DETAILED ACTION
This Office action is in response to a non-provisional utility patent application filed by Applicant on 8/25/2020.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

Information Disclosure Statement PTO-1449
The Information Disclosure Statement submitted by applicant on 8/25/2020 has been considered. The submission is in compliance with the provisions of 37 CFR § 1.97. Form PTO-1449 signed and attached hereto.

Specification
Applicant’s Abstract exceeds the required 150-word limit.
Applicant is reminded of the proper content of an abstract of the disclosure.
A patent abstract is a concise statement of the technical disclosure of the patent and should include that which is new in the art to which the invention pertains. The abstract should not refer to purported merits or speculative applications of the invention and should not compare the invention with the prior art.
If the patent is of a basic nature, the entire technical disclosure may be new in the art, and the abstract should be directed to the entire disclosure. If the patent is in the nature of an improvement in an old apparatus, process, product, or composition, the abstract should include the technical disclosure of the improvement. The abstract should also mention by way of example any preferred modifications or alternatives. 
Where applicable, the abstract should include the following: (1) if a machine or apparatus, its organization and operation; (2) if an article, its method of making; (3) if a chemical compound, its identity and use; (4) if a mixture, its ingredients; (5) if a process, the steps.
Extensive mechanical and design details of an apparatus should not be included in the abstract. The abstract should be in narrative form and generally limited to a single paragraph within the range of 50 to 150 words in length.
See MPEP § 608.01(b) for guidelines for the preparation of patent abstracts.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 3–5, 7–11, 13–14, 16–18, and 20 rejected under 35 U.S.C. 103 as being unpatentable over Goyal (US 2018/0288062 A1, published Oct. 4, 2018) in view of Roesch (US 8,578,002 B1, issued Nov. 5, 2013).
Regarding claims 1 and 14, Goyal discloses: a secure socket layer (SSL) decoding method, comprising: detecting, by an SSL decoding device, a packet associated with an SSL handshake for an SSL connection between a client and a server after a transmission control protocol (TCP) session between the client and the server is established (SSL interception though an interception proxy in the handshake process. Goyal ¶ 39.  The SSL interception environment takes place in a TCP connection. Goyal ¶ 49.); when the packet associated with the SSL handshake is the packet transmitted from the preset OS, establishing an SSL between the client and the SSL decoding device and establishing an SSL between the SSL decoding device and the server (when the SSL client opens an SSL connection with a server, two different channels are opened, one between the client and the interception proxy, and one between the interception proxy and the server. Goyal ¶ 39.); establishing a TCP session between a virtual client corresponding to the client and a virtual server corresponding to the server, and transmitting, to a security device, a packet transmitted and received between the virtual client and the virtual server when establishing the TCP session (context aware tunnel with the client’s virtual interface and the virtual tunnel adapter. Goyal ¶¶ 43–45.); and when a first SSL packet transmitted from the client to the SSL decoding device is received, decoding the first SSL packet and transmitting the decoded first SSL packet to the security device, and re-encoding the decoded first SSL packet and transmitting the re-encoded first SSL packet to the server (the interception proxy is able to intercept, inspect, and filter content on an otherwise encrypted channel. Goyal ¶ 40. The interception proxy 510 acts as the SSL client 402 on the SSL server 404 side and as the SSL server 404 on the SSL client 402 sides. Goyal ¶ 40.).  
Goyal does not disclose: verifying whether the packet associated with the SSL handshake is a packet transmitted from a preset operating system (OS).
However, Roesch does disclose: verifying whether the packet associated with the SSL handshake is a packet transmitted from a preset operating system (OS) (decoder decodes packets to identify operating system of the network device. Roesch 14:58–15:5.).
Therefore, it would have been prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the SSL interception using a proxy interceptor of Goyal with verifying the original source of received packets based upon the teachings of Roesch. The motivation being to scan packets to determine traffic characteristics related to network security. Roesch 14:58–67.
Regarding claims 3, 13, and 16, Goyal in view of Roesch disclose the limitations of claims 1, 11, and 14, respectively, further comprising: when the packet associated with the SSL handshake is not the packet transmitted from the preset OS, bypassing the packet associated with the SSL handshake to be transmitted to the server such that an SSL between the client and the server is established with the SSL decoding device excluded; and bypassing an SSL packet transmitted and received between the client and the server from the SSL decoding device (the operating system used by the network device is determined by decoding and analyzing received packets transmitted on the network. Roesch 32:7–9.  Usage policy for the operating system is performed. Roesch 32:10–11.  Prevention of unauthorized operating system usage. Roesch 30:51–58. If a host with any other operating system is detected the offending host will be blocked at the firewall. Roesch 30:51–58.).  
Regarding claims 4 and 17, Goyal in view of Roesch disclose the limitations of claims 1 and 14, respectively, wherein the decoding of the first SSL packet and the transmitting of the decoded first SSL packet to the security device, and the re-encoding of the decoded first SSL packet and the transmitting of the re-encoded first SSL packet to the server comprises: when the first SSL packet transmitted from the client to the SSL decoding device is received, decoding the first SSL packet; generating a first TCP packet including a payload of the decoded first SSL packet and to be transmitted from the virtual client to the virtual server; transmitting the first TCP packet to the security device; generating a second SSL packet including the payload of the decoded first SSL packet; and transmitting the second SSL packet to the server (the interception proxy is able to intercept, inspect, and filter content on an otherwise encrypted channel. Goyal ¶ 40. The interception proxy 510 acts as the SSL client 402 on the SSL server 404 side and as the SSL server 404 on the SSL client 402 sides. Goyal ¶ 40. It is understood that SSL communication systems are designed for two-way communication – the proxy relays all requests and responses. Goyal ¶ 44.).  
Regarding claims 5 and 18, Goyal in view of Roesch disclose the limitations of claims 1 and 14, respectively, further comprising: when a third SSL packet transmitted from the server to the SSL decoding device is received, decoding the third SSL packet and transmitting the decoded third SSL packet to the security device, and re-encoding the decoded third SSL packet and transmitting the re-encoded third SSL packet to the client (the interception proxy 510 acts as the SSL client 402 on the SSL server 404 side and as the SSL server 404 on the SSL client 402 sides. Goyal ¶ 40. It is understood that SSL communication systems are designed for two-way communication – the proxy relays all requests and responses. Goyal ¶ 44.).
Regarding claims 7 and 20, Goyal in view of Roesch disclose the limitations of claims 1 and 14, respectively, further comprising: when termination of the TCP session between the client and the server is detected by the SSL decoding device, terminating the TCP session between the virtual client and the virtual server, and transmitting, to the security device, a packet transmitted and received between the virtual client and the virtual server when terminating the TCP session (when the SSL session is closed, the SSL interception will be abandoned. Goyal ¶¶ 47–48.).
Regarding claim 11, Goyal discloses: a secure socket layer (SSL) decoding method, comprising: detecting, by an SSL decoding device, a packet associated with a transmission control protocol (TCP) handshake for establishing a TCP session between a client and a server (SSL interception though an interception proxy in the handshake process. Goyal ¶ 39.  The SSL interception environment takes place in a TCP connection. Goyal ¶ 49.); when the packet associated with the TCP handshake is the packet transmitted from the preset OS, detecting a packet associated with an SSL handshake for an SSL connection between the client and the server after the TCP session between the client and the server is established; establishing an SSL between the client and the SSL decoding device, and establishing an SSL between the SSL decoding device and the server  (when the SSL client opens an SSL connection with a server, two different channels are opened, one between the client and the interception proxy, and one between the interception proxy and the server. Goyal ¶ 39.); establishing a TCP session between a virtual client corresponding to the client and a virtual server corresponding to the server, and transmitting, to a security device, a packet transmitted and received between the virtual client and the virtual server when establishing the TCP session (context aware tunnel with the client’s virtual interface and the virtual tunnel adapter. Goyal ¶¶ 43–45.); and when a first SSL packet transmitted from the client to the SSL decoding device is received, decoding the first SSL packet and transmitting the decoded first SSL packet to the security device, and re-encoding the decoded first SSL packet and transmitting the re-encoded first SSL packet to the server (the interception proxy is able to intercept, inspect, and filter content on an otherwise encrypted channel. Goyal ¶ 40. The interception proxy 510 acts as the SSL client 402 on the SSL server 404 side and as the SSL server 404 on the SSL client 402 sides. Goyal ¶ 40.).
Goyal does not disclose: verifying whether the packet associated with the TCP handshake is a packet transmitted from a preset operating system (OS).
However, Roesch does disclose: verifying whether the packet associated with the TCP handshake is a packet transmitted from a preset operating system (OS) (decoder decodes packets to identify operating system of the network device. Roesch 14:58–15:5.).
Therefore, it would have been prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the SSL interception using a proxy interceptor of Goyal with verifying the original source of received packets based upon the teachings of Roesch. The motivation being to scan packets to determine traffic characteristics related to network security. Roesch 14:58–67.
Regarding claim 8, Goyal in view of Roesch disclose the limitations of claim 1, further comprising: when a request for transmission of a message from the security device to the client is received by the SSL decoding device, generating a fifth SSL packet including the message, and transmitting the fifth SSL packet to the client (Goyal ¶ 40.).  
Regarding claim 9, Goyal in view of Roesch disclose the limitations of claim 8, wherein the request for the transmission from the security device to the client is determined when a finish (FIN) packet including the message transmitted from the security device to the client is received, and a reset (RST) packet transmitted from the security device to the server is received (all TCP messages between client and server flow through the same tunnel until the session ends. Goyal ¶¶ 38 and 49).  
Regarding claim 10, Goyal in view of Roesch disclose the limitations of claim 1, wherein the establishing of the TCP session between the virtual client corresponding to the client and the virtual server corresponding to the server, and the transmitting of the packet transmitted and received between the virtual client and the virtual server when establishing the TCP session to the security device comprises: matching and storing a 5-tuple of the virtual client corresponding to a 5-tuple of the client, and matching and storing a 5-tuple of the virtual server corresponding to a 5-tuple of the server (Goyal ¶ 49.).

Claims 2, 12, and 15 rejected under 35 U.S.C. 103 as being unpatentable over Goyal in view of Roesch in view of Zoulias (US 2015/0096009 A1, published Apr. 2, 2015).
Regarding claims 2, 12, and 15, Goyal in view of Roesch disclose the limitations of claims 1, 11, and 14, respectively. Goyal in view of Roesch does not disclose: wherein the verifying of whether the packet associated with the SSL handshake is the packet transmitted from the preset OS comprises: verifying information on a time to live (TTL) included in an Internet protocol (IP) header of the packet; and when a value of the TTL is included in a preset range, verifying an OS transmitting the packet as the preset OS.
However, Zoulias does disclose: wherein the verifying of whether the packet associated with the SSL handshake is the packet transmitted from the preset OS comprises: verifying information on a time to live (TTL) included in an Internet protocol (IP) header of the packet; and when a value of the TTL is included in a preset range, verifying an OS transmitting the packet as the preset OS (network packet header values are examines to identify the signature of the operating system from which a packet originated. Zoulias ¶ 10.).
Therefore, it would have been prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the SSL interception using a proxy interceptor of Goyal with inspecting packet header time to live.

Allowable Subject Matter
Claims 6 and 19 objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to VANCE M LITTLE whose telephone number is (571) 270-0408.  The examiner can normally be reached on Monday - Friday 9:30am - 5:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jung (Jay) Kim can be reached on (571) 272-3804.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/VANCE M LITTLE/Examiner, Art Unit 2493