DETAILED ACTION
Authorization for Internet Communications
The examiner encourages Applicant to submit an authorization to communicate with the examiner via the Internet by making the following statement (from MPEP 502.03):
“Recognizing that Internet communications are not secure, I hereby authorize the USPTO to communicate with the undersigned and practitioners in accordance with 37 CFR 1.33 and 37 CFR 1.34 concerning any subject matter of this application by video conferencing, instant messaging, or electronic mail. I understand that a copy of these communications will be made of record in the application file.”

Please note that the above statement can only be submitted via Central Fax, Regular postal mail, or EFS Web (PTO/SB/439). 
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Examiner Notes
Examiner cites particular columns and line numbers in the references as applied to the claims below for the convenience of the applicant. Although the specified citations are representative of the teachings in the art and are applied to the specific limitations within the individual claim, other passages and figures may apply as well.  It is respectfully requested that, in preparing responses, the applicant fully consider the references in entirety as potentially teaching all or part of the claimed invention, as well as the context of the passage as taught by the prior art or disclosed by the examiner.

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it 

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 1-20 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.
Claims 1, 13, 19, recite a “hardware system kernel,” however applicant’s specification never describes “a hardware system kernel”. It is unclear where the support for a hardware system kernel resides. 
Claims 2-12, 14-18, and 20 are rejected based on dependency to claims 1, 13, and 19.

The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-18 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Regarding claim 1 refers to “…and the protocol stack of the hardware system kernel including,” but does not describe what it includes.  The limitation does not make any logical sense and is not a 
Regarding claim 13, recites first a system (line 2) and then further another system (line 5). It is not clear whether applicant is referring to the same system or a separate system. If it is referring to the same system it should be –the system—if it is a separate system it should have a distinct label, and another referred to a system as it has already been claimed in line 2.
Claims 2-12, 14-18 are rejected based on dependency to claims 1, and 13.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.



Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over  Nelson et al. (U.S. Patent 7,424,710)  further in view of Ben Dayan et al. (U.S. PG PUB 2020/0004725).

Regarding claim 1, Nelson teaches a system comprising:
 a processor (see ¶ 19, “host processor”); 
a system kernel comprising a protocol stack for use in network communications between processes (see ¶ 19, “The kernel 800, referred to here as "vmkernel" that performs the functions of an operating system kernel for virtual machines running on it, as opposed to the kernel in, for example, the guest operating system itself. 5) A region 142 of data in memory that is shared between the application layer 1500, the guest driver 524, and the VMM; and 6) A TCP/IP stack 850 that resides in the vmkernel 800.”);
an interface module in a user space and executable on the processor to: 

the mapping information comprising entries each including network addresses used in identifying a respective connection between corresponding virtual processes, and the protocol stack of the system kernel (see ¶ 32 “The VAs are then mapped to physical addresses (PAs), each of which similarly comprises a physical page number (PPN) and an offset, and which is actually used to address the physical memory 140. The same offset is usually used in both a VA and its corresponding PA, so that only the VPN needs to be converted into a corresponding PPN”, see ¶ 59, “The guest OS 520 will itself typically include a TCP/IP stack 1550 that is bound to one or more IP addresses; if not, then one can be created in the conventional manner. TOE shares the same network properties (IP addresses, routing table, etc.) as the guest TCP/IP stack. It achieves this by having vmxnet 524 query the native TCP/IP stack 1550 for network properties (via the standard TDI interface) and the collected network information is then passed down to the vmkernel TCP/IP stack 850. The network properties of the vmkernel TCP/IP stack 850 are always kept in sync with that of the guest TCP/IP stack 1550 by registering for network change events.”). 
Nelson do not expressly disclose, however, Ben Dayan teaches the kernel is a hardware system kernel (see Fig. 2, kernel 224, on host 201); access mapping information to redirect the communication of data to the second virtual process without passing through the protocol stack of the hardware system kernel (see ¶ [0019] “The I/O stack 210 enables the VFS node to bypasses the standard TCP/IP stack 220 and communicate directly with the network adapter 218.”).
Hence, it would have been obvious to one of ordinary skill in the art before the effective filing date to modify the teachings of Nelson by adapting the teachings of Ben Dayan to have access redirection in a distributed file system (see ¶[0004] of Ben Dayan).



Regarding claim 3, Nelson teaches wherein data communication between the first and second virtual processes comprises an inter-process communication (see ¶ 146 “The VMTOE.dll component 1660 needs to communicate with the vmxnet driver 524 only during process initialization to setup certain resources that are shared amongst multiple applications running in the same OS. In addition, it sets up certain communication channels that allow processing responses from vmkernel 800 directly from VMTOE.dll without having to transition to guest OS kernel. When VMTOE.dll wants to send requests to the vmkernel TCP/IP stack 850A, it uses a special communication channel directly from user space without involving the guest OS kernel at all”).

Regarding claim 4, Nelson teaches wherein the interface module is executable on the processor to: modify the mapping information for a new connection between virtual processes (see ¶ 34, “An extra level of addressing indirection is typically implemented in virtualized systems in that a VPN issued by an application 503 in the VM 500 is remapped twice in order to determine which page of the hardware memory is intended.”).

Regarding claim 5, Nelson teaches wherein the interface module is executable on the processor to modify the mapping information by: receiving information relating to establishment of the new connection, and adding the information for the new connection to an entry of the mapping information (see ¶ 148 “Upon receiving the message, the TCP/IP stack 850A maps the guest physical page (GPPN) to a virtual address that is accessible to vmkernel 800 and processes the request (for example, in any known manner in the network layer 1800).”).

Regarding claim 6, Nelson teaches wherein the information relating to the establishment of the new connection comprises a first network address and a first network port of one virtual process, and a 

Regarding claim 7, Nelson does not specifically disclose, however, Ben Dayan teaches wherein the interface module is executable on the processor to: in response to the call, determine whether the call relates to a function to be implemented by the kernel, wherein the accessing of the mapping information to redirect the communication of data to the second virtual process without passing through the protocol stack of the kernel is responsive to determining that the call does not relate to the function to be implemented by the kernel (see ¶[0019] “The I/O stack 210 enables the VFS node to bypasses the standard TCP/IP stack 220 and communicate directly with the network adapter 218.” See Fig. 2).
Hence, it would have been obvious to one of ordinary skill in the art before the effective filing date to modify the teachings of Nelson by adapting the teachings of Ben Dayan to have access redirection in a distributed file system (see ¶[0004] of Ben Dayan).

Regarding claim 8, Nelson teaches wherein the interface module is executable on the processor to: intercept a second call from a virtual process (see ¶ 16 “This model allows intercepting any standard Windows socket calls made by user-level applications. The way in which these features are used by the different embodiments of the invention are explained below.”), determine whether the second call relates to the function to be implemented by the kernel, and responsive to determining that the second call relates to the function to be implemented by the kernel, allow the second call to be passed to the kernel for processing of the second call by the kernel (see 143 “VMTOE.dll 1640 implements standard windows socket APIs. Upon intercepting the windows socket calls, VMTOE.dll 1640 decides whether the call needs to be routed via guest TCP/IP stack 1550A or via vmkernel TCP/IP stack 850A. Note that a similar notion is found in Microsoft's switch layer, which is available for SANs (System Area Networks)”).

Regarding claim 9, Nelson does not specifically disclose, however, Ben Dayan teaches wherein the function to be implemented by the kernel comprises a security function (see ¶ [0076] “For example, the encapsulated QoS parameters may be associated local permissions. The file system may maintain an access control list ( ACL) that specifies which clients are granted access to particular objects, as well as what operations are allowed on given objects”).
Hence, it would have been obvious to one of ordinary skill in the art before the effective filing date to modify the teachings of Nelson by adapting the teachings of Ben Dayan to have access redirection in a distributed file system (see ¶[0004] of Ben Dayan).

Regarding claim 10, Nelson teaches wherein the interface module is executable on the processor to: allow a second call from a virtual process to pass to the kernel, create an entry of the mapping information using information received based on information provided by the kernel in processing the second call (see ¶ 148 “Upon receiving the message, the TCP/IP stack 850A maps the guest physical page (GPPN) to a virtual address that is accessible to vmkernel 800 and processes the request (for example, in any known manner in the network layer 1800).”).

Regarding claim 11, Nelson teaches wherein the first and second virtual processes comprise virtual network functions (see ¶19, “The virtual machine monitor (VMM) 600; 4) The kernel 800, referred to here as "vmkernel" that performs the functions of an operating system kernel for virtual machines running on it, as opposed to the kernel in, for example, the guest operating system itself”).

Regarding claim 12, Nelson teaches wherein the protocol stack comprises a Transmission Control Protocol/Internet Protocol (TCP/IP) stack (see Fig. 3, TCP/IP stack in VM Kernel).

Regarding claim 13, Nelson teaches a non-transitory machine-readable storage medium comprising instructions that upon execution cause a system to: 
add, by an interface module in a user space of the system, an entry to mapping information in 
intercept, by the interface module, a call from a first virtual process of the system, the call to cause communication of data from the first virtual process of the system to a second virtual process of the system (see ¶ 16 “This model allows intercepting any standard Windows socket calls made by user-level applications. The way in which these features are used by the different embodiments of the invention are explained below.”); 
access, by the interface module, the mapping information to obtain information useable to communicate over a first connection between the first virtual process and the second virtual process (see ¶ 32 “The VAs are then mapped to physical addresses (PAs), each of which similarly comprises a physical page number (PPN) and an offset, and which is actually used to address the physical memory 140. The same offset is usually used in both a VA and its corresponding PA, so that only the VPN needs to be converted into a corresponding PPN”).
Nelson do not expressly disclose, however, Ben Dayan teaches the kernel is a hardware system kernel (see Fig. 2, kernel 224, on host 201); redirect, by the interface module, the communication of data from the first virtual process to the second virtual process over the first connection without passing through a protocol stack of a hardware system kernel (see ¶[0019] “The I/O stack 210 enables the VFS node to bypasses the standard TCP/IP stack 220 and communicate directly with the network adapter 218.”). 
Hence, it would have been obvious to one of ordinary skill in the art before the effective filing date 

Regarding claim 14, Nelson do not expressly disclose, however, Ben Dayan teaches wherein the redirecting of the communication of data from the first virtual process to the second virtual process over the first connection avoids invoking the kernel to perform the communication of data from the first virtual process to the second virtual process (see ¶[0019] “The I/O stack 210 enables the VFS node to bypasses the standard TCP/IP stack 220 and communicate directly with the network adapter 218.”).
Hence, it would have been obvious to one of ordinary skill in the art before the effective filing date to modify the teachings of Nelson by adapting the teachings of Ben Dayan to have access redirection in a distributed file system (see ¶[0004] of Ben Dayan).

Regarding claim 15, Nelson teaches wherein the adding of the entry to the mapping information in response to detecting a new connection between virtual processes comprises: 
receiving, from the first virtual process, a call to open a socket (see ¶ 22, “All operations that can be offloaded are invoked on sockets. A well-known concept, a socket is a unique identification to or from which information is transmitted in the network, and usually consists of a handle (name) and an address. In essence, a socket is an endpoint in a connection for communication between two entities over a network. Sockets are typically created and used with a set of programming requests or "function calls" that define an application programming interface (API). Sockets can also be used for communication between processes within the same computer as well as between processes remote from one another.”);
receiving, from the second virtual process, a call to connect to the socket (see ¶ 27, “2) Connect (@<IP address, port>): connect this socket to an endpoint at the given IP address and port number.”); and 
obtaining information associated with the call to open the socket and the call to connect to the socket to add information to the added entry (see ¶ 31, “6) Receive: receive data from a connected socket.”).



Regarding claim 17, Nelson teaches wherein the entry comprises a network address and a network port of one of the virtual processes, a network address and a network port of another of the virtual processes, and information of a protocol used for the new connection (see ¶22, “All operations that can be offloaded are invoked on sockets. A well-known concept, a socket is a unique identification to or from which information is transmitted in the network, and usually consists of a handle (name) and an address.”).

Regarding claim 18, Nelson does not specifically disclose, however, Ben Dayan teaches wherein the instructions upon execution cause the system to: in response to the call, determine whether the call relates to a security function to be implemented by the kernel, wherein the accessing of the mapping information and the redirecting of the communication of data from the first virtual process to the second virtual process over the first connection without passing through the protocol stack of the kernel is responsive to determining that the call does not relate to the security function to be implemented by the kernel (see ¶ [0076] “For example, the encapsulated QoS parameters may be associated local permissions. The file system may maintain an access control list ( ACL) that specifies which clients are granted access to particular objects, as well as what operations are allowed on given objects”).
Hence, it would have been obvious to one of ordinary skill in the art before the effective filing date to modify the teachings of Nelson by adapting the teachings of Ben Dayan to have access redirection in a distributed file system (see ¶[0004] of Ben Dayan).

Regarding claim 19, Nelson teaches a method comprising: 
intercepting, by an interface module in a user space of a system comprising a hardware 
responsive to determining that the call relates to the function to be implemented by the system kernel, allowing the call to be passed to the system kernel for processing of the call by the system kernel (see 143 “VMTOE.dll 1640 implements standard windows socket APIs. Upon intercepting the windows socket calls, VMTOE.dll 1640 decides whether the call needs to be routed via guest TCP/IP stack 1550A or via vmkernel TCP/IP stack 850A. Note that a similar notion is found in Microsoft's switch layer, which is available for SANs (System Area Networks)”); 
the mapping information comprising entries each including network addresses used in identifying a respective connection between corresponding virtual processes (see ¶ 32 “The VAs are then mapped to physical addresses (PAs), each of which similarly comprises a physical page number (PPN) and an offset, and which is actually used to address the physical memory 140. The same offset is usually used in both a VA and its corresponding PA, so that only the VPN needs to be converted into a corresponding PPN”).
Nelson do not expressly disclose, however, Ben Dayan teaches the kernel is a hardware system kernel (see Fig. 2, kernel 224, on host 201); responsive to determining that the call does not relate to the function to be implemented by the system kernel: 
determining, by the interface module, that the call is to cause communication of data from the first virtual process of the system to a second virtual process of the system (see ¶[0022] “A client application 212 may make a system call to the kernel 224 which communicates with the VFS driver 208. The VFS driver 208 puts a corresponding request on a queue of the VFS frontend 202”), and 
accessing, by the interface module, mapping information to redirect the communication of data to the second virtual process without passing through a protocol stack of the hardware system kernel (see ¶[0019] “The I/O stack 210 enables the VFS node to bypasses the standard TCP/IP stack 220 and communicate directly with the network adapter 218.”). 
Hence, it would have been obvious to one of ordinary skill in the art before the effective filing date 

Regarding claim 20, Nelson teaches receiving, by the interface module, information relating to establishment of a new connection between virtual processes; and adding, by the interface module, the information for the new connection to a new entry of the mapping information (see ¶ 55, “This shared memory is then mapped into the application layer's address space by the guest driver 524 using normal methods so that the mapping between a GVPN and the underlying GPPN is fixed. This allows the guest physical page numbers (GPPNs) behind the virtual addresses to be given to the VMM and vmkernel. These GPPNs are then pinned into the memory space of the guest OS 520 as well. In this manner the physical page numbers (used to address the actual, physical hardware) behind the shared data 142 are locked in memory and are passed to the vmkernel 800.”).

Response to Arguments
Applicant's arguments filed 2/1/2022 have been fully considered but they are not persuasive.	
Applicant argues that the prior art does not disclose “access mapping information to redirect the communication of data to the second virtual process without passing through the protocol stack of the hardware system kernel” and does not disclose intercepting a call to communicate data from “the first virtual process to the second virtual process of the system.”
Examiner disagrees. Nelson teaches the intercepting the call from the first virtual process to the second by disclosing in ¶ 143, “Upon intercepting the windows socket calls, VMTOE.dll 1640 decides whether the call needs to be routed via guest TCP/IP stack 1550A or via vmkernel TCP/IP stack 850A” Meaning, the two separate stacks are on different virtual processes. 
Further, Ben Dayan teaches access mapping information to redirect the communication of data to the second virtual process without passing through the protocol stack of the hardware system kernel by disclosing in ¶ [0019] “The I/O stack 210 enables the VFS node to bypasses the standard TCP/IP stack 220 and communicate directly with the network adapter 218.” And ¶[0030] “To permit such operation, metadata may be maintained that maps 
Applicant is reminded that it is the combination of references that teach the claimed invention. 

Interview Requests
In accordance with 37 CFR 1.133(a)(3), requests for interview must be made in advance.  Interview requests are to be made by telephone (571-270-7848) call or FAX (571-270-8848).  Applicants must provide a detailed agenda as to what will be discussed (generic statement such as “discuss §102 rejection” or “discuss rejections of claims 1-3” may be denied interview).  The detail agenda along with any proposed amendments is to be written on a PTOL-413A or a custom form and should be faxed (or emailed, subject to MPEP 713.01.I / MPEP 502.03) to the Examiner at least 5 business days prior to the scheduled interview. Interview requests submitted within amendments may be denied because the Examiner was not notified, in advance, of the Applicant Initiated Interview Request and due to time constraints may not be able to review the interview request to prior to the mailing of the next Office Action.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Oved et al. (U.S. PG PUB 2008/0240130) teaches device, system and method of multicast communication. For example, an apparatus in accordance with an embodiment of the invention includes a non-kernel multicast protocol handler adapted to perform a multicast operation of a user mode application by bypassing the operating system kernel and directly accessing a communication adapter having an operating system bypass capability.
Ramarathinam et al. (U.S. PG PUB 2012/0096271) teaches an end user of an enterprise is enabled to receive secure remote presentation access to the assigned virtual machines in a hosted public cloud through the cloud provider's virtualization hosts and remote presentation gateway. Thus an enterprise administrator may purchase computing capacity from the cloud provider and further sub-divide the purchased computing capacity among enterprise end users. The cloud provider need not create shadow accounts for each end user of the enterprise. The cloud provider AD and the enterprise AD do not need to trust each other. The cloud provider also need not expose host information to the tenants. 
Nelson (U.S. PG PUB 2009/0183180) teaches a virtual machine (VM) runs on system hardware, which includes a physical network interface device that enables transfer of packets between the VM and a destination over a network. A virtual machine monitor (VMM) exports a hardware interface to the VM and runs on a kernel, which forms a system software layer between the VMM and the system hardware. Pending packets (both transmit and receive) issued by the VM are stored in a memory region that is shared by, that is, addressable by, the VM, the VMM, and the kernel. Rather than always transferring each packet as it is issued, packets are clustered in the shared memory region until a trigger event occurs, whereupon the cluster of packets is passed as a group to the physical network interface device. Optional mechanisms are included to prevent packets from waiting too long in the shared memory space before being transferred to the network. An interrupt offloading mechanism is also disclosed for use in multiprocessor systems such that it is in most cases unnecessary to interrupt the VM in order to request a VMM action, and the need for VMM-to-kernel context transitions is reduced.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to CARINA YUN whose telephone number is (571)270-7848. The examiner can normally be reached Mon, Weds, Thurs, 9-4.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to call.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Dennis Chow can be reached on (571) 272-7767. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To 

Carina Yun
Patent Examiner
Art Unit 2194



/CARINA YUN/Examiner, Art Unit 2194