DETAILED ACTION
Response to Arguments
Applicant's arguments filed 08 April 2021 have been fully considered but they are not persuasive.
In response to applicant’s arguments that the cited references do not teach “transfer a network…the load balancer,” page 11, lines 21-22, the examiner respectfully disagrees.
Tiwari teaches a multi-core system that may be any type and form of system, appliance, device, or component.  The system includes one or more packet engines, a memory bus, one or more processing cores, a flow distributor, and network interface card (Fig. 5B).  The packet engine(s) can comprise any of the packet engine, network stack, encryption engine, SSL VPN connectivity, packet acceleration, and load balancing (Para. 203, 204).  
The hardware layer may include multiple processors for the central processing unit 262—a host processor, the processor 262 may include any of the processors 101, and the processor 262 or 262’ may include a multi-core processor (Para. 94, 108).  A multi-core processor combines two or more independent processors into a single package, often a single integrated circuit (IC) (Para. 103).
Instead of the functionality of the cores being deployed in the form of cores, the functionality may be deployed on a plurality of processors, such as a plurality of single core processors (Para. 211).  
The flow distributor distributes, forwards, routes, controls, and/or manages the distribution of packets among the cores and/or packet engine or VIPs running on the 
A Receive Side Scaler (RSS) or Receive Side Scaling (RSS) module in conjunction with the flow distributor may distribute data packets across the cores. The RSS module may generate hashes as sequence values including portions of the packets (e.g., header) including various hash types and support for parsing extension headers and distributing the packets across the cores using the hash result (Para. 72, 217, 218, 221-228).  
The flow distributor may also determine the source IP address, destination IP address, source port, and destination port associated with a data packet and forward the packet to a core based on the source IP address, destination IP address, source port, and destination port associated with a data packet matching the tuple specified by the rule (Para. 216, 231).
Tiwari further teaches the encryption engine and the encryption processor handles the processing of SSL or TLS packets (Para. 109, 119), at least one packet engine may comprise a packet engine, a network stack, and an encryption engine and perform SSL VPN connectivity (Para. 204), and each packet engine may have a separate memory pool for TCP and/or SSL connections (Para. 210).
Hartke teaches a transmitting/receiving system that includes a host system with a host CPU/chipset and a Network Protocol Offload Chip (NPOC) that includes an 

It should be noted that regarding the “host system” and “host processor” limitations of the claims, it is not clear as to what function either performs or where they are located.  The examiner suggests clarifying the functions that both the host system and host processor performs and where they are located.

It should be further noted that regarding the “a secure communication engine configured to transfer a network stack task from the chip processor to the host processor based on a redirect instruction received from the load balancer” of claim 1, there are no corresponding redirect instructions being generated and sent to be received in the independent claims.  The examiner suggests clarifying that a “redirect instruction” is generated and sent from the load balancer and then received by secure communication engine.

It should be further noted that regarding the “transferring a network stack task from the chip processor to the host processor based on a redirect instruction received 
Combining the references brings about a system that transfers a network stack task from the chip processor to the host processor based on a redirect instruction received from the load balancer.  Therefore, the aforementioned limitations are taught by the combination of the cited references.

Claim Interpretation
The following is the examiner’s interpretation and suggestions for portions of the claims:
It should be noted that regarding the “data load of one of the host processor and the chip processor is determined to be overloaded” limitations of claims 1 and 14, it is not clear as to what data load of the processor would be determined to be “overloaded.”  For example, the processor load being above a particular threshold would render the processor to be overloaded.  The examiner suggests clarifying the limitation.

It should be further noted that regarding the “turn on the load balancer” limitation of claim 10, it is unclear as to how the load balancer is turned on.  For example, turning on the load balancer may include powering-on the load balancer or may be interpreted to include the load balancer being activated to balance the loads.  The examiner suggests clarifying how the load balancer is turned on.

It should be further noted that regarding the “update packet header information of network packets to be redirected” limitation of claims 13 and 19, it is unclear as to whether the actual packet header is modified or if the header information that is parsed from the actual packet header is updated.  For example, the header information may be 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-3, 5-7, 10, 13-19 are rejected under 35 U.S.C. 103 as being unpatentable over Tiwari et al. (US 20160330075 A1) in view of Hartke et al. (US 6,983,382 B2).
Regarding claim 1, Tiwari teaches an integrated circuit (”computing device 100”/”hardware layer 206”; “the computing device 100 may include a multi-core microprocessor, combines two or more independent processors into a single package, often a single integrated circuit (IC)”, see ¶[0103]. See also ¶[0110] and FIGS. 1E, 1F and 2) comprising: 
a peripheral interface (“system bus 150”) configured to communicate with a host system comprising a host processor (“main processor 101” also referred to as “central processing unit  101”);  (“the main processor 101 communicates with cache memory 140 using the system bus 150…the processor 101 communicates with various I/O devices 130 via a local system bus 150. Various busses may be used to connect the central processing unit 101 to any of the I/O devices 130, including a VESA VL bus, an ISA bus, an EISA bus, a MicroChannel Architecture (MCA) bus, a PCI bus, a PCI-X bus, a PCI-Express bus, or a NuBus.”; see ¶[0096] and Fig. 1F);
a network adaptor (“network interface 118”/”network stack 267 (network ports 266)”) configured to receive network packets in a secure communication session (Network interface 118 may comprise a variety of network adapters/cards or any other device suitable for interfacing the computing device 100 to any type of network capable of communication, as discussed in ¶[0098]. Packets are received and transmitted via network ports 266 in communication with “network stack 267”, see ¶[0108], [0113] and [0122]. The appliance 200 provides a SSL VPN connection 280 between a client 102 and a server 106 and end-to-end secure transport layer connection for the client 102 between the two networks, thus packets can be received and transmitted on a secure connection, see ¶[0132]); 
a chip processor having one or more cores (“processor 262/262’/260(234)” also referred to as CPUs and/or cores (i.e., “processor/core 505” in “system 545”)); wherein the processor may be embodied on one or more integrated circuit chips (Para. 307); (“[T]he central processing unit 262 may perform the functions of the encryption processor 260 in a single processor… the processor 262 or 262′ comprises a multi-core processor”, see ¶[0108]. The hardware layer 206 of appliance 200 includes encryption processor 260, which performs functions related to any encryption protocol, such as the Secure Socket Layer (SSL) or Transport Layer Security (TLS) protocol as discussed in ¶[0109]. The encryption engine 234 handles the processing of any security related protocol (e.g., SSL or TLS) and encrypts and decrypts network packets, as discussed in ¶[0119]); and 
a load balancer, e.g. (it is an “appliance 200” functionality; “flow distributor 550” – “system 545”, which includes “flow distributor 550”, can be included in “appliance 200” as it demonstrates the capability of having N number of cores, see ¶[0203]), configured to, based on a notification that a data load of one of the host processor and the chip processor is determined to be overloaded, redirect the received network packets from an overloaded processor to the other processor of the host processor and the chip processor, e.g. redirect packets between processor 262/262’/260(234)” also referred to as CPUs and/or cores (i.e., “processor/core 505” in “system 545”) (“[F]low distributors 550 can determine how to balance load by communicating with each other… flow distributor 550′ can identify the load on an associated core and determine whether to forward a first data packet to the associated core based on any of the following criteria: the load on the associated core is above a predetermined threshold; the load on the associated core is below a predetermined threshold; the load on the associated core is less than the load on the other cores; or any other metric that can be used to determine where to forward data packets based in part on the amount of load on a processor.”, see ¶[0215]. Note that the flow distributor 550 identifies the load in a corresponding processor/core, and determines if load is above/below a predetermined threshold. The threshold can effectively be 100% (full load), thus flow distributor would consider “overload” as being above this threshold. See also ¶[0206] and ¶[0211-0215]); distributing work across the cores according to a particular function such as SSL encryption and decryption (Para. 186);
a secure communication engine, e.g. (“encryption engine 234” included in “packet engine 240/548”, see ¶[0188] and Figs. 2A and 5B), configured to transfer a network stack task from the chip processor to the host processor based on a redirect instruction received from the load balancer, e.g. (“distributing work across the cores 505 according to functional [task] parallelism 500, can comprise distributing network traffic according to a particular function such as network input/output management (NW I/O) 510A, secure sockets layer (SSL) encryption and decryption 510B and transmission control protocol (TCP) functions 510C”, see ¶[0186]; “For example, core 1 may perform network I/O processing for the appliance 200′ while core 2 performs TCP connection management for the appliance”, see ¶[0187]; “flow distributor 550 can be associated with a processor 505 or a packet engine 548.”, see ¶[0215]; “flow distributor 550” controls/manages distribution of packets among cores and/or packet engines and, as such, “flow distributor 550” is associated with “core/processor 505” and “packet engine 548”, see ¶[0214]-[0215]. “Flow distributor 550” can distribute network traffic according to a load balancing scheme, i.e. functional/task-, data- or flow-based parallelism distribution scheme, as discussed in ¶[0184]-[0188] and ¶[0216]); wherein the functionality of the cores may be deployed on a plurality of processors, such as a plurality of single core processors (Para. 211, 212),
wherein the load balancer includes a packet parser, e.g. an RSS driver/module or software steering module (Para. 217, 229), configured to:
evaluate header information of the received network packets, e.g. (Flow distributor 550 can comprise a Receive Side Scaler (RSS) or Receive Side Scaling (RSS) module 560 configured to, in conjunction with the flow distributor, distribute data packets across the cores. The RSS module may generate hashes as sequence values including portions of the packets (e.g., header) including various hash types and support for parsing extension headers (Para. 72, 217, 218, 221-226); determining the source IP address, destination IP address, source port, and destination port associated with a data packet (Para. 216, 231); and
determine, based on the evaluated header information, that the received network packets are part of particular network traffic, e.g. distributing data packets across the cores using the hash result (Para. 72, 217, 218, 227, 228); forwarding the packet to a core based on the source IP address, destination IP address, source port, and destination port associated with a data packet matching the tuple specified by the rule (Para. 216, 231), 
determine that the received network packets are part of transport layer security traffic or secure socket layer traffic, e.g. the encryption engine and the encryption processor handles the processing of SSL or TLS packets (Para. 109, 119); at least one packet engine may comprise a packet engine, a network stack, and an encryption engine and perform SSL VPN connectivity (Para. 204); each packet engine may have a separate memory pool for TCP and/or SSL connections (Para. 210), and
wherein the chip processor is configured to execute a secure communication software stack to process network packets in the secure communication session in response to a determination that the received network packets are part of transport layer security traffic or secure socket layer traffic, e.g. the encryption engine and the encryption processor may handle the processing of SSL or TLS packets (Para. 109, 119); at least one packet engine may comprise a packet engine, a network stack, and an encryption engine and perform SSL VPN connectivity (Para. 204); each packet engine may have a separate memory pool for TCP and/or SSL connections (Para. 210).
Tiwari does not clearly teach determining, based on the evaluated header information, that the received network packets are part of transport layer security traffic or secure socket layer traffic.
Hartke teaches an integrated circuit, i.e. a Network Protocol Offload Chip (NPOC) (Fig. 6, el. 600; Fig. 8, el. 800; Fig. 9, el. 900; Fig. 11, el. 1115), comprising: 
a peripheral interface, e.g. a system interface (Fig. 8, el. 806; Fig. 11, el. 1106), configured to communicate with a host system comprising a host processor, i.e. a host system that includes a host CPU/chipset (Fig. 6, el. 606; Fig. 8, el. 815; Fig. 9, el. 906; Fig. 11, el. 1100); 
a network adaptor configured to receive network packets in a secure communication session, i.e. a network interface (Fig. 6, el. 601; Fig. 8, el. 814; Fig. 9, el. 901; Fig. 11, el. 1114), e.g. wherein the network interface may receive SSL or TLS packets (Col. 2, lines 18-37); 
a chip processor having one or more cores, e.g. TCP/IP processors (Fig. 6, el. 605; Fig. 8, el. 805; Fig. 9, el. 905; Fig. 11, el. 1108); crypto accelerator (Fig. 6, el. 602; Fig. 8, el. 811; Fig. 9, el. 902; Fig. 11, el. 1105); and 
a packet parser configured to: evaluate header information of received network packets, and determine, based on the evaluated header information, that the received network packets are part of transport layer security traffic or secure socket layer traffic, e.g. performing TCP/IP processing and determining whether the packet requires SSL processing based on information revealed during the processing (Col. 5, lines 13-56; Col. 6, lines 51-64; Col. 9, lines 12-29; Col. 10, lines 11-29); based on the destination port being assigned to a secure SSL connection (Col. 5, lines 41-43); based on information revealed from the TCP/IP headers (Col. 10, lines 21-23); and 
wherein the chip processor is configured to execute a secure communication software stack to process network packets in the secure communication session in response to a determination that the received network packets are part of transport layer security traffic or secure socket layer traffic, e.g. sending, by the TCP/IP processors, the SSL packets to the acceleration device in response to determining the packets are SSL and processing the SSL packets at the acceleration device (Col. 5, lines 35-56; Col. 7, lines 3-17; Col. 9, lines 29-43; Col. 10, lines 29-46).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Tiwari to include determining, based on the evaluated header information, that the received network packets are part of transport layer security traffic or secure socket layer traffic, using the known method of performing TCP/IP processing and determining whether the packet requires SSL processing based on information revealed during the processing such as the destination port being assigned to a secure SSL connection or based on information revealed from the TCP/IP headers, as taught by Hartke, in combination with the secure packet processing system of Tiwari for the purpose of accelerating SSL processing by minimizing usage of system resources (Hartke-Col. 3, lines 59-67).

wherein the chip processor is further configured to generate data load information of the chip processor, e.g. (Tiwari-“system 545 comprises one or more flow distributors 550, each flow distributor 550 can be associated with a processor 505 or a packet engine 548. The flow distributors 550 can comprise an interface mechanism that allows each flow distributor 550 to communicate with the other flow distributors 550 executing within the system 545. In one instance, the one or more flow distributors 550 can determine how to balance load by communicating with each other.”– the flow distributor 550 identifies the load in a corresponding processor/core, see ¶[0215]), 
wherein the data load information is provided to a scheduler, e.g. (Tiwari-“arbiter”), to make a scheduling decision that is based on a data load of the host processor and a data load of the chip processor, e.g. (“The flow distributor may use any type and form of statistical or probabilistic algorithms or decision making to balance the flows across the cores.”, see (Tiwari-Para. 214); “one or more flow distributors 550 can determine how to balance load by communicating with each other…a first flow distributor 550′ can identify the load on an associated core and determine whether to forward a first data packet to the associated core based on… a predetermined threshold… or any other metric that can be used to determine where to forward data packets based in part on the amount of load on a processor.” – the flow distributor(s) 550 identify(ies) the load in a corresponding processor/core, and can submit this information to an arbiter to determine (make a decision) as to which flow distributor (in a core) should receive the packet (Tiwari-Para. 215); the arbiter makes a decision in terms of the “votes” or information sent by the flow distributors in each core which is associated with the current amount of load in a corresponding core, as discussed in (Tiwari-Para. 206).

Regarding claim 3, Tiwari in view of Hartke teaches wherein the load balancer is further configured to acquire the notification in response to the scheduling decision, e.g. (“the one or more flow distributors 550 can determine how to balance load by communicating with each other. This process can operate substantially similarly to the process described above (Tiwari-Para. 206) for submitting votes to an arbiter which then determines which flow distributor 550 should receive the load.”, the flow distributor may receive the determination from the arbiter, (Tiwari-Para. 215).

Regarding claim 5, Tiwari in view of Hartke teaches wherein the load balancer is further configured to allow the secure communication engine, e.g. (Tiwari-“encryption engine 234” included in “packet engine 240/548”, see ¶[0204] and Figs. 2A and 5B), to provide a software stack task to the host processor based on a determination that the data load of the chip processor is overloaded, e.g. (Tiwari-“the encryption engine 234 provides offloading and acceleration of SSL processing”, see ¶[0119]; “In the case of the functional [task] parallelism approach, each core may be configured to run one or more functionalities of the plurality of functionalities provided by the packet engine or VIP of the appliance. For example, core 1 may perform network I/O processing for the appliance 200′ while core 2 performs TCP connection management for the appliance. Likewise, core 3 may perform SSL offloading while core 4 may perform layer 7 or application layer processing and traffic management…division by function may lead to different cores running at different levels of performance or load 515”, see ¶[0187]).

Regarding claim 6, Tiwari in view of Hartke teaches further comprising a first controller, e.g. (Tiwari-“memory bus 556”), on the chip processor configured to enable connectivity of the chip processor to the host processor for transferring the network stack task, e.g. (Tiwari-“The system 545 can further include one or more packet engines (PE) or packet processing engines (PPE) 548A-N communicating with a memory bus 556. The memory bus may be used to communicate with the one or more processing cores 505A-N.”, see ¶[0203]; “the memory bus 556 can be any type and form of memory or computer bus. While a single memory bus 556 is depicted in FIG. 5B, the system 545 can comprise any number of memory buses 556. In one embodiment, each packet engine 548 can be associated with one or more individual memory buses 556.”, see ¶[0208]).

Regarding claim 7, Tiwari in view of Hartke teaches further comprising a second controller on the chip processor configured to permit the chip processor additional memory capacity provided by a peripheral interface card on the chip processor, e.g. (Tiwari-“Various busses may be used to connect the central processing unit 101 to any of the I/O devices 130, including a VESA VL bus, an ISA bus, an EISA bus, a MicroChannel Architecture (MCA) bus, a PCI bus, a PCI-X bus, a PCI-Express bus, or a NuBus.”, as well as communicating with main memory, such as SRAM or DRAM via a memory port, see ¶[0096]; “The system 545 can further include one or more packet engines (PE) or packet processing engines (PPE) 548A-N communicating with a memory bus 556. The memory bus may be used to communicate with the one or more processing cores 505A-N.”, see ¶[0203]; “the memory bus 556 can be any type and form of memory or computer bus. While a single memory bus 556 is depicted in FIG. 5B, the system 545 can comprise any number of memory buses 556. In one embodiment, each packet engine 548 can be associated with one or more individual memory buses 556.”, see ¶[0208]. In addition, cores have accessed to a “global cache 580” which “can be any type and form of memory or storage element” (see ¶[0236]) and is used, among other things, to “store network traffic or cache data. In some embodiments, the packet engines of the core use the global cache to cache and use data stored by the plurality of packet engines”, see ¶[0237]).

Regarding claim 10, Tiwari in view of Hartke teaches further comprising a software-defined network (SDN) controller configured to turn on the load balancer to start receiving network traffic from the network adapter, e.g. (Tiwari-“The present disclosure relates to an ADC configuration solution that allows any SDN controller, for example, Cisco Application Centric Infrastructure (ACI), to configure the entire feature set of the ADC in a simplified way.” – appliance 200 is an ADC, see ¶[0012]; “the policy engine 236 may comprise any logic, rules, functions or operations to determine and provide access, control and management of objects, data or content being cached by the appliance 200 in addition to access, control and management of security, network traffic, network access, compression or any other function or operation performed by the appliance 200”, see ¶[0118]; “appliance 200 controls the flow of network traffic and communication sessions based on policies of the policy engine 236”, see ¶[0130]; “flow distributor may operate responsive to any one or more rules or policies”, see ¶[0231]; “the SDN controller can control communications between the device 702, the client devices 710, and the servers 715 according to policies associated with the applications of the SDN controller.”, see ¶[0277]; integrating the ADC/appliance with the SDN controller (Para. 277).)

Regarding claim 13, Tiwari in view of Hartke teaches wherein the load balancer is further configured to in response to a determination that the received network packets are part of the secure communication session, e.g. the encryption engine and the encryption processor handles the processing of SSL or TLS packets (Tiwari-Para. 109, 119); at least one packet engine may comprise a packet engine, a network stack, and an encryption engine and perform SSL VPN connectivity (Tiwari-Para. 204); each packet engine may have a separate memory pool for TCP and/or SSL connections (Tiwari-Para. 210); performing TCP/IP processing and determining whether the packet requires SSL processing based on information revealed during the processing (Hartke-Col. 5, lines 13-56; Col. 6, lines 51-64; Col. 9, lines 12-29; Col. 10, lines 11-29); based on the destination port being assigned to a secure SSL connection (Hartke-Col. 5, lines 41-43); based on information revealed from the TCP/IP headers (Hartke-Col. 10, lines 21-23), and
a determination that the secure communication session is part of a new connection, e.g. matching the hash result in the indirection table (Tiwari-Para. 228); maintaining a TCP table that contains the source IP address, destination IP address, source port, and destination port for established secure connections (Hartke-Col. 2, line 66-Col. 3, line 12); using the TCP table to lookup the TCP packet and determine whether it is a secure connection (Hartke-Col. 5, lines 36-50), 
update packet header information of network packets to be redirected, e.g. information in a packet header can be modified according to a configuration policy; redirecting packets to different destinations (Tiwari-Para. 306).

Regarding claim 14, the claim is analyzed with respect to claims 1 and 2.

Regarding claim 15, the claim is analyzed with respect to claims 2 and 3.

Regarding claim 16, the claim is analyzed with respect to claim 1.

Regarding claim 17, Tiwari in view of Hartke teaches wherein the evaluated header information is associated with at least one of destination MAC address, destination IP address associated with the chip processor, a source port, and a destination port, e.g. maintaining a TCP table that contains the source IP address, destination IP address, source port, and destination port for established secure connections (Hartke-Col. 2, line 66-Col. 3, line 12); using the TCP table to lookup the TCP packet and determine whether it is a secure connection (Hartke-Col. 5, lines 36-50); based on the destination port being assigned to a secure SSL connection (Hartke-Col. 5, lines 41-43); based on information revealed from the TCP/IP headers (Hartke-Col. 10, lines 21-23). 

Regarding claim 18, Tiwari in view of Hartke teaches further comprising:  determining whether the secure communication session is part of a new connection based on the header information of the received network packets, e.g. matching a hash result in the indirection table (Tiwari-Para. 228); maintaining a TCP table that contains the source IP address, destination IP address, source port, and destination port for established secure connections (Hartke-Col. 2, line 66-Col. 3, line 12); using the TCP table to lookup the TCP packet and determine whether it is a secure connection (Hartke-Col. 5, lines 36-50).

Regarding claim 19, the claim is analyzed with respect to claim 13.

Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over Tiwari in view of Hartke and further in view of Bilski et al. (US 20190303347 A1), hereinafter referred to as Bilski.
Regarding claim 8, Tiwari in view of Hartke teaches all elements of claim 1.
Tiwari in view of Hartke further teaches wherein the secure communication engine, e.g. (Tiwari-“encryption engine 234”), comprises one or more sequencers configured to control cipher operations, e.g. (Tiwari-“The encryption engine 234 comprises any logic, business rules, functions or operations for handling the processing of any security related protocol, such as SSL or TLS, or any function related thereto. For example, the encryption engine 234 encrypts and decrypts network packets, or any portion thereof, communicated via the appliance 200. The encryption engine 234 may also setup or establish SSL or TLS connections on behalf of the client 102 a-102 n, server 106 a-106 n, or appliance 200. As such, the encryption engine 234 provides offloading and acceleration of SSL processing.”, see ¶[0119]).
Tiwari in view of Hartke does not clearly teach wherein the secure communication engine comprises a plurality of tiles comprising one or more operation modules to assist with the cipher operations.
However, in the same field of endeavor, Bilski discloses an integrated circuit, wherein the secure communication engine comprises a plurality of tiles comprising one or more operation modules, e.g. (“scalar processor 612” and “vector processor 614”) to assist with the cipher operations, e.g. (“The DPE array 105 includes a plurality of data processing engines (DPEs) 110 that may be arranged in a grid, cluster, or checkerboard pattern in the device 100.”, see ¶[0021], and “DPEs 110 could be cryptographic engines” (¶[0022]); tile circuit “DPE 110” in Fig. 2 comprises “core 202” which includes “compute circuitry 203” (see ¶[0035]) “The compute circuitry 203 includes a scalar processor 612 and a vector processor 614. The scalar processor 612 is configured to perform scalar arithmetic, including signed and unsigned multiplication, add/subtract, shifts, compares, and logical operations, elementary functions, such as square-root, sine/cosine, and the like. The vector processor 614 is configured to perform vector arithmetic, including permute functions, pre-addition functions, multiplication functions, post-addition functions, accumulation functions, shift, round and saturate functions, upshift functions, and the like. The vector processor 614 supports multiple precisions for complex and real operands. The vector processor 614 can include both fixed-point and floating-point data paths.”, see ¶[0051]).
Bilski. One would have been motivated to make such a combination to enhance function, task, or operation distribution in order to process cryptography-related functions in a more efficient manner.

Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over Tiwari in view of Hartke in view of Bilski and further in view of Chauhan et al. (US 20180103018 A1), hereinafter referred to as Chauhan.
Regarding claim 9, Tiwari in view of Hartke in view of Bilski teaches all elements of claims 1 and 8.
Tiwari in view of Hartke in view of Bilski further teaches wherein each of the one or more sequencers are configured to accept an acceleration request obtained from the load balancer and fetch cipher parameters of the request, e.g. (Tiwari-“The encryption engine 234 comprises any logic, business rules, functions or operations for handling the processing of any security related protocol, such as SSL or TLS, or any function related thereto. For example, the encryption engine 234 encrypts and decrypts network packets, or any portion thereof, communicated via the appliance 200. The encryption engine 234 may also setup or establish SSL or TLS connections on behalf of the client 102 a-102 n, server 106 a-106 n, or appliance 200. As such, the encryption engine 234 provides offloading and acceleration of SSL processing.”, see ¶[0119]).
Tiwari in view of Hartke in view of Bilski does not clearly teach wherein each of the one or more sequencers are configured to break cipher operations into one or more arithmetic operations; and send each of the one or more arithmetic operations to the plurality of tiles for execution.
However, in the same field of endeavor, Chauhan teaches one or more sequencers are configured to break cipher operations into one or more arithmetic operations; and send each of the one or more arithmetic operations to the plurality of tiles for execution, e.g. (“The packet engine 1105 may identify a sequence of cryptographic operations to be executed for performing the cryptographic function at the device 200. The sequence of cryptographic operations may include, for example, applying exclusive-or (XORs) to individual bits, performing modulus divisions, generating pseudo-random numbers, sets of cryptographic sub-processes, or combinations thereof, among others. In some embodiments, a first subset of the sequence of cryptographic operations may be order-dependent. In some embodiments, a second subset of the sequence of cryptographic operations may be order-independent…the packet engine 1105 may have identified the cryptographic function as a handshake between the client 102 a-n and the server 106 a-n via the device 200 in accordance to an elliptic curve Diffie-Hellman using an ephemeral key, RSA with a 2048 bit key signature, AES, and TLS protocol (ECDHE-RSA-2K-AES-TLS)…the packet engine 1105 may also determine constituent sub-processes to each step of the sequence of cryptographic operations. The sequence of cryptographic operations may then be performed by the one or more cryptographic processing hardware 1115 a-n.”, emphasis added, see ¶[0327] -- the packet engine identifies a sequence of cryptographic operations to perform functions (i.e., RSA, DH, AES & EC) that may include performing modulus divisions, generating pseudo-random numbers, sets of cryptographic sub-processes, among others, and then the sequence of cryptographic operations are performed by a plurality of cryptographic processors (1115 A-N) included in appliance 200).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system in Tiwari in view of Hartke in view of Bilski to include one or more sequencers configured to break cipher operations into one or more arithmetic operations; and send each of the one or more arithmetic operations to the plurality of tiles for execution as taught by Chauhan. One would have been motivated to make such a combination “to leverage on specialized hardware as well as other available resources to meet the demands of cryptographic operations in an efficient manner” (Chauhan, ¶[0002]).

Claim 20 is rejected under 35 U.S.C. 103 as being unpatentable over Tiwari in view of Hartke and further in further view of Wang et al. (US 20100085975 A1), hereinafter referred to as Wang ’975.
Regarding claim 20, Tiwari in view of Hartke teach all elements of claims 14 and 19.
Tiwari in view of Hartke further teaches updating packet header information of network packets to be redirected, e.g. information in a packet header can be modified according to a configuration policy; redirecting packets to different destinations (Tiwari-Para. 306).
Tiwari in view of Hartke does not explicitly teach updating packet header information of network packets to be redirected comprises updating at least one of destination IP address and destination MAC address of overloaded processor to at least one of destination IP address and destination MAC address of the other processor.
However, Wang ‘975 teaches updating packet header information of network packets to be redirected comprises updating at least one of destination IP address and destination MAC address of overloaded processor to at least one of destination IP address and destination MAC address of the other processor, e.g. (“virtual network flow engine 624 informs the virtual network interface manager 628 of computing device 600 that a new session has been detected”, see  ¶[0052]; “If a new session is detected, virtual network interface manager 628 launches the link negotiation process…If the packet is associated with a session which has an entry in the session table, the virtual network interface 626 uses that entry to route the packet to the destination by passing the packet to the appropriate physical network interface 69…the virtual network interface 626 might also have to change the destination and source MAC address in the packet header to reflect the fact that a different physical interface is now used to transfer the data”, see ¶[0053]  -- in other words, the destination and source MAC address in the packet header are modified (updated) to reflect the fact that a different physical interface is now used to transfer the data when a new session is detected).
enable dynamic modification of network communications based on detected and/or predefined parameters” (Wang ‘975, ¶[0035]).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Hass et al. (US 2009/0201935 A1)—Hass discloses a method of load-balancing and redirecting interrupts across multiple CPUs/cores (Para. 97).

Hydrie et al. (US 2004/0267920 A1)—Hydrie discloses a method of load-balancing by transferring instructions from a device that executes host functionality to another device that does not execute host functionality (Claim 35).

THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  


Any inquiry concerning this communication or earlier communications from the examiner should be directed to JEREMY DUFFIELD whose telephone number is (571)270-1643.  The examiner can normally be reached on Monday - Friday, 7:00 AM - 3:00 PM (ET).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on (571) 272-8878.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  





23 August 2021
/Jeremy S Duffield/           Primary Examiner, Art Unit 2498