DETAILED ACTION

1.	This Office Action is in response to the amendment filed on June 06, 2022. Claims 1, 9 and 17 are amended. Claims 3, 6, 11, 14 and 19 are canceled. Therefore, claims 1-2, 4-5, 7-10, 12-13, 15-18 and 20 are presented for examination. Now claims 1-2, 4-5, 7-10, 12-13, 15-18 and 20 are pending.

Notice of Pre-AIA  or AIA  Status
2.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

Response to Applicant’s arguments
3.	Applicant’s arguments regarding rejection of claims 3, 11 and 19 are moot in view of cancelation of the claims 3, 11 and 19.
4.	The rejection of claims 1, 11 and 19 under 35 USC 112 (b) based on lack of antecedes basis was a copy paste error and therefore withdrawn.
5.	Applicant’s arguments regarding rejection of claims 17-20 under 35 USC 101 are persuasive in view of amendment of claim 17. Therefore, the rejection of claims 17-20 under 35 USC 101 are withdrawn.
6.	Applicant’s arguments regarding rejection of claims 1, 5, 7-9, 13, and 15-17 under 35 USC 103 are moot in view of new ground of rejection since it is based on newly added limitations of the claims 1, 9 and 17. However the amendment of the independent claims has changed the scope of dependent claims 2, 10 and 18 since the motivational statement no longer can be implemented without hindsight. Therefore, the rejection of claims 2, 10 and 18 under 35 USC 103 are withdrawn. The rejection of the claims 4, 12 and 20 under 35 USC 103 are withdrawn based on their dependency on claims 2, 10 and 18 (see allowability Subject Matter below).
Examiner further refers applicant to the following MPEP citations when responding to the office action:
¶ 7.37.11    Unpersuasive Argument: General Allegation of Patentability
Applicant’s arguments fail to comply with 37 CFR 1.111(b) because they amount to a general allegation that the claims define a patentable invention without specifically pointing out how the language of the claims patentably distinguishes them from the references.
¶ 7.37.12    Unpersuasive Argument: Novelty Not Clearly Pointed Out
Applicant’s arguments do not comply with 37 CFR 1.111(c) because they do not clearly point out the patentable novelty which he or she thinks the claims present in view of the state of the art disclosed by the references cited or the objections made. Further, they do not show how the amendments avoid such references or objections.
¶ 7.37.13    Unpersuasive Argument: Arguing Against References Individually
In response to applicant’s arguments against the references individually, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references. See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986).

Claim Rejections - 35 USC § 103
7.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
8.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


9.	The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
10.	This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

11.	Claims 1, 5, 7, 9, 13, 15, and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Feroz et al. U.S. 20200225978 hereinafter “Feroz” Filed Mar. 28, 2020 in view of lndiresan et al. US 20200036610 hereinafter “lndiresan” Published  Jan. 30, 2020, and further in view of Morris Merritt 20170104723 hereinafter “Merrit” Published Apr. 13, 2017. 


Regarding claim 1, Peterson teaches: A method (Feroz, see abstract), comprising: 
receiving an outbound payload for output to a requestor as part of a response to a call by the requestor to an application programming interface (API) (Feroz, see FIG. 2-3 along with ¶¶ [0049-0050], “the process 300 initially receives (at 305) data from the network …”; “the network introspector 155 in some embodiments has the TDI driver capture (1) an outgoing connection request that identifies a new network connection, (2) contextual information (e.g., the process identifier and/or user identifier) that identifies a web browser as the application”, for API see ¶¶ [0037 and 0063-0064]); 
selecting, based on policy information, clear data in the outbound payload to encrypt (Feroz, first see ¶ [0053], then see ¶¶ [0059-0060, 0062, 0065 and 0067],  “After trying (at 315) to identify a category for the URL, the security agent 125 examines the access policies in the policy storage 290 to determine whether it should allow or deny the requested connection to the web resource identified by the URL”; “Instead of using SSL encryption to capture the TCP payload, the IP payload can be encrypted by using the IPsec library 530. Accordingly, for IPsec encryption, the data is encrypted after leaving the TCP layer 525 and entering the IP layer 535, which, in tum, allows the transport layer filtering ( e.g., the TDI filtering) to capture the data before it enters the TCP stack. Hence, through this filtering, the network introspector can capture the unencrypted data before entering the L3 IPsec security stack”) ; 
encrypting the clear data to generate encrypted data (Feroz, see ¶¶ [0062 and 0065], “the network introspector 155 extracts the raw data provided by the application for encryption.”); 
and sending the response to the requestor, the response comprising the updated outbound payload (Feroz, see ¶¶ [0089-0090], “the process distributes any configuration data that it generates at 910-920 to the YM configurator agent 860 and GI configurators 850 of each host that has a GYM, SYM, or guest introspector that has to be configured to account for the new or updated compute cluster membership and/or a new or updated set of network access filtering rules that are received at 905.”).
Feroz does not explicitly disclose: inserting the encrypted data into the outbound payload in place of the clear data to generate an updated outbound payload
 	However Indiresan teaches: inserting the encrypted data into the outbound payload in place of the clear data to generate an updated outbound payload (lndiresan, see ¶ [0050], “an encapsulated secure packet 224 to transmit over the secure tunnel 204 to the egress switch 206. The encapsulated secure packet 224 includes a header ( e.g., shown as "Encapsulation Header" 226) and a secure payload (e.g., shown as "Encrypted Payload" 228) that includes the header 220 and payload 222. Notably, the encapsulated secure packet 224 includes metadata information ( e.g., shown as "Metadata (IP traffic data)" 230) derived, or retrieved, from the header or the payload of the received packet 218 and is
inserted as a string ( e.g., as one or more encrypted data strings or unencrypted data strings) into one or more predefined fields in the encapsulation header 226”) 
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Feroz with the teaching of Indiresan because the use of Indiresan’s idea (Indiresan, see abstract) could provide Feroz (Feroz, abstract) the ability to modify the header of the packet in a secure encrypted payload such that metadata from the header is retrieved from the header of received packets and inserting encrypted data into the defined field, “a secure payload (e.g., shown as "Encrypted Payload" 228) that includes the header 220 and payload 222. Notably, the encapsulated secure packet 224 includes metadata information ( e.g., shown as "Metadata (IP traffic data)" 230) derived, or retrieved, from the header or the payload of the received packet 218 and is inserted as a string ( e.g., as one or more encrypted data strings or unencrypted data strings) into one or more predefined fields in the encapsulation header 226” (Indiresan, ¶ [0050]). 
Feroz and Indiresan do not explicitly disclose: wherein the clear data selected for encryption is a subset of the outbound payload.
However, Merritt teaches: wherein the clear data selected for encryption is a subset of the outbound payload (Merritt, see ¶¶ [0068-0069], “partially encrypted data corresponding to the outbound data received at 400 may be output at 440. For example, the partially encrypted output data stream, or the output buffer, may be stored in memory or transmitted to an external device, such as a sever in another domain. For example, the outbound data received at 400 may include an HTTP GET request, or an HTTP POST, which may include a combination of insensitive and sensitive data in unencrypted form”; “decrypting partially encrypted data using selective encryption delineation in accordance with this disclosure. In some embodiments, decrypting partially encrypted data using selective encryption delineation may be implemented on a device”). 
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Feroz and Indiresan with the teaching of Merritt because the use of Merritt’s idea (Merritt, see abstract) could provide Feroz (Feroz, see abstract) in view of Indiresan (Indiresan, see abstract) the ability to identify metadata and indexing the metadata header with a value and each portion either encrypted or unencrypted by supplying the desired encryption key for metadata for each data or the combination thereof in order to achieve the same functionality of applicant’s limitation, “Because the metadata header includes an index value … Passing the metadata encrypted also means that it can optionally be observed and accounted for as well as acted upon at intermediary nodes if and as desired by making the encryption key for the metadata available to such nodes” (Merritt, ¶ [0063]).

Regarding claim 5, the combination of Feroz, Indiresan and Merrit teach all the limitations of claim 1. Merritt further teaches: wherein the clear data is encrypted based at least in part on a value of a key ( Merritt, see ¶ [0063], “Because the metadata header includes an index value only and does not in itself include an exploitable feature, it may be passed in the clear without encryption or authentication or it may be passed as an encrypted string. Passing the metadata encrypted also means that it can optionally be observed and accounted for as well as acted upon at intermediary nodes if and as desired by making the encryption key for the metadata available to such nodes”).
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Feroz and Indiresan with the teaching of Merritt because the use of Merritt’s idea (Merritt, see abstract) could provide Feroz (Feroz, see abstract)in view of Indiresan (Indiresan, see abstract) the ability to identify metadata and indexing the metadata header with a value and each portion either encrypted or unencrypted by supplying the desired encryption key for metadata for each data or the combination thereof in order to achieve the same functionality of applicant’s limitation, “Because the metadata header includes an index value … Passing the metadata encrypted also means that it can optionally be observed and accounted for as well as acted upon at intermediary nodes if and as desired by making the encryption key for the metadata available to such nodes” (Merritt, ¶ [0063]).

Regarding claim 7, the combination of Feroz, Indiresan and Merrit teach all the limitations of claim 1. Merritt teaches: wherein the clear data selected for encryption is a subset of the clear data in the outbound payload (Merritt, see ¶¶ [0045 and 0055], “a first portion of the outbound data may be an insensitive portion and may be identified at 410. In some embodiments, the proxy may receive the outbound data at 400, may enter an unencrypted state in response to receiving the outbound data, may determine that a first portion of the outbound data does not include sensitive information, and may include the corresponding portion of the outbound data in a partially encrypted output data stream, or an output buffer for subsequent inclusion in the output data stream. For example, the outbound data may include an HTTP GET request that includes a URL that includes parameters as shown in Equation 1, and a first portion of the outbound data, such as "HTTP://www.example.com/path?paraml =", may be identified as an insensitive portion”). 
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Feroz and Indiresan with the teaching of Merritt because the use of Merritt’s idea (Merritt, see abstract) could provide Feroz (Feroz, see abstract)in view of Indiresan (Indiresan, see abstract) the ability to identify metadata and indexing the metadata header with a value and each portion either encrypted or unencrypted by supplying the desired encryption key for metadata for each data or the combination thereof in order to achieve the same functionality of applicant’s limitation, “Because the metadata header includes an index value … Passing the metadata encrypted also means that it can optionally be observed and accounted for as well as acted upon at intermediary nodes if and as desired by making the encryption key for the metadata available to such nodes” (Merritt, ¶ [0063]).

Regarding claim 9, this claim defines a system claim that corresponds to method claim 1 and does not define beyond limitations of claim 1. Therefore, claim 9 is rejected with the same rational as in the rejection of claim 1. Furthermore, Feroz in ¶ [0104] discloses processors for executing computer readable instructions.

Regarding claim 13, this claim defines a system claim that corresponds to method claim 5 and does not define beyond limitations of claim 5. Therefore, claim 13 is rejected with the same rational as in the rejection of claim 5. Furthermore, Feroz in ¶ [0104] discloses processors for executing computer readable instructions.

Regarding claim 15, this claim defines a system claim that corresponds to method claim 7 and does not define beyond limitations of claim 7. Therefore, claim 15 is rejected with the same rational as in the rejection of claim 7. Furthermore, Feroz in ¶ [0104] discloses processors for executing computer readable instructions.

Regarding claim 17, this claim defines a computer program product comprising a computer readable storage medium claim that corresponds to method claim 1 and does not define beyond limitations of claim 1. Therefore, claim 17 is rejected with the same rational as in the rejection of claim 1. Furthermore, Feroz in ¶ [0104] discloses computer program product that includes a computer readable storage medium with instructions that a processors executing computer readable instructions.

12.	Claims 8 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Feroz et al. U.S. 20200225978 hereinafter “Feroz” Filed Mar. 28, 2020 in view of lndiresan et al. US 20200036610 hereinafter “Indiresan” Published  Jan. 30, 2020 further in view of Morris Merritt 20170104723 hereinafter “Merrit” Published Apr. 13, 2017, and furthermore in view of Wadhwa et al. 20180054490 Published Feb. 22, 2018. 

Regarding claim 8, the combination of Feroz, Indiresan and Merrit teach all the limitations of claim 1 but do not explicitly disclose: wherein the API is a RESTful API
However Wadhwa teaches: wherein the API is a RESTful API (Wadhwa, see ¶ [0144]). 
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Feroz, Indiresan and Merrit with the teaching of Wadhwa because the use of Wadhwa’s idea (Wadhwa, see abstract) could provide Feroz (Feroz, see abstract) in view of Indiresan (Indiresan, see abstract) in view of Merrit (Merritt, ¶ [0063]) the ability to provide modern RESTful and Streaming Application Programming Interfaces (APis) to enable powerful integration between enterprise systems and connected devices, “The platform engine 101 provides highly customizable, machine learning empowered, real-time device actors with streaming decision pipelines to help integrate physical devices into, for example, enterprise business processes” (Wadhwa, ¶ [0144]).

Regarding claim 16, this claim defines a system claim that corresponds to method claim 8 and does not define beyond limitations of claim 8. Therefore, claim 16 is rejected with the same rational as in the rejection of claim 8. Furthermore, Feroz in ¶ [0104] discloses processors for executing computer readable instructions.

Allowable Subject Matter
13.	Claims 2, 4, 10, 12, 18 and 20 are objected to as having allowable subject matter, and they would be allowed if they incorporate the limitations of the base claim they depend on and all intervening claims. Reason for allowance will be furnished upon allowance of the application.

Examiner note:
14.	In the case of amending the Claimed invention, Applicant is respectfully requested to indicate the portion(s) of the specification which dictate(s) the structure relied on for proper interpretation and also to verify and ascertain the metes and bounds of the claimed invention. This will assist in expediting compact prosecution.  MPEP 714.02 recites: “Applicant should also specifically point out the support for any amendments made to the disclosure. See MPEP § 2163.06. An amendment which does not comply with the provisions of 37 CFR 1.121(b), (c), (d), and (h) may be held not fully responsive. See MPEP § 714.”  Amendments not pointing to specific support in the disclosure may be deemed as not complying with provisions of 37 C.F.R.  1.131(b), (c), (d), and (h) and therefore held not fully responsive. Generic statements such as “Applicants believe no new matter has been introduced” may be deemed insufficient.

Conclusion
15.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Mathur et al. US 2014/0215490 A1 discloses managing healthcare information in a distributed system.
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.	
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KHALIL NAGHDALI whose telephone number is (571) 272-9884. The examiner can normally be reached on M-F 8AM-5PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, KRISTINE L KINCAID can be reached on (571) 272-4063. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272- 1000.
/KHALIL NAGHDALI/Primary Examiner, Art Unit 2437