DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
In response to the interview, Examiner indicated if there is any allowable subject matter, the examiner would call the attorney of record.

In response to 35 USC 103, filed 07/13/2022, the combination of Martini-Cherukuri fails to teach “determining, by the device and based on determining whether any of the one or more security services is to inspect all encrypted traffic of the session, that a security service, of the one or more security services, is to inspect a threshold amount of traffic traveling in a client-to-server (C2S) direction before bypassing other traffic traveling in the C2S direction, wherein the other traffic is a first type of traffic”.
Martini teaches “determining, by the device and based on determining whether any of the one or more security services is to inspect all encrypted traffic of the session, that a security service, of the one or more security services, is to inspect traffic traveling in a client-to-server direction”. Martini discloses discloses the MitM gateway 106 is thus able to receive an encrypted message from the client device 108, decrypt the message, inspect the message, optionally alter or drop the message, encrypt the possibly altered message into a second encrypted form, and pass the message to the server 118 [0024]. The network gateway 202 may also be configured to intercept and examine HTTP GET requests from user devices 212 and 214 and provide redirect responses identifying a domain hosted by one or more of the MitM gateways 204-210 [0033]. MitM inspects data and route traffic from the user devices [0041] Figs 1 and 3)”. This shows that a security service inspects the traffic traveling from client to server. Martini further discloses “the server 118 generates traffic, encrypts the traffic into a third encrypted form, and passes the traffic to the MitM gateway 106 (324) [0059]. The MitM gateway 106 receives the encrypted traffic, decrypts the traffic, inspects the traffic, encrypts the traffic into a fourth form, and passes the traffic to the client device 108 (326) [0060]. Please see figs. 1 and 3”. This shows that a security service inspects the traffic traveling from client to server. Martini shows a device with a policy that inspecting the encrypted traffic of a session. Determining which traffic is to inspected based on the different ruling of the policies. For example, the device receiving the traffic and then inspect it for malware, allowing certain traffic to pass.

Cherukuri teaches “is to inspect a threshold amount of traffic traveling in a client-to-server (C2S) direction before bypassing other traffic traveling in the C2S direction”. Cherukuri discloses “client sending packets to the enterprise hub [0085]. Enterprise hub detecting when traffic load exceeds or fallows below the predetermine threshold [0089]. offloads tunnels to the service enterprise hub [0091] Figs 10a,10b, and 13”. Cherukuri shows that the traffic is offload from a predetermined threshold. In order to be offload the traffic is inspected to see if the traffic exceeds the threshold or not.
Furthermore, under further review, Cherukuri teaches “wherein the other traffic is a first type of traffic”. Cherukuri discloses “the offloading can further include transferring certain VPN tunnels to a different network device, which may be more capable of processing certain types of flows [0026]”. This shows that certain type of traffic is offloaded. 

In response to 35 USC 103, filed 07/13/2022, the combination of Martini-Cherukuri fails to teach “identifying, by the device and based on determining that the security service is to inspect the threshold amount of traffic traveling in the C2S direction before bypassing the other traffic in the C2S direction, an offload service that includes allowing the other traffic traveling in the C2S direction to be offloaded”.
Cherukuri teaches “Identifying, by the device and based on determining that the security service is to inspect the threshold amount of traffic traveling in the C2S direction before bypassing the other traffic in the C2S direction, an offload service that includes allowing the other traffic traveling in the C2S direction to be offloaded”. Cherukuri discloses “offloading particular flows to a more capable network device [0026]. Offloading VPN tunnel to different devices [0026]. That the first threshold is reached at the enterprise hub, excessive traffic loads detected, offloads tunnels to the service enterprise hub [0091]. If the traffic load is not higher than the first threshold at 516, enterprise hub 400 may check if the traffic load is lower than the second threshold (e.g., moderate traffic) at 522. If the traffic load is lower than the second threshold, enterprise hub 400 may send another notification to client 402 with a directive to resume traffic with enterprise hub 400 at 524. If the traffic load is not lower than the second threshold (e.g., the traffic load continues to be high, but not higher than the first threshold), enterprise hub 400 may continue to service some clients (and not others), and monitor traffic [0105] Figs 10a,10b, and 13”. Cherukuri shows that the traffic is offload from a predetermined threshold. In order to be offload the traffic is inspected to see if the traffic exceeds the threshold or not. A certain type of traffic is offloaded.

In response to 35 USC 103, filed 07/13/2022, to independent claims 21, 30, and 30 and their respective dependent claims, regarding limitations “identifying, an offload service that includes allowing the first type of traffic traveling in the C2S direction to be offloaded while continuing to inspect a second type of traffic traveling in the C2S direction; wherein the second type of traffic is different from the first type of traffic”.
Applicant’s argument have been considered but are moot, because the newly recited amendment does not rely on the newly recited reference being applied to the prior rejection of record or any teaching or matter specifically challenged in the argument.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 21-22, 24-27, 29-30, 32-33, 35, and 37-39 are rejected under 35 U.S.C. 103 as being unpatentable over Martini (US 20140351573) in view of Cherukuri et al. (US 20130311778, hereinafter Cherukuri) and in further view of Holostov et al. (US 20130183935 hereinafter Holostov).

Re. claim 21, Martini discloses a method comprising: determining, by a device (Martini discloses network gateway [0016] Figs 1 and 2), whether any of one or more security services, is to inspect all encrypted traffic of a session (Martini discloses the MitM gateway 106 is thus able to receive an encrypted message from the client device 108, decrypt the message, inspect the message, optionally alter or drop the message, encrypt the possibly altered message into a second encrypted form, and pass the message to the server 118 [0024]. Since only select sites may be subject to MitM inspection (only selected MitM as no security services) [0038]. the MitM gateway 204 may be configured to handle encrypted traffic that is generally unrestricted. That is, the encrypted traffic may not be inspected, modified, or dropped at all, or may be only minimally inspected (e.g., encrypted Virtual Private Network traffic to and from a network at a branch office). For another class of traffic, the network administrator may wish to inspect only incoming traffic for virus, malware, or other malicious code (e.g., encrypted traffic to banking or financial institutions). For a third class of traffic, the network administrator may wish to inspect outgoing traffic to make sure secret or proprietary data is not being transmitted and inspect incoming traffic for malicious code (e.g., social networking and hosted storage sites) [0039]); 
determining, by the device and based on determining whether any of the one or more security services is to inspect all encrypted traffic of the session, that a security service, of the one or more security services, is to inspect traffic in a client-to-server (C2S) direction (Martini discloses the MitM gateway 106 is thus able to receive an encrypted message from the client device 108, decrypt the message, inspect the message, optionally alter or drop the message, encrypt the possibly altered message into a second encrypted form, and pass the message to the server 118 [0024]. The network gateway 202 may also be configured to intercept and examine HTTP GET requests from user devices 212 and 214 and provide redirect responses identifying a domain hosted by one or more of the MitM gateways 204-210 [0033]. MitM inspects data and route traffic from the user devices [0041] Figs 1 and 3)”. This shows that a security service inspects the traffic traveling from client to server. Martini further discloses “the server 118 generates traffic, encrypts the traffic into a third encrypted form, and passes the traffic to the MitM gateway 106 (324) [0059]. The MitM gateway 106 receives the encrypted traffic, decrypts the traffic, inspects the traffic, encrypts the traffic into a fourth form, and passes the traffic to the client device 108 (326) [0060] Fig 1 and 3 discloses client device and server); 
and applying, by the device, the offload service based on identifying the offload service (Martini discloses the network gateway 202 and the group of MitM gateways 204-210 may be used to share or balance the load of the MitM gateways 204-210. The network gateway 202 may respond to an HTTP GET request from the user device 212 or 214 with a redirect response identifying a domain hosted by all available MitM gateways 204-210 in the network 200 [0034] (MitM gateways is interpreted as offload service. The network gateway 202 and the group of MitM gateways 204-210 route different classes of traffic to different MitM gateways 204-210. This may be desirable, for example, if policies of the network 200 specify that different policy tests should apply to different classes of encrypted traffic [0036]. allows the MitM gateways 204-210 to monitor traffic for multiple networks in addition to the network 200, where the MitM gateways 204-210 may apply different usage policies to the devices associated with the different networks, in addition to different usage policies within a network depending on the user groups or organizational units associated with the user devices [0044]. The network gateway 102 receives the request and selects a MitM gateway to be used for traffic [0049]). 
Although Martini discloses offloading and an offloading service, Martini does not explicitly but Cherukuri teaches is to inspect a threshold amount of traffic traveling in a client-to-server (C2S) direction before bypassing other traffic traveling in the C2S direction (Cherukuri teaches client sending packets to the enterprise hub [0085]. Enterprise hub detecting when traffic load exceeds or fallows below the predetermine threshold [0089]. That the first threshold is reached at the enterprise hub, excessive traffic loads detected, offloads tunnels to the service enterprise hub [0091]. Enterprise hub 400 may monitor its traffic load. At 516, enterprise hub 400 may determine if the traffic load is higher than the first threshold [0104] Figs 10a,10b, and 13); 
wherein the other traffic is a first type of traffic (Cherukuri teaches the offloading can further include transferring certain VPN tunnels to a different network device, which may be more capable of processing certain types of flows [0026]);
identifying, by the device and based on determining that the security service is to inspect the threshold amount of traffic traveling in the C2S direction before bypassing the other traffic in the C2S direction, an offload service that includes allowing the other traffic traveling in the C2S direction to be offloaded (Cherukuri teaches offloading particular flows to a more capable network device [0026]. Offloading VPN tunnel to different devices [0026]. That the first threshold is reached at the enterprise hub, excessive traffic loads detected, offloads tunnels to the service enterprise hub [0091]. If the traffic load is not higher than the first threshold at 516, enterprise hub 400 may check if the traffic load is lower than the second threshold (e.g., moderate traffic) at 522. If the traffic load is lower than the second threshold, enterprise hub 400 may send another notification to client 402 with a directive to resume traffic with enterprise hub 400 at 524. If the traffic load is not lower than the second threshold (e.g., the traffic load continues to be high, but not higher than the first threshold), enterprise hub 400 may continue to service some clients (and not others), and monitor traffic [0105] Figs 10a,10b, and 13).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by Martini to include is to inspect a threshold amount of traffic traveling in a client-to-server (C2S) direction before bypassing other traffic traveling in the C2S direction; wherein the other traffic is a first type of traffic; and identifying an offload service that includes allowing the other traffic traveling in the C2S direction to be offloaded as disclosed by Cherukuri. One of ordinary skill in the art would have been motivated for the purpose of the ability of provision new services faster (Cherukuri [0002]).
The combination of Martini-Cherukuri teaches device and threshold finding an offload service, the combination of Martini-Cherukuri do not explicitly teach but Holostov teaches an offload service that includes allowing the first type of traffic traveling in the C2S direction to be offloaded while continuing to inspect a second type of traffic traveling in the C2S direction (Holostov teaches data traffic continues to be passed through the cellular network 320 after a mobile device is connected to a wireless network 330, and offloading occurs when the data traffic exceeds a specific threshold. Offloading certain types of data traffic or in other manners. Traffic flow between the cloud and computing device [0030]. Using the offloading methods described herein, data traffic 333 between the cloud 310 and the mobile device 300 traveling through the cellular network 320 can be offloaded as data traffic 336 that travels through the wireless network 330 [0028] Figs. 2 and 3);
wherein the second type of traffic is different from the first type of traffic (Holostov teaches offloading certain types of data traffic or in other manners. For example, offloading can comprise offloading video data to the wireless network 330. In still other embodiments, data traffic continues to be passed through the cellular network 320 after a mobile device is connected to a wireless network 330, and offloading occurs when the data traffic exceeds a specific threshold [0030]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by the combination of Martini-Cherukuri to include allowing the first type of traffic traveling in the C2S direction to be offloaded while continuing to inspect a second type of traffic traveling in the C2S direction; wherein the second type of traffic is different from the first type of traffic as disclosed by Holostov. One of ordinary skill in the art would have been motivated for the purpose of redirecting certain type of data traffic (Holostov [0030]).

Re. claim 22, the combination of Martini-Cherukuri-Holostov teach the method of claim 21, wherein the session is a secure session (Martini discloses establishing a first encrypted connected between the client device and the proxy hosting the second resource, and a second encrypted connection between the proxy hosting the second domain and the server hosting the first resource, to facilitate encrypted communication traffic between the client device and the server hosting the first resource [0003]).

Re. claim 24, the combination of Martini-Cherukuri-Holostov teach the method of claim 21, wherein the offload service is identified during an establishment of the session (Martini discloses the network gateway 202 and the group of MitM gateways 204-210 may be used to share or balance the load of the MitM gateways 204-210. The network gateway 202 may respond to an HTTP GET request from the user device 212 or 214 with a redirect response identifying a domain hosted by all available MitM gateways 204-210 in the network 200 [0034] (MitM gateways is interpreted as offload service).

Re. claim 25, the combination of Martini-Cherukuri-Holostov teach the method of claim 21, wherein the offload service is identified after an establishment of the session (Martini discloses the network gateway 102 may select the MitM gateway 106 for the communication between the client device 108 and the server 118 and thus provides the redirect response that identifies the second resource, hosted by the MitM gateway 106, or a second unique URI that identifies the second resource to the client device 108 [0051]).

Re. claim 26, the combination of Martini-Cherukuri-Holostov teach the method of claim 21, wherein the offload service is identified based on a request provided by a client device or a service device (Martini discloses the client device 108 can create an HTTP GET request that includes the data object's URI and send the HTTP GET request to the network gateway 102 [0048]. The network gateway 102 receives the request and selects a MitM gateway to be used for traffic associated with the first resource (304) [0049]).

Re. claim 27, the combination of Martini-Cherukuri-Holostov teach the method of claim 21, wherein the offload service is identified based on a change to at the one or more security services (Martini discloses when the MitM gateway 106 modifies a request from the client device 108 or a response from the server 118, the MitM gateway 106 updates a URI or a URL included in the request or the response. For example, when the MitM gateway 106 receives a request identifying the second domain, the MitM gateway 106 creates an updated request by changing all occurrences of the second domain to the first domain in the request and provides the updated request to the server 118 [0032]).

Re. claim 29, the combination of Martini-Cherukuri-Holostov teach the method of claim 28, wherein the information associated with the offload service comprises one or more of: information that describes a manner in which encrypted traffic may bypass decryption and re-encryption by the device (Martini discloses a use of man in the middle (MitM) decryption based on rules indicating which domain communications should pass through a MitM gateway and be decrypted and which domain communications should be passed directly to the corresponding Internet destination. So that encrypted data that passes through the local computer can be decrypted and inspected before being encrypted and forwarded to a remote computer [0016]), information that identifies the session, information that identifies at least one of a client device or a server device, or information that identifies a threshold amount of encrypted traffic to be inspected in the C2S direction (Martini discloses the inspecting may comprise identifying the policy group associated with the client device based on the internet protocol address of the client device and selecting the first security policies from the policy group [0006]).

Re. claim 30, Martini dislcoses a system, comprising: one or more memories (Martin discloses memory 404 [0074]); and one or more processors communicatively coupled to the one or more memories (Martin discloses memory on processor 402 [0074-76]), configured to: determine whether any of the one or more security services, is to inspect all encrypted traffic of a session (Martini discloses the MitM gateway 106 is thus able to receive an encrypted message from the client device 108, decrypt the message, inspect the message, optionally alter or drop the message, encrypt the possibly altered message into a second encrypted form, and pass the message to the server 118 [24]. Since only select sites may be subject to MitM inspection (only selected MitM as no security services) [0038]. the MitM gateway 204 may be configured to handle encrypted traffic that is generally unrestricted. That is, the encrypted traffic may not be inspected, modified, or dropped at all, or may be only minimally inspected (e.g., encrypted Virtual Private Network traffic to and from a network at a branch office). For another class of traffic, the network administrator may wish to inspect only incoming traffic for virus, malware, or other malicious code (e.g., encrypted traffic to banking or financial institutions). For a third class of traffic, the network administrator may wish to inspect outgoing traffic to make sure secret or proprietary data is not being transmitted and inspect incoming traffic for malicious code (e.g., social networking and hosted storage sites) [0039]); determining, based on determining whether any of the one or more security services is to inspect all encrypted traffic of the session, that a security service, of the one or more security services, is to inspect traffic in a client-to-server (C2S) direction (Martini discloses the MitM gateway 106 is thus able to receive an encrypted message from the client device 108, decrypt the message, inspect the message, optionally alter or drop the message, encrypt the possibly altered message into a second encrypted form, and pass the message to the server 118 [24]. the network gateway 202 may also be configured to intercept and examine HTTP GET requests from user devices 212 and 214 and provide redirect responses identifying a domain hosted by one or more of the MitM gateways 204-210 [0033]. MitM inspects data and route traffic from the user devices [0041] Figs 1 and 3)”. This shows that a security service inspects the traffic traveling from client to server. Martini further discloses “the server 118 generates traffic, encrypts the traffic into a third encrypted form, and passes the traffic to the MitM gateway 106 (324) [0059]. The MitM gateway 106 receives the encrypted traffic, decrypts the traffic, inspects the traffic, encrypts the traffic into a fourth form, and passes the traffic to the client device 108 (326) [0060] Fig 1 and 3 discloses client device and server); and apply the offload service based on identifying the offload service (Martini discloses the network gateway 202 and the group of MitM gateways 204-210 route different classes of traffic to different MitM gateways 204-210. This may be desirable, for example, if policies of the network 200 specify that different policy tests should apply to different classes of encrypted traffic [0036]. allows the MitM gateways 204-210 to monitor traffic for multiple networks in addition to the network 200, where the MitM gateways 204-210 may apply different usage policies to the devices associated with the different networks, in addition to different usage policies within a network depending on the user groups or organizational units associated with the user devices [0044]. The network gateway 102 receives the request and selects a MitM gateway to be used for traffic [0049]).
Although Martini discloses offloading and an offloading service, Martini does not explicitly but Cherukuri teaches is to inspect a threshold amount of traffic traveling in a client-to-server (C2S) direction before bypassing other traffic traveling in the C2S direction (Cherukuri teaches client sending packets to the enterprise hub [0085]. Enterprise hub detecting when traffic load exceeds or fallows below the predetermine threshold [0089]. offloads tunnels to the service enterprise hub [0091] Figs 10a,10b, and 13); wherein the other traffic is a first type of traffic (Cherukuri teaches the offloading can further include transferring certain VPN tunnels to a different network device, which may be more capable of processing certain types of flows [0026]); identifying, by the device and based on determining that the security service is to inspect the threshold amount of traffic traveling in the C2S direction before bypassing the other traffic in the C2S direction, an offload service that includes allowing the other traffic traveling in the C2S direction to be offloaded (Cherukuri teaches offloading VPN tunnel to different deices [0026]. That the first threshold is reached at the enterprise hub, excessive traffic loads detected, offloads tunnels to the service enterprise hub [0091] Figs 10a,10b, and 13).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by Martini to include is to inspect a threshold amount of traffic traveling in a client-to-server (C2S) direction before bypassing other traffic traveling in the C2S direction; wherein the other traffic is a first type of traffic; and identifying an offload service that includes allowing the other traffic traveling in the C2S direction to be offloaded as disclosed by Cherukuri. One of ordinary skill in the art would have been motivated for the purpose of the ability of provision new services faster (Cherukuri [0002]).
The combination of Martini-Cherukuri teaches device and threshold finding an offload service, the combination of Martini-Cherukuri do not explicitly teach but Holostov teaches an offload service that includes allowing the first type of traffic traveling in the C2S direction to be offloaded while continuing to inspect a second type of traffic traveling in the C2S direction (Holostov teaches data traffic continues to be passed through the cellular network 320 after a mobile device is connected to a wireless network 330, and offloading occurs when the data traffic exceeds a specific threshold. Offloading certain types of data traffic or in other manners. Traffic flow between the cloud and computing device [0030]. Using the offloading methods described herein, data traffic 333 between the cloud 310 and the mobile device 300 traveling through the cellular network 320 can be offloaded as data traffic 336 that travels through the wireless network 330 [0028] Figs. 2 and 3);
wherein the second type of traffic is different from the first type of traffic (Holostov teaches offloading certain types of data traffic or in other manners. For example, offloading can comprise offloading video data to the wireless network 330. In still other embodiments, data traffic continues to be passed through the cellular network 320 after a mobile device is connected to a wireless network 330, and offloading occurs when the data traffic exceeds a specific threshold [0030]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by the combination of Martini-Cherukuri to include allowing the first type of traffic traveling in the C2S direction to be offloaded while continuing to inspect a second type of traffic traveling in the C2S direction; wherein the second type of traffic is different from the first type of traffic as disclosed by Holostov. One of ordinary skill in the art would have been motivated for the purpose of redirecting certain type of data traffic (Holostov [0030]).

Re. claim 32, rejection of claim 30 is included and claim 32 is rejected with the same rationale as applied in claim 24.

Re. claim 33, rejection of claim 30 is included and claim 33 is rejected with the same rationale as applied in claim 27.

Re. claim 35, Martini discloses a non-transitory computer-readable medium storing instructions (Martini discloses a computer program product can be tangibly embodied in an information carrier. The computer program product may also contain instructions that, when executed, perform one or more methods, such as those described above [0076]), the instructions comprising: one or more instructions that, when executed by one or more processors (Martini discloses the processor 402 can process instructions for execution within the computing device 400 [0074]), cause the one or more processors to: determine whether any of the one or more security services, is to inspect all encrypted traffic of a session (Martini discloses the MitM gateway 106 is thus able to receive an encrypted message from the client device 108, decrypt the message, inspect the message, optionally alter or drop the message, encrypt the possibly altered message into a second encrypted form, and pass the message to the server 118 [0024]. Since only select sites may be subject to MitM inspection (only selected MitM as no security services) [0038]. The MitM gateway 204 may be configured to handle encrypted traffic that is generally unrestricted. That is, the encrypted traffic may not be inspected, modified, or dropped at all, or may be only minimally inspected (e.g., encrypted Virtual Private Network traffic to and from a network at a branch office). For another class of traffic, the network administrator may wish to inspect only incoming traffic for virus, malware, or other malicious code (e.g., encrypted traffic to banking or financial institutions). For a third class of traffic, the network administrator may wish to inspect outgoing traffic to make sure secret or proprietary data is not being transmitted and inspect incoming traffic for malicious code (e.g., social networking and hosted storage sites) [0039]); determining, based on determining whether any of the one or more security services is to inspect all encrypted traffic of the session, that a security service, of the one or more security services, is to inspect traffic traveling in a client-to-server (C2S) direction (Martini discloses the MitM gateway 106 is thus able to receive an encrypted message from the client device 108, decrypt the message, inspect the message, optionally alter or drop the message, encrypt the possibly altered message into a second encrypted form, and pass the message to the server 118 [0024]. the network gateway 202 may also be configured to intercept and examine HTTP GET requests from user devices 212 and 214 and provide redirect responses identifying a domain hosted by one or more of the MitM gateways 204-210 [0033]. MitM inspects data and route traffic from the user devices [0041] Figs 1 and 3)”. This shows that a security service inspects the traffic traveling from client to server. Martini further discloses “the server 118 generates traffic, encrypts the traffic into a third encrypted form, and passes the traffic to the MitM gateway 106 (324) [0059]. The MitM gateway 106 receives the encrypted traffic, decrypts the traffic, inspects the traffic, encrypts the traffic into a fourth form, and passes the traffic to the client device 108 (326) [0060] Fig 1 and 3 discloses client device and server); apply the offload service based on identifying the offload service (Martini discloses the network gateway 202 and the group of MitM gateways 204-210 route different classes of traffic to different MitM gateways 204-210. This may be desirable, for example, if policies of the network 200 specify that different policy tests should apply to different classes of encrypted traffic [0036]. allows the MitM gateways 204-210 to monitor traffic for multiple networks in addition to the network 200, where the MitM gateways 204-210 may apply different usage policies to the devices associated with the different networks, in addition to different usage policies within a network depending on the user groups or organizational units associated with the user devices [0044]. The network gateway 102 receives the request and selects a MitM gateway to be used for traffic [0049]).
Although Martini discloses offloading and an offloading service, Martini does not explicitly but Cherukuri teaches is to inspect a threshold amount of traffic traveling in a client-to-server (C2S) direction before bypassing other traffic traveling in the C2S direction (Cherukuri teaches client sending packets to the enterprise hub [0085]. Enterprise hub detecting when traffic load exceeds or fallows below the predetermine threshold [0089]. offloads tunnels to the service enterprise hub [0091] Figs 10a,10b, and 13); wherein the other traffic is a first type of traffic (Cherukuri teaches the offloading can further include transferring certain VPN tunnels to a different network device, which may be more capable of processing certain types of flows [0026]); identifying, by the device and based on determining that the security service is to inspect the threshold amount of traffic traveling in the C2S direction before bypassing the other traffic in the C2S direction, an offload service that includes allowing the other traffic traveling in the C2S direction to be offloaded (Cherukuri teaches offloading VPN tunnel to different deices [0026]. That the first threshold is reached at the enterprise hub, excessive traffic loads detected, offloads tunnels to the service enterprise hub [0091] Figs 10a,10b, and 13).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by Martini to include is to inspect a threshold amount of traffic traveling in a client-to-server (C2S) direction before bypassing other traffic traveling in the C2S direction; wherein the other traffic is a first type of traffic; and identifying an offload service that includes allowing the other traffic traveling in the C2S direction to be offloaded as disclosed by Cherukuri. One of ordinary skill in the art would have been motivated for the purpose of the ability of provision new services faster (Cherukuri [0002]).
The combination of Martini-Cherukuri teaches device and threshold finding an offload service, the combination of Martini-Cherukuri do not explicitly teach but Holostov teaches an offload service that includes allowing the first type of traffic traveling in the C2S direction to be offloaded while continuing to inspect a second type of traffic traveling in the C2S direction (Holostov teaches data traffic continues to be passed through the cellular network 320 after a mobile device is connected to a wireless network 330, and offloading occurs when the data traffic exceeds a specific threshold. Offloading certain types of data traffic or in other manners. Traffic flow between the cloud and computing device [0030]. Using the offloading methods described herein, data traffic 333 between the cloud 310 and the mobile device 300 traveling through the cellular network 320 can be offloaded as data traffic 336 that travels through the wireless network 330 [0028] Figs. 2 and 3);
wherein the second type of traffic is different from the first type of traffic (Holostov teaches offloading certain types of data traffic or in other manners. For example, offloading can comprise offloading video data to the wireless network 330. In still other embodiments, data traffic continues to be passed through the cellular network 320 after a mobile device is connected to a wireless network 330, and offloading occurs when the data traffic exceeds a specific threshold [0030]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by the combination of Martini-Cherukuri to include allowing the first type of traffic traveling in the C2S direction to be offloaded while continuing to inspect a second type of traffic traveling in the C2S direction; wherein the second type of traffic is different from the first type of traffic as disclosed by Holostov. One of ordinary skill in the art would have been motivated for the purpose of redirecting certain type of data traffic (Holostov [0030]).

Re. claim 37, rejection of claim 35 is included and claim 37 is rejected with the same rationale as applied in claim 25.

Re. claim 38, rejection of claim 35 is included and claim 38 is rejected with the same rationale as applied in claim 26.

Re. claim 39, rejection of claim 35 is included and claim 39 is rejected with the same rationale as applied in claim 27.

Claims 23, 31, 36 are rejected under 35 U.S.C. 103 as being unpatentable over Martini (US 20140351573), Cherukuri et al. (US 20130311778, hereinafter Cherukuri), Holostov et al. (US 20130183935 hereinafter Holostov), and in further view of Cai et al. (US 9203771 hereinafter Cai).

Re. claim 23, the combination of Martini-Cherukuri-Holostov teach the method of claim 21, wherein the method further comprises: determining that no security service is to inspect encrypted traffic traveling in a server-to-client S2C direction (Martini discloses the server 118 generates traffic, encrypts the traffic into a third encrypted form, and passes the traffic to the MitM gateway 106 (324) [59]. The MitM gateway 106 receives the encrypted traffic, decrypts the traffic, inspects the traffic, encrypts the traffic into a fourth form, and passes the traffic to the client device 108 (326) [60]).
Although Martini discloses inspecting encrypted traffic in the S2C direction, Martini do not explicitly teach but Cherukuri teaches determining, based on determining that the security service is to inspect threshold amount of traffic traveling in the C2S direction before bypassing the other traffic traveling in the C2S direction (Cherukuri teaches offloading VPN tunnel to different deices [0026]. That the first threshold is reached at the enterprise hub, excessive traffic loads detected, offloads tunnels to the service enterprise hub. The cloud can decrypt the traffic and route clear traffic back to the hub via back channel [0091] Figs 10a,10b, and 13).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by Martini to include determining, based on determining that the security service is to inspect threshold amount of traffic traveling in the C2S direction before bypassing the other traffic traveling in the C2S direction as disclosed by Cherukuri. One of ordinary skill in the art would have been motivated for the purpose of the ability of provision new services faster (Cherukuri [0002]).
Although the combination of Martini-Cherukuri-Holostov would teach inspect a threshold traveling in the C2S direction, the combination of Martini-Cherukuri-Holostov do not explicitly teach but Cai teaches based on determining that no security service is to inspect the encrypted traffic traveling in the S2C direction, that the offload service includes allowing the encrypted traffic traveling to the S2C direction to be offloaded  (Cai teaches a characteristic of the service and traffic pattern, a connection flow might be locked to minimize cycling. For example, where a traffic pattern might indicate that a directional flows from a server to a client is predicted to be a candidate for offloading, [Col 23 lines 43-54]. A configurable direction-bound ratio threshold may be employed for tuning offload decisions for flows within a same service in case of dramatic traffic imbalances between server-bound and client-bound flows. Thus, offloads for a connection flow may be made specific to a direction of the flow—server-bound direction or client-bound direction [Col 25 lines 24-38]) .
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by the combination of Martini-Cherukuri-Holostov to include determining, based on determining that the security service is to inspect threshold amount of traffic traveling in the C2S direction before bypassing the other traffic traveling in the C2S direction and based on determining that no security service is to inspect the encrypted traffic traveling in the S2C direction, that the offload service includes allowing the encrypted traffic traveling to the S2C direction to be offloaded as disclosed by Cai. One of ordinary skill in the art would have been motivated for the purpose of increase communication and improvement in packet traffic (Cai [Col 1 lines 25-42]).

Re. claim 31, rejection of claim 30 is included and claim 31 is rejected with the same rationale as applied in claim 23.

Re. claim 36, rejection of claim 35 is included and claim 36 is rejected with the same rationale as applied in claim 23.

Claims 28, 34, and 40 are rejected under 35 U.S.C. 103 as being unpatentable over Martini (US 20140351573), Cherukuri et al. (US 20130311778, hereinafter Cherukuri), Holostov et al. (US 20130183935 hereinafter Holostov), and in further view of Horii et al. (US 20170163644 hereinafter Horii).

Re. claim 28, the combination of Martini-Cherukuri-Holostov teach the method of claim 21, the combination of Martini-Cherukuri-Holostov do not explicitly teach but Horii teaches further comprising: storing information associated with the offload service after identifying the offload service (Horii teaches the administrator (or system (e.g., because of system policies) may select which services to offload based on a plurality of reasons, including, for example, system workload according to various embodiments of the present principles [0020]. The on-premise systems may monitor and store the back-end services being requested by the offloaded services, and may locally re-execute the offloaded services with unauthorized access. This mapping may be recorded in a permission list for allowing future access to the back-end services by the offloaded services [0022]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by the combination of Martini-Cherukuri-Holostov to include storing information associated with the offload service after identifying the offload service as disclosed by Horii. One of ordinary skill in the art would have been motivated for the purpose of permitting future access (Horii [0007]).

Re. claim 34, rejection of claim 30 is included and claim 34 is rejected with the same rationale as applied in claim 28.

Re. claim 40, rejection of claim 35 is included and claim 40 is rejected with the same rationale as applied in claim 28.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Chowdhury (US 20110028479) discloses offloading selected data to an alternate communication network.
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KEVIN A AYALA whose telephone number is (571)270-3912. The examiner can normally be reached Monday-Thursday 8AM-5PM; Friday: Variable EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge Ortiz-Criado can be reached on 571-272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/K.A./Examiner, Art Unit 2496     

/JORGE L ORTIZ CRIADO/Supervisory Patent Examiner, Art Unit 2496