DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in an interview with Kirby Turner on 07/25/2022.
The application has been amended as follows: 
9. (Currently Amended) A system comprising: 
a hardware processor of a computing platform supporting a virtual environment; 
at least one virtual tap instance residing in  the virtual environment configured to capture encrypted network traffic flows belonging to at least one communication session involving an application server instance hosted by a virtual machine, wherein the at least one virtual tap instance is a virtual instance of a software-based monitoring agent application that executed by  the hardware processor of a computing platform supporting the virtual environment; and 
a dynamic session key acquisition (DSKA) engine residing in the virtual environment configured to receive session decryption information extraction instructions that configure the DSKA engine to obtain session decryption information for at least one communication session involving a virtual machine, to obtain the session decryption information from a server instance hosted by the virtual machine in accordance with the session decryption information extraction instructions, wherein the session decryption information includes cryptographic keys utilized by the application server instance to establish the at least one communication session, wherein the session decryption information is obtained by the DSKA engine from communications between a monitored application server instance hosted  by the virtual machine and either a secure sockets layer (SSL) enabled server instance or a transport layer security (TLS) enabled service instance hosted by the virtual machine, to store the session decryption information obtained from the virtual machine, and to provide the session decryption information to a network traffic monitoring (NTM) agent, wherein the NTM agent utilizes the session decryption information to decrypt copies of encrypted network traffic flows belonging to the at least one communication session involving the virtual machine.

Response to Amendment
Claims 1-7, 9-15 and 17-19 are pending. Claims 1, 9 and 17 are currently amended. Claims 8, 16 and 20 are canceled. 
Applicant’s amendments to the claims will overcome each and every 103 rejection previously set forth in the Non-Final Office Action mailed on 03/07/2022. 
Response to Arguments
Applicant’s arguments, see pages 7-9, filed 06/07/2022, with respect to the 103 rejections have been fully considered and are persuasive.  The 103 rejections of claims 1-7, 9-15 and 17-19 has been withdrawn.
Terminal Disclaimer
The terminal disclaimer filed on 07/28/2022 disclaiming the terminal portion of any patent granted on this application which would extend beyond the expiration date of US Patent No. 10,903,985 has been reviewed and is accepted.  The terminal disclaimer has been recorded.

Allowable Subject Matter
Claims 1-7, 9-15 and 17-19 are allowed.
Examiner’s Statement of Reasons for Allowance
The following is an examiner’s statement of reasons for allowance: After further search & consideration and applicant remarks put forth in the Remarks of 06/07/2022 on pages 7-9, the prior art either taken alone or in combination neither anticipates nor render obvious to the claimed subject matter of the instant application. The prior art Majumder et al. (US Pub No. 2018/0351970) discloses packet monitoring in a virtual environment are disclosed.  According to one method executed at a virtual tap element residing in between a first virtual machine and a second virtual machine in a virtual network environment, the method includes obtaining cryptographic key information from either the first virtual machine or the second virtual machine and detecting an encrypted packet flow being communicated in the virtual network environment between the first virtual machine and the second virtual machine via the virtual tap element.  The method further includes decrypting the encrypted packet flow using the cryptographic key information, generating a decrypted packet flow set comprising at least a portion of the decrypted packet flow, and sending the decrypted packet flow set to a packet analyzer (Majumder, Abstract), Guo et al. (US Patent No. 9,800,560) discloses monitoring encrypted data transmission may include (1) detecting a data transmission session between an application running on a first device and an application running on a second device, (2) identifying a shared library loaded by the application running on the first device to establish encryption for the data transmission session, (3) retrieving, from the shared library, a symmetric session key designated for the data transmission session, (4) intercepting data transmitted during the data transmission session, the data having been encrypted using the symmetric session key, and (5) decrypting the data utilizing the symmetric session key retrieved from the shared library (Guo, Abstract), Higgins et al. (US Patent No. 11,165,831) discloses monitoring communication between computers using network monitoring computers (NMCs). NMCs identify a secure communication session established between two of the computers based on an exchange of handshake information associated with the secure communication session. Key information that corresponds to the secure communication session may be obtained from a key provider such that the key information may be encrypted by the key provider. NMCs may decrypt the key information. NMCs may derive the session key based on the decrypted key information and the handshake information. NMCs may decrypt network packets included in the secure communication session. NMCs may be employed to inspect the one or more decrypted network packets to execute one or more rule-based policies. (Higgins, Abstract), Sanghvi et al. (US Pub No. 2012/0210318) discloses observing messages communicated amongst virtual applications external to application-hosting virtual machines.  In one instance, the messages can be observed from within a virtual switch outside hosting virtual machines.  One or more actions can subsequently be performed as a function of the messages such as but not limited to application monitoring as well as message routing, filtering, and/or transformation (Sanghvi, Abstract and Figures 1 & 4) and Zelenov et al. (US Patent No. 10,423,774) discloses establishing secure communication between virtual machines, and, more particularly, to a system and method for establishing secure communication channels between two or more homogenous virtual machines. An exemplary method includes generating, by a first virtual machine, an encryption key compatible with a symmetric encryption algorithm and storing the encryption key in a memory of the first virtual machine; generating a second virtual machine by performing a virtual machine forking operation on the first virtual machine, wherein a memory of the generated second virtual machine contains the encryption key; receiving, by one of the at least two virtual machines, a communication transmitted by another of the at least two virtual machines, wherein the communication comprises data encrypted using the encryption key; and decrypting the data, by the recipient virtual machine, using the encryption key. (Zelenov, Abstract), however, the prior art taken alone or in combination fails to teach or suggest “obtaining the session decryption information from the virtual machine in accordance with the session decryption information extraction instructions, wherein the session decryption information includes cryptographic keys utilized by an application server instance in the virtual machine to establish the at least one communication session, wherein the session decryption information is obtained by the DSKA engine from communications between a monitored application server instance hosted  by the virtual machine and either a secure sockets layer (SSL) enabled server instance or a transport layer security (TLS) enabled service instance hosted by the virtual machine; storing the session decryption information obtained from the virtual machine; and providing the session decryption information to a network traffic monitoring (NTM) agent, wherein the NTM agent utilizes the session decryption information to decrypt copies of encrypted network traffic flows belonging to the at least one communication session involving the virtual machine” (as recited in claims 1, 9 and 17). Claims are allowed in light of the above claim limitations when in combination with the remaining claim limitations.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHAQUEAL D WADE whose telephone number is (571)270-0357.  The examiner can normally be reached on M-F 8:00-5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on 571-272-4063.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/SHAQUEAL D WADE-WRIGHT/Primary Examiner, Art Unit 2437