor, the secure sockets layer certificate in a payload of one of the data packets that has been inspected; and extracting, by the processor, the secure sockets layer certificate from the payload of the one of the data packets” in combination with all the elements of the independent claims respectively. 
The dependent claims 3-10, 21-22 and 13-19 are allowable due to its dependence on independent claims 1 and 11 respectively.

The closest prior art made of record are:
Yung (USPN7,778,194) teaches a system and method for classifying encrypted network traffic.  The classification of network traffic that has been encrypted according to a dynamically-created encryption mechanism involving a handshake between two end-systems, such as the SSL and TLS 
Leong (US2010/0135323) teaches a system and a method for removing irrelevant portions of a packet, while retaining relevant portions.  For a series of network packets, a packet is obtained from the network.  The packet includes at least a header, one or more packet fields, and a first data payload.  The protocol of the packet is determined.  Once the protocol is known, the packet header is parsed to determine the position of the first data payload.  Based on the determine positions of the first data payload, a modified packet is created by removing or masking the first data payload. 
El-Moussa et al. (US2017/0013000) teaches a system and a method for detecting malicious encrypted traffic. An analyzer adapted to identify characteristics of a network connection to determine a protocol of a network connection; a network traffic recorder adapted to record a subset of network traffic corresponding to a window of network traffic; an entropy estimator adapted to evaluate an estimated measure of entropy for a portion of network traffic of a network connection recorded by the network traffic recorder; and a window selector adapted to identify and store a window as a portion of a network connection for which an estimated measure of entropy is most similar for a plurality of network connections, the identified window being stored in association with an identifier of a protocol determined by the analyzer and in association with an identifier of a malicious software component establishing the network connections for communication of malicious encrypted network traffic.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HENRY TSANG whose telephone number is (571)270-7959.  The examiner can normally be reached on M-F 8am - 5pm EST.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/HENRY TSANG/
Primary Examiner, Art Unit 2495