DETAILED ACTION
This office action is in response to the correspondence filed on 08/11/2020. This application has a provisional application 63/026,216 filed 05/18/2020. Claims 1-15 are pending and are examined.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

Priority
Applicant's claim for the benefit of a prior-filed application under 35 U.S.C. 119(e) or under 35 U.S.C. 120, 121, 365(c), or 386(c) is acknowledged. 


Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claims 1, 8, and 15 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention. 
Regarding claims 1, 8, and 15, taking claim 1 as exemplary, “the protected network traffic” in “an external host that is external to the protected network traffic” in the first limitation was never recited before. There is insufficient antecedent basis for this limitation in the claim. 
Examiner suggests that “a protected network traffic” can be used in the first occurrence of the term instead.
Regarding claims 2 and 9, taking claim 2 as exemplary, “a Layer-7 request” in “validating a Layer-7 request” in the second limitation introduced confusion of two Layer-7 requests (one in claim 1 and one in claim 2). It is unclear if this Layer-7 request is referring to a new Layer-7 request or the same Layer-7 request as mentioned in claim 1 before. Also, “the Layer-7 request” or “the buffered Layer-7 request” in the subsequent limitations continue the same confusion as it is unclear which Layer-7 request it is referring to. 
Regarding claims 7 and 14, taking claim 7 as exemplary, “the Layer-7 request” has the similar problem described in claims 2 and 9 above as to which Layer-7 request it is referring to.
Regarding claims 7 and 14, taking claim 7 as exemplary, “the Layer-7 inspection” was never recited before. There is insufficient antecedent basis for this limitation in the claim. Although Layer-7 request and response are mentioned before, it is unclear which step(s) are included in this inspection.
Examiner suggests that a first or a second Layer-7 request can be used in the first occurrence of the term to distinguish the different Layer-7 requests if they are indeed different.
Examiner notes that regarding claims 3 and 10, “the inbound network traffic” is interpreted to be the network traffic received inbound from the external host in the first limitation in claim 1 (even though “the network traffic” was used in that same limitation in claim 1 to refer to the same network traffic).
Examiner notes that regarding claims 4-5 and 11-12, “the source and destination addresses” are interpreted to be the source and destination internet addresses included in the source and destination data during the first TCP handshake.
Examiner notes that regarding claims 5 and 12, “TCP ACK” and “TCP SYN” are specific terms defined in the TCP protocol.
Please clarify any confusion and thoroughly review the claim set for accuracy.


Allowable Subject Matter
Claims 1, 8, and 15 contain allowable subject matter but remain rejected under 112 rejections.
Claims 2, 7, 9, and 14 contains allowable subject matter but remain rejected under 112 rejection. It is also objected to as being dependent upon rejected base claims, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims; and the stated rejection(s) are resolved.
Claims 3-6 and 10-13 are objected to as being dependent upon rejected base claims, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
The following is an examiner’s statement of reasons for allowance:
Migault et al. (US Pub. No. 20210111881 A1) discloses access to content of encrypted data session. While Migault discloses detecting by the terminal a fault with a data session encrypted with a Perfect Forward Secrecy encryption technique using ephemeral encryption keys, the data session extending at least between the terminal and a data center gateway; data session can be a Hyper Text Transfer Protocol (HTTP) data session encrypted with a Transport Layer Security (TLS) protocol, it fails to disclose caching source and destination data from a transmission control protocol (TCP) handshake; and using the cached source and destination data to obtain a Layer-7 request from an external host to a protected host and to pass a Layer-7 response from the protected host to the external host as described in the claims.
Higgins et al. (US Pat. No. US 9967292 B1) discloses inline secret sharing. Higgins discloses both an Open Systems Interconnection (OSI) model and a Transmission Control Protocol/Internet Protocol (TCP/IP) model. The Open Systems Interconnection (OSI) model, which defines seven layers of different protocols that cooperatively enable communication over a network. The OSI model layers include Application or Layer-7. The TCP/IP model is similar to the OSI model except that it defines four layers instead of seven. Although some communication protocols may be listed at different numbered or named layers of the TCP/IP model versus the OSI model, both of these models describe stacks that include basically the same protocols. While Higgins discloses different types of network monitors can be employed to assess and troubleshoot communicated packets and protocols over a network, it fails to disclose caching source and destination data from a transmission control protocol (TCP) handshake; and using the cached source and destination data to obtain a Layer-7 request from an external host to a protected host and to pass a Layer-7 response from the protected host to the external host as described in the claims.
Kang et al. (NPL – “ESSE: Efficient Secure Session Establishment for Internet-Integrated Wireless Sensor Networks”) discloses secure Internet-integrated wireless sensor network. Kang discloses Datagram Transport Layer Security (DTLS) as a de facto security protocol. The DTLS protocol is separated into a handshake phase (i.e., establishment phase) and an encryption phase (i.e., transmission phase). Denial of service (DoS) attacks can be reduced because a constrained device performs the encryption phase only. While this approach enhances the performance of both device and network by using a way to delegate the DTLS handshake phase, it fails to disclose caching source and destination data from a transmission control protocol (TCP) handshake; and using the cached source and destination data to obtain a Layer-7 request from an external host to a protected host and to pass a Layer-7 response from the protected host to the external host as described in the claims.
Therefore, the pending claims are allowable as the prior art of record does not disclose all the combination of features including using cached source and destination data from a transmission control protocol (TCP) handshake to obtain a Layer-7 request from an external host to a protected host and to return a Layer-7 response as described in the claims; nor would it have been obvious to one of ordinary skill in the art to further modify the prior art to include all of the deficient features, as set forth in the allowable claims. 


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Airamo; Otto et al.	US-PGPUB	US 20190229923 A1	Protocol independent forwarding of traffic for content inspection service
Joll; Bill et al.		US-PGPUB	US 20140157405 A1	Cyber behavior analysis and detection method
Ong; David		USPAT		US 8650495 B2		Captive portal receiving transmission control protocol (TCP) connection request from a client device on a local area network and server on an external network. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to KA SHAN CHOY whose telephone number is (571) 272-1569.  The examiner can normally be reached on MON - FRI: 9AM-5:30PM EST Alternate Fridays.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on (571) 272-3685.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/KA SHAN CHOY/Examiner, Art Unit 2435