Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION

Status of Claims
Claims 1-7, 20 are subject to examination.  
Claims 8-19 are cancelled.  

Priority
Applicant’s claim for domestic priority as claimed in this application under 35 U.S.C. 119(e) is acknowledged.  This application is a CON of 16/436,489 06/10/2019 PAT 10932017. 16/436,489 is a CON of 15/083,586 03/29/2016 PAT 10362373. 15/083,586 has PRO 62/275,925 01/07/2016. 15/083,586 has PRO 62/275,917 01/07/2016.

Election/Restrictions
Applicant’s election without traverse of Group I invention, claims 1-7, 20, in the reply filed on 11/23/22 is acknowledged.
 
Specification
The specification has not been checked to the extent necessary to determine the presence of all possible minor errors. In response to this office action, applicant's cooperation is requested in correcting any errors of which applicant may become aware in the specification. For example, status of co-pending applications should be made with --now copending-- and status of patent applications should be --now U.S. Patent number --. 
In paragraph [0001], status of co-pending applications should be made with --now copending-- and status of patent applications should be --now U.S. Patent number --.

Drawings
The figures submitted on the filing date of this application are acknowledged. 

Information Disclosure Statement
Applicant and the assignee of this application are required under 37 CFR 1.105 to provide the following information that the examiner has determined is reasonably necessary to the examination of this application.   
If the applicant has processed/recognized/knowledge/acquired of patent(s)/publication(s) of, in particular, of same assignee/inventor(s) that contain(s) limitations of claim 6, "SRLT”, and claim 7, “a byte value distribution metric”, be provided for consideration for the prosecution of this application. 
In response to this requirement, please provide the title, citation and copy of each publication that is a source used for the description of the prior art in the disclosure.  For each publication, please provide a concise explanation of that publication’s contribution to the description of the prior art.
This Office action has a requirement for information under 37 CFR 1.105.  A complete reply to this Office action must include a complete reply to the requirement for information.  The time period for reply to the requirement coincides with the time period for reply to this Office action.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claim(s) 1-4, 20, is/are rejected under 35 U.S.C. 103 as being unpatentable over Akhter et al., 2015/0281028 Cisco Technology in view of Shanker et al., 2014/0082204, Cisco Technology and Goodall et al., 7683773.
Referring to claim(s) 1, 20, Akhter-Cisco discloses an apparatus comprising: a network interface configured to interface with a computer network; one or more processors coupled to the network interface; and a non-transitory memory comprising instructions that when executed cause the one or
more processors to perform operations comprising: receiving, by a device in a computer network, a traffic flow including a plurality of packets (para 21, figure 1, 3, 4); 

    PNG
    media_image1.png
    296
    518
    media_image1.png
    Greyscale

determining, by the device, data of the traffic flow (para 21, 38, figure 1, 3, 4); and 

    PNG
    media_image2.png
    342
    542
    media_image2.png
    Greyscale

transmitting, from the device, telemetry data of the traffic flow, the telemetry data of the traffic flow including the protocol data of the traffic flow (para 38).

    PNG
    media_image3.png
    195
    557
    media_image3.png
    Greyscale


Shanker discloses encrypted using a cryptographic protocol, cryptographic protocol data of the flow, para 2, 15, 16.

Akhter-Cisco does not specifically mention about, which is well-known in the art, which Shanker-Cisco discloses, encrypted using a cryptographic protocol, cryptographic protocol data of the flow, para 2, 15, 16. Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Akhter-Cisco to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide encrypting data of the flow. The encrypted data would enable secure transmission of data from one device to another device, and would provide security for the data in the system, para 2, 15, 16. 
Akhter-Cisco and Shanker-Cisco do not specifically mention about, which is well-known in the art, which Goodall discloses wherein the data of the traffic flow includes at least one of: a Transport Layer Security (TLS) version number, ciphersuite offered by a source device, a ciphersuite selected by a destination device, a TLS sequence of record lengths and times, a record type, a handshake type, an extension type, a size of a cryptographic key, a supported elliptical curve, and a supported point format, col., 11, lines 13-50.

    PNG
    media_image4.png
    273
    632
    media_image4.png
    Greyscale

    PNG
    media_image5.png
    261
    622
    media_image5.png
    Greyscale

Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Akhter-Cisco to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide a particular information in the data of the traffic flow. The data flow would enable transmission of the particular information from one device to another device, and would enable utilizing the data in the system, col., 11, lines 13-50. 

Referring to claim(s) 2, Akhter-Cisco discloses wherein the traffic flow further includes unencrypted packet (para 21, 38, figure 1, 3, 4). 

Referring to claim(s) 3, Shanker-Cisco discloses inspecting, by the device, the unencrypted packet to determine the cryptographic protocol data of the traffic flow, para 2, 15, 16. 

Referring to claim(s) 4, Shanker-Cisco discloses wherein the unencrypted packet include information to establish an encrypted connection using a cryptographic protocol, para 2, 15, 16. 

Claim(s) 5, is/are rejected under 35 U.S.C. 103 as being unpatentable over Akhter in view of Shanker-Cisco, Goodall and Garg et al., 20140098669.
Referring to claim(s) 5, Akhter-Cisco, Namblar, and Bowen do not specifically mention about, which is well-known in the art, which Garg discloses, wherein the telemetry data of the traffic flow further includes at least one of: a source IP address of the traffic flow, a destination IP address of the traffic flow, a start time of the traffic flow, a stop time of the traffic flow, a protocol associated with the traffic flow, a number of bytes of the traffic flow, and a number of the plurality of packets, para 28. Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Akhter-Cisco to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide a particular information in the data of the traffic flow. The data flow would enable transmission of the particular information from one device to another device, and would enable utilizing the information in the system, para 28. 

Claim(s) 6, is/are rejected under 35 U.S.C. 103 as being unpatentable over Akhter in view of Shanker-Cisco, Goodall and Kampeas et al., 2015/0200860.
Referring to claim(s) 6, Akhter-Cisco, Shanker-Cisco, and Goodall do not specifically mention about, which is well-known in the art, which Kampeas discloses, a sequence of packet lengths and times (SRLT) for the packet, para 43. Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Akhter-Cisco to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide a particular information such as SRLT in the traffic flow. The data flow would enable transmission of the particular information such as SRLT from one device to another device, and would enable utilizing the information in the system, para 43. 

Claim(s) 7, is/are rejected under 35 U.S.C. 103 as being unpatentable over Akhter in view of Shanker-Cisco, Goodall and White et al., 2015/0052601.
Referring to claim(s) 7, Akhter-Cisco, Shanker-Cisco, and Goodall do not specifically mention about, which is well-known in the art, which White discloses, a byte value distribution metric, para 175, 193, 82. Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Akhter-Cisco to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide a particular information such as byte value distribution metric in the traffic flow. The data flow would enable transmission of the particular information such as such as byte value distribution metric from one device to another device, and would enable utilizing the information in the system, para 175, 193, 82. 

Claim(s) 1-4, 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Akhter et al., 2015/0281028 Cisco Technology in view of Namblar et al., 20150370723 and Bowen, 9712621.
Referring to claim(s) 1, 20, Akhter-Cisco discloses an apparatus comprising: a network interface configured to interface with a computer network; one or more processors coupled to the network interface; and a non-transitory memory comprising instructions that when executed cause the one or
more processors to perform operations comprising: receiving, by a device in a computer network, a traffic flow including a plurality of packets (para 21, figure 1, 3, 4); 

    PNG
    media_image1.png
    296
    518
    media_image1.png
    Greyscale

determining, by the device, data of the traffic flow (para 21, 38, figure 1, 3, 4); and 

    PNG
    media_image2.png
    342
    542
    media_image2.png
    Greyscale

transmitting, from the device, telemetry data of the traffic flow, the telemetry data of the traffic flow including the protocol data of the traffic flow (para 38).

    PNG
    media_image3.png
    195
    557
    media_image3.png
    Greyscale


Akhter-Cisco does not specifically mention about, which is well-known in the art, which Namblar discloses, encrypted using a cryptographic protocol, cryptographic protocol data of the flow, para 49. Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Akhter-Cisco to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide encrypting data of the flow. The encrypted data would enable secure transmission of data from one device to another device, and would provide security for the data in the system, para 49. 
Akhter-Cisco and Namblar do not specifically mention about, which is well-known in the art, which Bowen discloses wherein the data of the traffic flow includes at least one of: a Transport Layer Security (TLS) version number, ciphersuite offered by a source device, a ciphersuite selected by a destination device, a TLS sequence of record lengths and times, a record type, a handshake type, an extension type, a size of a cryptographic key, a supported elliptical curve, and a supported point format, col., 9, lines 21-32.
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Akhter-Cisco to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide a particular information in the data of the traffic flow. The data flow would enable transmission of the particular information from one device to another device, and would enable utilizing the data in the system, col., 9, lines 21-32. 

Referring to claim(s) 2, Akhter-Cisco discloses wherein the traffic flow further includes unencrypted packet (para 21, 38, figure 1, 3, 4). 

Referring to claim(s) 3, Namblar discloses inspecting, by the device, the unencrypted packet to determine the cryptographic protocol data of the traffic flow, para 49. 

Referring to claim(s) 4, Namblar discloses wherein the unencrypted packet include information to establish an encrypted connection using a cryptographic protocol, para 49. 

Claim(s) 5, is/are rejected under 35 U.S.C. 103 as being unpatentable over Akhter in view of Namblar, Bowen and Eggleston et al., 20130204997.
Referring to claim(s) 5, Akhter-Cisco, Namblar, and Bowen do not specifically mention about, which is well-known in the art, which Eggleston discloses, wherein the telemetry data of the traffic flow further includes at least one of: a source IP address of the traffic flow, a destination IP address of the traffic flow, a start time of the traffic flow, a stop time of the traffic flow, a protocol associated with the traffic flow, a number of bytes of the traffic flow, and a number of the plurality of packets, para 24. Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Akhter-Cisco to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide a particular information in the data of the traffic flow. The data flow would enable transmission of the particular information from one device to another device, and would enable utilizing the information in the system, para 24. 

Claim(s) 6, is/are rejected under 35 U.S.C. 103 as being unpatentable over Akhter in view of Namblar, Bowen and Zhao et al., 20160173354.
Referring to claim(s) 6, Akhter-Cisco, Namblar, and Bowen do not specifically mention about, which is well-known in the art, which Zhao discloses, a sequence of packet lengths and times (SRLT) for the packet, claim 4, para 62, 27, 21. Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Akhter-Cisco to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide a particular information such as SRLT in the traffic flow. The data flow would enable transmission of the particular information such as SRLT from one device to another device, and would enable utilizing the information in the system, claim 4, para 62, 27, 21. 

Claim(s) 7, is/are rejected under 35 U.S.C. 103 as being unpatentable over Akhter in view of Namblar, Bowen and Conte et al., 2010/0287383.
Referring to claim(s) 7, Akhter-Cisco, Namblar, and Bowen do not specifically mention about, which is well-known in the art, which Conte discloses, a byte value distribution metric, para 15. Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Akhter-Cisco to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide a particular information such as byte value distribution metric in the traffic flow. The data flow would enable transmission of the particular information such as such as byte value distribution metric from one device to another device, and would enable utilizing the information in the system, para 15. 
 
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HARESH PATEL whose telephone number is (571)272-3973.  The examiner can normally be reached on M-F 9-5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge L. Ortiz-Criado, can be reached at (571) 272-7624. The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/HARESH N PATEL/Primary Examiner, Art Unit 2496