DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This action is response to the application filed on 02/27/2020. Claims 1-20 are pending and herein considered. 
Priority
Receipt is acknowledged of certified copies of papers required by 37 CFR 1.55.
Oath/Declaration
The receipt of oath/declaration is acknowledge.
Drawings
The drawings were received on 02/27/2020. These drawings are reviewed and accepted by the Examiner.
Specification
The lengthy specification has not been checked to the extent necessary to determine the presence of all possible minor errors. Applicant’s cooperation is requested in correcting any errors of which applicant may become aware in the specification.
Information Disclosure Statement
The information disclosure statement (IDS), submitted on 11/03/2020 and 01/20/2021, are in compliance with the provisions of 37 CRR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.
Claim Objections
Claim 1, 9 and 17 are objected to because of the following informalities:
. Appropriate correction is required. 
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1, 4, 6, 9, 12, 14, 17 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Roch (U.S 2016/0212098) in view of Hu (U.S 2016/0057108) further in view of IEEE: Shin Muramatsu, R.Kawashima, S.SaitoandH.Matsuo, "VSE: Virtual Switch Extension for Adaptive CPU Core Assignment in Softirg, "2014 IEEE 6th International Conference on Cloud Computing Technology and Science, Singapore, 2014, pp. 923-928. doi: 10.1109/CloudCom.2014.68 (Year:2014); hereinafter “Shin-IEEE”.
For claim 1: 
Roch discloses a method for deterministic load balancing of processing received encapsulated encrypted data packets at a destination tunnel endpoint (TEP) (see Roch, at least abstract, figure 3), comprising: 
engaging in a tunnel creation according to a security protocol with a source TEP for encrypting data packets communicated between a source endpoint and a destination endpoint (see Roch, at least paragraph [0027]; [0037]; [0042]; establish an IPsec tunnel with an IP sec endpoint and the IPsec tunnel may be used to authenticate and/or encrypt data transmitted between the tunnel endpoints); 
selecting a CPU from a plurality of CPUs of the destination TEP using a CPU selection function (see Roch, at least paragraph [0031]; [0042]; the selection criteria used by the load balancer may vary. For example, the load balancer may select endpoints in a round-robin fashion, or based on a processing load of one or more of the endpoints), the selected CPU being selected to process packets communicated over the tunnel from the source TEP to the destination TEP (see Roch, at least paragraph [0031]; [0042]; [0034]-[0039]; determines one of a plurality of IPsec endpoints to forward the packets and can select one of the plurality of IPsec endpoints according to a selection criteria); 
determining an identifier associated with a receive side scaling (RSS) queue associated with the selected CPU; 
generating a security parameter index (SPI) value including the identifier (see Roch, at least paragraph [0034]; [0045]); 
(see Roch, at least paragraph [0034]; a source IP that a packet was received from, a security parameter identifier (SPI) of the packet as well as the endpoint that should be used for processing packets having the same source IP and SPI., [0036]-[0037], [0042], [0045], [0049], [0051]; different SPI values and initiate encrypted communication using SPI value); 
establishing an in-bound security association with the source TEP using the SPI value; receiving an encrypted packet from the source TEP (see Roch, at least paragraph [0036]; [0037]-[0038];[ 0042]; [0045]; establish IPsec tunnel and SPI value, and initiate encrypted communication using SPI value), wherein: the encrypted packet is encrypted by the source TEP based on the in-bound security association; and the encrypted packet includes the SPI value; and processing the encrypted packet using the selected CPU for, based on the SPI value including the identifier (see Roch, at least paragraph [0027]; [0031]; [0034]; [0042]; the selection criteria used by the load balancer may vary. For example, the load balancer may select endpoints in a round-robin fashion, or based on a processing load of one or more of the endpoints).
Roch does not explicitly disclose generating a security parameter index (SPI) value including the identifier.
Hu, from the same or similar fields of endeavor, disclose the selection methodology utilizes operating information associated with the various IPsec processing units to distribute the load of processing the various IPsec tunnels across the available processing units and 
Therefore, it would have been obvious statement before the effective filing date of the claimed invention to have a system comprises a method as taught by Hu. The motivation for doing this is to provide a system networks to include selecting a processing unit and selecting a SPI value based on the processing unit in order to (see Hu, figure 2, at least paragraph [0006]-[0013]; [0016]; [0019]; [0028]; [0033]-[0034]; [0043]).
Roch-Hu does not explicitly disclose determining an identifier associated with a receive side scaling (RSS) queue associated with the selected CPU; 
Shin-IEEE, from the same or similar fields of endeavor, disclose Receive Side Scaling (RSS) and FlowDirector provide multi-queue functions that alter CPU cores to be interrupted by the hardware NIC based on the received packet headers and RSS, RPS also simply determines CPU cores to interrupt based on hash values calculated
from received packet headers (see Shin, figures1, 6, abstract, at least section I, II, IV).
Therefore, it would have been obvious statement before the effective filing date of the claimed invention to have a system comprises a method as taught by Shin-IEEE. The motivation for doing this is to provide a system networks can improve performance of virtual networks by distributing heavy packet processing load on adequate CPU cores, which is useful for some datacenter systems adopting grading system.
For claims 4, 12 and 20:
In addition to rejection in claims 4, 12 and 20, further disclose wherein the CPU selection function uses a round-robin algorithm (see Roch, at least paragraph [0031]; [0042]; the selection criteria used by the load balancer 302 may vary. For example, the load balancer may select endpoints in a round-robin fashion, or based on a processing load of one or more of the endpoints) or (see Hu, at least paragraph [0033]; IPsec processing unit may be selected using any of a number of allocation methodologies, such as a weighted Round Robin algorithm).
For claims 6 and 14: 
In addition to rejection in claims 6 and 14, Roch-Hu-Shin-IEEE further discloses wherein generating the SPI value further comprises: generating a second SPI value (see Roch, at least paragraph [0045]) and replacing a number of bits in the second SPI value with bits of the identifier to generate the SPI value (see Roch, at least paragraph [0035]-[0038]). 
For claim 9: 
For claim 9, claim 9 is directed to a computer system which has similar scope as claim 1. Therefore, claim 9 remains un-patentable for the same reasons.
For claim 17: 
For claim 17, claim 17 is directed to a non-transitory computer readable medium which has similar scope as claim 1. Therefore, claim 17 remains un-patentable for the same reasons.
Claims 2, 10 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Roch (U.S 2016/0212098) in view of Hu (U.S 2016/0057108) further in view of Marck et al. (U.S 2018/0054458).
For claims 2, 10 and 18: 
In addition to rejection in claims 2, 10 and 18, Roch-Hu-Shin-IEEE does not explicitly disclose wherein the CPU selection function uses a CPU utilization level of each of the plurality of CPUs as input.
Marck, from the same or similar fields of endeavor, disclose the telemetry information can include physical or virtual component utilization levels, such as CPU utilization levels (see Marck, at least paragraph [0033]). 
before the effective filing date of the claimed invention to have a system comprises a method as taught by Marck. The motivation for doing this is to provide a system networks in order to maintain a desired service level for the products and services provided by the network.
Claims 3, 11 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Roch (U.S 2016/0212098) in view of Hu (U.S 2016/0057108) further in view of Menachem et al. (U.S 2019/0190892).
For claims 3, 11 and 19: 
In addition to rejection in claims 3, 11 and 19, Roch-Hu-Shin-IEEE does not explicitly disclose wherein the CPU selection function uses a security association count of each of the plurality of CPUs as input.
Menachem, from the same or similar fields of endeavor, disclose the IPsec endpoints are supposed to maintain a count of data transmitted using the current SA, and then negotiate a new SA when the count reaches a predefined limit (see Menachem, at least paragraph [0015]; [0028]; [0080]).
Therefore, it would have been obvious statement before the effective filing date of the claimed invention to have a system comprises a method as taught by Menachem. The motivation for doing this is to provide a system networks in order to provide improved apparatus and methods for offload of security-related functions to hardware logic.
Allowable Subject Matter
Claims 5. 7-8, 13, 15 and 16 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in all independents form including all of the limitations of the base claim and any intervening claims and if rewritten or amended to overcome any objection claims set forth in this Office action.
Conclusion
The prior arts made or record and not relied upon are considered pertinent to applicant's disclosures. Xiong et al. (U.S 2020/0351254) discloses processing the data packets of outgoing IP traffic, the dispatcher 402 may determine the ESP/AH sequence number. More particularly, the dispatcher 402 may assign an appropriate ESP/AH sequence number to a data packet based on the 5-tuple of the data packet (source IP address, destination IP address, source port, destination port, protocol type). 
Saeki (U.S 2017/0063979) discloses a CPU associated with a virtual CPU of a plurality of virtual CPUs residing in a destination tunnel endpoint.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to LAN-HUONG TRUONG whose telephone number is (571) 270-5829. The examiner can normally be reached on Monday-Friday 8am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ricky Ngo can be reached on 571-272-3139.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private 
/LAN-HUONG TRUONG/Primary Examiner, Art Unit 2464  
09/11/2021