Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
DETAILED ACTION
This action is in response to original filings made on 12/7/2021. Claims 1-20 are pending. 
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claim 19 is rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter. Claim 19 is drawn to a tangible computer readable storage medium readable by computer. In addition to material hardware, such as a hard disk or read only memory, such media may include an electrical signal in a wire or light pulses in a fiber-optic cable, physical but transitory forms of signal transmission. [A]ny tangible means of information carriage.., can be embodied by conventional, known means, such as electrical signals, modulated electromagnetic waves, and pulses in fiber optic cable. In re Nuijten, 84 USPQ2d 1495, 1500 (Fed. Cir. 2007) (emphasis in the original). [S]uch transitory embodiments are not directed to statutory subject matter. Id. See also
U.S. PATENT AND TRADEMARK OFFICE, Interim Examination Instructions for Evaluation
Subject Matter Eligibility Under 35 U.S.C. § 101, Aug. 24, 2009 at
http ://www.uspto.gov/web/offices/pac/dapp/opla/2009-08-25 interim 101 instructions.pdf, at 2. 
Therefore, a tangible computer readable storage medium includes non-statutory, transitory embodiments. The rejection under 35 U.S.C. § 101 for claim 19 may be overcome by inserting before the first occurrence of "medium" in line 1, -- non-transitory-- or --non-signal-- and by inserting before the second occurrence of "storage" in line 1, --non-transitory-- or --non-signal--. See David J. Kappos, Subject Matter Eligibility of Computer Readable Media, 1351 Off. Gaz. Pat. Office 212 (Feb. 23, 2010) ("OG Notice") (citation omitted), available at http ://www.uspto.gov/web/offices/com/sol/og/2010/week08/TOC. htm#ref20.
Claim 20 is rejected under 35 U.S.C. § 101, by way of its dependency on claim 19. 
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees.  A nonstatutory double patenting rejection is appropriate where the claims at issue are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the reference application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The USPTO internet Web site contains terminal disclaimer forms which may be used.  Please visit http://www.uspto.gov/forms/.  The filing date of the application will determine what form should be used.  A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission.  For more information about eTerminal Disclaimers, refer to http://www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.  

Claims 1, 10 and 19 are rejected on the ground of nonstatutory double patenting as being unpatentable over claim 1 of U.S. Patent No. 11,240,208. Although the claims at issue are not identical, they are not patentably distinct from each other because both sets of claims are drawn to the dynamic (i.e., splitting tunneling) routing of traffic based on traffic content (i.e., audio or video).
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Barkie et al. (US Patent Publication No. 2014/0201814 and Barkie hereinafter (cited from IDS 12/7/2021)) in view of Parla et al. (US Patent Publication No. 2011/0154477 and Parla hereinafter (cited from IDS 12/7/2021)) and further in view of DATTA et al. (US Patent Publication No. 2017/0126626 and DATTA hereinafter).

As to claims 1, 10 and 19, Barkie teaches a system, comprising: 
a processor of a security platform configured to (see fig. 5): 
	wherein the session traffic is initially routed through a Virtual Private Network (VPN) tunnel (i.e., …teaches in par. 0033 the following: “Moreover, for virtual private network connections, a connection rule can specify a VPN split tunneling connection or a VPN full tunneling connection, whereby if a client is logged into a corporate VPN, for example, all traffic will pass through the corporate VPN (full tunneling) or certain specified traffic will not pass through the corporate VPN but go directly to a destination node (split tunneling).”), 
determine, 
wherein the first content type includes video network, audio network traffic, or another content type that is configured for split tunneling based on a policy (i.e., …teaches in par. 0033 the following: “Moreover, for virtual private network connections, a connection rule can specify a VPN split tunneling connection or a VPN full tunneling connection, whereby if a client is logged into a corporate VPN, for example, all traffic will pass through the corporate VPN (full tunneling) or certain specified traffic will not pass through the corporate VPN but go directly to a destination node (split tunneling).”); 
and redirect the session traffic if the session traffic is associated with the first content type to perform split tunneling based on the policy (i.e., …teaches in par. 0033 the following: “Moreover, for virtual private network connections, a connection rule can specify a VPN split tunneling connection or a VPN full tunneling connection, whereby if a client is logged into a corporate VPN, for example, all traffic will pass through the corporate VPN (full tunneling) or certain specified traffic will not pass through the corporate VPN but go directly to a destination node (split tunneling).”), 

and a memory coupled to the processor and configured to provide the processor with instructions (i.e., …see figure 5).

Barkie does not expressly teach:
wherein the split tunneling is based on different content types based on the policy to reduce bandwidth and computing resources used for performing security inspection of network traffic associated with video network traffic or audio network traffic,
and wherein the session traffic is redirected outside of the VPN tunnel using an HTTP/HTTPS redirect request with the same destination as the client after determining that the session traffic is associated with the first content type. 
In this instance the examiner notes the teachings of prior art reference Parla. 
With regards to applicant’s claim limitation element of, “wherein the split tunneling is based on different content types based on the policy to reduce bandwidth and computing resources used for performing security inspection of network traffic associated with video network traffic or audio network traffic”, teaches in par. 0044 the following: “The dynamic content-based routing described herein preserves network bandwidth for critical enterprise application such as Voice over IP (VoIP) or internal video.”.
With regards to applicant’s claim limitation element of, “and wherein the session traffic is redirected outside of the VPN tunnel using an HTTP/HTTPS redirect request with the same destination as the client after determining that the session traffic is associated with the first content type”, Parla teaches in paragraph 0023 the following: “When a user (not shown) enters a URL into, e.g., a browser to access the webpage associated with that URL, the URL is intercepted by the remote device (using a client operating on the remote device). In this case, the request is "GET http://www.aaa.com/bbb." The URL is passed to the trusted network by the remote device client and, in turn, is passed to the policy server 150/policy database 155 to determine how network traffic associated with the URL request is to be routed. In the case of content associated with www.aaa.com/bbb, the indication in policy database 155 (FIG. 2) is "tunnel." That indication is then sent back to the client, which is configured to cause the operating system on the remote device to route the network traffic accordingly and, in this case, via VPN 140. Routing could also have been indicated to flow via another interface such a cellular or LAN interface.”. Further teaches in par. 0044 the following: “The dynamic content-based routing described herein preserves network bandwidth for critical enterprise application such as Voice over IP (VoIP) or internal video. It further leverages the fact that most browsing activity and bandwidth intensive application are HTTP (HTTP-GET) requests, not HTTPS. That is, most browser requests are basic GET requests and many of such requests are not in need of VPN connectivity. Thus, as a result of dynamic content-based routing, the endpoint experience of, e.g., a mobile user is much improved compared to an always-on VPN configuration. Likewise, the impact on enterprise infrastructure/bandwidth can be reduced.”.
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the of the claimed invention was made to implement the teachings of Barkie with the teachings of Parla by having their system comprise dynamic content request processing. One would have been motivated to do so to provide a simple and effective means to control access to content, wherein the dynamic content request processing helps facilitate content communication within the network and makes it easier to provide secure content to the network end user. 

The system of Barkie and Parla do not expressly teach:
monitor session traffic received from a client at the security platform, 
and wherein the session traffic is decrypted and decoded at the security platform. 
In this instance the examiner notes the teachings of prior art reference DATTA. 
With regards to applicant’s claim limitation element of, “monitor session traffic received from a client at the security platform”, DATTA teaches in par. 0209 the following: “During an intercepting step 732, the innovative appliance 108 intercepts a packet 734 that is being sent toward the other end of the VPN tunnel 724. The intercepted packet contains the external IP addresses 704, 714 specified in the security association as its source and destination addresses. Since either or both of these is a virtual address, they are mapped 746 to actual (i.e., WAN interface 120 transport layer) addresses 738 which are placed in the packet before sending the packet out of the appliance. To get 736 the actual addresses 738 to use, that is, to choose which WAN interface(s) to use for a given session, the appliance may perform load balancing 740 (per-packet or per-session), failover 742, another routing optimization 744, or a combination of such routing optimizations 744.”.
With regards to applicant’s claim limitation element of, “and wherein the session traffic is decrypted and decoded at the security platform”, DATTA teaches in par. 210 the following: “Operations such as decompression or decryption may also be performed on the packet 734.”.
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the of the claimed invention was made to implement the teachings of Barkie and Parla with the teachings of DATTA by having their system comprise crypto data processing. One would have been motivated to do so to provide a simple and effective means to secure data communication, wherein the crypto data processing helps facilitate data integrity within the network and makes it easier to provide secure content to the network end user. 

As to claims 2, 11 and 20, Barkie, Parla and DATTA as applied to claim 1 above teaches split tunneling, specifically Barkie does not expressly teach a system recited in claim 1, wherein the security platform comprises a security appliance that includes a VPN client, and wherein the policy further comprises a security policy.
In this instance the examiner notes the teachings of prior art reference Parla. 
Parla teaches in par. 0039 the following:
	“web security appliance by requesting the reputation of a particular URL and then, based on VPN policy, adaptively redirect the specific URL request (or, more generally, "use" request) to or away from the VPN tunnel, or to or away from a different VPN tunnel possibly from among a plurality of available VPN tunnels.”. 
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the of the claimed invention was made to implement the teachings of Barkie with the teachings of Parla by having their system comprise security policies. One would have been motivated to do so to provide a simple and effective means to secure data communication, wherein the security policies helps facilitate data integrity within the network and makes it easier to provide secure content throughout the network. 

As to claims 3 and 12, Barkie, Parla and DATTA as applied to claim 1 above teaches split tunneling, specifically Barkie does not expressly teach a system recited in claim 1, wherein the security platform comprises a gateway that includes a VPN client, and wherein the policy further comprises a security policy.
In this instance the examiner notes the teachings of prior art reference Parla. 
Parla teaches in par. 0039 the following:
	“web security appliance by requesting the reputation of a particular URL and then, based on VPN policy, adaptively redirect the specific URL request (or, more generally, "use" request) to or away from the VPN tunnel, or to or away from a different VPN tunnel possibly from among a plurality of available VPN tunnels.”. 
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the of the claimed invention was made to implement the teachings of Barkie with the teachings of Parla by having their system comprise security policies. One would have been motivated to do so to provide a simple and effective means to secure data communication, wherein the security policies helps facilitate data integrity within the network and makes it easier to provide secure content throughout the network. 

As to claims 4 and 13, Barkie, Parla and DATTA as applied to claim 1 above teaches split tunneling, specifically Barkie teaches a system recited in claim 1, wherein the session traffic is initially routed through a tunnel (i.e., …teaches in par. 0033 the following: “… for example, all traffic will pass through the corporate VPN (full tunneling) or certain specified traffic will not pass through the corporate VPN but go directly to a destination node (split tunneling).”).

As to claims 5 and 14, Barkie, Parla and DATTA as applied to claim 1 above teaches split tunneling, specifically Barkie teaches a system recited in claim 1, wherein the session traffic is initially routed through a tunnel, and the session traffic is redirected outside of the tunnel (i.e., …teaches in par. 0033 the following: “Moreover, for virtual private network connections, a connection rule can specify a VPN split tunneling connection or a VPN full tunneling connection, whereby if a client is logged into a corporate VPN, for example, all traffic will pass through the corporate VPN (full tunneling) or certain specified traffic will not pass through the corporate VPN but go directly to a destination node (split tunneling).”).

As to claims 6 and 15, Barkie, Parla and DATTA as applied to claim 1 above teaches split tunneling, specifically Barkie teaches a system recited in claim 1, wherein the session traffic is initially routed through a Virtual Private Network (VPN) tunnel (i.e., …teaches in par. 0033 the following: “… whereby if a client is logged into a corporate VPN, for example, all traffic will pass through the corporate VPN (full tunneling) …”).

As to claims 7 and 16, Barkie, Parla and DATTA as applied to claim 1 above teaches split tunneling, specifically Barkie teaches a system recited in claim 1, wherein the session traffic is initially routed through a Virtual Private Network (VPN) tunnel, and the session traffic is redirected outside of the VPN tunnel (i.e., …teaches in par. 0033 the following: “Moreover, for virtual private network connections, a connection rule can specify a VPN split tunneling connection or a VPN full tunneling connection, whereby if a client is logged into a corporate VPN, for example, all traffic will pass through the corporate VPN (full tunneling) or certain specified traffic will not pass through the corporate VPN but go directly to a destination node (split tunneling).”).

As to claims 8 and 17, Barkie, Parla and DATTA as applied to claim 1 above teaches split tunneling, specifically neither Barkie nor Parla teaches a system recited in claim 1, wherein the session traffic is encrypted, and wherein the processor is further configured to: decrypt the session traffic.
In this instance the examiner notes the teachings of prior art reference DATTA. 
DATTA teaches in par. 0035 the following: “a step involving action by a party of interest with regard to a destination or other subject may involve intervening action such as forwarding, copying, uploading, downloading, encoding, decoding, compressing, decompressing, encrypting, decrypting, authenticating, invoking, and so on by some other party, yet still be understood as being performed directly by the party of interest.”.
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the of the claimed invention was made to implement the teachings of Barkie and Parla with the teachings of DATTA by having their system comprise crypto data processing. One would have been motivated to do so to provide a simple and effective means to secure data communication, wherein the crypto data processing helps facilitate data integrity within the network and makes it easier to provide secure content to the network end user. 

As to claims 9 and 18, Barkie, Parla and DATTA as applied to claim 1 above teaches split tunneling, specifically neither Barkie nor Parla teaches a system recited in claim 1, wherein the session traffic is encrypted, and wherein the processor is further configured to: decrypt the session traffic; and decode the session traffic.
In this instance the examiner notes the teachings of prior art reference DATTA. 
DATTA teaches in par. 0035 the following: “a step involving action by a party of interest with regard to a destination or other subject may involve intervening action such as forwarding, copying, uploading, downloading, encoding, decoding, compressing, decompressing, encrypting, decrypting, authenticating, invoking, and so on by some other party, yet still be understood as being performed directly by the party of interest.”. DATTA teaches in par. 210 the following: “Operations such as decompression or decryption may also be performed on the packet 734.”.
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the of the claimed invention was made to implement the teachings of Barkie and Parla with the teachings of DATTA by having their system comprise crypto data processing. One would have been motivated to do so to provide a simple and effective means to secure data communication, wherein the crypto data processing helps facilitate data integrity within the network and makes it easier to provide secure content to the network end user. 
Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRYAN F WRIGHT whose telephone number is (571)270-3826.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw can be reached on (571)272-3867.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/BRYAN F WRIGHT/Examiner, Art Unit 2497