DETAILED ACTION
1. 	This office action is in response to an amendment filed on 11/15/2021. Claims 1-21 are pending and claims 1, 8 and 15 are independent. Each independent claim is amended. 
Notice of Pre-AIA  or AIA  Status
2.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

3.	In response to the non-final office action mailed on 08/25/2021 where the office action interpreted claims 8-14 under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant’s representative agreed with the interpretation. Thus, the office acknowledges this response and the claims 8-14 are interpreted accordingly. 
Response to Arguments

4.	Referring to the independent claims 1 and 8 and to the 35 U.S.C. 102 (a) rejection, applicant’s remarks/arguments filed on November 15, 2021 have also been fully considered but aren’t persuasive.
Applicant argued that the following bolded/underlined claim limitation recited in each independent claim is not disclosed by the prior art in particular by Wing, “receiving from the client a connection requestthat includes an indication of a site hosted by the server to which the client is attempting to connect; upon receiving the connection request, responding to the received connection request by initiating a probing connection to the server, the probing connection including: performing a cryptographic protocol with the server”.
Applicant wrote the following remark in support of the argument:
“Wing '3054 discloses a proxy device that intercepts client request messages. However, Wing '3054 does not respond to a connection request having an indication of a server-hosted site with a probing connection "upon receiving the connection request", as recited in amended claim 1. Rather, Wing '3054 discloses that upon receiving a connection request message that includes an indicator to a site hosted by a server (an SNI as part of a ClientHello message), the proxy device necessarily checks whether the SNI is stored in cache (see Wing '3054 at Paragraph [0026] and step S104 of FIG. 3). Only if the SNI is not cached (or if the request message does not include an SNI) does Wing '3054 initiate a probing connection to the server. Thus, Wing '3054 does not initiate a probing connection "upon receiving the connection request", but rather initiates the probing connection upon the indicator (SNI) not being found in cache. Wing '3054 is therefore in contrast to claim 1, which requires that a probing connection always be initiated in response to receiving a connection request that includes an indication of a server-hosted site. 
Moreover, since the proxy device of Wing '3054 skips the probing connection altogether if the SNI is present in cache and proceeds directly to applying a security policy - which can include allowing the client to navigate to the site indicated by the SNI 
- a security gap is introduced. Specifically, since the identity of the server is not yet confirmed even after an SNI is found in cache, a malicious client can manipulate the security policy. The claimed invention, on the other hand, closes this security gap, by ensuring that a probing connection is always initiated whenever a client connection request message "that includes an indication of a site hosted by the server to which the client is attempting to connect" is received, thereby preventing security policy manipulation by malicious clients. 
Accordingly, Wing '3054 fails to disclose, teach or suggest any features for "receiving from the client a connection request that includes an indication of a site hosted by the server to which the client is attempting to connect; upon receiving the connection request, responding to the received connection request by initiating a probing connection to the server... ", as recited in amended claim 1 and a similar amendment made to independent claims 8 and 15.

 
Examiner disagrees with this argument and counters that a careful reading and review/consideration of the prior art (Wing) reveals that the prior art (Wing) discloses the above argued limitations recited in each amended independent claim 1 and 8.

The amended claims 1 and 8, unlike amended claim 15, recites the following limitation:
“upon receiving the connection request, responding to the received connection request by initiating a probing connection to the server,” unlike applicant’s argument the office would like to point out that this amended claim limitation doesn’t necessarily imply that a probing connection is always initiated whenever a client connection request message without performing any further actions or without any pre-condition or without executing any steps.

As long as the prior art Wing discloses that the probing connection is initiated then the scope of the claim is disclosed by the Wing.

The office would like to the direct applicant’s attention to figure 3. In particular as it is indicated in the argument and as shown on figure 3, ref. S105, 
Wing discloses the limitation, that upon receiving a connection request message that includes an indicator to a site hosted by a server (See figure 3, ref. S100 and S101 and S103, an SNI as part of a ClientHello message. See paragraph 0017, indicates that The TLS ClientHello message  includes a server name indication (SNI) extension), then as shown on figure 3, ref. S103 proxy device further checks whether the SNI is on the negative policy list. And if the SNI is not on negative policy list, then the proxy device as shown on figure 3, S104 checks whether the SNI is stored in cache (see Paragraph [0028] and step S104 of FIG. 3, Returning to S103, when the SNI is not on the negative policy list, the TLS proxy 111 proceeds to S104. In S104, the TLS proxy 111 determines whether the SNI is listed on an identity cache.). Finally, as indicated on paragraph 0029 and figure 3, ref. S105, when it is determined in S104 that the SNI is not listed on the identity cache, the TLS proxy proceeds to S105 where the probing connection to the server is initated.
Therefore, if the SNI is not on the negative policy list and if the SNI is not cached then Wing as shown on figure 3, S105 and as disclosed on paragraph 0029 initiate a probing connection to the server. 
This implies that Wing discloses the fact that the probing connection to the server is initiated as long as the SNI is not on the negative list and as long as the SNI is not cached.

 The office would like to point out that amended claims in particular independent claims 1 and 8 , is still broad enough and does not exclude the possibility that other steps could be executed or takes place before the probing connection to the server is initiated. 
In other words, the amended claim limitation, does not explicitly indicate that a probing connection should always be initiated whenever a client connection request message without performing any further actions or without any pre-condition or without executing any steps as presented and argued by the applicant.

In response to the applicant’s second argument such that Wing fails to show certain features of applicant’s invention such as: “…the claimed invention…closes this security gap, by ensuring that a probing connection is always initiated whenever a client connection request message "that includes an indication of a site hosted by the server to which the client is attempting to connect" is received, thereby preventing security policy manipulation by malicious clients”, examiner would point out that the features upon which applicant relies (such as closing this security gap, by ensuring that a probing connection is always initiated whenever a client connection request message  are not recited in the rejected claim(s).  Although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims.  See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993).

In view of this understanding, all the claim limitation recited in independent claim 1 and 8 and the respective dependent claims 2-7 and 9-13 are disclosed by the prior art/reference (Wing) and the rejection set forth in the previous non-final office action is maintained

5.	Amended claim 15, unlike amended independent claims 1, 8 recites the claim limitation, always responding to the received connection request by initiating a probing connection to the server…..instead of “upon receiving the connection request”.

references/prior arts of the record namely by Wing:

““receiving from the client a connection requestthat includes an indication of a site hosted by the server to which the client is attempting to connect; upon receiving the connection request, always responding to the received connection request by initiating a probing connection to the server,”

Examiner would like to point out that, the newly founded prior art US Patent No. 9,419,942 b1 to Buruganahalli discloses the amended claim limitation.
In particular Buruganahalli on at least claim 1 and column 11, lines 11-23 discloses the following that meets the above amended claim limitation:

receiving from the client a connection requestthat includes an indication of a site hosted by the server to which the client is attempting to connect [See figure 1 and claim 1, where the network traffic is monitored at a firewall 100 or using a gateway (e.g., a gateway that includes security functions, such as a security gateway and see claim 1 how the firewall or the gateway or the processor, before the secure connection is created, extract the destination domain from a server name indication (SNI) of a client hello message sent from the client to the remote server, the secure connection including an encrypted message, wherein the extracting of the destination domain from the SNI of the client hello message sent from the client to the remote server comprises to: identify the SNI from the client hello message during a handshaking process for setting the secure connection between the client and the remote server. See column 11, line 15-16, step 1 where the client C (TLS Handshake) Hello, I support XYZ Encryption and I am trying to connect to ‘website.example.com’ and column 11, line 22-23, As shown in the example, TLS handshake exchange, the client provides a hostname identification in Step 1. In particular, the client indicates in this hello message which hostname it wants to setup this secure connection with so that the server then knows which public certificate to send back]; upon receiving the connection request, always responding to the received connection request by initiating a probing connection to the server [See column 11, lines 27-33, As discussed above, the firewall can intercept and decode (e.g., parse) this TLS handshake exchange to extract the hostname from the client hello message in order to apply various policies based on the destination domain. As also discussed above, the firewall can also verify whether the extracted hostname matches the hostname associated with the provided Public Certificate that was sent in Step 2 and See claim 1, see how the processor or the firewall shown on figure 1, extract a domain identified in a public certificate sent from the remote server to the client; compare the destination domain and the domain identified in the public certificate; and in the event that the destination domain matches the domain identified in the public certificate, apply a security policy based on the destination domain to filter traffic at the security device, wherein the security policy includes a whitelist/blacklist policy.]


7.	Thus, regarding claim 15-20, in response to the 35 U.S.C. 102 (a) rejection set forth in the previous office action, applicant amended at least independent 15, presumably to overcome the 102 (a) rejection set forth in the previous office action. Since the newly amended claims changed the scope and necessitated new grounds of rejection, Applicant’s arguments are moot. 


Claim Rejections - 35 USC § 102

8.	The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.


(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.





9.	Claims 1-14 are rejected under 35 U.S.C. 102 (a)(1) and/or 102 (a) (2) as being anticipated by Daniel Wing (herein after referred as Wing) (US Publication No. 2017/0223054 A1) (Published on August 3, 2017 and filed on February 2, 2016)

Examiner’s note: text in bold corresponds to the claimed limitations; text in italics underlined or not underlined correspond to the cited prior art reference (i.e., verbatim, and/or examiner’s clarification. Meaning, text after a limitation in brackets [ ] corresponds to examiner’s mapping (including further explanation and/or comments) and/or prior art reference citations. Furthermore text in brackets [ ] points out explanation how the claim limitation is taught or explicitly taught by the reference being cited for that particular limitation or part of the limitation]


As per independent claim 1 Wing discloses a method for processing cryptographically secured connections by a gateway [See abstract and figure 3, figure 2, 111, proxy the corresponds to the limitation “gateway” that is between the client device figure 2, 110 and the server shown on figure 2, 120 receives a certificate from the server, validates its identity and performs policy functions on that identity thereby creating cryptographically secure connection.] between a client [See figure 2, ref. 110/client device] and a server [See figure 2, ref. 120/server device] comprising: 
receiving from the client a connection request [See at least figure 3, ref, S100 how the TLS proxy receives a connection request from the client. Paragraph 0024, FIG. 3 illustrates an example flowchart for the system of FIG. 2. In S100, a first secure connection (e.g., user datagram protocol or TCP) is initiated by the client device 110. As part of attempting to establish a first secure connection with the server device 120, at least one initial negotiation message is sent from the client device 110 to the server device 120, ] that includes an indication of a site hosted by the server to which the client is attempting to connect [See figure 3, ref. S100,  and figure 3, S103 and S104, TLS Client Hello, where on paragraph 0017, indicates that The TLS ClientHello message includes a server name indication (SNI) extension as described in RFC 6066 dated January 2011 and available on the Internet Engineering Task Force (IETF) website. The example SNI extension, which may be described as a requested server address, shown in FIG. 1 is www.example.com.]; upon receiving the connection request [See figure 3, S103 and S104, upon receiving the connection request See figure 3, S100 and upon checking that the SNI is not on the negative policy list figure3. S103 and upon checking that the SNI is not listed in the identify cache figure 3. S104], responding to the received connection request by initiating a probing connection to the server [See figure 3, ref. S105 see how the proxy/gateway intercepts the first secure connection and initiate another Second probing connection with the server shown on figure 2/120], the probing connection including: performing a cryptographic protocol with the server [figure 3, S105 and paragraph 0029, In S105, a second secure connection (e.g., user datagram protocol or TCP) is initiated and established between the TLS proxy 111 and the server device 120. Another set of initial negotiation messages (e.g., ClientHello and ServerHello messages) are exchanged between the TLS proxy 111 and the server device 120], the cryptographic protocol including causing the server to provide an indicator to a site hosted by the server [See figure 3, S105 and paragraph 00029 and S106 where  a second secure connection (e.g., user datagram protocol or TCP) is initiated and established between the TLS proxy 111 and the server device 120. Another set of initial negotiation messages (e.g., ClientHello and ServerHello messages) are exchanged between the TLS proxy 111 and the server device 120 so that as indicated on figure 3, S106 and paragraph 0030 the server name and the certificate that indicates the site hosted by the server is provided. In S106, the TLS proxy 111 receives a server name and certificate from the server device 120]


receiving data from the server including an indicator to a site hosted by the server [See figure 3, S106 and paragraph 0030 see how the server name that indicates the site hosted by the server  (See for example figure 1, ref. 23 www.example.net) and the certificate is provided, In S106, the TLS proxy 111 receives a server name and certificate from the server device 120]; and, 
analyzing the received indicator to determine the identity of the site hosted by the server [See figure 3, ref. S107 and paragraph 0030, In S107, the TLS proxy 111 determines whether the server name received from the server device 120 is on the negative policy list, which may be the same negative policy list from S103]; and, processing the connection based, at least in part, on the determined identity of the site hosted by the server [See figure 3, ref. S108, Paragraph 0031, When the server name is not on the negative policy list, then the TLS proxy 111 proceeds to S108. At S108 the TLS proxy 111 completes the handshake with the server device 120 for the second secure connection.]

		As per independent claim 8, independent claim 8 is rejected for the same reason/rationale as that of the above independent claim 1.
		

		As per dependent claim 2 Wing discloses a method/system as applied to claims above. Furthermore Wing discloses the method, wherein the processing the connection includes a decision to block, inspect, or bypass the connection, where the decision is, at least in part, based on the determined identity [See at least paragraph 0032, The policy may block a data flow or other communication associated with the initial negotiation message sent from the client device 110 based on the comparison of the server name with entries on the negative policy list. The policy may intercept communication and inspect the traffic according to the security policy. The policy may block a data flow or other communication associated with the initial negotiation message sent from the client device 110 based on the comparison of the server name with entries on the negative policy list.] 

		As per dependent claim 9, dependent claim 9 is rejected for the same reason/rationale as that of the above dependent claim 2.
		

		As per dependent claim 3 Wing discloses a method/system as applied to claims above. Furthermore Wing discloses the method, wherein, the cryptographic protocol includes a Transport Control Protocol (TCP) handshake [See figure 3, S105 paragraph 0029, In S105, a second secure connection (e.g., user datagram protocol or TCP) is initiated and established between the TLS proxy 111 and the server device 120.] and a Transport Layer Security (TLS) handshake [See figure 3, ref. S105 see TLS ClientHello, and paragraph 0029, Another set of initial negotiation messages (e.g., ClientHello and ServerHello messages) are exchanged between the TLS proxy 111 and the server device 120.]. 

		As per dependent claim 10, dependent claim 10 is rejected for the same reason/rationale as that of the above dependent claim 3.

		As per dependent claim 4 Wing discloses a method/system as applied to claims above. Furthermore Wing discloses the method, wherein the received connection request includes a Client Hello message, and the TLS handshake [See figure 3, ref. S100, “TLS Client Hello”] includes a copy of the Client Hello message sent by the client [See figure 3, ref. S100, ”TLS Client Hello” See paragraph 0024, n S100, a first secure connection (e.g., user datagram protocol or TCP) is initiated by the client device 110. As part of attempting to establish a first secure connection with the server device 120, at least one initial negotiation message is sent from the client device 110 to the server device 120.] including a Server Name Indication (SNI) extension [See figure 3, ref. S101, See SNI and paragraph 0025, In S101, the TLS proxy 111 determines whether an SNI is present in the initial negotiation message. The TLS proxy 111 may first examine the initial negotiation message. The TLS proxy 111 may parse the initial negotiation message for the SNI field and extract the corresponding value]. 
As per dependent claim 11, dependent claim 11 is rejected for the same reason/rationale as that of the above dependent claim 4.
As per dependent claim 5 Wing discloses a method/system as applied to claims above. Furthermore Wing discloses the method, wherein the indicator received from the server includes a server certificate [See figure 3, S106, In S106, the TLS proxy 111 receives a server name and certificate from the server device 120.] 

As per dependent claim 12, dependent claim 12 is rejected for the same reason/rationale as that of the above dependent claim 5.

		As per dependent claim 6 Wing discloses a method/system as applied to claims above. Furthermore Wing discloses the method, wherein the site includes a website hosted by the server [See figure 3, S106 and paragraph 0030 see how the server name that indicates the site hosted by the server (See for example figure 1, ref. 23 www.example.net) and the certificate is provided, In S106, the TLS proxy 111 receives a server name and certificate from the server device 120]. 
As per dependent claim 13, dependent claim 13 is rejected for the same reason/rationale as that of the above dependent claim 6.

		As per dependent claim 7 Wing discloses a method/system as applied to claims above. Furthermore Wing discloses the method, wherein the protocol includes at least one of: a Datagram Transport Layer Security (DTLS) handshake or a Quick UDP Internet Connections (QUIC) handshake [See at least figure 3, ref. S105 See at least first negotiation message e.g“TLS ClientHello”, paragraph 0029, In S105, a second secure connection (e.g., user datagram protocol or TCP) is initiated and established between the TLS proxy 111 and the server device 120. Another set of initial negotiation messages (e.g., ClientHello and ServerHello messages) are exchanged between the TLS proxy 111 and the server device 120 and see at least the abstract The proxy device generates a second client transport layer security message including the server name indicator from the first client transport layer security message and sends the second client transport layer security message to the server. The proxy device receives a certificate from the server, validates its identity, and performs policy functions based on that identity.
As per dependent claim 14, dependent claim 14 is rejected for the same reason/rationale as that of the above dependent claim 7.

Claim Rejections - 35 USC § 103
10.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
11.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

	Examiner’s note: text in bold corresponds to the claimed limitations; text in italics underlined or not underlined correspond to the cited prior art reference (i.e., verbatim, and/or examiner’s clarification. Meaning, text after a limitation in brackets [ ] corresponds to examiner’s mapping (including further explanation and/or comments) and/or prior art reference citations. Furthermore text in brackets [ ] points out explanation how the claim limitation is taught or explicitly taught by the reference being cited for that particular limitation or part of the limitation]

13.	Claims 15-21 are rejected under AIA  35 U.S.C. 103 as being unpatentable over Daniel Wing (herein after referred as Wing) (US Publication No. 2017/0223054 A1) (Published on August 3, 2017 and filed on February 2, 2016) in view Shivakumar Buruganahalli (herein after referred as Buruganahalli) (US Patent No. 9,419,942B1 (Aug. 16, 2016) 

As per independent claim 15 Wing discloses a computer usable non-transitory storage medium having a computer program embodied thereon for causing a suitably programmed system to process cryptographically secured connections by a gateway [See abstract and figure 3, figure 2, 111, proxy the corresponds to the limitation “gateway” that is between the client device figure 2, 110 and the server shown on figure 2, 120 receives a certificate from the server, validates its identity and performs policy functions on that identity thereby creating cryptographically secure connection.] between a client [See figure 2, ref. 110/client device] and a server [See figure 2, ref. 120/server device] comprising: 
receiving from the client a connection request [See at least figure 3, ref, S100 how the TLS proxy receives a connection request from the client. Paragraph 0024, FIG. 3 illustrates an example flowchart for the system of FIG. 2. In S100, a first secure connection (e.g., user datagram protocol or TCP) is initiated by the client device 110. As part of attempting to establish a first secure connection with the server device 120, at least one initial negotiation message is sent from the client device 110 to the server device 120, ] that includes an indication of a site hosted by the server to which the client is attempting to connect [See figure 3, ref. S100,  and figure 3, S103 and S104, TLS Client Hello, where on paragraph 0017, indicates that The TLS ClientHello message includes a server name indication (SNI) extension as described in RFC 6066 dated January 2011 and available on the Internet Engineering Task Force (IETF) website. The example SNI extension, which may be described as a requested server address, shown in FIG. 1 is www.example.com.]; upon receiving the connection request [See figure 3, S103 and S104, upon receiving the connection request See figure 3, S100 and upon checking that the SNI is not on the negative policy list S103 and upon checking that the SNI is not listed in the identify cache S104], responding to the received connection request by initiating a probing connection to the server [See figure 3, ref. S105 see how the proxy/gateway intercepts the first secure connection and initiate another Second probing connection with the server shown on figure 2/120], the probing connection including: performing a cryptographic protocol with the server [figure 3, S105 and paragraph 0029, In S105, a second secure connection (e.g., user datagram protocol or TCP) is initiated and established between the TLS proxy 111 and the server device 120. Another set of initial negotiation messages (e.g., ClientHello and ServerHello messages) are exchanged between the TLS proxy 111 and the server device 120], the cryptographic protocol including causing the server to provide an indicator to a site hosted by the server [See figure 3, S105 and paragraph 00029 and S106 where a second secure connection (e.g., user datagram protocol or TCP) is initiated and established between the TLS proxy 111 and the server device 120. Another set of initial negotiation messages (e.g., ClientHello and ServerHello messages) are exchanged between the TLS proxy 111 and the server device 120 so that as indicated on figure 3, S106 and paragraph 0030 the server name and the certificate that indicates the site hosted by the server is provided. In S106, the TLS proxy 111 receives a server name and certificate from the server device 120]
receiving data from the server including an indicator to a site hosted by the server [See figure 3, S106 and paragraph 0030 see how the server name that indicates the site hosted by the server  (See for example figure 1, ref. 23 www.example.net) and the certificate is provided, In S106, the TLS proxy 111 receives a server name and certificate from the server device 120]; and, 
analyzing the received indicator to determine the identity of the site hosted by the server [See figure 3, ref. S107 and paragraph 0030, In S107, the TLS proxy 111 determines whether the server name received from the server device 120 is on the negative policy list, which may be the same negative policy list from S103]; and, processing the connection based, at least in part, on the determined identity of the site hosted by the server [See figure 3, ref. S108, Paragraph 0031, When the server name is not on the negative policy list, then the TLS proxy 111 proceeds to S108. At S108 the TLS proxy 111 completes the handshake with the server device 120 for the second secure connection.]
Wing substantially discloses all the limitation recited in the claims but is silent to the following amended underlined claim limitation “always”. 

upon receiving the connection request, always responding to the received connection request by initiating a probing connection to the server.
However, Buruganahalli discloses the above claim limitation:
upon receiving the connection request, always responding to the received connection request by initiating a probing connection to the server [See column 11, lines 27-33, As discussed above, the firewall can intercept and decode (e.g., parse) this TLS handshake exchange to extract the hostname from the client hello message in order to apply various policies based on the destination domain. As also discussed above, the firewall can also verify whether the extracted hostname matches the hostname associated with the provided Public Certificate that was sent in Step 2 and See claim 1, see how the processor or the firewall shown on figure 1, extract a domain identified in a public certificate sent from the remote server to the client; compare the destination domain and the domain identified in the public certificate; and in the event that the destination domain matches the domain identified in the public certificate, apply a security policy based on the destination domain to filter traffic at the security device, wherein the security policy includes a whitelist/blacklist policy.]

In fact, Buruganahalli discloses all of the amended claim limitation as shown below:
In particular Buruganahalli on at least claim 1 and column 11, lines 11-23 discloses the following that meets all the amended claim limitation recited in independent claim 15:

receiving from the client a connection requestthat includes an indication of a site hosted by the server to which the client is attempting to connect [See figure 1 and claim 1, where the network traffic is monitored at a firewall 100 or using a gateway (e.g., a gateway that includes security functions, such as a security gateway and see claim 1 how the firewall or the gateway or the processor, before the secure connection is created, extract the destination domain from a server name indication (SNI) of a client hello message sent from the client to the remote server, the secure connection including an encrypted message, wherein the extracting of the destination domain from the SNI of the client hello message sent from the client to the remote server comprises to: identify the SNI from the client hello message during a handshaking process for setting the secure connection between the client and the remote server. See column 11, line 15-16, step 1 where the client C (TLS Handshake) Hello, I support XYZ Encryption and I am trying to connect to ‘website.example.com’ and column 11, line 22-23, As shown in the example, TLS handshake exchange, the client provides a hostname identification in Step 1. In particular, the client indicates in this hello message which hostname it wants to setup this secure connection with so that the server then knows which public certificate to send back]; upon receiving the connection request, always responding to the received connection request by initiating a probing connection to the server [See column 11, lines 27-33, As discussed above, the firewall can intercept and decode (e.g., parse) this TLS handshake exchange to extract the hostname from the client hello message in order to apply various policies based on the destination domain. As also discussed above, the firewall can also verify whether the extracted hostname matches the hostname associated with the provided Public Certificate that was sent in Step 2 and See claim 1, see how the processor or the firewall shown on figure 1, extract a domain identified in a public certificate sent from the remote server to the client; compare the destination domain and the domain identified in the public certificate; and in the event that the destination domain matches the domain identified in the public certificate, apply a security policy based on the destination domain to filter traffic at the security device, wherein the security policy includes a whitelist/blacklist policy.]

Wing and Buruganahalli are analogous arts and are in the same field of endeavor as they both pertain to process secured connection by a gateway between the client and a server. 

upon receiving the connection request, always responding to the received connection request by initiating a probing connection to the server” as taught by Buruganahalli, because this would enhance the security of the system by verifying whether the extracted hostname matches the hostname associated with the provided Public by the firewall and apply a security policy based on the destination domain. [See by Buruganahalli at least claim 1]

		As per dependent claim 16, the combination of Wing and Buruganahalli discloses the method/system as applied to claims above. Furthermore Wing discloses the method/system/non-transitory storage medium, wherein the processing the connection includes a decision to block, inspect, or bypass the connection, where the decision is, at least in part, based on the determined identity [See at least paragraph 0032, The policy may block a data flow or other communication associated with the initial negotiation message sent from the client device 110 based on the comparison of the server name with entries on the negative policy list. The policy may intercept communication and inspect the traffic according to the security policy. The policy may block a data flow or other communication associated with the initial negotiation message sent from the client device 110 based on the comparison of the server name with entries on the negative policy list.] 

		As per dependent claim 17, the combination of Wing and Buruganahalli discloses the method/system as applied to claims above. Furthermore Wing discloses the method/system/non-transitory storage medium, wherein, the cryptographic protocol includes a Transport Control Protocol (TCP) handshake [See figure 3, S105 paragraph 0029, In S105, a second secure connection (e.g., user datagram protocol or TCP) is initiated and established between the TLS proxy 111 and the server device 120.] and a Transport Layer Security (TLS) handshake [See figure 3, ref. S105 see TLS ClientHello, and paragraph 0029, Another set of initial negotiation messages (e.g., ClientHello and ServerHello messages) are exchanged between the TLS proxy 111 and the server device 120.]. 



		As per dependent claim 18, the combination of Wing and Buruganahalli discloses the method/system as applied to claims above. Furthermore Wing discloses the method/system/non-transitory storage medium, wherein the received connection request includes a Client Hello message, and the TLS handshake [See figure 3, ref. S100, “TLS Client Hello”] includes a copy of the Client Hello message sent by the client [See figure 3, ref. S100, ”TLS Client Hello” See paragraph 0024, n S100, a first secure connection (e.g., user datagram protocol or TCP) is initiated by the client device 110. As part of attempting to establish a first secure connection with the server device 120, at least one initial negotiation message is sent from the client device 110 to the server device 120.] including a Server Name Indication (SNI) extension [See figure 3, ref. S101, See SNI and paragraph 0025, In S101, the TLS proxy 111 determines whether an SNI is present in the initial negotiation message. The TLS proxy 111 may first examine the initial negotiation message. The TLS proxy 111 may parse the initial negotiation message for the SNI field and extract the corresponding value]. 

As per dependent claim 19, the combination of Wing and Buruganahalli discloses the method/system as applied to claims above. Furthermore Wing discloses the method/system/non-transitory storage medium, wherein the indicator received from the server includes a server certificate [See figure 3, S106, In S106, the TLS proxy 111 receives a server name and certificate from the server device 120.] 

		As per dependent claim 20, the combination of Wing and Buruganahalli discloses the method/system as applied to claims above. Furthermore Wing discloses the method/system/non-transitory storage medium, wherein the site includes a website hosted by the server [See figure 3, S106 and paragraph 0030 see how the server name that indicates the site hosted by the server (See for example figure 1, ref. 23 www.example.net) and the certificate is provided, In S106, the TLS proxy 111 receives a server name and certificate from the server device 120]. 

		As per dependent claim 21, the combination of Wing and Buruganahalli discloses the method/system as applied to claims above. Furthermore Wing discloses the method/system/non-transitory storage medium, wherein the protocol includes at least one of: a Datagram Transport Layer Security (DTLS) handshake or a Quick UDP Internet Connections (QUIC) handshake [See at least figure 3, ref. S105 See at least first negotiation message e.g“TLS ClientHello”, paragraph 0029, In S105, a second secure connection (e.g., user datagram protocol or TCP) is initiated and established between the TLS proxy 111 and the server device 120. Another set of initial negotiation messages (e.g., ClientHello and ServerHello messages) are exchanged between the TLS proxy 111 and the server device 120 and see at least the abstract The proxy device generates a second client transport layer security message including the server name indicator from the first client transport layer security message and sends the second client transport layer security message to the server. The proxy device receives a certificate from the server, validates its identity, and performs policy functions based on that identity.]
Conclusion
14.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
A.	US Patent No. 10291651 B1 to Chaubey discloses a device may receive a message associated with initiating a secure socket layer session or a transport layer security session (SSL/TLS session). The device may identify a decryption profile associated with managing encrypted traffic associated with the SSL/TLS session. The device may determine a server indicator included in the message. The device may determine whether the decryption profile includes information associated with the server indicator. The device may selectively manage the encrypted traffic associated with the SSL/TLS session using a first decryption technique or a second decryption technique based on determining whether the decryption profile includes information associated with the server indicator, where the first decryption technique may be different from the second decryption technique.

B.	US Publication No. 2019/0014088 A1 to Subramaniyan discloses a method of establishing at least one secure connection for a session. An intermediary device may intercept a domain name service (DNS) request from a client. The device may determine, according to the intercepted DNS request and configuration data of the device, that the client is preparing to establish a session with a server. The device may .

15.	Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SAMSON B LEMMA whose telephone number is 571-272-3806.  The examiner can normally be reached on M-F 8am-10pm.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor Yin-Chen Shaw can be reached on 571-272-8878.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).

/SAMSON B LEMMA/Primary Examiner, Art Unit 2498