Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
This is a reply to the application filed on 10/23/2021, in which, claim(s) 1-20 are pending.

When making claim amendments, the applicant is encouraged to consider the references in their entireties, including those portions that have not been cited by the examiner and their equivalents as they may most broadly and appropriately apply to any particular anticipated claim amendments.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 10/23/2021 and 05/04/2022, has been reviewed. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the examiner is considering the information disclosure statement.

Specification
The disclosure is objected to because of the following informalities: The specification is objected for not having paragraph numbers.
Appropriate correction is required.

The lengthy specification has not been checked to the extent necessary to determine the presence of all possible minor errors. Applicant’s cooperation is requested in correcting any errors of which applicant may become aware in the specification.

Drawings
The drawings filed on 10/23/2021 is/are accepted by The Examiner.

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 1-20 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.
Claims ,1, 8 and 15 cited “in response to receiving the communication and switching from a first operating mode to a second operating mode, evaluating whether a hostname or network address associated with the communication is located in or derivable from data in a database protocol packet associated with the database session;”.
Also, the claims cited that the switching is performed before the evaluation if the network address is associated with the communication; however, Fig. 6 discloses in step 618, the evaluation is the condition for the switching, particularly when the IP address is not found.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 8-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Crume (Pub. No.: US 2012/0185938 A1) in view of Michaely et al. (Pub. No.: US 2010/0088766 A1; hereinafter Michaely).
Regarding claims 1, 8 and 15, Crume discloses a method of protecting a cloud database located at a database server and accessible from a database client, wherein the database client communicates with the database server over a database protocol, comprising: 
receiving a communication associated with a database session, the database session being directed to the database server (the MITM intercept all communications between the clients and target servers [Crume; ¶38-44]);
in response to receiving the communication, evaluating whether a hostname or network address associated with the communication is located in or derivable from data in a database protocol packet associated with the database session (determine if the IP address found in the packet associated with the session by comparing it to the blacklist/whitelist based on the data packets [Crume; ¶38-44]). Crume discloses defending against man in the middle (MITM) attacks directed at a target server. A system is provided that includes an activity recording system. Crume does not explicilty discloses switching from a first operating mode to a second operating mode, and when the hostname or network address associated with the session is not located in or derivable from the data in the database protocol packet, and identify the database session as being potentially associated with a man-in-the-middle instead of the database client; however, in a related and analogous art, Michaely discloses this feature.
	IN particular, Michaely teaches switching of connect when detect potent attacks [Michaely; ¶13-133], comparison of IP address 311 with IP address 515 (these do not match), validation server 500 determines that an anonymous proxy is in the connection, indicating that a Man-in-the-Middle attack is in progress [Michaely; ¶88]. It would have been obvious before the effective filing date of the claimed invention to modify Crume in view of Michaely with the motivation to update the blacklisting of new identified attackers and switching connection to prevent attacks.

Regarding claims 2, 9 and 16, Crume-Michaely combination discloses wherein the communication is one of: a session request initiated by the database client; a response to the session request returned by the database server, and a session request initiated by the databased client together with the response to the session request returned by the database server (session initiated by the clients [Crume; ¶38-44]).

Regarding claims 3, 10 and 17, Crume-Michaely combination discloses wherein the first operating mode is a transparent gateway operating mode, and wherein the second operating mode is a proxy operating mode (Michaely teaches the used of open, direct, proxy connection, the switching is done via design choice, and is configurable [Michaely; Fig. 4, 5AB, 8AB and associated text]). The motivation is to allow the agent perform switching of session to prevent man-in-middle attacks.

Regarding claims 4, 11 and 18, Crume-Michaely combination discloses further including taking an action with respect to the database session that has been determined to be potentially associated with a man-in-the-middle (added the IP address to blacklist if determine it associated with an attacker [Crume; ¶38-44]).

Regarding claims 5, 12 and 19, Crume-Michaely combination discloses wherein the action is one of: terminating the database session, allowing the database session to continue, issuing a notification, throttling the database session, and forwarding the database session for further evaluation (allowed session if it is within the whitelisting or terminate session if it is within blacklisting [Crume; ¶38-44]).

Regarding claims 6, 13 and 20, Crume-Michaely combination discloses further including, adding the hostname or network address to a list of potentially suspect hostnames or network addresses (add the IP address to blacklisting [Crume; ¶38-44]).

Regarding claims 7 and 14, Crume-Michaely combination discloses wherein the database client is located within a private network. and the database server and the cloud database are accessible at a third party network (the client is behind privet network and the MITM and host is over the cloud [Crume; ¶38-44]).

Internet Communications
Applicant is encouraged to submit a written authorization for Internet communications (PTO/SB/439, http:ljwww.uspto.gov/sites/default/files/documents/sb0439.pdf) in the instant patent application to authorize the examiner to communicate with the applicant via email. The authorization will allow the examiner to better practice compact prosecution. The written authorization can be submitted via one of the following methods only: (1) Central Fax which can be found in the Conclusion section of this Office action; (2) regular postal mail; (3) EFS WEB; or (4) the service window on the Alexandria campus. EFS web is the recommended way to submit the form since this allows the form to be entered into the file wrapper within the same day (system dependent). Written authorization submitted via other methods, such as direct fax to the examiner or email, will not be accepted. See MPEP § 502.03.

Conclusion
	
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DAO Q HO whose telephone number is (571)270-5998.  The examiner can normally be reached on 7:00am - 5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Nickerson can be reached on (469) 295-9235.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/DAO Q HO/Primary Examiner, Art Unit 2432