ATTACHMENT TO PAPER NO. 20210511
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response and Claim Status
The instant Attachment is responsive to the response received April 26, 2021 (the “Response”) and in the interview conducted April 22, 2021 (the “Interview”).
Claims 1–22 are pending.  

Claim Rejections – 35 U.S.C. § 103
Claims 1, 7, 13, and 19–21 are rejected under 35 U.S.C. § 103 as being obvious over Applicant’s admitted prior-art (“AAPA”)(see Spec. ¶¶ 2–6) in view of Chan al. (US 10,454,879 B2; filed Mar. 5, 2018), and in further view of Noehring et al. (US 8,433,691 B2; filed Jan. 11, 2011), and in further view of Forsberg et al. (US 2009/0016334 A1; filed July 9, 2007).
Response to Arguments
	Applicant argues
In rejecting claim 1, the Examiner acknowledges that AAPA does not teach “(B) the same local gateway repeating the above method-steps for the second tunnel, the second tunnel ID, the one or more second security tunnels, and the one or more second pairs of inbound-outbound SAs as the local gateway for the first tunnel, the first tunnel ID, the one or more first security tunnels, and the one or more first pairs of inbound-outbound SAs”.  See Office Action, p. 3. Instead, when describing the rejections applying to features (B), the Examiner asserts that Chan discloses these features of claim 1.

Response 10.
	The Examiner is unpersuaded of error because Applicant’s arguments are non-responsive to the rejection.  Notably, the Examiner finds AAPA teaches 
first tunnel with a peer gateway by engaging with the peer gateway in a tunnel creation according to a security protocol; and
establishing, at the local gateway, one or more first security tunnels on the first tunnel, the one or more first security tunnels being associated with one or more first security associations (SAs) with the peer gateway.  See Office action 2–3, mailed Feb. 25, 2021.
Moreover, the Examiner concludes it would be obvious for AAPA to include establishing, at a local gateway, a second tunnel with a peer gateway by engaging with the peer gateway in a tunnel creation according to a security protocol; and
establishing, at the local gateway, one or more second security tunnels on the second tunnel, the one or more second security tunnels being associated with one or more second security associations (SAs) with the peer gateway.  See id. at 4–5.
Moreover, the Examiner finds AAPA does not teach the local gateway that establishes the first tunnel and the one or more first security tunnels is the same local gateway that establishes the second tunnel and the one or more second security tunnels.  See id. at 3 (reciting “AAPA does not teach . . .  (B) the same local gateway . . . .”).  The Examiner, then, finds Chan teaches a same gateway establishing first and second tunnels.  See id. at 5.  The Examiner, then, concludes it would have been obvious for AAPA’s local gateway that establishes the first tunnel and the one or more first security tunnels and the local gateway that establishes the second tunnel and the one or more second security tunnels to be the same gateway as taught by Chan.

	Next, Applicant argues 
Chan instead of the IKE tunnels described in the alleged AAPA. In particular, one of skill in the art would understand that IKE tunnels and VPN tunnels serve different purposes and thus cannot simply be substituted for one another. For example, the VPN tunnel would not be used for establishing multiple security tunnels over the VPN tunnel, and the cited art does not describe a VPN tunnel being used for such a purpose.

In addition, the teachings of establishing multiple VPN tunnels does not automatically lend itself to being extended to establishing multiple IKE tunnels between gateways. In particular, as discussed in the alleged AAPA, two gateways may form a single IKE tunnel between one another, and can already form multiple IPSec tunnels on that single IKE tunnel. Therefore, in the cited art alone, there is no teaching or motivation to establish yet another IKE tunnel between the two gateways, as it is unclear what purpose it would serve.

Response 11.
	The Examiner is unpersuaded of error.  Applicant’s arguments concerning Chan’s VPN tunnels and use of the VPN tunnels is not germane to the limited purpose for which Chan was cited, namely for teaching a single gateway that establishes multiple tunnels as discussed above.  According to the rejection, it would be obvious to AAPA’s first IKE tunnel, one or more first security IPSec tunnels on the first IKE tunnel, second IKE tunnel, and one or more second security IPSec tunnels on the second IKE tunnel to be established on a single gateway according to the teaching of Chan.
	Thus, Applicant has not persuasively explained why AAPA and Chan cannot be combined to achieve a properly functioning system as the rejection is proposed, or the proposed modification would change the principle of
operation of the prior art invention.



Regarding claim 1, while AAPA teaches a method (¶¶ 2–6) of securing communications (“protect packets communicated between endpoints (Eps), such as . . . between gateways” at ¶ 2) with a peer gateway (“gateways” at ¶ 2; “tunnel endpoints” at ¶ 3), comprising:
establishing, at a local gateway (“gateways” at ¶ 2; “tunnel endpoints” at ¶ 3), a first tunnel (“an IKE tunnel, which refers to a secure tunnel” at ¶ 2) with the peer gateway by engaging with the peer gateway in a tunnel creation according to a security protocol; and
establishing, at the local gateway, one or more first security tunnels (“IPSec tunnel” at ¶ 2) on the first tunnel (“secure tunnel that allows for the Eps to further establish an IPSec tunnel” at ¶ 2), the one or more first security tunnels being associated with one or more first security associations (SAs) (“an IPSec tunnel including security associations (SAs), between the endpoints” at ¶ 2; “at least two SAs, one for each direction, are established between two endpoints” at ¶ 2) with the peer gateway, AAPA does not teach
AAPA does not teach 
(A) repeating the above method-steps for a second tunnel, a second tunnel ID, one or more second security tunnels, and one or more second pairs of in-bound-outbound SAs; 
(B) the same local gateway repeating the above method-steps for the second tunnel, the second tunnel ID, the one or more second security tunnels, and the one or more second pairs of inbound-outbound SAs as the local gateway for the first tunnel, the first tunnel ID, the one or more first security tunnels, and the one or more first pairs of inbound-outbound SAs;
(C)(i) the one or more first SAs being first pairs of inbound-outbound SAs and (ii) the one or more second SAs being second pairs of inbound-outbound SAs; 
(D)(i) the one or more first pairs of inbound-outbound SAs including one or more first inbound SAs and (ii) the one or more second pairs of inbound-outbound SAs including one or more second inbound SAs; 
(E)(i) wherein establishing the first tunnel comprises setting a first tunnel ID for the first tunnel and (ii) establishing the second tunnel comprises setting a second tunnel ID for the second tunnel; and 
(F)(i) wherein each of the one or more first inbound SAs indicates the first tunnel ID and (ii) each of the one or more second inbound SAs indicates the second tunnel ID.
(A)
AAPA discloses “IP security protocols are widely used to protect packets communicated between endpoints (EPs), such as over the Internet, between gateways, between data centers (e.g., on premises data centers, cloud data centers, etc.), within data centers, etc.”  AAPA ¶ 2.  AAPA, by disclosing that the IP security protocols described in paragraph 2 are “widely used,” then, at least suggests that the IP security protocols described in paragraph 2 are repeatable to protect packets communicated between a second set of gateways.  
In other words, AAPA at least suggests establishing, at a local gateway (“gateways” at ¶ 2; “tunnel endpoints” at ¶ 3), a second tunnel (“an IKE tunnel, which refers to a secure tunnel” at ¶ 2) with the peer gateway by engaging with the peer gateway in a tunnel creation according to a security protocol; and
establishing, at the local gateway, one or more second security tunnels (“IPSec tunnel” at ¶ 2) on the second tunnel (“secure tunnel that allows for the Eps to further establish an IPSec tunnel” at ¶ 2), the one or more second security tunnels being associated with one or more second security associations (SAs) (“an IPSec tunnel including security associations (SAs), between the endpoints” at ¶ 2; 
Moreover, it would have been obvious to one of ordinary skill in the art before the filing date of the invention for AAPA’s method to include establishing, at a local gateway, a second tunnel; and establishing, at the local gateway, one or more second security tunnels on the second tunnel, the one or more second security tunnels being associated with one or more second security associations (SAs) with the peer gateway as suggested by AAPA since “mere duplication of parts has no patentable significance unless a new and unexpected result is produced.”  Manual of Patent Examining Procedure (MPEP) § 2144.04 (9th ed. Rev. 08.2017, Jan. 2018) (citing In re Harza, 274 F.2d 669 (CCPA 1960)).
 (B)
Chan teaches a same gateway (fig. 6a, item 101) establishing first and second tunnels (15:43–52).
It would have been obvious to one of ordinary skill in the art before the filing date of the invention for AAPA’s local gateway to perform the above method-steps as taught by Chan to produce a more efficient system that does not rely on multiple devices to establish multiple tunnels.  Moreover, “the use of a one piece construction instead of the structure disclosed in [the prior art] would be merely a matter of obvious engineering choice.”  MPEP § 2144.04 (quoting In re Larson, 340 F.2d 965, 968 (CCPA 1965)).
(C) and (D)
Noehring teaches pairs of inbound-outbound SAs (“all active inbound and outbound SAs” at 4:43–44) including one or more inbound SAs.
It would have been obvious to one of ordinary skill in the art before the filing date of the invention for AAPA/Chen combination’s (1) one or more first SAs to be one or more first pairs of inbound-outbound SAs including one or more 
(E) and (F)
Forsberg teaches setting a tunnel ID for a tunnel (“a tunnel identifier of said tunneling protocol layer” at ¶ 13; ¶¶ 19, 23, 28, 30, 78) and each of the one or more SAs indicates the tunnel (“a tunnel identifier of said tunneling protocol layer is mapped to a security association” at ¶ 13; ¶¶ 19, 23, 28, 30, 78).
It would have been obvious to one of ordinary skill in the art before the filing date of the invention for the AAPA/Chen/Noehring combination’s (1) first tunnel establishment (“an IKE tunnel, which refers to a secure tunnel” at AAPA ¶ 2) to comprise setting a first tunnel ID for the first tunnel and the one or more first inbound SAs (SAs at AAPA ¶ 2; inbound SAs at Noehring 4:43–44) to indicate the tunnel ID and (2) second tunnel establishment to comprise setting a second tunnel ID for the second tunnel and the one or more second inbound SAs to indicate the second tunnel ID as taught by Forsberg “for securing a data packet on a network.”  Forsberg ¶ 9.
Regarding claim 7, AAPA teaches a computer system, comprising: a memory comprising executable instructions; and a processor in data communication with the memory and configured to execute the instructions to cause the computer system (AAPA at least suggests using such a computer system to perform the complex calculations disclosed in ¶¶ 2–6) to perform operations according to claim 1.  Thus, references/arguments equivalent to those present for claim 1 are equally applicable to claim 7.
Regarding claim 13, AAPA teaches a non-transitory computer readable medium having instructions stored thereon that, when executed by a computer 
Regarding claim 19, the AAPA/Chen/Noehring/Forsberg combination does not teach wherein each SA of the one or more first pairs of inbound-outbound SAs indicates the first tunnel ID, and wherein each SA of the one or more second pairs of inbound-outbound SAs indicates the second tunnel ID.
Forsberg teaches setting a tunnel ID for a tunnel (“a tunnel identifier of said tunneling protocol layer” at ¶ 13; ¶¶ 19, 23, 28, 30, 78) and each of the one or more SAs indicates the tunnel (“a tunnel identifier of said tunneling protocol layer is mapped to a security association” at ¶ 13; ¶¶ 19, 23, 28, 30, 78).
It would have been obvious to one of ordinary skill in the art before the filing date of the invention for each of the AAPA/Chen/Noehring/Forsberg combination’s SA of the one or more first pairs of inbound-outbound SAs to indicate the first tunnel ID and each of the AAPA/Chen/Noehring/Forsberg combination’s SA of the one or more second pairs of inbound-outbound SAs to indicate the second tunnel ID as taught by Forsberg “for securing a data packet on a network.”  Forsberg ¶ 9.
Regarding claims 20 and 21, claim 19 recites substantially similar features.  Thus, references/arguments equivalent to those present for claim 19 are equally applicable to claims 20 and 21.

Allowable Subject Matter
Claims 2–6, 8–12, 14–18, and 22 would be allowable if rewritten to include all of the limitations of the base claim and any intervening claims.
Regarding claim 2, AAPA teaches further comprising:

McGrew et al. (US 7,426,636 B1; filed June 2, 2003) teaches identifying an inbound SA from the one or more first inbound SAs based on the SPI value (2:65–3:12).  Moreover, Mercer et al. (US 7,496,748 B2; filed July 23, 2001) teaches identifying an inbound SA from the one or more first inbound SAs based on the SPI value (2:54–3:15).
Forsberg teaches determining that an identified inbound SA indicates a tunnel ID corresponding to a first tunnel (“a tunnel identifier of said tunneling protocol layer is mapped to a security association” at ¶ 13; ¶¶ 19, 23, 28, 30, 78).
The prior art of record, however, does not teach examining a bit in a bitmap, the bit corresponding to a first array element in a timestamp array associated with the first tunnel, wherein:
the timestamp array comprises one or more array elements;
each of the one or more array elements corresponds to a different tunnel established between the local gateway and the peer gateway;
the first array element corresponds to the first tunnel;
determining whether to record a timestamp in the first array element based on whether the bit is set;
upon determining the bit is not set, recording the timestamp in the first array element, the timestamp indicating a time at which the encrypted packet was received; and
upon determining the bit is set, refraining from recording the timestamp in the first array element.
Claims 8 and 14 by analogy.
Regarding claim 22, the prior art of record does not teach performing dead peer detection (DPD) for the first tunnel based on the one or more first inbound SAs indicating the first tunnel ID; and performing DPD for the second tunnel using the one or more second inbound SAs indicating the second tunnel ID.

Conclusion
Any inquiry concerning this communication or earlier communications from the Examiner should be directed to DAVID P. ZARKA whose telephone number is (703) 756-5746.  The Examiner can normally be reached Monday–Friday from 9:30AM–6PM ET.
If attempts to reach the Examiner by telephone are unsuccessful, the Examiner’s supervisor, Vivek Srivastava, can be reached at (571) 272-7304.  The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://portal.uspto.gov/external/portal.  Should you have questions about access to the Private PAIR system, contact the Electronic Business Center (EBC) at (866) 217-9197 (toll-free).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool.  To schedule http://www.uspto.gov/interviewpractice.
/DAVID P ZARKA/PATENT EXAMINER, Art Unit 2449