DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This action is in response to the communication filed on November 14, 2019.

Remarks
Pending claims for reconsideration are claims 1-8, 12-21, and 25. Applicant has
Canceled claims 9-11, and 22-24.

Double Patenting 
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees.  A nonstatutory double patenting rejection is appropriate where the claims at issue are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).

The USPTO internet Web site contains terminal disclaimer forms which may be used.  Please visit http://www.uspto.gov/forms/.  The filing date of the application will determine what form should be used.  A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission.  For more information about eTerminal Disclaimers, refer to http://www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.  

Claims 1-3, 5-8, 12-21, and 25 are rejected under the judicially created doctrine of obviousness-type double patenting as being unpatentable over claims 1-7, 9-12, 15-20, and 22 of U.S. Patent No. 10,505,891. Although the conflicting claims are not identical, they are not patentably distinct from each other because all the limitations of claims 1-3, 5-8, 12-21, and 25 of this instant application are found in claims 1-7, 9-12, 15-20, and 22 of the patent No. 10,505,891. Therefore, claims 1-3, 5-8, 12-21, and 25 of this instant application are anticipated by claims 1-7, 9-12, 15-20, and 22 of Patent 10,505,891, because all the limitation of broader genus claims of this instant application are contained in the narrower species claims of Patent 10,505,891.

Application No.16/684376
Patent No. 10,505,891
1. A method for securing communication of data messages of a particular machine comprising a dynamic first level address, the method comprising: 






identifying a fixed second level address for a particular data message, wherein the fixed second level address is associated with an interface of the particular machine; 

based on the fixed second level address, identifying a set of security policies for securing the communication of the particular data message; and 
applying the set of security policies to the particular data message.
1. A method for securing communication of data messages of a particular machine in a network, the particular machine comprising a dynamic first level address, the method comprising:
 based on the dynamic first level address, determining whether an encryption method and encryption key are identifiable for a particular data message; when no encryption method and encryption key are identifiable based on the dynamic first level address,
identifying a static second level address for the 
particular data message, wherein the static second level address is associated with an interface of the particular machine;
 based on the static second level address, identifying an encryption method and encryption key for securing the communication of the particular data message; and applying the encryption method and encryption key to the particular data message.
2. The method of claim 1, wherein the dynamic first level address is an Internet Protocol (IP) address and the fixed second level address is a Media Access Control (MAC) address.
2. The method of claim 1, wherein the dynamic first level address is an Internet Protocol (IP) address and the static second level address is a Media Access Control (MAC) address.
3. The method of claim 2, wherein identifying the fixed second level address comprises routing the particular data message based on a destination IP address of the particular data message., wherein the IP address for the particular data message is assigned by a Dynamic Host Configuration Protocol (DHCP) server.
3. The method of claim 2, wherein identifying the static second level address comprises routing the particular data message based on a destination IP address of the particular data message, wherein the IP address for the particular data message is assigned by a Dynamic Host Configuration Protocol (DHCP) server.
4. The method of claim 1, wherein the set of security policies comprises an encryption method and a shared key.

5. The method of claim 4, wherein applying the set of security policies comprises encrypting at least a portion of the particular data message based on the encryption method and the shared key.
4. The method of claim 1, wherein applying the encryption method and encryption key comprises encrypting at least a portion of the particular data message based on the encryption method and the encryption key.
6. The method of claim 4, wherein applying the set of security policies comprises decrypting at least a portion of the particular data message based on the encryption method and the shared key.
5. The method of claim 1, wherein applying the encryption method and encryption key comprises decrypting at least a portion of the particular data message based on the encryption method and the encryption key.
7. The method of claim 1 further comprising sending the particular data message on the interface of the particular machine to a destination machine in a network.
6. The method of claim 1 further comprising sending the particular data message on the interface of the particular machine to a destination machine in a network
8. The method of claim 1 further comprising receiving the particular data message on the interface of the particular machine from a source machine in a network.
7. The method of claim 1 further comprising receiving the particular data message on the interface of the particular machine from a source machine in a network.
12. The method of claim 1, wherein the particular machine comprises a plurality of interfaces and each interface of the plurality of interfaces is associated with a fixed second level address, wherein identifying the set of security policies comprises using the fixed second level address of the particular data message to perform a lookup on a set of security tables, the set of security tables comprising different sets of security policies for the fixed second level addresses of the plurality of interfaces.
9. The method of claim 1, wherein the particular machine comprises a plurality of interfaces and each interface of the plurality of interfaces is associated with a static second level address, wherein identifying the encryption method and encryption key based on the static second level address comprises using the static second level address of the particular data message to perform a lookup on a set of security tables, the set of security tables comprising different encryption methods and encryption keys for the static second level addresses of the plurality of interfaces.
13. The method of claim 12, wherein a first interface of the plurality of interfaces communicates with a public network and a second interface of the plurality of interfaces communicates with a private network.
10. The method of claim 9, wherein a first interface of the plurality of interfaces communicates with a public network and a second interface of the plurality of interfaces communicates with a private network.
14. The method of claim 1, wherein the particular machine is a virtual machine and the interface is a virtual network interface controller (vNIC).
11. The method of claim 1, wherein the particular machine is a virtual machine and the interface is a virtual network interface controller (vNIC).
15. The method of claim 1, wherein the data message is one of an Ethernet frame, IP packet, TCP segment, and UDP datagram.
12. The method of claim 1, wherein the data message is one of an Ethernet frame, IP packet, TCP segment, and UDP datagram.
16. A non-transitory machine readable medium storing a program which when executed by at least one processing unit secures communication of data 







identifying a fixed second level address for a particular data message, wherein the fixed second level address is associated with an interface of the particular machine; 

based on the fixed second level address, identifying a set of security policies for securing the communication of the particular data message; and 
applying the set of security policies to the particular data message.

based on the dynamic first level address, determining whether an encryption method and encryption key are identifiable for a particular data message; when no encryption method and encryption key are identifiable based on the dynamic first level address, 

identifying a static second level address for the particular data message, wherein the static second level address is associated with an interface of the particular machine; 
based on the static second level address, identifying an encryption method and encryption key for securing the communication of the particular data message; and applying the encryption method and encryption key to the particular data message.
17. The non-transitory machine readable medium of claim 16, wherein the dynamic first level address is an Internet Protocol (IP) address and the fixed second level address is a Media Access Control (MAC) address, wherein the set of instructions for identifying the fixed second level address comprises a set of instructions for routing the particular data message based on a destination IP address of the particular data message, wherein the IP address for the particular data message is assigned by a Dynamic Host Configuration Protocol (DHCP) server.
16. The non-transitory machine readable medium of claim 15, wherein the dynamic first level address is an Internet Protocol (IP) address and the static second level address is a Media Access Control (MAC) address, wherein the set of instructions for identifying the static second level address comprises a set of instructions for routing the particular data message based on a destination IP address of the particular data message, wherein the IP address for the particular data message is assigned by a Dynamic Host Configuration Protocol (DHCP) server.
18. The non-transitory machine readable medium of claim 16, wherein the set of security policies comprises an encryption method and a shared key, wherein the set of instructions for applying the set of security policies comprises a set of instructions for encrypting at least a portion of the particular data message based on the encryption method and the shared key.
17. The non-transitory machine readable medium of claim 15, wherein the set of instructions for applying the encryption method and encryption key comprises a set of instructions for encrypting at least a portion of the particular data message based on the encryption method and the encryption key.

19. The non-transitory machine readable medium of claim 16, wherein the set of security policies comprises an encryption method and a shared key, wherein the set of instructions for applying the set of security policies comprises a set of instructions for decrypting at least a portion of the particular data message based on the encryption method and the shared key.
18. The non-transitory machine readable medium of claim 15, wherein the set of instructions for applying the encryption method and encryption key comprises a set of instructions for decrypting at least a portion of the particular data message based on the encryption method and the encryption key.

20. The non-transitory machine readable medium of claim 16, wherein the program further comprises a set of instructions for sending the particular data message on the interface of the particular machine to a destination machine in a network.
19. The non-transitory machine readable medium of claim 15, wherein the program further comprises a set of instructions for sending the particular data message on the interface of the particular machine to a destination machine in a network.
21. The non-transitory machine readable medium of claim 16, wherein the program further comprises a set of instructions for receiving the particular data message on the interface of the particular machine from a source machine in a network.
20. The non-transitory machine readable medium of claim 15, wherein the program further comprises a set of instructions for receiving the particular data message on the interface of the particular machine from a source machine in a network.
25. The non-transitory machine readable medium of claim 16, wherein the particular machine comprises a plurality of interfaces and each interface of the plurality of interfaces is associated with a fixed second level address, wherein the set of instructions for identifying the set of security policies comprises a set of instructions for using the fixed second level address of the particular data message to perform a lookup on a set of security tables, the set of security tables comprising different sets of security policies for the fixed second level addresses of the plurality of interfaces, wherein a first interface of the plurality of interfaces communicates with a public network and a second interface of the plurality of interfaces communicates with a private network.
22. The non-transitory machine readable medium of claim 15, wherein the particular machine comprises a plurality of interfaces and each interface of the plurality of interfaces is associated with a static second level address, wherein the set of instructions for identifying the encryption method and encryption key based on the static second level address comprises a set of instructions for using the static second level address of the particular data message to perform a lookup on a set of security tables, the set of security tables comprising different encryption methods and encryption keys for the static second level addresses of the plurality of interfaces, wherein a first interface of the plurality of interfaces communicates with a public network and a second interface of the plurality of interfaces communicates with a private network.


Claims 1-7, 9-12, 15-20, and 22 of Patent No. 10,505,891 contain every element of claims 1-3, 5-8, 12-21, and 25 of the instant application and thus anticipate the claims of the anticipated by the earlier claim.
“A later patent claim is not patentably distinct from an earlier patent claim if the later claim is obvious over, or anticipated by, the earlier claim.  In re Longi, 759 F.2d at 896, 225 USPQ at 651 (affirming a holding of obviousness-type double patenting because the claims at issue were obvious over claims in four prior art patents); In re Berg, 140 F.3d at 1437, 46 USPQ2d at 1233 (Fed. Cir. 1998) (affirming a holding of obviousness-type double patenting where a patent application claim to a genus is anticipated by a patent claim to a species within that genus). “  ELI LILLY AND COMPANY v BARR LABORATORIES, INC., United States Court of Appeals for the Federal Circuit, ON PETITION FOR REHEARING EN BANC (DECIDED:  May 30, 2001).
 Accordingly, absent a terminal disclaimer, claims 1-3, 5-8, 12-21, and 25 were properly rejected under the doctrine of obviousness-type double patenting.” (In re Goodman (CA FC) 29 USPQ2d 2010 (12/3/1993).


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1-8, 12-13, 15-21, and 25 are rejected under AIA  35 U.S.C. 103(a) 35 U.S.C. 103 as being obvious over Tanizawa et al. (U.S. Patent Application Publication No.: US 2005/0135625 A1 / or “Tanizawa” hereinafter and in view of Tams et al. (U.S. Patent No.: US 6,862,286 B1 / or “Tams” hereinafter [Both references are provided by the applicant]) and in further view of Musfeldt et al. (U.S. Patent Application Publication No.: US 2012/0304254 A1 / or “Musfeldt” hereinafter.

Regarding claim 1, Tanizawa discloses “A method for securing communication of data messages of a particular machine comprising a [dynamic first level address], the method comprising” (Abstract: apparatus and method of securing data packet by encrypting are disclosed; and Claim 8):
“identifying a fixed second level address for a particular data message, wherein the fixed second level address is associated with an interface of the particular machine” (Para 0102; and 0127: lines 1-6, identifies a MAC address i.e., a “static second level address”  for a packet);
“based on the fixed second level address, identifying a set of security policies [i.e., wherein the set of security policies comprises an encryption method and a [shared] key (see dependent claim 4)] for securing the communication of the particular data message” (Para 0102: lines 12-16, identifies a cryptographic method and a cryptographic key associated with the MAC address the destination device);
“and applying the set of security policies to the particular data message” (Para 0102: encrypts the packet based on the cryptographic method and the cryptographic key).
	But Tanizawa fails to specially disclose a “machine comprising a dynamic first level address”.
However, Tams discloses a DHCP server assigns an IP address (Tams, Col 1: lines 29-45).
It would have been obvious to an ordinary person skilled in the art before the effective filing date of the claimed invention to employ the teachings of assigning an IP addresses to clients by a DHCP server of Tams to the Communication Apparatus and Method of Tanizawa to create a system where having the DHCP server assigning the dynamic IP addresses to a client would enable reuse of IP addresses and the ordinary person skilled in the art would have been motivated to combine to vastly reduces the overheads in configuring new network devices (Tams: Col 1: lines 44-49).
Furthermore, Tanizawa and Tams fail to specially disclose based on the identification retrieved from a message selecting “encrypting method” and a “shared key”.
encryption technique and /or an encryption method; where the encryption technique discloses use different keys for example a symmetric key i.e., a “shared key”).
It would have been obvious to an ordinary person skilled in the art before the effective filing date of the claimed invention to employ the teachings of based on the identification retrieved from a message selecting “encrypting method” and a “shared key” of Musfeldt to the system of Tanizawa and Tams in order “...message may then be encrypted utilizing a wide variety of different encryption techniques. For example, a symmetric key, an asymmetric key, or a dynamic unique key per transaction key may be utilized to encrypt the message” and the ordinary person skilled in the art would have been motivated to combine to have “…the security associated with the message may be enhanced” (Musfeldt, Para 0079).

Regarding claim 2, in view of claim 1, Tanizawa in view of Tams and in further view of Musfeldt disclose “wherein the dynamic first level address is an Internet Protocol (IP) address” (Tams, Col 1: lines 29-45)  and
“the fixed second level address is a Media Access Control (MAC) address” (Tanizawa, Para 0102: lines 8-11, wherein the MAC address is associated with a destination device).

Regarding claim 3, in view of claim 2, Tanizawa in view of Tams and in further view of Musfeldt disclose “wherein identifying the fixed second level address comprises routing the particular data message based on a destination IP address of the particular data message” (Tams, Col 2: lines 19-22, an IP address is used to identity a MAC address),
“wherein the IP address for the particular data message is assigned by a Dynamic Host Configuration Protocol (DHCP) server” (Tams, Col 1: lines 29-45)

Regarding claim 4, in view of claim 2, Tanizawa in view of Tams and in further view of Musfeldt disclose “wherein the set of security policies comprises an encryption method and a shared key” (Tanizawa, Para 0102: lines 12-16, identifies a cryptographic method and a cryptographic key associated with the MAC address the destination device). Also, having the cryptographic key to be a “shared key” would have been obvious as shown by Musfeldt (See, Musfeldt, Para 0079).

Regarding claim 5, in view of claim 4, Tanizawa in view of Tams and in further view of Musfeldt disclose “wherein applying the set of security policies comprises encrypting at least a portion of the particular data message based on the encryption method and the shared key” (Tanizawa, Para 0102: encrypts the packet based on the cryptographic method and the cryptographic key).

Regarding claim 6, in view of claim 4, Tanizawa in view of Tams and in further view of Musfeldt disclose “wherein applying the set of security policies comprises decrypting at least a portion of the particular data message based on the encryption method and the shared key” (Tanizawa, Para 0108: decrypts the packet based on the cryptographic method and the cryptographic key).

further comprising sending the particular data message on the interface of the particular machine to a destination machine in a network” (Tanizawa, Para 0103: packet is transmitted to a destination).

Regarding claim 8, in view of claim 1, Tanizawa in view of Tams and in further view of Musfeldt disclose “further comprising receiving the particular data message on the interface of the particular machine from a source machine in a network” (Tanizawa, Para 0127, identifies a MAC address i.e., a “static second level address” for a packet).

Regarding claim 12, in view of claim 1, Tanizawa in view of Tams and in further view of Musfeldt disclose “wherein the particular machine comprises a plurality of interfaces and each interface of the plurality of interfaces is associated with a fixed second level address, wherein identifying the set of security policies comprises using the fixed second level address of the particular data message to perform a lookup on a set of security tables, the set of security tables comprising different sets of security policies for the fixed second level addresses of the plurality of interfaces” (Tanizawa, Para 0102: lines 12-16, identifies a cryptographic method and a cryptographic key i.e., “an encryption method and encryption key” associated with the MAC address the destination device; and Fig. 6: a table i.e., a “different second set of security tables” identifies encryption keys and method based on MAC address).


wherein a first interface of the plurality of interfaces communicates with a public network and a second interface of the plurality of interfaces communicates with a private network” (Tanizawa, Fig. 1: an access point interfaces both client side and network side; and Para 0137).

Regarding claim 15, in view of claim 1, Tanizawa in view of Tams and in further view of Musfeldt disclose “wherein the data message is one of an Ethernet frame, IP packet, TCP segment, and UDP datagram” (Tams, Para 0127, identifies a MAC address i.e., a “static second level address” for a packet).

Regarding claim 16, Tanizawa in view of Tams and in further view of Musfeldt disclose “A non-transitory machine readable medium storing a program which when executed by at least one processing unit secures communication of data messages of a particular machine comprising a dynamic first level address, the program comprising sets of instructions for” (Para 0015, an apparatus with memory is disclosed in securing data packet by encrypting):   
“identifying a fixed second level address for a particular data message, wherein the fixed second level address is associated with an interface of the particular machine; 
based on the fixed second level address, identifying a set of security policies for securing the communication of the particular data message; and 
applying the set of security policies to the particular data message” (see rejection of claim 1).

wherein the dynamic first level address is an Internet Protocol (IP) address and the fixed second level address is a Media Access Control (MAC) address, 
wherein the set of instructions for identifying the fixed second level address comprises a set of instructions for routing the particular data message based on a destination IP address of the particular data message, 
wherein the IP address for the particular data message is assigned by a Dynamic Host Configuration Protocol (DHCP) server” (see rejection of  claim 3).
Regarding claim 18, in view of claim 16, Tanizawa in view of Tams and in further view of Musfeldt disclose “wherein the set of security policies comprises an encryption method and a shared key, wherein the set of instructions for applying the set of security policies comprises a set of instructions for encrypting at least a portion of the particular data message based on the encryption method and the shared key” (See rejection of claim 5).

Regarding claim 19, in view of claim 16, Tanizawa in view of Tams and in further view of Musfeldt disclose “wherein the set of security policies comprises an encryption method and a shared key, wherein the set of instructions for applying the set of security policies comprises a set of instructions for decrypting at least a portion of the particular data message based on the encryption method and the shared key” (See rejection of claim 6).



wherein the program further comprises a set of instructions for sending the particular data message on the interface of the particular machine to a destination machine in a network” (See rejection of claim 7).

Regarding claim 21, in view of claim 16, Tanizawa in view of Tams and in further view of Musfeldt disclose “wherein the program further comprises a set of instructions for receiving the particular data message on the interface of the particular machine from a source machine in a network” (See rejection of claim 8).

Regarding claim 25, in view of claim 16, Tanizawa in view of Tams and in further view of Musfeldt disclose “wherein the particular machine comprises a plurality of interfaces and each interface of the plurality of interfaces is associated with a fixed second level address, wherein the set of instructions for identifying the set of security policies comprises a set of instructions for using the fixed second level address of the particular data message to perform a lookup on a set of security tables, the set of security tables comprising different sets of security policies for the fixed second level addresses of the plurality of interfaces” (Tanizawa, Para 0102: lines 12-16, identifies a cryptographic method and a cryptographic key i.e., “an encryption method and encryption key” associated with the MAC address the destination device; and Fig. 6: a table i.e., a “different second set of security tables” identifies encryption keys and method based on MAC address), 
“wherein a first interface of the plurality of interfaces communicates with a public network and a second interface of the plurality of interfaces communicates with a private network” (Tanizawa, Fig. 1: an access point interfaces both client side and network side; and Para 0137).

Claim 14 is rejected under AIA  35 U.S.C. 103(a) 35 U.S.C. 103 as being obvious over Tanizawa, Tams, in view of Musfeldt and in further view of Saraiya et al. (U.S. Patent Application Publication No.: US 2011/0299537 A1 / or “Saraiya” hereinafter [provided by the applicant]).

Regarding claim 14, in view of claim 1, Tanizawa discloses a network system with Authentication Server, Access Point, and Clients (Tanizawa, Fig. 1).
But Tanizawa, Tams, and Musfeldt fail to specially disclose a virtual machine with a vNIC.
However, Saraiya discloses  “wherein the particular machine is a virtual machine and the interface is a virtual network interface controller (vNIC).
 (Saraiya: Fig. 2; and Para 0028, virtual machine with vNICs).
It would have been obvious to an ordinary person skilled in the art before the effective filing date of the claimed invention to employ the teachings of virtual machine with vNIC of Saraiya to the system of Tanizawa, Tams, and Musfeldt to create a system where using the vNIC communication in a cloud network can take place with appropriate VM and the ordinary person skilled in the art would have been motivated to combine to provide could-based services (Saraiya: Para 0036).
Relevant Prior Arts
	The IDS contains plurality prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ABDULLAH ALMAMUN whose telephone number is         (571) 270-3392.  The examiner can normally be reached on 8 AM - 5 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571) 272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/ABDULLAH ALMAMUN/Examiner, Art Unit 2431