DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on April 5, 2022 has been entered.
 
Response to Amendment
The amendment filed on March 7, 2022 was previously entered.
	Claims 21-40 are pending.
	Claims 21, 23, 28, 31-33, and 38-39 have been amended.
	Claims 21-40 are rejected.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 21-22, 28, 30, and 33-39 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Higgins et al. (US 2019/0124123 A1, hereinafter referred to as Higgins).
Regarding Claims 21, 38, and 39,
Higgins teaches:
“An apparatus, comprising: at least one processor; and at least one memory including a set of instructions; wherein the set of instructions is configured to, when executed by the at least one processor” (paragraphs [0088], [0089]). 
“A non-transitory computer-readable medium storing instructions which, when executed by an apparatus” (paragraph [0088]).
“support(ing), by a communication device tunneling of a data stream of a communication protocol of a communication protocol layer over a session layer protocol at a session layer” (paragraphs [0024], [0003], [0004], [0026], [0031]).  [An established communication session may involve more than one message in each direction, and is the basic requirement to perform a connection-oriented communication or to transmit in connectionless communication modes ([0024]).  One model for a network communication protocol stack is the Open Systems Interconnection (OSI) model, which defines seven layers of different protocols that cooperatively enable communication over a network, as follows: Physical (1), Data Link (2), Network (3), Transport ( 4), Session ( 5), Presentation ( 6), and Application (7) ([0003]).  The Transmission Control Protocol/Internet Protocol (TCP/IP) model is similar to the OSI model except that it defines four layers instead of seven in the following order: Link (1), Internet (2), Transport (3), and Application (4); to reduce the number of layers from four to seven, the TCP/IP model collapses the OSI model's Application, Presentation, and Session layers into its Application layer; to assess and troubleshoot communicated packets and protocols over a network, different types of network monitors can be employed ([0004]).  The network monitoring computer (NMC), which is arranged to monitor or record flows of packets in a session that are communicated between at least two endpoints over at least one network, can receive network communication for monitoring through a variety of means including directed tunnels from network switches, clients or servers including the endpoints themselves, or other infrastructure devices ([0031).  The NMC attempts to determine whether the traffic corresponds to known communications protocols,
such as TCP, IP, and the like ([0033).]  (NOTE: The tunneling performed by the NMC is equivalent to the “communication device tunneling of a data stream,” and TCP/IP to the “communication protocol of a communication protocol layer.”  The use of the term “over a session layer” may add confusion, but the specification is clear that standard protocols are employed in the invention, so that the term “over” does not mean that the communication layer is above the session layer.  The specification discloses as follows:
Various example embodiments for supporting secure communications via secure
sessions in communication systems may be configured to support secure communications based on a secure protocol operating at the session layer of the Open Systems Interconnection (OSI) model (e.g., a Transport Layer Security (TLS) protocol where the transport layer supporting the session layer is based on Transmission Control Protocol (TCP), a Datagram Transport Layer Security (DTLS) protocol where the transport layer supporting the session layer is based on User Datagram Protocol (UDP), or the like). Specification, Detailed Description section, page 18.) 

 “wherein the communication protocol layer is below the session layer” (paragraphs [0003], [0004]).  [One model for a network communication protocol stack is the Open Systems Interconnection (OSI) model, which defines seven layers of different protocols that cooperatively enable communication over a network arranged in the following order: Physical (1), Data Link (2), Network (3), Transport (4), Session (5), Presentation (6), and Application (7) ([0003]).  The Transmission Control Protocol/Internet Protocol (TCP/IP) model is similar to the OSI model except that it defines four layers instead of seven in the following order: Link (1), Internet (2), Transport (3), and Application (4); to reduce the number of layers from four to seven, the TCP/IP model collapses the OSI model's Application, Presentation, and Session layers into its Application layer ([0004]).]  (NOTE:  The specification defines the communication protocol layer as including “at least one of a transport layer, a network layer, or a data link layer” (see specification, page 1, Summary paragraph).  In the OSI model, which is used in the Higgins disclosure, all three of the layers defined as the “communication protocol layer,” i.e. transport, network, and data link layers, are “below the session layer.”  This is also true for the TCP/IP model, in which the session layer is incorporated into the application layer, which is above the communication layers: Link (1), Internet (2), and Transport (3).) 
Regarding Claim 22,
Higgins teaches all the limitations of parent Claim 21.
Higgins teaches:
“wherein the communication protocol layer includes at least one of a transport layer, a network layer, or a data link layer” (paragraphs [0003], [0004]).  [One model for a network communication protocol stack is the Open Systems Interconnection (OSI) model, which defines seven layers of different protocols that cooperatively enable communication over a network arranged in the following order: Physical (1), Data Link (2), Network (3), Transport (4), Session (5), Presentation (6), and Application (7) ([0003]).  The Transmission Control Protocol/Internet Protocol (TCP/IP) model is similar to the OSI model except that it defines four layers instead of seven in the following order: Link (1), Internet (2), Transport (3), and Application (4) ([0004]).]  NOTE: Both OSI and TCP/IP include a “transport layer,” and OSI also has a “network layer” and a “data link layer.”)
Regarding Claim 28,
Higgins teaches all the limitations of parent Claim 21.
Higgins teaches:
“support  tunneling of a data stream of a communication protocol of a communication protocol layer” (paragraph [0031]).  [The network monitoring computer (NMC), which is arranged to monitor or record flows of packets in a session that are communicated between at least two endpoints over at least one network, can receive network communication for monitoring through a variety of means including directed tunnels from network switches, clients or servers including the endpoints themselves, or other infrastructure devices.]
“support, by the communication device over the session layer protocol of the session layer, communication of a packet of the session layer protocol that includes a packet of the data stream” (paragraphs [0004], [0025]).  [The Transmission Control Protocol/Internet Protocol (TCP/IP) model is similar to the OSI model except that it defines four layers instead of seven in the following order: Link (1), Internet (2), Transport (3), and Application (4); to reduce the number of layers from four to seven, the TCP/IP model collapses the OSI model's Application, Presentation, and Session layers into its Application layer ([0004]).  Packets associated with a TCP protocol connection are routed independently and could be delivered over different paths; for TCP connections the network communication system provide the packets to application endpoints in the correct order ([0025]).]   (NOTE: Packets are the components of the “data stream,” and the TCP protocol Application layer includes the “session layer.”)
Regarding Claim 30,
Higgins teaches all the limitations of parent Claim 28.
Higgins teaches:
“wherein the session layer protocol includes a Transport Layer Security (TLS) protocol, wherein the packet of the data stream is transported using a TLS Frame” (paragraph [0115]).  [NMCs are arranged to identify one or more well-known cryptographically secure communication protocols, such as Secure Sockets Layer (SSL) or Transport Layer Security (TLS).]  (NOTE: In the OSI model, data is sent in frames of the data stream.)
“wherein the packet of the session layer protocol includes a TLS Record,” (paragraph [0138], [0139]).  [Secret sharing engine may be arranged to compute one or more CRCs, hash values, sequence numbers, packet/message sizes, or the like, for the handshake traffic or other secure traffic before the encrypted key information is added to the secure session traffic or handshake traffic ([0138]).  The secrets sharing engine on the client computer is arranged to provide one or more special purpose TLS record packets that might include encrypted key information and after the monitor detects the special purpose TLS record packet, the key information may be obtained and the special purpose TLS record packet may be removed from the secure session traffic and discarded rather than being forwarded to server ([0139]).] 
Regarding Claim 33,
Higgins teaches all the limitations of parent Claim 21.
Higgins teaches:
“support  tunneling of a second data stream over the session layer protocol” (paragraphs [0003], [0004], [0031]).  [One model for a network communication protocol stack is the Open Systems Interconnection (OSI) model, which defines seven layers of different protocols that cooperatively enable communication over a network, as follows: Physical (1), Data Link (2), Network (3), Transport ( 4), Session ( 5), Presentation ( 6), and Application (7) ([0003]).  The Transmission Control Protocol/Internet Protocol (TCP/IP) model is similar to the OSI model except that it defines four layers instead of seven in the following order: Link (1), Internet (2), Transport (3), and Application (4); to reduce the number of layers from four to seven, the TCP/IP model collapses the OSI model's Application, Presentation, and Session layers into its Application layer ([0004]).  The network monitoring computer (NMC), which is arranged to monitor or record flows of packets in a session that are communicated between at least two endpoints over at least one network, can receive network communication for monitoring through a variety of means including directed tunnels from network switches, clients or servers including the endpoints themselves, or other infrastructure devices ([0031]).]  (NOTE: Both the OSI and TCP models define the “session layer protocol.”  The record flows of packets in a session inherently include a “second data stream.”)
Regarding Claim 34,
Higgins teaches all the limitations of parent Claim 33.
Higgins teaches:
“wherein the second data stream uses the communication protocol of the communication protocol layer” (paragraphs [0003], [0004], [0031]).  [One model for a network communication protocol stack is the Open Systems Interconnection (OSI) model, which defines seven layers of different protocols that cooperatively enable communication over a network, as follows: Physical (1), Data Link (2), Network (3), Transport ( 4), Session ( 5), Presentation ( 6), and Application (7) ([0003]).  The Transmission Control Protocol/Internet Protocol (TCP/IP) model is similar to the OSI model except that it defines four layers instead of seven in the following order: Link (1), Internet (2), Transport (3), and Application (4); to reduce the number of layers from four to seven, the TCP/IP model collapses the OSI model's Application, Presentation, and Session layers into its Application layer ([0004]).  The network monitoring computer (NMC), which is arranged to monitor or record flows of packets in a session that are communicated between at least two endpoints over at least one network ([0031]).]  (NOTE: The bottom layers of both the OSI and TCP models are equivalent to the “communication protocol layer.”  The record flows of packets in a session inherently include a “second data stream.”)
Regarding Claim 35,
Higgins teaches all the limitations of parent Claim 33.
Higgins teaches:
“wherein the second data stream uses the communication protocol of the communication protocol layer” (paragraphs [0003], [0004], [0031]).  [One model for a network communication protocol stack is the Open Systems Interconnection (OSI) model, which defines seven layers of different protocols that cooperatively enable communication over a network, as follows: Physical (1), Data Link (2), Network (3), Transport ( 4), Session ( 5), Presentation ( 6), and Application (7) ([0003]).  The Transmission Control Protocol/Internet Protocol (TCP/IP) model is similar to the OSI model except that it defines four layers instead of seven in the following order: Link (1), Internet (2), Transport (3), and Application (4); to reduce the number of layers from four to seven, the TCP/IP model collapses the OSI model's Application, Presentation, and Session layers into its Application layer ([0004]).  The network monitoring computer (NMC), which is arranged to monitor or record flows of packets in a session that are communicated between at least two endpoints over at least one network ([0031]).]  (NOTE: The bottom layers of both the OSI and TCP models are equivalent to the “communication protocol layer.”  The record flows of packets in a session inherently include a “second data stream.”)
Regarding Claim 36,
Higgins teaches all the limitations of parent Claim 33.
Higgins teaches:
“wherein the second data stream uses a second communication protocol of the communication protocol layer(paragraphs [0003], [0004], [0031]).  [One model for a network communication protocol stack is the Open Systems Interconnection (OSI) model, which defines seven layers of different protocols that cooperatively enable communication over a network, as follows: Physical (1), Data Link (2), Network (3), Transport ( 4), Session ( 5), Presentation ( 6), and Application (7) ([0003]).  The Transmission Control Protocol/Internet Protocol (TCP/IP) model is similar to the OSI model except that it defines four layers instead of seven in the following order: Link (1), Internet (2), Transport (3), and Application (4); to reduce the number of layers from four to seven, the TCP/IP model collapses the OSI model's Application, Presentation, and Session layers into its Application layer ([0004]).  The network monitoring computer (NMC), which is arranged to monitor or record flows of packets in a session that are communicated between at least two endpoints over at least one network ([0031]).]  (NOTE: The bottom layers of both the OSI and TCP models are equivalent to the “communication protocol layer.”  The record flows of packets in a session inherently include a “second data stream.”)
Regarding Claim 37,
Higgins teaches all the limitations of parent Claim 33.
Higgins teaches:
“wherein the second communication protocol layer includes one of an application layer, a transport layer, a network layer, or a data link layer” (paragraphs [0003], [0004], [0026]).  [One model for a network communication protocol stack is the Open Systems Interconnection (OSI) model, which defines seven layers of different protocols that cooperatively enable communication over a network arranged in the following order: Physical (1), Data Link (2), Network (3), Transport (4), Session (5), Presentation (6), and Application (7) ([0003]).  The TCP/IP model is similar to the OSI model except that it defines four layers instead of seven: Link (1), Internet (2), Transport (3), and Application (4) ([0004]).  A transport layer virtual circuit protocol such as the TCP protocol can deliver packets of data in order although the lower layer switching is connectionless; alternatively, the virtual circuit connection may be established in a datalink layer or network layer switching mode, where all data packets belonging to the same traffic stream are delivered over the same path, and traffic flows are identified by some connection identifier ([0026]).]

Claim 40 is rejected under 35 U.S.C. 102(a)(2) as being anticipated by Oksanen (US 2016/0112488 A1, hereinafter referred to as Oksanen).
Regarding Claim 40,
Oksanen teaches:
“An apparatus, comprising: at least one processor; and at least one memory including a set of instructions; wherein the set of instructions is configured to, when executed by the at least one processor” (paragraph [0056]). 
“support, by a communication device over a session layer protocol at a session layer, multiplexing of a set of data streams” (paragraphs [0023], [0020]; fig. 1, elements 10, 20).  [A communication session between the devices includes data communicated between the client device 10 and the server device 20 ([0023]).  At least two streams of data in respective channels are multiplexed in accordance with a protocol in a data flow routed through a network entity ([0020]).]

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 23-27, 29, and 31-32 are rejected under 35 U.S.C. 103 as being unpatentable over Higgins et al. (US 2019/0124123 A1, hereinafter referred to as Higgins) in view of Oksanen (US 2016/0112488 A1, hereinafter referred to as Oksanen).
Regarding Claim 23,
Higgins teaches all the limitations of parent Claim 21.
Higgins teaches:
“support  tunneling of a data stream of a communication protocol of the communication protocol layer” (paragraphs [0031]).  [The network monitoring computer (NMC), which is arranged to monitor or record flows of packets in a session that are communicated between at least two endpoints over at least one network, can receive network communication for monitoring through a variety of means including directed tunnels from network switches, clients or servers including the endpoints themselves, or other infrastructure devices.] 
Higgins does not teach:
“support, by the communication device, negotiation of a set of communication protocols to be supported on the session layer protocol.”
Oksanen teaches:
“support, by the communication device, negotiation of a set of communication protocols to be supported on the session layer protocol” (paragraphs [0025], [0029]).  [Different network arrangements and modes are possible ([0025]).  The data link layer is concerned with local delivery of frames between devices, and the various data link protocols are the Ethernet for local area networks (multi-node), the Point-to-Point Protocol (PPP), High-Level Data Link Control (HDLC) and Advanced Data Communication Control Procedures (ADCCP) for point-to-point (dual-node) connections ([0029]).]  (NOTE: Depending on the type of session and connection required, the data link protocol must be chosen or “negotiation of a set of communication protocols to be supported on the session layer protocol” must occur.)
Because both Higgins and Oksanen teach systems for communication between devices, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains, to include in the Higgins disclosure, the ability to negotiate the set of communication protocols for the session, as taught by Oksanen; and such inclusion would have increased the efficiency of the network operations by providing the ability to use a variety of protocols, and would have been consistent with the rationale of combining prior art elements according to known methods to yield predictable results to show a prima facie case of obviousness (MPEP 2143(I)(A)) under KSR International Co. v. Teleflex Inc., 127 S. Ct. 1727, 82 USPQ2d 1385, 1395-97 (2007).
Regarding Claim 24,
Higgins in view of Oksanen teaches all the limitations of parent Claim 23.
Higgins teaches:
“send, from the communication device toward a second communication device, a message including an indication of a set of communication protocols supported by the communication device at the session layer” (paragraph [0148]).  [If the client and server are using Transport Layer Security (TLS), after a TCP connection is established, the client sends a ClientHello message, which includes various specifications in clear-text such as, protocol version.]  
Regarding Claim 25,
Higgins in view of Oksanen teaches all the limitations of parent Claim 24.
Higgins teaches:
“wherein the indication of the set of communication protocols supported by the communication device at the session layer includes a tuple including an indication of a communication protocol layer supported by the communication device at the session layer and a list of communication protocols supported by the communication device at the communication protocol layer supported by the communication device at the session layer” (paragraphs [0148], [0150], [0155], [0162]).  [If the client and server are using Transport Layer Security (TLS), after a TCP connection is established, the client sends a ClientHello message, which includes various specifications such as, the protocol version and a list of supported cipher suites ([0148]).  In one or more of the various embodiments, the client may start a handshake for a secure connection ([0150]). The client and server are considered to have completed the secure handshake and established a secure communication session, making subsequent communication between the client and server cryptographically secured ([0155]).  Information from a data store can be indexed or keyed to information, such as tuple information, or the like, that is associated with the network flows comprising the secure connection ([0162]).]  (NOTE: The client and server being in a session is equivalent to the “communication device at the session layer,” the list of supported cipher suites to the “list of communication protocols support by the communication device,” and information is included in the “tuple.”) 
Regarding Claim 26,
Higgins in view of Oksanen teaches all the limitations of parent Claim 24.
Higgins teaches:
“wherein the session layer protocol includes a Transport Layer Security (TLS) protocol, wherein the message includes a TLS handshake message” (paragraph [0148], [0150]).  [If the client and server are using Transport Layer Security (TLS), after a TCP connection is established, the client sends a ClientHello message ([0148]).  The client starts with a handshake for a secure connection ([0150]).]  
Regarding Claim 27,
Higgins in view of Oksanen teaches all the limitations of parent Claim 23.
Higgins teaches:
“receive, by the communication device from a second communication device, a message including an indication of a set of communication protocols supported by the second communication device at the session layer” (paragraph [0148]).  [If the client and server are using Transport Layer Security (TLS), after a TCP connection is established, the client sends a ClientHello message which includes a list of supported cipher suites.]  (NOTE: The list of supported cipher suites is equivalent to the “set of communication protocols supported by the second communication device,” and the server being in session with the client to the “second communication device at the session layer.”)
“select, by the communication device based on an indication of a set of communication protocols supported by the communication device at the session layer and based on the indication of the set of communication protocols supported by the second communication device at the session layer, the set of communication protocols to be supported on the session layer protocol” (paragraph [0151]).  [If the client and server are using TLS, the server may be arranged to respond with a selected protocol version, cipher suite, its verifiable certificate, or the like, depending on the values included in the client's handshake information.]
Regarding Claim 29,
Higgins teaches all the limitations of parent Claim 28.
Higgins does not teach:
“wherein the packet of the data stream includes a payload including data of the data stream, wherein the packet of the data stream includes a header including an indication of the communication protocol layer of the data stream, an indication of the communication protocol of the data stream, and a stream identifier of the data stream.”
Oksanen teaches:
“wherein the packet of the data stream includes a payload including data of the data stream, wherein the packet of the data stream includes a header including an indication of the communication protocol layer of the data stream, an indication of the communication protocol of the data stream, and a stream identifier of the data stream” (paragraphs [0020], [0013], [0036]).  [At least two streams of data in respective channels are multiplexed in accordance with a protocol in a data flow routed through a network entity, and information for enabling analysis or other processing of the multiplexed data is included in a header field of a stream of data generated in accordance with a second, lower level protocol ([0020]).  An intermediate entity captures the at least one first stream of data, sends the generated second data stream to a data analyzer entity with information identifying the at least one first data stream being encoded in the predefined control information field, and stores the information in a database for the first data stream ([0013]).  A determined stream is encoded in headers of data packets of the lower protocol communications, including information identifying a data stream, which is useful in analysis of the data ([0036]).]
Because both Higgins and Oksanen teach systems for communication between devices, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains, to include in the Higgins disclosure, the details of the packet stream, as taught by Oksanen; and such inclusion would have increased the efficiency of the network operations by providing necessary details for analysis of the packet stream, and would have been consistent with the rationale of combining prior art elements according to known methods to yield predictable results to show a prima facie case of obviousness (MPEP 2143(I)(A)) under KSR International Co. v. Teleflex Inc., 127 S. Ct. 1727, 82 USPQ2d 1385, 1395-97 (2007).
Regarding Claim 31,
Higgins teaches all the limitations of parent Claim 21.
Higgins teaches:
“support  tunneling of a data stream of a communication protocol of a communication protocol layer” (paragraph [0031]).  [The network monitoring computer (NMC), which is arranged to monitor or record flows of packets in a session that are communicated between at least two endpoints over at least one network, can receive network communication for monitoring through a variety of means including directed tunnels from network switches, clients or servers including the endpoints themselves, or other infrastructure devices.]
Higgins does not teach:
“send, by the communication device over the session layer protocol of the session layer, a packet of the session layer protocol that includes a packet of the data stream.”
Oksanen teaches:
“send, by the communication device over the session layer protocol of the session layer, a packet of the session layer protocol that includes a packet of the data stream” (paragraphs [0023], [0020], [0031]; fig. 1, elements 10, 20).  [A communication session between the devices includes data communicated between the client device 10 and the server device 20 ([0023]).  At least two streams of data in respective channels are multiplexed in accordance with a protocol in a data flow routed through a network entity ([0020]).  Packets belonging to different data channels are multiplexed into a data flow between the client device 10 and the server device 20 ([0032]).]
Because both Higgins and Oksanen teach systems for communication between devices, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains, to include in the Higgins disclosure, the specific disclosure of sending packets over a session layer, as taught by Oksanen; and such inclusion would have provided additional information about the method of transmission of packet stream, and would have been consistent with the rationale of combining prior art elements according to known methods to yield predictable results to show a prima facie case of obviousness (MPEP 2143(I)(A)) under KSR International Co. v. Teleflex Inc., 127 S. Ct. 1727, 82 USPQ2d 1385, 1395-97 (2007).
Regarding Claim 32,
Higgins teaches all the limitations of parent Claim 21.
Higgins teaches:
“support  tunneling of a data stream of a communication protocol of a communication protocol layer” (paragraph [0031]).  [The network monitoring computer (NMC), which is arranged to monitor or record flows of packets in a session that are communicated between at least two endpoints over at least one network, can receive network communication for monitoring through a variety of means including directed tunnels from network switches, clients or servers including the endpoints themselves, or other infrastructure devices.]
Higgins does not teach:
“receive, by the communication device over the session layer protocol of the session layer, a packet of the session layer protocol that includes a packet of the data stream, wherein the packet of the data stream includes a payload including data of the data stream.”
“wherein the packet of the data stream includes a header including an indication of the communication protocol layer of the data stream, an indication of the communication protocol of the data stream, and a stream identifier of the data stream.”
“retrieve, based on identification of the data of the data stream based on the indication of the communication protocol layer of the data stream, the indication of the communication protocol of the data stream, and the stream identifier of the data stream, the data of the data stream.”
Oksanen teaches:
“receive, by the communication device over the session layer protocol of the session layer, a packet of the session layer protocol that includes a packet of the data stream, wherein the packet of the data stream includes a payload including data of the data stream” (paragraphs [0023], [0020], [0031]; fig. 1, elements 10, 20).  [A communication session between the devices includes data communicated between the client device 10 and the server device 20 ([0023]).  At least two streams of data in respective channels are multiplexed in accordance with a protocol in a data flow routed through a network entity ([0020]).  Packets belonging to different data channels are multiplexed into a data flow between the client device 10 and the server device 20 ([0032]).]   (NOTE: When data is sent by one client-server device during the multiplexing, it is received by the other, and the data flow is equivalent to the “data stream” with the data within the stream as the “payload.”)
“wherein the packet of the data stream includes a header including an indication of the communication protocol layer of the data stream, an indication of the communication protocol of the data stream, and a stream identifier of the data stream” (paragraphs [0020], [0013], [0036]).  [At least two streams of data in respective channels are multiplexed in accordance with a protocol in a data flow routed through a network entity, and information for enabling analysis or other processing of the multiplexed data is included in a header field of a stream of data generated in accordance with a second, lower level protocol ([0020]).  An intermediate entity captures the at least one first stream of data, sends the generated second data stream to a data analyzer entity with information identifying the at least one first data stream being encoded in the predefined control information field, and stores the information in a database for the first data stream ([0013]).  A determined stream is encoded in headers of data packets of the lower protocol communications, including information identifying a data stream, which is useful in analysis of the data ([0036]).] 
“retrieve, based on identification of the data of the data stream based on the indication of the communication protocol layer of the data stream, the indication of the communication protocol of the data stream, and the stream identifier of the data stream, the data of the data stream” (paragraphs [0013], [0035]).  [An intermediate entity captures the at least one first stream of data, sends the generated second data stream to a data analyzer entity with information identifying the at least one first data stream being encoded in the predefined control information field, and stores the information in a database for the first data stream ([0013]).  The intermediate data processing entity can provide information distinguishing between the different streams of data in a multiplexed data flow and/or other information associated with the at least one captured stream of data for use in analysis of data communicated in a multiplexed stream; the determining can comprise capturing at least one stream of data that is multiplexed in a data flow flowing through the intermediate entity in accordance with a first protocol.]   (NOTE: In order for the data to be analyzed, it must be “retrieved.”)
Because both Higgins and Oksanen teach systems for communication between devices, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains, to include in the Higgins disclosure, the details of the packet stream and the specific details of how packets  are received and sent over a session layer, as taught by Oksanen; and such inclusion would have provided additional information about the method of transmission of packet stream, and would have been consistent with the rationale of combining prior art elements according to known methods to yield predictable results to show a prima facie case of obviousness (MPEP 2143(I)(A)) under KSR International Co. v. Teleflex Inc., 127 S. Ct. 1727, 82 USPQ2d 1385, 1395-97 (2007).

Response to Arguments
Applicant's arguments filed March 7, 2022 have been fully considered. 
Regarding the rejections under 35 U.S.C. 103, Applicant argues as follows:
Claims 21-39 are rejected under 35 U.S.C. 103 as being unpatentable over Oksanen and Higgins. The rejection is traversed. 
Applicant, despite disagreeing with the rejection and in the interest of furthering prosecution of the application, have herein amended claim 21 to recite a feature of "support, by a communication device, tunneling of a data stream of a communication protocol of a communication protocol layer over a session layer protocol at a session layer, wherein the communication protocol layer is below the session layer." 
Applicant submits that the proposed combination of Oksanen and Higgins fails to disclose or suggest the feature of "support, by a communication device, tunneling of a data stream of a communication protocol of a communication protocol layer over a session layer protocol at a session layer, wherein the communication protocol layer is below the session layer." 
Applicant submits that Oksanen merely discloses communication of data of a data stream at a first protocol layer over a second protocol layer where the first protocol is above the second protocol layer. More specifically, Oksanen discloses that at least a portion of a first stream of data in accordance with a first protocol is included in a second stream of data in accordance with a second protocol where the first protocol layer is above the second protocol layer (i.e., the data stream in accordance with the higher first layer is included within the data steam in accordance with the lower second layer). This is described at least in the Abstract of Oksanen, as well as in Paragraphs [0034] and [0042] of Oksanen. For example, the Abstract of Oksanen states that "...at least one first stream of data is determined in accordance with a first protocol... [a] second stream of data is then generated in accordance with a second protocol, wherein the second protocol is a lower layer protocol than the first protocol" and that "[t]he generating comprises including at least a portion of the determined at least one first stream of data in the second stream of data..." (emphasis added). Additionally, Paragraph [0023] of Oksanen cited in the Office Action merely includes a general reference to a communication session between a client device 10 and a server device 20 and Paragraph [0029] of Oksanen merely describes use of the data link layer for a link 17 between an intermediate device 12 and a processing device 16, neither of which discloses or suggests tunneling of a data stream of a communication protocol of a communication protocol layer over a session layer protocol at a session layer where the communication protocol layer is below the session layer. 
Applicant further submits that Higgins fails to bridge the substantial gap between Oksanen and Applicant's claim 21. Rather, as indicated by the Examiner, Higgins merely discloses a definition of the OSI model of communication layers and associated communication protocols. Higgins fails to disclose or suggest tunneling of a data stream of a communication protocol of a communication protocol layer over a session layer protocol at a session layer where the communication protocol layer is below the session layer. Thus, even assuming arguendo that the OSI model of Higgins could be incorporated into Oksanen in the manner proposed by the Examiner, the proposed combination of the cited portions of Oksanen and the cited portions of Higgins still would fail to disclose or suggest that tunneling of a data stream of a protocol layer below the session layer is supported over a session layer protocol at a session layer. 
As such, Applicant submits that the proposed combination of Oksanen and Higgins fails to disclose or suggest the feature of "support, by a communication device, tunneling of a data stream of a communication protocol of a communication protocol layer over a session layer protocol at a session layer, wherein the communication protocol layer is below the session layer." 
Thus, Applicant submits that independent claim 21 is allowable under 35 U.S.C. 103 over Oksanen and Higgins. Additionally, Applicant's independent claims 38 and 39 recite features similar to the features of Applicant's independent claim 21 and, thus, also is allowable under 35 U.S.C. 103 over Oksanen and Higgins. Furthermore, since all of the dependent claims that depend from the independent claims include all the limitations of the respective independent claim from which they ultimately depend, each such dependent claim also is allowable under 35 U.S.C. 103 over Oksanen and Higgins. 
Therefore, Applicant respectfully requests that the rejection be withdrawn. 

 1246609_1 
The arguments are largely moot, because Claims 21-22, 28, 30, and 33-39 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Higgins et al. (US 2019/0124123 A1), and Claims 23-27, 29, and 31-32 are rejected under 35 U.S.C. 103 as being unpatentable over Higgins et al. (US 2019/0124123 A1) in view of Oksanen (US 2016/0112488 A1).  
There is one relevant argument concerning tunneling, with which Examiner respectfully disagrees.  Applicant argues: 
Higgins fails to disclose or suggest tunneling of a data stream of a communication protocol of a communication protocol layer over a session layer protocol at a session layer where the communication protocol layer is below the session layer. 

However, Higgins teaches that the network monitoring computer (NMC), can receive network communication for monitoring through a variety of means including directed tunnels from network switches, clients or servers including the endpoints themselves, or other infrastructure devices (Higgins, paragraph [0031]).  Higgins also teaches the use of both the OSI and TCP models, both of which have communication protocol layers below the session layers. Thus, the argument regarding tunneling is not persuasive.
Thus, Claims 21-39 remain as rejected under either 35 U.S.C. 102 or 35 U.S.C. 103, as stated above. 
Regarding the rejections under 35 U.S.C. 102, Applicant argues as follows:
Claim 40 is rejected under 35 U.S.C. 102 as being unpatentable over Oksanen. The rejection is traversed. 

In the Office Action, the Examiner cites specific portions of Oksanen, asserting that the cited portions of Oksanen disclose the feature of "support, by a communication device over a session layer protocol at a session layer, multiplexing of a set of data streams." 

In response, Applicant submits that the cited portions of Oksanen fail to disclose or suggest the feature of "support, by a communication device over a session layer protocol at a session layer, multiplexing of a set of data streams." 

Rather, the cited portions of Oksanen merely disclose communication of data of a data stream at a first protocol layer over a second protocol layer where the first protocol is above the second protocol layer. 

More specifically, the cited portions of Oksanen discloses that at least a portion of a first stream of data in accordance with a first protocol is included in a second stream of  
data in accordance with a second protocol where the first protocol layer is above the second protocol layer (i.e., the data stream in accordance with the higher first layer is included within the data steam in accordance with the lower second layer). This is described at least in the Abstract of Oksanen, as well as in Paragraphs [0034] and [0042] of Oksanen. 

For example, the Abstract of Oksanen states that "...at least one first stream of data is determined in accordance with a first protocol... [a] second stream of data is then generated in accordance with a second protocol, wherein the second protocol is a lower layer protocol than the first protocol" and that "[t]he generating comprises including at least a portion of the determined at least one first stream of data in the second stream of data..." (emphasis added). 

Additionally, Paragraph [0020] of Oksanen merely includes a general statement that "...at least two streams of data in respective channels are multiplexed in accordance with a protocol in a data flow routed through a network entity..." and Paragraph [0023] of Oksanen merely includes a general reference to a communication session between a client device 10 and a server device 20, neither of which discloses or suggests supporting multiplexing of a set of data streams over a session layer protocol at a session layer. 

As such, Applicant submits that the cited portions of Oksanen fail to disclose or suggest the feature of "support, by a communication device over a session layer protocol at a session layer, multiplexing of a set of data streams." 

Thus, Applicant submits that independent claim 40 is allowable under 35 U.S.C. 102 over Oksanen. 

Therefore, Applicant respectfully requests that the rejection be withdrawn. 

Applicant states that “over the session layer protocol” is equivalent to “above the session layer.”  Examiner directs Applicant to the response provided above, that “over” does not mean “above” in the context of protocol discussions, and may instead be interpreted as the dictionary definitions of either “expressing passage or trajectory across” or “used to express action and result,”  pursuant to the definitions at www.bing.com/search?q=over+def&form=QBLH&sp=-1&pq=over+def&sc=8-8&qs=n&sk=&cvid=45BAC0A30AF940BDAA53492575B237BD.  
	In the OSI model, which is disclosed by Oksanen (see paragraph [0029]), the session layer 5 is defined in the art as “managing communication sessions, i.e. continuous exchange of information in back-and-forth transmissions between two nodes.” The only layers above the session layer are the Presentation layer 6 and the Application layer 7, while the other four layers relating to the logical and physical transmissions are below the session layer. Under that interpretation, which is consistent with MPEP 2111, Claim 40 remains as rejected.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to PHYLLIS A BOOK whose telephone number is (571)272-0698.  The examiner can normally be reached on M-F 10:00 am - 7:00 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, GLENTON BURGESS can be reached on 571-272-3949.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/PHYLLIS A BOOK/Primary Examiner, Art Unit 2454