DETAILED ACTION
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
This Office Action is in reply to the communication filed on 8/3/2020.
Claims 1-10 are pending for consideration.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 1-10 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. 
Claim 1 recites the limitation “providing a quantum secure pre-shared key derivation scheme for a data link layer bulk encryption algorithm, wherein the ability to setup a separate communication channel, via the SSH protocol, and leverage ECDH over said channel to share pre- shared keys”.  
Applicant is respectfully reminded, for computer-implemented features, “examiners should determine whether the specification discloses the computer and the algorithm (e.g., the necessary steps and/or flowcharts) that perform the claimed function in sufficient detail such that one of ordinary skill in the art can reasonably conclude that the inventor invented the claimed subject matter.” MPEP § 2161.01(I).
The instant claim 1 does not provide an algorithm that performs the function “the ability to setup a separate communication channel” in sufficient detail such that one of ordinary skill in the art can reasonably conclude that the inventor invented the claimed subject matter.
Furthermore, Applicant’s specification does not describe an algorithm that performs the function “the ability to setup a separate communication channel” in sufficient detail such that one of ordinary skill in the art can reasonably conclude that the 
Dependent claims 2–10 fail to cure this deficiency of independent claim 1 (set forth directly above) and are rejected accordingly.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-10 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Regarding claim 1, 
claim 1 recites the acronyms (SSH, ECDH CPU). The examiner notes for better clarity the acronyms (SSH, ECDH CPU) should be spelled out with its first occurrence. Appropriate correction is required.
Claim 1 recites the limitation "the internet protocol (IP) layer" in the preamble.  There is insufficient antecedent basis for this limitation in the claim.
Claim 1 recites the limitation “wherein the ability to setup a separate communication channel, via the SSH protocol, and leverage ECDH over said channel to share pre-shared keys”.  The recitation of the ability lacks Minton v. Nat’l Ass’n of Securities Dealers, Inc., 336 F.3d 1373, 1381, 67 USPQ2d 1614, 1620 (Fed. Cir. 2003))  For purpose of prior art examination, the Examiner broadly interprets that recitation as a clarification for the providing step.
Claim 1 recites the limitation “assigning a set of network ports to specific bridges”.  The claimed “specific bridges” lacks antecedent basis.  For examination purposes this claim limitation has been construed as referring to the set of software-based network bridges.  Appropriate correction is required.
Claim 1 recites “provisioning a Network interface card (NIC) offloading and packet steering functionality, wherein the NIC offloading and packet steering functionality provides network packet handling for network communications”.  It is unclear which components of the claim are implemented the functionality of the NIC offloading and packet steering to provide network packet handling.  Furthermore, this limitation does not link with the rest of the steps of claim 1.  It is unclear if the set of encrypted packets get provided with network packet handling or a specific encrypted packet gets provided with network packet handling.  The metes and bounds of this limitation is entirely unclear and subjective.
Dependent claims 2–10 fail to cure this deficiency of independent claim 1 (set forth directly above) and are rejected accordingly.

Claim Rejections - 35 USC § 103

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-10 are rejected under 35 U.S.C. 103 as being unpatentable over Hutchison et al. (US 20140056307) (hereinafter Hutchison) in view of Green et al. (Reference U: “Elliptic Curve Algorithm Integration in the Secure Shell Transport Layer”) (hereinafter Green).
Regarding claim 1, Hutchison teaches a method for packet orchestration to provide data encryption at the internet protocol (IP) layer, comprising the steps of: 
providing a set of software-based network bridges (Hutchison: see figures 2 and 4; and paragraphs 0023-0024, 0039 and 0056, “if the packets or subset of the flow is segmented or otherwise divided for processing by multiple cores or processors, performing the transformations may be very complex, as the cores may be forced to process the packet or subset in a coordinated fashion” [Examiner notes: paragraph 0057 of the Applicant’s disclosure discloses the bridges can each represent a segmented group of network traffic]); 
assigning a set of network ports to specific bridges, wherein the set of network ports implement segmentation and isolation based on an organizational policy (Hutchison: paragraphs 0039, 0043-0044 and 0057, “each packet may be entirely processed by an individual core rather than segmenting the packet and distributing the processing of the segments across multiple parallel cores”… “even with 
provisioning and configuring of a set of CPU cores to handle wire-speed data encryption and decryption on a per bridge segmentation standpoint, wherein each network bridge segment, has it own CPU core affinity, and recommended buffer allocation (Hutchison: paragraphs 0057 and 0062, “multiple cryptographic cores (e.g., parallel processing cores) may be utilized in a single network appliance for data encryption. A DEU may be configured to encrypt packets in a data network environments such as Internet Protocol (e.g., IPsec, High Assurance Internet Protocol Encryptor (HAIPE) protocol, etc.) or Ethernet (e.g., MACsec), for example using multiple keys selected on a per-user basis. The DEU may encrypt the packets in such a way that the use of many parallel cores does not affect the external behavior of the unit”); 
provisioning per bridge, an IP overlay encapsulation of a set of encrypted packets (Hutchison: paragraphs 0008, 0062 and 0070, “The received packets may be multiplexed such that each packet is assigned to one of the encryption cores.” … “The count-based multiplexor positioned to receive the encrypted packets from the individual CP cores (e.g., MUX 620) may be configured to ensure in-sequence delivery of the encrypted packet.”); and 
provisioning a Network interface card (NIC) offloading and packet steering functionality, wherein the NIC offloading and packet steering functionality provides network packet handling for network communications (Hutchison: paragraphs 0039 and 0070, “The count-based multiplexor positioned to receive the encrypted packets from the individual CP cores (e.g., MUX 620) may be configured to 
Hutchison does not explicitly teach the following limitation which is taught by Green, providing a quantum secure pre-shared key derivation scheme for a data link layer bulk encryption algorithm, wherein the ability to setup a separate communication channel, via the SSH protocol, and leverage ECDH over said channel to share pre-shared keys (Green: pages 5, 9 and 13-14, “it is important that the size of elliptic curve be chosen to match the security strength of other elements of the SSH handshake” … “Every SSH ECC implementation MUST support the named curves below.    These curves are defined in [SEC2]”).  
Hutchison and Green are analogous art because they are from the same field of endeavor, data exchange in a secure way.  Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Hutchison and Green before him or her, to modify the system of Hutchison to include the SSH ECC algorithm integration of Green.  The suggestion/motivation for doing so would have been to increase security in the system.
Regarding claim 2, Hutchison as modified further teaches wherein the set of network ports are assigned to set of software-based network bridges based on a set of communication and isolation requirements (Hutchison: paragraphs 0039, 0043-0044 and 0057, “each packet may be entirely processed by an individual core rather than segmenting the packet and distributing the processing of the segments 
Regarding claim 3, Hutchison as modified further teaches wherein the mechanism for provisioning per bridge is provided using segment isolation (Hutchison: paragraphs 0039, 046 and 0057, “Input Packets 214 may be demultiplexed into a pool of packet processing resources. For example, DPA 200 may include two or more parallel processing (PP) cores (e.g., PP Core 1 202, PP Core 2 204, PP Core 3 206, PP Core N 208). Input Packets 214 may be demultiplexed in a number of different ways. Each packet may be assigned and routed to an individual core. Thus, each packet may be entirely processed by an individual core rather than segmenting the packet and distributing the processing of the segments across multiple parallel cores.”).
Regarding claim 4, Hutchison as modified further teaches wherein the provisioning per bridge of the IP overlay encapsulation of the set of encrypted packets is implemented with a specified encapsulation/decapsulation functionality of an operating-system software and a network vendors ethernet controller
Regarding claim 5, Hutchison as modified further teaches wherein the IP overlay encapsulation is implemented with a tunneling protocol (Hutchison: paragraph 0039, “Second FIFO/multiplexing elements may be implemented at the output of the processing pool to Black Network I/O 212. The result may be for Output Packets 216 to be sent onto a network via Black Network I/O 212”).
Regarding claim 6, Hutchison as modified further teaches wherein the network packet handling of the NIC offloading and packet steering functionality comprises an encapsulation operation (Hutchison: paragraphs 0039 and 0070, “The count-based multiplexor positioned to receive the encrypted packets from the individual CP cores (e.g., MUX 620) may be configured to ensure in-sequence delivery of the encrypted packet.” … “Second FIFO/multiplexing elements may be implemented at the output of the processing pool to Black Network I/O 212. The result may be for Output Packets 216 to be sent onto a network via Black Network I/O 212”).
Regarding claim 7, Hutchison as modified further teaches wherein the network packet handling of the NIC offloading and packet steering functionality comprises a checksum operation
Regarding claim 8, Hutchison as modified further teaches wherein the network packet handling of the NIC offloading and packet steering functionality comprises a buffer allocation operation (Hutchison: paragraphs 0034 and 0039, “Pipelining may result in some amount of buffer storage being inserted between elements.”… “For example a series of FIFO elements/buffers may be used as an interface between the Red Network I/O 210 and the packet processing elements (e.g., PP Core 1 202, PP Core 2 204, PP Core 3 206, PP Core N 208). Second FIFO/multiplexing elements may be implemented at the output of the processing pool to Black Network I/O 212. The result may be for Output Packets 216 to be sent onto a network via Black Network I/O 212”).
Regarding claim 9, Hutchison as modified further teaches wherein the provisioning per bridge and the IP overlay encapsulation of encrypted packets with post quantum encryption is implemented per the specifications of a specified Ethernet Controller manufacturer (Hutchison: paragraphs 0039 and 0070, “For example a series of FIFO elements/buffers may be used as an interface between the Red Network I/O 210 and the packet processing elements (e.g., PP Core 1 202, PP Core 2 204, PP Core 3 206, PP Core N 208). Second FIFO/multiplexing elements may be implemented at the output of the processing pool to Black Network I/O 212. The result may be for Output Packets 216 to be sent onto a network via Black Network I/O 212”).
Regarding claim 10, Hutchison as modified further teaches wherein an Ethernet Controller enables and configures the encapsulation/decapsulation offloading functionality (Hutchison: paragraphs 0039 and 0070, “The count-based multiplexor .

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure is listed on the enclosed PTO-892 form.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TRANG T DOAN whose telephone number is (571)272-0740. The examiner can normally be reached Monday-Friday 7-4 ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn D Feild can be reached on (571)272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.






/TRANG T DOAN/Primary Examiner, Art Unit 2431