DETAILED ACTION
Notice of AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
In light of the applicant ‘amendment filed 07/06/2021, the specification objection has been withdrawn.
 In light of the applicant ‘amendment filed 07/06/2021, the claim objection has been withdrawn.
The amendment filed on 07/06/2021 has been entered and fully considered.

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in an electronic communication with Michael Maicher (Registration Number 75,417) on August 02, 2021.
Please replace the claims as follows: 

(Currently Amended) A router comprising:
a physical network interface including a first set of network ports and a second set of network ports;
a logical interface mapped to the physical network interface including a first set of logical ports and a second set of logical ports; 
memory;
run a first virtual machine, wherein the first virtual machine is configured to establish a first IP security (IPSEC) Virtual Private Network (VPN) and receive data from an external source at the first set of network ports, apply a first encryption to the data to generate one layer encrypted data, and send the one layer encrypted data to the logical interface at the first set of logical ports; and
the processor and memory are further configured to run a second virtual machine with the logical network interface, wherein the second virtual machine is configured to establish a second IPSEC VPN and receive the encrypted data at the first set of logical ports, apply a second encryption to the one layer encrypted data to generate two layer encrypted data, and send the two layer encrypted data from the second set of logical ports to the second set of network ports.


8. (Currently Amended) A method for a router, comprising:
receiving data at a first set of network ports of a physical network interface of the router;
processing the data by a first virtual machine run by the router, wherein the processing by the first virtual machine comprises  applying a first layer of encryption to the data to generate one layer encrypted data;
forwarding the one layer encrypted datasecond virtual machine run by the router;
processing the one layer encrypted data by the second virtual machine, wherein the processing by the second virtual machine comprises  applying a second encryption to the one layer encrypted data to generate two layer encrypted data;
sending the two layer encrypted data 


9. (Canceled)



a plurality of physical network ports;
a plurality of logical network ports dynamically mapped to the plurality of physical network  ports; 
encrypted memory;
a processor operatively connected to the encrypted memory and the plurality of physical network ports, the processor and encrypted memory configured to operate firmware configured to run a virtual machine 
 the virtual machine is configured to receive 
the functions, wherein a first virtual function is configured to receive and apply a first encryption to the data to generate one layer encrypted data, and send the one layer encrypted data to the first logical network port;  
the the one layer encrypted data and apply a second encryption to the one layer encrypted data to generate two layer encrypted data
the virtual machine further configure to forward the two layer encrypted data from the second logical network port to a second physical network port or another virtual machine logical port.


Allowable Subject Matter
Claims 1-6, 8, 10-13 and 15-22 are allowed.
The following is a statement of reasons for the indication of allowable subject matter:  In interpreting the currently amended claims, in light of the specification as well arguments presented in .
The present invention is directed a method which a router may receive, process, and forward data packets between a physical network interface and a logical network interface using two layer of encryption by two routers services. The closest prior arts, as previously recited, Bugenhagen (U.S. Pub. Number 2017/0097842) teaches communications between a host computing system and client devices coupled to one or more ports for implementing communications between two or more virtual machines and client devices coupled to one or more ports via a VM-to-Port peripheral device driver; OR a newly cite reference, DelRegno (U.S. Pub. Number 2010/0061366) discloses systems for permitting the exchange of messages between the logical routers and a shared forwarding plane couples to one or more ports to process packets received over these ports by determining addressing information for destination nodes or devices; OR newly cite reference, Bansal (U.S. Pub. Number 2017/0317972) discloses logical router connects a set of logical forwarding elements to which virtual machines logically attach. Each logical forwarding element  represents a particular set of IP addresses such as a subnet, and is implemented in the managed network across a set of managed forwarding elements to which the virtual machines physically connect (e.g., through virtual interfaces); OR newly cite reference, Agarwal(U.S. Pub. Number 2017/0005942) teaches multiple managed physical routing element (MPREs) for multiple different logical routing elements (LREs) and a controller agent receives control plane messages and delivers network data to and from the physical NIC and a virtualization software serves as the interface between the hosted VMs and the physical NIC. Each of the VMs includes a virtual NIC (VNIC) for accessing the network through the virtualization software. Each VNIC in a VM is responsible for exchanging packets between the VM and the virtualization software. 
However, none of Bugenhagen, DelRegno, Bansal and Agarwal teaches or suggests, alone or in combination, the particular combinations of steps or elements as recited in the independent claim 1. For 
	Thus the prior art, when taken individually or in combination, does not fairly teach or suggest the limitations as a whole set forth in claims 1, 8 and 19, thus the claim is considered allowable. The dependent claims which further limit claims 1, 8 and 19 are also allowed by virtue of their dependency.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
Any inquiry concerning this communication or earlier communications from the examiner should be directed to VU V TRAN whose telephone number is (571)270-1708.  The examiner can normally be reached on M-F, 8 AM- 4 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 571-272-3972.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained 
/VU V TRAN/             Examiner, Art Unit 2491