DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Priority
Acknowledgment is made of applicant’s claim for foreign priority under 35 U.S.C. 119 (a)-(d). The certified copy has been filed in parent Application No.

202041023290   
  06/03/2020   
  INDIA   


Claims 1—20 filed on 12/29/2020 are presented for examination.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1—5, 8, 9, and 13—19 is/are rejected under 35 U.S.C. 103 as being unpatentable over “Smith” et al. [US 2017/0026349 A, now US 10,341,311 B2] in view of “Raney” et al. [US 11,012,327 B2], and further in view of “Kurmala” et al. [US 2016/0315920 A1].

REGARDING CLAIM 1. A method, comprising: 
transmitting, by a device [for e.g., Substation A (Figures 3A-3B of Smith)], a packet for establishing or communicating on a virtual private network (VPN) [“… static link encryption tunnel, such as a virtual private network” (see par. 0021)], the packet being associated with a protocol [Smith disclose payload of packets associated with protocols; such as layer 3 protocols (par.0018, 0020—0022)]; determining, by the device, that the packet has been dropped by a security device [“rule 5 provides any packets that do not meet the criteria of rules 1-4 is dropped” (par. 0058 of Smith)]; and encapsulating, by the device, the packet with transmission control protocol (TCP) encapsulation to generate a TCP encapsulated packet [see Encrypt and Encapsulate Packet @322, 370 (Figure 3A-3B with par. 0050-0051 of Smith)];

Smith does not; but, Raney, analogues art, encapsulating the packet when the packet has been dropped [Raney disclose encapsulating packet before forwarding and drop detection (Abstract); and for example, FIG.4 details encapsulation with packet drop (see also Drop Detected 160, Detected Dropped Packets 306; FIGS.1, 3, 5)]. Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to modify the system of Smith by incorporating the packet dropping and encapsulating teaching of Raney for monitoring network packets within virtual processing environments.

Smith in view of Raney further disclose,
transmitting, by the device, the TCP encapsulated packet for establishing or communicating on the VPN [Smith disclose VPN (par.0050); Raney also disclose “virtual processing environments (Abstract, FIGS.2—4)]; determining, by the device, that the TCP encapsulated packet has been dropped by the security device [Smith disclose “rule 5 provides any packets that do not meet the criteria of rules 1-4 is dropped” (par. 0058); and Raney disclose encapsulating packet before forwarding and drop detection (Abstract); and for example, FIG.4 details encapsulation with packet drop (see also Drop Detected 160, Detected Dropped Packets 306; FIGS.1, 3, 5)]; and selectively encrypting, by the device and when the TCP encapsulated packet has been dropped, the packet or a combination of encryption associated with the protocol and TLS encryption to generate an encrypted packet [Smith is directed to “selective encryption” (Title), Abstract, par.0039, 0043, 0045—0052, etc. (FIGS.3A-5)]; 

Smith/Raney does not; but, Kurmala, analogues art, disclose using a null encryption for transport layer security (TLS) [Kurmala disclose an embodiment utilizing a null-encryption (FIGS.1-2: par.0015, 0018, 0022)]. Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to modify the system of Smith/Raney by incorporating the null-encryption teaching of Kurmala for the purpose of securing virtual tunnel with an alternative encryption.

Smith in view of Raney, and further in view of Kurmala further disclose,
and transmitting, by the device, the encrypted packet on the VPN for establishing or communicating on the VPN [Smith disclose transmitting encrypted packet (e.g., par.0049)].

REGARDING CLAIMS 8 & 15. Smith in view of Raney, and further in view of Kurmala further disclose A device, and A non-transitory computer-readable medium storing instructions, the instructions comprising: one or more memories; and one or more processors to: transmit a packet for communicating with a remote device, the packet being associated with a protocol [Smith disclose payload of packets associated with protocols; such as layer 3 protocols (par.0018, 0020—0022)]; determine that the packet has been dropped by a security device [“rule 5 provides any packets that do not meet the criteria of rules 1-4 is dropped” (par. 0058 of Smith)]; encrypt, after determining that the packet has been dropped, the packet using a null encryption [Kurmala disclose an embodiment utilizing a null-encryption (FIGS.1-2: par.0015, 0018, 0022)] for transport layer security (TLS) to generate a first encrypted packet [Smith is directed to “selective encryption” (Title), Abstract, par.0039, 0043, 0045—0052, etc. (FIGS.3A-5)]; transmit the first encrypted packet for communicating with the remote device [Smith disclose transmitting encrypted packet (e.g., par.0049)]; determine that the first encrypted packet has been dropped by the security device [“rule 5 provides any packets that do not meet the criteria of rules 1-4 is dropped” (par. 0058 of Smith)]; encrypt, after determining that the first encrypted packet has been dropped, the packet using a combination of encryption associated with the protocol and TLS encryption to generate a second encrypted packet [see Encrypt and Encapsulate Packet @322, 370 (Figure 3A-3B with par. 0050-0051 of Smith)]; and transmit the second encrypted packet for communicating with the remote device [Smith disclose transmitting encrypted packet (e.g., par.0049)].
The motivation to combine is the same as that of claim 1 above.

Smith in view of Raney, and further in view of Kurmala further disclose claim 2. The method of claim 1, wherein at least one of the packet, the TCP encapsulated packet, or the encrypted packet is directed to destination port 443 [Smith disclose plurality of ports (FIG.4); Kurmala disclose TCP port 443 (par.0028)]. 
The motivation to combine is the same as that of claim 1 above.

Smith in view of Raney, and further in view of Kurmala further disclose claim 3. The method of claim 1, further comprising determining that a version of TLS to be used supports null encryption, and wherein selectively encrypting the packet using the null encryption for TLS  or the combination of encryption associated with the protocol and TLS encryption includes: encrypting the packet using the null encryption for TLS based on determining that the version of TLS to be used supports null encryption to generate the encrypted packet [Kurmala disclose an embodiment utilizing a null-encryption (FIGS.1-2: par.0015, 0018, 0022)]. 
The motivation to combine is the same as that of claim 1 above.

Smith in view of Raney, and further in view of Kurmala further disclose claim 4. The method of claim 1, further comprising determining that a version of TLS to be used does not support null encryption, and wherein selectively encrypting the packet using the null encryption for TLS or the combination of encryption associated with the protocol and TLS encryption includes: encrypting the packet using the combination of encryption associated with the protocol and TLS encryption based on determining that the version of TLS to be used does not support null encryption to generate the encrypted packet [Kurmala disclose an embodiment utilizing a full-encryption (FIGS.1-2: par.0015, 0018, 0022)]. 
The motivation to combine is the same as that of claim 1 above.

Smith in view of Raney, and further in view of Kurmala further disclose claim 5. The method of claim 1, wherein selectively encrypting the packet using the null encryption for TLS [Kurmala disclose an embodiment utilizing a null-encryption (FIGS.1-2: par.0015, 0018, 0022)] or the combination of encryption associated with the protocol and TLS encryption includes encrypting the packet using the null encryption for TLS to form a first encrypted packet, and wherein the method further comprises: transmitting the first encrypted packet; determining that the first encrypted packet has been dropped by the security device [“rule 5 provides any packets that do not meet the criteria of rules 1-4 is dropped” (par. 0058 of Smith)]; and encrypting, when the first encrypted packet has been dropped, the packet using the combination of encryption associated with the protocol and TLS encryption to generate a second encrypted packet, wherein the second encrypted packet is the encrypted packet [Smith is directed to “selective encryption” (Title), Abstract, par.0039, 0043, 0045—0052, etc. (FIGS.3A-5)]. 
The motivation to combine is the same as that of claim 1 above.

Smith in view of Raney, and further in view of Kurmala further disclose claim 9. The device of claim 8, wherein the one or more processors, when encrypting the packet using the combination of encryption associated with the protocol and TLS encryption, are to: select an encryption algorithm for the TLS encryption that is at least as strong as an encryption algorithm associated with the protocol; and encrypt the packet using the combination of encryption associated with the protocol and the encryption algorithm for the TLS encryption [Smith is directed to “selective encryption” (Title), Abstract, par.0039, 0043, 0045—0052, etc. (FIGS.3A-5)]. 

Smith in view of Raney, and further in view of Kurmala further disclose claim 13. The device of claim 8, wherein the one or more processors, when determining that the packet has been dropped by the security device, are to: determine that the packet has been dropped by the security device based on receiving no reply to the packet from the security device for a threshold amount of time, or determine that the packet has been dropped by the security device based on receiving a notification from the security device indicating that the packet has been dropped [“rule 5 provides any packets that do not meet the criteria of rules 1-4 is dropped” (par. 0058 of Smith)]. 

Smith in view of Raney, and further in view of Kurmala further disclose claim 14. The device of claim 8, the one or more processors are further to: encapsulate, based on determining that the packet has been dropped, the packet with transmission control protocol (TCP) encapsulation to generate a TCP encapsulated packet; and transmit the TCP encapsulated packet for communicating with the remote device [Smith disclose transmitting encrypted packet (e.g., par.0049)]. 

Smith in view of Raney, and further in view of Kurmala further disclose claim 16. The non-transitory computer-readable medium of claim 15, wherein the one or more instructions, when executed by the one or more processors, further cause the one or more processors to determine that a version of TLS to be used supports null encryption [Kurmala disclose an embodiment utilizing a null-encryption (FIGS.1-2: par.0015, 0018, 0022)], and wherein the one or more instructions, that cause the one or more processors to selectively encrypt the packet using the null encryption for TLS or the combination of encryption associated with the protocol and TLS encryption, further cause the one or more processors to: encrypt the packet using the null encryption for TLS based on determining that the version of TLS to be used supports null encryption to generate the encrypted packet [Kurmala disclose an embodiment utilizing a null-encryption (FIGS.1-2: par.0015, 0018, 0022)]. 
The motivation to combine is the same as that of claim 1 above.

Smith in view of Raney, and further in view of Kurmala further disclose claim 17. The non-transitory computer-readable medium of claim 15, wherein the one or more instructions, when executed by the one or more processors, further cause the one or more processors to determine that a version of TLS to be used does not support null encryption [Kurmala disclose an embodiment utilizing a full-encryption (FIGS.1-2: par.0015, 0018, 0022)], and wherein the one or more instructions, that cause the one or more processors to selectively encrypt the packet using the null encryption for TLS [Kurmala disclose an embodiment utilizing a null-encryption (FIGS.1-2: par.0015, 0018, 0022)] or the combination of encryption associated with the protocol and TLS encryption, further cause the one or more processors to: encrypt the packet using the combination of encryption associated with the protocol and TLS encryption based on determining that the version of TLS to be used does not support null encryption to generate the encrypted packet [Kurmala disclose an embodiment utilizing a full-encryption (FIGS.1-2: par.0015, 0018, 0022)]. 
The motivation to combine is the same as that of claim 1 above.

Smith in view of Raney, and further in view of Kurmala further disclose claim 18. The non-transitory computer-readable medium of claim 15, wherein the one or more instructions, that cause the one or more processors to selectively encrypt the packet using the null encryption for TLS [Kurmala disclose an embodiment utilizing a null-encryption (FIGS.1-2: par.0015, 0018, 0022)] or the combination of encryption associated with the protocol and TLS encryption, cause the one or more processors to encrypt the packet using the null encryption for TLS to form a first encrypted packet, and wherein the one or more instructions, when executed by the one or more processors, further cause the one or more processors to: transmit the first encrypted packet; determine that the first encrypted packet has been dropped by the security device [“rule 5 provides any packets that do not meet the criteria of rules 1-4 is dropped” (par. 0058 of Smith)]; and encrypt, when the first encrypted packet has been dropped, the packet using the combination of encryption associated with the protocol and TLS encryption to generate a second encrypted packet, wherein the second encrypted packet is the encrypted packet [Smith is directed to “selective encryption” (Title), Abstract, par.0039, 0043, 0045—0052, etc. (FIGS.3A-5)]. 
The motivation to combine is the same as that of claim 1 above.

Smith in view of Raney, and further in view of Kurmala further disclose claim 19. The non-transitory computer-readable medium of claim 15, wherein the packet is transmitted for communicating with a remote device via the tunnel, and wherein the one or more instructions, when executed by the one or more processors, further cause the one or more processors to: encapsulate, based on determining that the packet has been dropped, the packet with transmission control protocol (TCP) encapsulation to generate a TCP encapsulated packet [Raney disclose encapsulating packet before forwarding and drop detection (Abstract); and for example, FIG.4 details encapsulation with packet drop (see also Drop Detected 160, Detected Dropped Packets 306; FIGS.1, 3, 5)]; and transmit the TCP encapsulated packet for communicating with the remote device [Smith disclose transmitting encrypted packet (e.g., par.0049)]. 
The motivation to combine is the same as that of claim 1 above.

Claims 6 and 7 is/are rejected under 35 U.S.C. 103 as being unpatentable over “Smith” et al. [US 2017/0026349 A, now US 10,341,311 B2] in view of “Raney” et al. [US 11,012,327 B2], and further in view of “Kurmala” et al. [US 2016/0315920 A1], and further in view of “Kantor” et al. [US 9,686,294 B2].

Smith in view of Raney, and further in view of Kurmala further disclose claim 6. The method of claim 1, wherein selectively encrypting the packet using the null encryption for TLS  or the combination of encryption associated with the protocol and TLS encryption includes encrypting the packet using the null encryption for TLS [Kurmala disclose an embodiment utilizing a null-encryption (FIGS.1-2: par.0015, 0018, 0022)], 

Smith/Raney in view of Kurmala do not; but, Kantor, analogues art, disclose and wherein the method further comprises: subjecting the packet to hashing of a hash algorithm of TLS and subjecting the packet to hashing of a hash algorithm associated with the protocol [Kantor disclose an embodiment of hash algorithm (for e.g., 520/635: FIGS.5-6)]. Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to modify the system of Smith/Raney/Kurmala by incorporating the hashing teaching of Kantor for the purpose of protecting communications from malicious or intentional disruption.

Smith in view of Raney, and further in view of Kurmala and Kantor further disclose claim 7. The method of claim 1, wherein selectively encrypting the packet using the null encryption for TLS [Kurmala disclose an embodiment utilizing a null-encryption (FIGS.1-2: par.0015, 0018, 0022)] or the combination of encryption associated with the protocol and TLS encryption includes encrypting the packet using the combination of encryption associated with the protocol and TLS encryption, and wherein the method further comprises: subjecting the packet to hashing of a hash algorithm of TLS and subjecting the packet to hashing of a hash algorithm associated with the protocol [Kantor disclose an embodiment of hash algorithm (for e.g., 520/635: FIGS.5-6)].
The motivation to combine is the same as that of claim 6 above. 

Allowable Subject Matter
Claims 10—12 & 20 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
The following is a statement of reasons for the indication of allowable subject matter:  Smith in view of Raney fail to further disclose claim 10. The device of claim 8, wherein the one or more processors are further to: transmit an Internet key exchange (IKE) packet as part of an IKE procedure to establish a virtual private network (VPN) tunnel with the remote device; determine that the IKE packet has been dropped by the security device; encapsulate, when the IKE packet has been dropped, the packet with TCP encapsulation to generate a TCP encapsulated IKE packet; and transmit the TCP encapsulated IKE packet for establishing the VPN tunnel. 
Smith in view of Raney fail to further disclose claim 20. The non-transitory computer-readable medium of claim 15, wherein the one or more instructions, when executed by the one or more processors, further cause the one or more processors to: transmit an Internet key exchange (IKE) packet as part of an IKE procedure for establishing the tunnel; determine that the IKE packet has been dropped by the security device; encrypt, after determining that the IKE packet has been dropped, the IKE packet using a combination of IKE encryption and transport layer security (TLS) encryption to generate an encrypted IKE packet; and transmit the encrypted IKE packet for establishing the tunnel.
Claims 11 & 12 are indicated as ASM based on their dependence.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. (See PTO—892: for example, USP 7817571 B2 is directed to receiving probe packet, de-encapsulate it, test it with ACL to determine to drop, and encapsulate the outgoing packet.

Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to AMARE F TABOR whose telephone number is (571) 270-3155. The examiner can normally be reached Mon.—Fri.: 8:00 AM to 5:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, KAMBIZ ZAND can be reached on (571) 272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/AMARE F TABOR/Primary Examiner, Art Unit 2434