DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Acknowledgements
This communication is in response to
Application amendment filed on 03/05/2021.
Authorization for this examiner’s amendment was given via phone and internet communications 03/29/2021 and 04/01/2021 with Attorney Scott Watkins (Reg. No. 36,715).

Response to Amendment
The amendment filed 03/05/2021 has been entered. 
Applicant’s amendments to the Specification result into withdrawal of the Specification objections previously set forth in the Office Action mailed on 01/14/2021.
Applicant’s amendments to claims 1-2, 4-5, and 7-8 result into withdrawal of the claim objections previously set forth in the Office Action mailed on 01/14/2021.
Applicant’s amendments to independent claims 1, 4 and 7, arguments, Page 8 of the Remarks filed on 03/05/2021 and further claim amendments result into withdrawal of the 35 USC § 103 rejection previously set forth in the Office Action mailed on 01/14/2021.

Examiner’s Amendment
An Examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Note: Proposed amendments marked manually with underlining and 
Claims Amendments:
1. 	(Currently Amended) A method of managing a first edge device, comprising: 
establishing a data plane connection between the first edge device and a second edge device: 
for each packet received by the first edge device from the second edge device over the data plane: 
first lookup, Internet Protocol (IP) address corresponding to the received packet for one or more destination context Virtual Private Networks (VPNs) associated with the destination IP address; 
second lookup one or more destination context VPNs associated with the destination IP address corresponding to the received packet, whether the destination IP address has an associated Security Parameter Index (SPI) known to first edge device; 
dropping the packet in response to failure of the second lookup; 
in response to a successful result of the second lookup: 
retrieve a decryption key; and 
processing the received packet with the decryption key.  

2. 	(Currently Amended) The method of claim 1, further comprising for each packet received by the first edge device from the second edge device over the data plane: 
third lookup, in response to success of the first lookup, whether the destination IP address has an associated SPI in the context table.  

4. 	(Currently Amended) A non-transitory media containing instructions which when executed by a processor cause the processor to perform operations comprising: 

for each packet received by the first edge device from the second edge device over the data plane: 
first lookup, Internet Protocol (IP) address corresponding to the received packet for one or more destination context Virtual Private Networks (VPNs) associated with the destination IP address; 
second lookup one or more destination context VPNs associated with the destination IP address corresponding to the received packet, whether the destination IP address has an associated Security Parameter Index (SPI) known to first edge device; 
dropping the packet in response to failure of the second lookup; 
in response to a successful result of the second lookup: 
retrieve a decryption key; and 
processing the received packet with the decryption key.  

5. 	(Currently Amended) The media of claim 4, the operations further comprising for each packet received by the first edge device from the second edge device over the data plane: 
third lookup, in response to success of the first lookup, whether the destination IP address has an associated SPI in the context table.  

7. 	(Currently Amended) A first edge device, comprising: 
a non-transitory computer readable media containing instructions; 5 76326789.1Application No. 16/536,756Docket No.: 631808 (1016956-US.03) Response to Non-Final Office Action 
a processor programmed to operate in conjunction with the instructions in the media to perform operations comprising: 

for each packet received by the first edge device from the second edge device over the data plane: 
first lookup, Internet Protocol (IP) address corresponding to the received packet for one or more destination context Virtual Private Networks (VPNs) associated with the destination IP address; 
second lookup one or more destination context VPNs associated with the destination IP address corresponding to the received packet, whether the destination IP address has an associated Security Parameter Index (SPI) known to first edge device; 
dropping the packet in response to failure of the second lookup; 
in response to a successful result of the second lookup: 
retrieve a decryption key; and 
processing the received packet with the decryption key.  

8. 	(Currently Amended) The first edge device of claim 7, the operations further comprising for each packet received by the first edge device from the second edge device over the data plane: 
third lookup, in response to success of the first lookup, whether the destination IP address has an associated SPI in the context table.  

Allowable Subject Matter
Claims 1-9 are allowed. Claims 1-2, 4-5 and 7-8 have been amended. 
The following is a statement of reasons for indication of allowable subject matter.

i. Detienne et al. (US 2014/0115325 A1, hereinafter “Detienne”),
ii. Bharrat et al. (US 2011/0271096 A1, hereinafter “Bharrat”),
iii. Gandhewar et al. (US 2010/0191813 A1, hereinafter “Gandhewar”).
Detienne discloses establishing a data plane connection between a first edge device and a second edge device, and for each packet received by the first edge device from the second edge device over the data plane: first lookup, in a context table at the first edge device, a destination IP address corresponding to a received packet; second lookup whether the destination IP address has an associated SPI known to the first edge device, in response to a successful result of the second lookup, retrieve a decryption key and process the received packet with the decryption key. Bharrat teaches dropping a packet in response to a failure of a lookup. Gandhewar teaches a second lookup, in response to failure of a first lookup.
While Detienne-Bharrat-Gandhewar teaches the aforementioned limitations, however, none of the above prior arts, individually or in combination, teaches the claim limitations in the manner described in the independent claims for first lookup, in a context table at the first edge device, a destination Internet Protocol (IP) address corresponding to a received packet for one or more destination context Virtual Private Networks (VPNs) associated with the destination IP address; second lookup, in response to the first lookup failing to identify one or more destination context VPNs associated with the destination IP address corresponding to the received packet, whether the destination IP address has an associated Security Parameter Index (SPI) known to the first edge device. Therefore, the above limitations in conjunction with the remaining limitations of independent claims 1, 4 and 7 render the above claims allowable.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to STEPHANIE S HAM whose telephone number is (571)272-4377.  The examiner can normally be reached on Monday - Friday 8:30 am - 4:30 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, ELENI A SHIFERAW can be reached on (571)272-3867.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/STEPHANIE S HAM/Examiner, Art Unit 2497                                                                                                                                                                                                        /ELENI A SHIFERAW/Supervisory Patent Examiner, Art Unit 2497