DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

This office action is a response to an application filed 06/24/2020, wherein claims 1 – 9 and 16 -20 are pending and ready for examination.  

Election/Restrictions
Restriction to one of the following inventions is required under 35 U.S.C. 121:
Group I comprises of Claims 1-9 and 16-20, and are drawn to at least one processor configured to execute: (i) a first virtual machine that includes a wireless network authentication server, and (ii) a second virtual machine that includes a virtual private network (VPN) server.  Group I includes detecting that a purge switch of the electronic device is activated; and executing one or more overwrite sequences on the volatile memory of the second electronic circuit to render data of the authentication server and the VPN server unrecoverable. Group I is illustrated in Figures 4 and 7 and classified in G11C16/3427 circuits or methods to prevent or reduce disturbance of the state of a memory cell when neighboring cells are read or written.  H04W12/06 authentication.

Group II comprises of. Claims 10-15, and are drawn to at least one processor configured to execute: (i) a first virtual machine that includes a virtual private network (VPN) server, and (ii) a second virtual machine that includes a first firewall, wherein each of the first virtual machine and the second virtual machine is fully contained in the volatile memory. Group  classified in H04W12/88 using filters or firewalls.

The inventions are independent or distinct, each from the other because:
Inventions Group I and Group II are directed to related methods and devices.  The related inventions are distinct if: (1) the inventions as claimed are either not capable of use together or can have a materially different design, mode of operation, function, or effect; (2) the inventions do not overlap in scope, i.e., are mutually exclusive; and (3) the inventions as claimed are not obvious variants.  See MPEP § 806.05(j). In the instant case, the inventions as claimed have a different mode of operation, function, and effect (see above). Furthermore, the inventions as claimed do not encompass overlapping subject matter and there is nothing of record to show them to be obvious variants.

          Restriction for examination purposes as indicated is proper because all the inventions listed in this action are independent or distinct for the reasons given above and there would be a serious search and/or examination burden if restriction were not required because one or more of the following reasons apply:             A. Separate classification:  Group I is drawn to executing virtual machines that include a wireless authentication to a VPN network and includes purging data from volatile memory.  Group I is at least combinatorial in its invention whereby the gateway translates and segments wired and wireless traffic to a condition of data/memory purging. These features are best classified in G11C16/3427 circuits or methods to prevent or reduce disturbance of the state of a memory cell when neighboring cells are read or written.  H04W12/06 authentication.  Group II is drawn to executing virtual machines that include a firewall positioned between the wireless controller and the VPN server classified in H04W12/88 using filters or firewalls.
.
.

Applicant is advised that the reply to this requirement to be complete must include (i) an election of a invention to be examined even though the requirement may be traversed (37 CFR 1.143) and (ii) identification of the claims encompassing the elected invention. 
The election of an invention may be made with or without traverse. To reserve a right to petition, the election must be made with traverse. If the reply does not distinctly and specifically point out supposed errors in the restriction requirement, the election shall be treated as an election without traverse. Traversal must be presented at the time of election in order to be considered timely. Failure to timely traverse the requirement will result in the loss of right to petition under 37 CFR 1.144. If claims are added after the election, applicant must indicate which of these claims are readable upon the elected invention.
Should applicant traverse on the ground that the inventions are not patentably distinct, applicant should submit evidence or identify such evidence now of record showing the inventions to be obvious variants or clearly admit on the record that this is the case. In either instance, if the examiner finds one of the inventions unpatentable over the prior art, the evidence or admission may be used in a rejection under 35 U.S.C. 103 or pre-AIA  35 U.S.C. 103(a) of the other invention. 
During a telephone conversation with Kiril Dimov, Reg. No. 60490 on 2/9/2020 a provisional election was made without traverse to prosecute the invention of Group I, claims 1-9 and 16-20.  Affirmation of this election must be made by applicant in replying to this Office s 16-20 are withdrawn from further consideration by the examiner, 37 CFR 1.142(b), as being drawn to a non-elected invention.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 9 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.  Claim 9 reads…in part
 wherein the first electronic circuit includes a first system-on-a-module (SOM) and the second electronic circuit includes a second SOM, the second SOM being configured to implement a first virtual network and a second virtual network, the first virtual network being arranged to forward user data to the second SOM, and the second virtual network being arranged to forward maintenance data to the manager application.
  
The Examiner interprets this limitation to teach the second SOM creating a network to feed itself.  The instant post grant publication discloses at location [0043] a first virtual network is formed by the hypervisor represented as Ethernet links.  The Examiner will interpret the virtual networks as representative of links assessible by a system on a module as disclose in the instant specification.  Applicant is invited to provide clarity for the record.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1-3, 6-17, and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Tchigevsky; Izoslav et al, US 20070189308 A1, August 16, 2007, hereafter referred to as Tchigevsky.in view of Joshi; Harsha Ramamurthy et al, US 20210344651, November 4, 2021, hereafter referred to as Joshi.
                                                                                                                                                                  
      As to claim 1, Tchigevsky teaches an apparatus – Tchigevsky [0010] FIG. 1 comprises a block diagram of an apparatus 100, an apparatus 170, and a system 190 according to various embodiments of the invention. Here, the claimed ‘apparatus’ is taught by Tchigevsky as ‘apparatus 100’), comprising:
              a volatile memory – Tchigevsky [0011] The apparatus 100 may include a wireless MAC module 104 associated with a multi-VM computing platform 108.   Here, the claimed ‘volatile memory’ is taught by Tchigevsky as ‘multi-VM computing platform 108’ because a virtual machine resides in virtual memory.  Virtual memory is a section of volatile memory created temporarily on the storage drive);
              a non-volatile memory - Tchigevsky [0052] FIG. 5 is a block diagram of an article 585.  Examples of such embodiments may comprise a computer, a memory system, a magnetic or optical disk. Here, the claimed ‘non-volatile memory’ is taught by Tchigevsky as ‘optical disk’);
              a first electronic circuit that is configured to operate as a wireless access point, the first electronic circuit including a wireless controller for accessing a wireless network - Tchigevsky [0034] Turning back to FIG. 1, an apparatus 170 may include a wireless AP 172 communicatively coupled to a wireless NIC 150 associated with a multi-partitioned computing platform 108. The wireless AP 172 may send an inbound packet 136 to the wireless NIC 150 for delivery to a destination VM (e.g., the VM 114) associated with the multi-partitioned computing platform 108. Here, the claimed ‘first electronic circuit’ is taught by Tchigevsky as ‘apparatus 170’ whereas the claimed ‘wireless access point’ is taught by Tchigevsky as ‘wireless AP 172’); and
              a second electronic circuit that is operatively coupled to the first electronic circuit the second electronic circuit including at least one processor - Tchigevsky [0034] Turning back to FIG. 1, an apparatus 170 may include a wireless AP 172 communicatively coupled to a wireless NIC 150 associated with a multi-partitioned computing platform 108. The wireless AP 172 may send an inbound packet 136 to the wireless NIC 150 for delivery to a destination VM (e.g., the VM 114) associated with the multi-partitioned computing platform 108.  Here, the claimed ‘second electronic circuit’ is taught by Tchigevsky as ‘multi-partitioned computing platform 108’), configured to execute: 
                (i) a first virtual machine that includes a wireless network authentication server - Tchigevsky [0031] The wireless connection manager 124 may also be associated with the primary VM partition 120.… A security supplicant 157 (e.g., an IEEE std. 802.1X supplicant) may be coupled to the wireless connection manager 124 to exchange encryption keys with the wireless AP 172 to facilitate secure wireless communications. Here, the claimed ‘first virtual machine’ is taught by Tchigevsky as ‘primary VM partition 120’ whereas the claimed ‘authentication server’ is taught by Tchigevsky as ‘security supplicant 157’ because the supplicant provides for secure communications of which authentication is required.  Tchigevsky, as a design choice, provides that any of the elements can be rearranged either in hardware or software [0038]), and
                (ii) a second virtual machine that includes a virtual private network (VPN) server - Tchigevsky [0003] For corporate networks it is desirable that each VM be capable of communicating with the networking infrastructure at a media access control (MAC) layer, also known as layer 2 (L2). This enables a corporate network administrator to enforce certain security and traffic priority policies for a variety of computers and computer users. In order to maintain network communications at L2, a VM may maintain its own network stack independent of a network stack maintained by another partition.  Here, the claimed ‘second virtual machine’ is taught by Tchigevsky as ‘VM114 whereas the claimed ‘‘VPN server’ is taught by Tchigevsky as ‘corporate networks’ since a corporate network is a private network), wherein the wireless network authentication server is configured to authenticate devices that attempt to join the wireless network - Tchigevsky [0003] … A security supplicant 157 (e.g., an IEEE std. 802.1X supplicant) may be coupled to the wireless connection manager 124 to exchange encryption keys with the wireless AP 172 to facilitate secure wireless communications;
            wherein at least one of the first virtual machine or the second virtual machine is fully contained in the volatile memory - Tchigevsky [0012] In some embodiments, one of the VMs 112, 114, or 116 may be defined as a primary VM 120. A wireless connection manager 124 may execute from the primary VM 120 to control a wireless connection 128.  Here, the claimed ‘first virtual machine’ is taught by Tchigevsky as ‘VM 120’ whereas the claimed ‘volatile memory’ is taught by Tchigevsky as ‘virtual machine’ since virtual memory is a section of volatile memory created temporarily on the storage drive.   TCHIGEVSKY DOES NOT TEACH 
wherein the VPN server is arranged to encrypt data that is received at the apparatus to produce encrypted data, and forward the encrypted data to the wireless controller for transmission over the wireless network
                 HOWEVER, IN AN ANALAGOUS ART THAT IS DIRECTED TO THE SAME FIELD OF ENDEAVOR JOSHI TEACHES 
                  wherein the VPN server is arranged to encrypt data that is received at the apparatus to produce encrypted data, and forward the encrypted data to the wireless controller for transmission over the wireless network - Joshi [0126 and [0079] since at ’126  VPN server 412 provides the server-end functionality of the VPN… Encryption/decryption engine 424 provides the actual encryption and decryption of traffic to provide the secure communications since at ’79 Local network 170 may be …a wireless network, a cellular network. Here, the claimed ‘wireless network’ is taught by Joshi as ‘Local network 170’ which would include a wireless controller such as network controllers taught by Joshi at [0229]). To provide VPN encryption capabilities to Primary VM 120 of Tchigevsky would have been obvious to one of ordinary skill in the art, in view of the teachings of Joshi, since all the claimed elements were known in the prior art and one skilled in the art could have combined the elements as claimed by known methods (i.e., VPN encryption/decryption methods) with no change in their respective functions, and the combination would have yielded nothing more than predictable results to one of ordinary skill in the art before the effective filing date of the claimed invention, i.e., one skilled in the art would have recognized that the VPN encryption used in Joshi, would allow the Primary VM 120 of Tchigevsky  the ability to encrypt and forward traffic as provided by Joshi).              

            As to claim 2, the combination of Tchigevsky and Joshi teaches the apparatus of claim 1, wherein the first electronic circuit and the second electronic circuit are coupled to one another via an Ethernet connection, and the encrypted data is forwarded to the second electronic circuit via the Ethernet connection - Tchigevsky [0029] A virtual machine monitor (VMM) 154 may be coupled to the Ethernet NIC emulator 148, the wireless bridge 132, or both, to allocate Ethernet emulation resources to the destination VM partition (e.g., the VM 114). In some embodiments, wireless bridging components including the wireless MAC module 104, the wireless bridge 132, and the Ethernet NIC emulator 148 may be incorporated into a wireless NIC 150 associated with the multi-partition computing platform 108.  Here, the claimed ‘Ethernet connection’ is taught by Tchigevsky as ‘Ethernet NIC emulator 148’).  

             As to claim 3, the combination of Tchigevsky and Joshi teaches the apparatus of claim 1, wherein the first virtual machine is executed in a first partition that is instantiated in the volatile memory, and the second virtual machine is executed in a second partition that is instantiated in the volatile memory – Tchigevsky [0010] The apparatus 100 may comprise structures within a multi-VM computing platform 108 used to enable wireless networking to a plurality of partitions within the computing platform 108. The apparatus 170 may comprise a wireless AP specially adapted to enable the wireless networking to the plurality of partitions, each of the first partition and the second partition having a separate file system – Tchigevsky [0010] Thus, the apparatus 100; the wireless MAC module 104; the multi-VM computing platform 108; the wireless AP 172; the network 180; the virtual machines (VMs) 112, 114, 116, 120, 220; the wireless connection manager 124; the wireless connection 128; the wireless bridges 132, 232; the node 184; the inbound wireless packet 136; the inbound Ethernet packet 140; the bridging table 144; the Ethernet NIC emulators 148, 248; the Ethernet NIC driver 152; the VMMs 154, 254; the wireless NIC 150; the wireless NIC driver 156; the security supplicant 157; the proxy wireless NIC driver 162; the apparatus 170; the bridging module 174; the bridging table 176; the system 190; the outbound Ethernet packet 192; the outbound wireless packet 194; the antenna 196; the alternate embodiment 200; the wireless NIC emulator 258; and the proxy wireless NIC driver 262 may all be characterized as "modules" herein. Here, separate file system’ is taught by Tchigevsky as ‘NIC driver 156 of VM 120 and Ethernet NIC driver 152 of VM 114’ because each of these file systems are separate from each other as depicted in Tchigevsky Figure 1. The claimed ‘volatile memory’ is taught by Tchigevsky as ‘virtual machines’).

          As to claim 6, the combination of Tchigevsky and Joshi teaches the apparatus of claim 1, wherein the processor is further configured to execute a third virtual machine - Tchigevsky [0013] VMs other than the primary VM 120 (e.g., VMs 114 and 116) may be connected to the network 180 using wireless bridge emulation. The VMs 114 and 116 may not recognize that the computing platform 108 is wirelessly networked, but may instead interact with a wireless bridge 132 via an Institute of Electrical and Electronics Engineers (IEEE) 802.3 (Ethernet) standard networking interface, the third virtual machine including a firewall that is interposed between the VPN server and the wireless controller, the firewall being configured to monitor data traffic between the VPN server and the wireless controller. - Tchigevsky [0112] … it is not desirable or necessary to truly VPN all network traffic. Rather, security agent 320 may, in a first or filtering phase, inspect traffic to see whether it is DNS traffic.  Here, the claimed ‘firewall’ is taught by Tchigevsky as ‘filtering phase’ whereas the claimed ‘wireless controller’ is taught by Tchigevsky as ‘security agent 320’).

             As to claim 7, the combination of Tchigevsky and Joshi teaches the apparatus of claim 1, wherein the processor is further configured to execute a third virtual machine, the third virtual machine including a manager application - Tchigevsky [0013] VMs other than the primary VM 120 (e.g., VMs 114 and 116) may be connected to the network 180 using wireless bridge emulation. The VMs 114 and 116 may not recognize that the computing platform 108 is wirelessly networked, but may instead interact with a wireless bridge 132 via an Institute of Electrical and Electronics Engineers (IEEE) 802.3 (Ethernet) standard networking interface.  Here, the claimed ‘third virtual machine’ is taught by Tchigevsky as VMs 116) whereas  the claimed ‘manager application’ is taught by Tchigevsky as Ethernet standard networking interface’), the manager application being arranged to change a configuration setting of at least one of the VPN server and the wireless network authentication server based on maintenance data that is received at the apparatus - Tchigevsky [0030] A wireless NIC driver 156 may be associated with the primary VM partition 120. The wireless NIC driver 156 may be coupled to the wireless MAC module 104. The wireless NIC driver 156 may communicate data, status, and/or configuration parameters between the primary VM partition 120 and the wireless MAC module 104.  Here, the claimed ‘wireless network authentication server’ is taught by Tchigevsky as ‘wireless NIC driver 156’ since the Ethernet standard networking interfaces with the connection manager 124 and the 802.1 supplicant to authenticate the client 154 and Wireless NIC 150.  The claimed ‘maintenance data’ is taught by Tchigevsky as ‘configuration setting’ is taught by Tchigevsky as ‘configuration parameters’.  The claimed ‘change configuration’ is suggested by Tchigevsky as ‘communicate data’).

             As to claim 8, the combination of Tchigevsky and Joshi teaches the apparatus of claim 7, wherein the processor is further configured to execute a fourth virtual machine  -Tchigevsky [0011]…The wireless bridging capabilities may facilitate networking for a plurality of VMs, generally shown as 112, 114, and 116. Here, the claimed ‘fourth virtual machine’ is taught by Tchigevsky as ‘VMs 116’ because as depicted in Figure 1 VMM 154 may spawn N number of virtual machines), the fourth virtual machine including a router, the router being arranged to route data that is received at the apparatus to one of the manager applications, external Ethernet ports and the VPN server - Tchigevsky [0047] The outbound Ethernet packet may also contain a destination address corresponding to a node on a network external to the computing platform. (E.g., the node 184 of FIG. 1 on the network 180.) In some embodiments, the portion(s) of the outbound Ethernet packet may be received from an originating Ethernet NIC driver associated with an originating network stack in the originating VM partition. (E.g., the portions of the outbound Ethernet packet 192 of FIG. 1 may be received from the Ethernet NIC driver 152 associated with the network stack of the VM 114). 

                 As to claim 9, the combination of Tchigevsky and Joshi teaches the apparatus of claim 7, wherein the first electronic circuit includes a first system-on- a-module (SOM) - Tchigevsky [0035] The apparatus 170 may also include a bridging module 174 associated with the wireless AP 172.  Here, the claimed ‘system-on- a-module (SOM)’ is taught by Tchigevsky as ‘bridging module 174’; and the second electronic circuit includes a second SOM -   Tchigevsky [0029] …wireless bridging components including the wireless MAC module 104, the wireless bridge 132, and the Ethernet NIC emulator 148 may be incorporated into a wireless NIC 150 associated with the multi-partition computing platform 108.  Here, the claimed ‘second system-on-a-module’ is taught by Joshi as ‘wireless MAC module 104’ because the module is a part of the second electronic circuit which is computing platform 108) the second SOM being configured to implement a first virtual network and a second virtual network the first virtual network being arranged to forward user data to the second SOM  - Tchigevsky [0029] The apparatus 100 may further include an Ethernet NIC emulator 148 coupled to the wireless bridge 132 and associated with the destination VM (e.g., the VM 114). The Ethernet NIC emulator 148 may deliver the portion(s) of the inbound Ethernet packet 140 to an Ethernet NIC driver 152 associated with the destination VM (e.g., the VM 114.  Here, the claimed ‘first virtual network’ is taught by Tchigevsky as ‘Ethernet NIC emulator 148’ because Ethernet links are aggregated and associated with the appropriate virtual machine) and the second virtual network being arranged to forward maintenance data to the manager application- Tchigevsky [0030] A wireless NIC driver 156 may be associated with the primary VM partition 120. The wireless NIC driver 156 may be coupled to the wireless MAC module 104. The wireless NIC driver 156 may communicate data, status, and/or configuration parameters between the primary VM partition 120 and the wireless MAC module 104.  Here, the claimed ‘wireless network authentication server’ is taught by Tchigevsky as ‘wireless NIC driver 156’ since the Ethernet standard networking interfaces with the connection manager 124 and the 802.1 supplicant to authenticate the client 154 and Wireless NIC 150.  The claimed ‘maintenance data’ is taught by Tchigevsky as ‘configuration setting’ is taught by Tchigevsky as ‘configuration parameters’.  The claimed ‘change configuration’ is suggested by Tchigevsky as ‘communicate data’).

Claims 10-15 (non-elected)

           As to claim 16, claim 16 is a method that is directed to the apparatus of claim 1.  Therefore claim 16 is rejected for the reasons as set forth in claim 1. It is noted that the second electronic circuit of claim 1 is the multi-VM platform where all the VMs are in volatile memory. 

           As to claim 19, claim 19 is a method that is directed to the apparatus of claim 7.  Therefore claim 19 is rejected for the reasons as set forth in claim 7.

           As to claim 20, claim 20 is a method that is directed to the apparatus of claim 8.  Therefore claim 20 is rejected for the reasons as set forth in claim 8.




s 4-5 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Tchigevsky and Joshi in view of Shanbhogue; Vedvya et al, US 20200310972 A1, October 1, 2020, hereafter referred to as Shanbhogue.

            As to claim 4, the combination of Tchigevsky and Joshi teaches the apparatus of claim 1, wherein the processor is further configured to execute a hypervisor - Tchigevsky [0029] A virtual machine monitor (VMM) 154 may be coupled to the Ethernet NIC emulator 148, the wireless bridge 132, or both, to allocate Ethernet emulation resources to the destination VM partition (e.g., the VM 114). Here, the claimed ‘hypervisor’ is taught by Tchigevsky as ‘virtual machine monitor (VMM) 154’.  THE COMBINATION OF TCHIGEVSKY AND JOSHI DO NOT TEACH the hypervisor being arranged to perform the operations of:
         instantiating a random-access memory (RAM) disk in the volatile memory;
partitioning the RAM disk into a plurality of partitions; and
        launching each of the first virtual machine and the second virtual machine on a different one of the plurality of partitions, HOWEVER IN AN ANALAGOUS ART THAT IS DIRECTED TO THE SAME FIELD OF ENDEAVOR SHANBHOGUE TEACHES the hypervisor being arranged to perform the operations of:
         instantiating a random-access memory (RAM) disk in the volatile memory;
partitioning the RAM disk into a plurality of partitions; 
         launching each of the first virtual machine and the second virtual machine on a different one of the plurality of partitions – Shanbhogue [0057] the processor core 114 executes instructions to run a number of hardware threads, also known as logical processors, including the first logical processor 119A, a second logical processor 119B, and so forth, until an Nth logical processor 119N. In one implementation, the first logical processor 119A is the VMM 140.  Here, the claimed ‘instantiating’ and ‘launching’ is taught by Shanbhogue as ‘executes instructions’ whereas the claimed “RAM disk’ is taught by , the claimed ‘first virtual machine’ is taught by Shanbhogue as ‘first logical processor 119A’ whereas the claimed ‘plurality of partitions’ is taught by Shanbhogue as ‘Nth logical processor 119N’.  The claimed ‘second virtual machine’ is taught by Shanbhogue as ‘logical processor 119B’ whereas the claimed ‘second virtual machine’ is taught by Shanbhogue as ‘a second logical processor 119B’.  The claimed ‘hypervisor’ is taught by Shanbhogue as ‘VMM 140’.  The substitution of one known element such as a dynamic random access memory (DRAM) of Shanbhogue for a memory 589 of Tchigevsky would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention since the substitution of the (DRAM) of Shanbhogue shown in Tchigevsky would have yielded predictable results, namely, (dynamic random access memory (DRAM), synchronous DRAM (SDRAM), a static memory, such as static random access memory (SRAM)) in the apparatus 100 of Tchigevsky).

            As to claim 5, the combination of Tchigevsky and Joshi teaches the apparatus of claim 1, wherein the first electronic circuit includes a first system-on- a-module (SOM) and the second electronic circuit includes a second SOM - Joshi [0240 and 0242] since at ‘240 FIG. 12 is a block illustrating selected elements of an example SoC 1200. In at least some embodiments, SoC 1200 may be configured or adapted to provide split tunnel-based security, since at ‘242 As with hardware platform 1100 above, SoC 1200 may include multiple cores 1202-1 and 1202-2.  Adding Joshi System-on-a-chip technology to the apparatus 100 of Tchigevsky does no more to Virtual Machine partitioning than it would do if it were added to any other device. The function remains the same. Predictably, Joshi adds greater system efficiency using system on a chip in Tchigevsky apparatus to improve virtualization performance). 

            As to claim 18, the combination of Tchigevsky and Joshi teaches the method of claim 16.  THE COMBINATION OF TCHIGEVSKY AND JOSHI DO NOT TEACH further comprising:
            launching a hypervisor on the second electronic circuit when the electronic device is booted,
            wherein the RAM disk is instantiated and partitioned by the hypervisor, and
wherein the first virtual machine and the second virtual machine are launched by the hypervisor HOWEVER IN AN ANALAGOUS ART THAT IS DIRECTED TO THE SAME FIELD OF ENDEAVOR SHANBHOGUE TEACHES launching a hypervisor on the second electronic circuit when the electronic device is booted - Shanbhogue [0181] …the processor of Example 1, wherein the processor core is further to execute memory check firmware to: a) partition key identifier (ID) space according to a partition set by basic input/output system (BIOS) firmware within a configuration register upon boot,,
            wherein the RAM disk is instantiated and partitioned by the hypervisor, and
wherein the first virtual machine and the second virtual machine are launched by the hypervisor – Shanbhogue [0057] the processor core 114 executes instructions to run a number of hardware threads, also known as logical processors, including the first logical processor 119A, a second logical processor 119B, and so forth, until an Nth logical processor 119N. In one implementation, the first logical processor 119A is the VMM 140.  Here, the claimed ‘instantiated’ and ‘partitioned’ is taught by Shanbhogue as ‘executes instructions’ whereas the claimed “RAM disk’ is taught by Shanbhogue ‘hardware threads.  At [0229] Shanbhogue teaches the hardware may be RAM.  The substitution of one known element such as a dynamic random access memory (DRAM) of Shanbhogue for a memory 589 of Tchigevsky would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention since the substitution of the (DRAM) of Shanbhogue shown in Tchigevsky would have yielded predictable results, namely, (dynamic random access memory (DRAM), .

Allowable Subject Matter
Claim 17 objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WILLIAM B. JONES whose telephone number is (571) 272-9637.  The examiner can normally be reached on Mon - Fri., 7:00 a.m. to 3:00 p.m.  If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 571-272-3972.  The fax phone number for the organization where this application or proceeding is assigned is 571-272-3900.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
 /WILLIAM B JONES/Examiner, Art Unit 249102/25/2021
/ASHOKKUMAR B PATEL/            Supervisory Patent Examiner, Art Unit 2491