Detailed Action
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

RCE filed on 04/01/2022 has been acknowledged. Claims 21-40, are currently pending and have been considered below. Claim 21, 28 and 35 have been amended. Claims 21, 28 and 35 are independent claim. No new claim has been added.

Continued Examination under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 04/01/2022 has been entered.

Remarks and Response
Applicant’s arguments filed in the amendments on 04/01/2022 have been fully considered but are moot in view of new grounds of rejection. 

Priority
This application is a CON of application 16/057,628 (US Patent No 10,291,598 B1) filed on 08/07/2018.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees.   A nonstatutory obviousness-type double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the conflicting application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The USPTO internet Web site contains terminal disclaimer forms which may be used.  Please visit http://www.uspto.gov/forms/. The filing date of the application will determine what form should be used.  A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission.  For more information about eTerminal Disclaimers, refer to http://www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.  
Claims 21-40 are provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1 of US Patent No. 10,291,598 B1. Although the claims at issue are not identical, they are not patentably distinct from each other because the claims in the patented application contains every element of claims of the instant application.  A later patent claim is not patentably distinct from an earlier patent claim if the later claim is obvious over, or anticipated by, the earlier claim. In re Longi, 759 F.2d at 896, 225 USPQ at 651 (affirming a holding of obviousness-type double patenting because the claims at issue were obvious over claims in four prior art patents); In re Berg, 140 F.3d at 1437, 46 USPQ2d at 1233 (Fed. Cir. 1998) (affirming a holding of obviousness-type double patenting where a patent application claim to a genus is anticipated by a 35 patent claim to a species within that genus). “ELI LILLY AND COMPANY v BARR LABORATORIES, INC., United States Court of Appeals for the Federal Circuit, ON PETITION FOR REHEARING EN BANC (DECIDED: May 30, 2001).
Claims 21-40 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1 of US Patent No. 10,291,598 B1 Verzun (US Patent Application Publication No US 2016/0219024 A1) in view of Elzur (US Patent No. 7,159,030 B1) and further in view of Li (US Patent Application Publication No US 2004/0192312 A1). The dependent claims are rejected because of their dependency on independent claim. 
This is a non-provisional non-statutory obviousness type double patenting rejection because the conflicting claims have been patented.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

Claim 21-40 are rejected under 35 U.S.C. 103 as being unpatentable over Verzun (US Patent Application Publication No US 2016/0219024 A1) in view of Elzur (US Patent No. 7,159,030 B1) and further in view of Li (US Patent Application Publication No US 2004/0192312 A1).

Regarding Claim 21, Verzun discloses 
a method, comprising: 
receiving, by a device, one or more transmission control protocol (TCP) packets from another device (Verzun, ¶[0228], in order to identify the application or service for which a TCP packet is intended, the TCP utilizes digital identification referred to as a “port”. A port is a number used to uniquely identify a transaction over a network by specifying both the host, and the service performed); 
determining, by the device, whether the one or more TCP packets include urgent data based on determining whether a first field, included in a header of the one or more TCP packets, includes a value that indicates a payload, of the one or more TCP packets, includes the urgent data (Verzun, ¶[0230], the flags field contains nine binary flags relating to in part to concealment, congestion, urgency, packet acknowledgement, push function, connection reset, sequencing, and no more data from sender. Window size specifies the maximum number of bytes the sender is willing to receive in one packet. Checksum comprises a 2 B (16 b) checksum for error checking of both the TCP header and TCP payload. If the URG flag is set to binary one, the “urgent pointer” field indicates the last urgent data byte to be sent).
Verzun does not explicitly discuss the following limitation that Elzur teaches:
analyzing, by the device and based on determining that the one or more TCP packets include urgent data, encryption context data included in the payload using an encryption-specific decoder (Elzur, col 1, line 55-65, the packet may include a security header that indicates a security protocol (e.g., an IPSec protocol) and attributes of the packet 8, and the packet 8 may include a transport protocol header 22 (a TCP or an UDP protocol header, as examples) that is specific to the transport protocol being used. A TCP protocol header might indicate a TCP destination port and a TCP source port that uniquely identify the applications that cause the client 10 and server 12 to transmit and receive the packets 8. The packet 8 may also include a data portion 24, the contents of which are furnished by the source application and a trailer 26 that is used for encryption purposes. Col 2, line 40-45, the urgent pointer field indicates an offset from the current sequence number at which urgent data is located). 
wherein the device determines a location of the encryption context data based on a second field included in the header of the one or more TCP packets that includes a pointer that identifies the location in the payload the encryption context data includes decrypted non-application data (Elzur, col 5, line 5-10, if the receive parser 98 recognizes the flow, additional information may be needed before receive path 92 further processes the incoming packet 52. For example, an authentication or encryption engine 102 may authenticate and/or decrypt the data portion of the incoming packet based on the information that is indicated by the IP security header of the packet).
Verzun in view of Elzur are analogous art because they are from the “same field of endeavor” and are from the same “problem solving area”. Namely, they pertain to the field of “providing network security”. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the invention of Verzun in view of Elzur to include the idea of including the ability to flag certain bytes of data as urgent. It will also enhance the security of the system by blocking the fraudulent users.
Verzun in view of Elzur does not explicitly discuss the following limitation that Li teaches:
based on another value identified in the second field that identifies an end of the urgent data in the payload (Li, ¶[0044], the urgent pointer field is 16-bit long and valid only when URG bit in the control field is set to 1. If valid, the sender would like to send data that it considers urgent. The pointer value in the field identifies the end of the urgent data).
Verzun in view of Elzur and Li are analogous art because they are from the “same field of endeavor” and are from the same “problem solving area”. Namely, they pertain to the field of “providing network security”. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the invention of Verzun in view of Elzur and Li to include the idea of including the ability to flag certain bytes of data as urgent. It will also enhance the security of the system by blocking the fraudulent users.

Regarding claim 22, Verzun in view of Elzur and Li discloses the method of claim 21, wherein determining whether the one or more TCP packets includes urgent data comprises: 
determining whether a TCP urgent control bit, included in a header of the one or more TCP packets, is set (Verzun, ¶[0230], the flags field contains nine binary flags relating to in part to concealment, congestion, urgency, packet acknowledgement, push function, connection reset, sequencing, and no more data from sender. Window size specifies the maximum number of bytes the sender is willing to receive in one packet. Checksum comprises a 2 B (16 b) checksum for error checking of both the TCP header and TCP payload. If the URG flag is set to binary one, the “urgent pointer” field indicates the last urgent data byte to be sent).

Regarding claim 23, Verzun in view of Elzur and Li discloses the method of claim 21, wherein receiving the one or more TCP packets from the other device comprises: receiving the one or more TCP packets from the other device via an interface configured for port mirroring (Verzun, ¶[0161], the WiFi packet mirrors the Ethernet data frame comprising Address 3 as a destination MAC address. ¶[0103], the transport layer employs port addresses to identify what kind of data is being transported. ¶[1292], the port assignment changes during the translation process).

Regarding claim 24, Verzun in view of Elzur and Li discloses the method of claim 21, further comprising:
determining where in the payload that decrypted data is located (Elzur, col 5, line 5-15, an authentication/encryption engine may authenticate and/or decrypt the data portion of the incoming packet based on the information that is indicated by the IPsecurity header of the packet. Col 7, line 60-65, if the key is available, then the receive parser may start authentication and/or decryption of the packet); and
storing, based on determining where in the payload that the decrypted data is located, the decrypted data (Elzur, col 5, line 5-15, an authentication/encryption engine may authenticate and/or decrypt the data portion of the incoming packet based on the information that is indicated by the IPsecurity header of the packet. Col 7, line 60-65, if the key is available, then the receive parser may start authentication and/or decryption of the packet).

Regarding Claim 25, Verzun in view of Elzur and Li discloses the method of claim 24, wherein storing the decrypted data comprises: storing the decrypted data by an encrypted session (Elzur, col 5, line 5-15, an authentication/encryption engine may authenticate and/or decrypt the data portion of the incoming packet based on the information that is indicated by the IP security header of the packet. Col 7, line 60-65, if the key is available, then the receive parser may start authentication and/or decryption of the packet).

Regarding Claim 26, Verzun in view of Elzur and Li discloses the method of claim 21, further comprising: 
determining, based on analyzing the one or more TCP packets, whether there was an attack on an encrypted session between a client device and an application platform (Verzun, ¶[0391], while a hacker's interrogation program can systematically cycle through every port #, attacks generally focus on notoriously vulnerable ports such as port #7 for ping, port #21 for FTP, port # for telnet terminal emulation, port #25 for simple email, and so on); and 
identifying a source of the attack based on determining that the encrypted session was attacked (Verzun, ¶[0391], while a hacker's interrogation program can systematically cycle through every port #, attacks generally focus on notoriously vulnerable ports such as port #7 for ping, port #21 for FTP, port # for telnet terminal emulation, port #25 for simple email, and so on).

Regarding Claim 27, Verzun in view of Elzur and Li discloses the method of claim 21, further comprising: 
determining, based on analyzing the one or more TCP packets, whether there is a vulnerability in an encrypted session between a client device and an application platform (Verzun, ¶[0391], while a hacker's interrogation program can systematically cycle through every port #, attacks generally focus on notoriously vulnerable ports such as port #7 for ping, port #21 for FTP, port # for telnet terminal emulation, port #25 for simple email, and so on); and 
identifying a type of the vulnerability based on determining that the vulnerability exists in the encrypted session (Verzun, ¶[0391], while a hacker's interrogation program can systematically cycle through every port #, attacks generally focus on notoriously vulnerable ports such as port #7 for ping, port #21 for FTP, port # for telnet terminal emulation, port #25 for simple email, and so on).

Regarding Claim 28, Verzun discloses 
a device (Verzun, ¶[0100]), comprising: 
one or more memories (Verzun, ¶[0100]); and 
one or more processors communicatively coupled to the one or more memories (Verzun, ¶[0100]), configured to:
receive one or more transmission control protocol (TCP) packets from another device (Verzun, ¶[0228], in order to identify the application or service for which a TCP packet is intended, the TCP utilizes digital identification referred to as a “port”. A port is a number used to uniquely identify a transaction over a network by specifying both the host, and the service performed).
determine whether the one or more TCP packets include urgent data based on determining whether a first field, included in a header of the one or more TCP packets, includes a value that indicates a payload, of the one or more TCP packets, includes the urgent data (Verzun, ¶[0230], the flags field contains nine binary flags relating to in part to concealment, congestion, urgency, packet acknowledgement, push function, connection reset, sequencing, and no more data from sender. Window size specifies the maximum number of bytes the sender is willing to receive in one packet. Checksum comprises a 2 B (16 b) checksum for error checking of both the TCP header and TCP payload. If the URG flag is set to binary one, the “urgent pointer” field indicates the last urgent data byte to be sent);
Verzun does not explicitly discuss the following limitation that Elzur teaches:
analyze, based on determining that the one or more TCP packets include urgent data, encryption context data included in a payload using an encryption-specific decoder (Elzur, col 1, line 55-65, the packet may include a security header that indicates a security protocol (e.g., an IPSec protocol) and attributes of the packet 8, and the packet 8 may include a transport protocol header 22 (a TCP or an UDP protocol header, as examples) that is specific to the transport protocol being used. A TCP protocol header might indicate a TCP destination port and a TCP source port that uniquely identify the applications that cause the client 10 and server 12 to transmit and receive the packets 8. The packet 8 may also include a data portion 24, the contents of which are furnished by the source application and a trailer 26 that is used for encryption purposes. Col 2, line 40-45, the urgent pointer field indicates an offset from the current sequence number at which urgent data is located).
wherein the one or more processors, when analyzing the encryption context data, are configured to determine a location of the encryption context data based on a second field included in the header of the one or more TCP packets that includes a pointer that identifies the location in the payload (Elzur, col 5, line 5-10, if the receive parser 98 recognizes the flow, additional information may be needed before receive path 92 further processes the incoming packet 52. For example, an authentication or encryption engine 102 may authenticate and/or decrypt the data portion of the incoming packet based on the information that is indicated by the IP security header of the packet).
and wherein the encryption context data includes decrypted non-application data (Elzur, col 5, line 5-10, if the receive parser 98 recognizes the flow, additional information may be needed before receive path 92 further processes the incoming packet 52. For example, an authentication or encryption engine 102 may authenticate and/or decrypt the data portion of the incoming packet based on the information that is indicated by the IP security header of the packet).
Verzun in view of Elzur are analogous art because they are from the “same field of endeavor” and are from the same “problem solving area”. Namely, they pertain to the field of “providing network security”. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the invention of Verzun in view of Elzur to include the idea of including the ability to flag certain bytes of data as urgent. It will also enhance the security of the system by blocking the fraudulent users.
Verzun in view of Elzur does not explicitly discuss the following limitation that Li teaches:
based on another value identified in the second field that identifies an end of the urgent data in the payload (Li, ¶[0044], the urgent pointer field is 16-bit long and valid only when URG bit in the control field is set to 1. If valid, the sender would like to send data that it considers urgent. The pointer value in the field identifies the end of the urgent data).
Verzun in view of Elzur and Li are analogous art because they are from the “same field of endeavor” and are from the same “problem solving area”. Namely, they pertain to the field of “providing network security”. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the invention of Verzun in view of Elzur and Li to include the idea of including the ability to flag certain bytes of data as urgent. It will also enhance the security of the system by blocking the fraudulent users.

Regarding Claim 29, Verzun in view of Elzur and Li discloses the device of claim 28, wherein the one or more processors, when determining whether the one or more TCP packets include the urgent data, are configured to: 
determine whether a TCP urgent control bit, included in the header of the one or more TCP packets, is set (Verzun, ¶[0230], the flags field contains nine binary flags relating to in part to concealment, congestion, urgency, packet acknowledgement, push function, connection reset, sequencing, and no more data from sender. Window size specifies the maximum number of bytes the sender is willing to receive in one packet. Checksum comprises a 2 B (16 b) checksum for error checking of both the TCP header and TCP payload. If the URG flag is set to binary one, the “urgent pointer” field indicates the last urgent data byte to be sent).

Regarding Claim 30, Verzun in view of Elzur and Li discloses the device of claim 28, wherein the one or more processors, when receiving the one or more TCP packets from the other device, are configured to: 
receive the one or more TCP packets from the other device via an interface configured for port mirroring (Verzun, ¶[0161], the WiFi packet mirrors the Ethernet data frame comprising Address 3 as a destination MAC address. ¶[0103], the transport layer employs port addresses to identify what kind of data is being transported. ¶[1292], the port assignment changes during the translation process).

Regarding Claim 31, Verzun in view of Elzur and Li discloses the device of claim 28, wherein the one or more processors are further configured to:
determine where in the payload that decrypted data is located (Elzur, col 5, line 5-15, an authentication/encryption engine may authenticate and/or decrypt the data portion of the incoming packet based on the information that is indicated by the IPsecurity header of the packet. Col 7, line 60-65, if the key is available, then the receive parser may start authentication and/or decryption of the packet); and
store, based on determining where in the payload that the decrypted data is located, the decrypted data (Elzur, col 5, line 5-15, an authentication/encryption engine may authenticate and/or decrypt the data portion of the incoming packet based on the information that is indicated by the IPsecurity header of the packet. Col 7, line 60-65, if the key is available, then the receive parser may start authentication and/or decryption of the packet). 

Regarding Claim 32, Verzun in view of Elzur and Li discloses the device of claim 31, wherein the one or more processors, when storing the decrypted data, are configured to: 
store the decrypted data by an encrypted session (Elzur, col 5, line 5-15, an authentication/encryption engine may authenticate and/or decrypt the data portion of the incoming packet based on the information that is indicated by the IPsecurity header of the packet. Col 7, line 60-65, if the key is available, then the receive parser may start authentication and/or decryption of the packet).

Regarding Claim 33, Verzun in view of Elzur and Li discloses the device of claim 28, wherein the one or more processors are further configured to:
determine, based on analyzing the one or more TCP packets, whether there was an attack on an encrypted session between a client device and an application platform (Verzun, ¶[0391], while a hacker's interrogation program can systematically cycle through every port #, attacks generally focus on notoriously vulnerable ports such as port #7 for ping, port #21 for FTP, port # for telnet terminal emulation, port #25 for simple email, and so on); and 
identify a source of the attack based on determining that the encrypted session was attacked (Verzun, ¶[0391], while a hacker's interrogation program can systematically cycle through every port #, attacks generally focus on notoriously vulnerable ports such as port #7 for ping, port #21 for FTP, port # for telnet terminal emulation, port #25 for simple email, and so on).

Regarding Claim 34, Verzun in view of Elzur and Li discloses the device of claim 28, wherein the one or more processors are further configured to:
determine, based on analyzing the one or more TCP packets, whether there is a vulnerability in an encrypted session between a client device and an application platform (Verzun, ¶[0391], while a hacker's interrogation program can systematically cycle through every port #, attacks generally focus on notoriously vulnerable ports such as port #7 for ping, port #21 for FTP, port # for telnet terminal emulation, port #25 for simple email, and so on); and
identify a type of the vulnerability based on determining that the vulnerability exists in the encrypted session (Verzun, ¶[0391], while a hacker's interrogation program can systematically cycle through every port #, attacks generally focus on notoriously vulnerable ports such as port #7 for ping, port #21 for FTP, port # for telnet terminal emulation, port #25 for simple email, and so on).

Regarding Claim 35, Verzun discloses a non-transitory computer-readable medium storing instructions, the instructions comprising: 
one or more instructions that, when executed by one or more processors, cause the one or more processors to (Verzun, ¶[0100]): 
receive one or more transmission control protocol (TCP) packets from another device (Verzun, ¶[0228], in order to identify the application or service for which a TCP packet is intended, the TCP utilizes digital identification referred to as a “port”. A port is a number used to uniquely identify a transaction over a network by specifying both the host, and the service performed);
determine whether the one or more TCP packets include urgent data based on determining whether a first field, included in a header of the one or more TCP packets, includes a value that indicates a payload, of the one or more TCP packets, includes the urgent data (Verzun, ¶[0230], the flags field contains nine binary flags relating to in part to concealment, congestion, urgency, packet acknowledgement, push function, connection reset, sequencing, and no more data from sender. Window size specifies the maximum number of bytes the sender is willing to receive in one packet. Checksum comprises a 2 B (16 b) checksum for error checking of both the TCP header and TCP payload. If the URG flag is set to binary one, the “urgent pointer” field indicates the last urgent data byte to be sent).  
Verzun does not explicitly discuss the following limitation that Elzur teaches:
analyze, based on determining that the one or more TCP packets include urgent data, encryption context data included in the payload using an encryption-specific decoder (Elzur, col 1, line 55-65, the packet may include a security header that indicates a security protocol (e.g., an IPSec protocol) and attributes of the packet 8, and the packet 8 may include a transport protocol header 22 (a TCP or an UDP protocol header, as examples) that is specific to the transport protocol being used. A TCP protocol header might indicate a TCP destination port and a TCP source port that uniquely identify the applications that cause the client 10 and server 12 to transmit and receive the packets 8. The packet 8 may also include a data portion 24, the contents of which are furnished by the source application and a trailer 26 that is used for encryption purposes. Col 2, line 40-45, the urgent pointer field indicates an offset from the current sequence number at which urgent data is located);
wherein the one or more instructions, that cause the one or more processors to, analyze the encryption context data, cause the one or more processors to determine a location of the encryption context data based on a second field included in the header of the one or more TCP packets that includes a pointer that identifies the location in the payload (Elzur, col 5, line 5-10, if the receive parser 98 recognizes the flow, additional information may be needed before receive path 92 further processes the incoming packet 52. For example, an authentication or encryption engine 102 may authenticate and/or decrypt the data portion of the incoming packet based on the information that is indicated by the IP security header of the packet);
wherein the encryption context data includes decrypted non-application data (Elzur, col 5, line 5-10, if the receive parser 98 recognizes the flow, additional information may be needed before receive path 92 further processes the incoming packet 52. For example, an authentication or encryption engine 102 may authenticate and/or decrypt the data portion of the incoming packet based on the information that is indicated by the IP security header of the packet).
Verzun in view of Elzur are analogous art because they are from the “same field of endeavor” and are from the same “problem solving area”. Namely, they pertain to the field of “providing network security”. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the invention of Verzun in view of Elzur to include the idea of including the ability to flag certain bytes of data as urgent. It will also enhance the security of the system by blocking the fraudulent users.
Verzun in view of Elzur does not explicitly discuss the following limitation that Li teaches:
based on another value identified in the second field that identifies an end of the urgent data in the payload (Li, ¶[0044], the urgent pointer field is 16-bit long and valid only when URG bit in the control field is set to 1. If valid, the sender would like to send data that it considers urgent. The pointer value in the field identifies the end of the urgent data).
Verzun in view of Elzur and Li are analogous art because they are from the “same field of endeavor” and are from the same “problem solving area”. Namely, they pertain to the field of “providing network security”. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the invention of Verzun in view of Elzur and Li to include the idea of including the ability to flag certain bytes of data as urgent. It will also enhance the security of the system by blocking the fraudulent users.

Regarding Claim 36, Verzun in view of Elzur and Li discloses the non-transitory computer-readable medium of claim 35, wherein the one or more instructions, that cause the one or more processors to determine whether the one or more TCP packets include the urgent data, cause the one or more processors to: 
determine whether a TCP urgent control bit, included in the header of the one or more TCP packets, is set (Verzun, ¶[0230], the flags field contains nine binary flags relating to in part to concealment, congestion, urgency, packet acknowledgement, push function, connection reset, sequencing, and no more data from sender. Window size specifies the maximum number of bytes the sender is willing to receive in one packet. Checksum comprises a 2 B (16 b) checksum for error checking of both the TCP header and TCP payload. If the URG flag is set to binary one, the “urgent pointer” field indicates the last urgent data byte to be sent).

Regarding Claim 37, Verzun in view of Elzur and Li discloses the non-transitory computer-readable medium of claim 35, wherein the one or more instructions, that cause the one or more processors to receive the one or more TCP packets from the other device, cause the one or more processors to: 
receive the one or more TCP packets from the other device via an interface configured for port mirroring (Verzun, ¶[0161], the WiFi packet mirrors the Ethernet data frame comprising Address 3 as a destination MAC address. ¶[0103], the transport layer employs port addresses to identify what kind of data is being transported. ¶[1292], the port assignment changes during the translation process).

Regarding Claim 38, Verzun in view of Elzur and Li discloses the non-transitory computer-readable medium of claim 35, wherein the one or more instructions, when executed by the one or more processors, further cause the one or more processors to:
determine where in the payload that decrypted data is located (Elzur, col 5, line 5-15, an authentication/encryption engine may authenticate and/or decrypt the data portion of the incoming packet based on the information that is indicated by the IPsecurity header of the packet. Col 7, line 60-65, if the key is available, then the receive parser may start authentication and/or decryption of the packet); and
store, based on determining where in the payload that the decrypted data is located, the decrypted data (Elzur, col 5, line 5-15, an authentication/encryption engine may authenticate and/or decrypt the data portion of the incoming packet based on the information that is indicated by the IPsecurity header of the packet. Col 7, line 60-65, if the key is available, then the receive parser may start authentication and/or decryption of the packet). 

Regarding Claim 39, Verzun in view of Elzur and Li discloses the non-transitory computer-readable medium of claim 35, wherein the one or more instructions, when executed by the one or more processors, further cause the one or more processors to: 
determine, based on analyzing the one or more TCP packets, whether there was an attack on an encrypted session between a client device and an application platform (Verzun, ¶[0391], while a hacker's interrogation program can systematically cycle through every port #, attacks generally focus on notoriously vulnerable ports such as port #7 for ping, port #21 for FTP, port # for telnet terminal emulation, port #25 for simple email, and so on); and 
identify a source of the attack based on determining that the encrypted session was attacked (Verzun, ¶[0391], while a hacker's interrogation program can systematically cycle through every port #, attacks generally focus on notoriously vulnerable ports such as port #7 for ping, port #21 for FTP, port # for telnet terminal emulation, port #25 for simple email, and so on).

Regarding Claim 40, Verzun in view of Elzur and Li discloses the non-transitory computer-readable medium of claim 35, wherein the one or more instructions, when executed by the one or more processors, further cause the one or more processors to: 
determine, based on analyzing the one or more TCP packets, whether there is a vulnerability in an encrypted session between a client device and an application platform (Verzun, ¶[0391], while a hacker's interrogation program can systematically cycle through every port #, attacks generally focus on notoriously vulnerable ports such as port #7 for ping, port #21 for FTP, port # for telnet terminal emulation, port #25 for simple email, and so on); and 
identify a type of the vulnerability based on determining that the vulnerability exists in the encrypted session (Verzun, ¶[0391], while a hacker's interrogation program can systematically cycle through every port #, attacks generally focus on notoriously vulnerable ports such as port #7 for ping, port #21 for FTP, port # for telnet terminal emulation, port #25 for simple email, and so on).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure (see PTO-Form 892).
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WASIKA NIPA whose telephone number is (571)272-8923.  The examiner can normally be reached on M-F, 8 am to 5 pm. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on 571-272-6798.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/WASIKA NIPA/           Primary Examiner, Art Unit 2433