DETAILED ACTION
This Office Action is in response to the application 17/080,836 filed on 03/14/2022.
Claims 1-10 and 12 have been examined and are pending in this application.
Election/Restrictions
Applicant elects, without traverse, Group I, comprising claims 1-10 and 12, for prosecution of this patent application in the reply filed on 03/14/2022 is acknowledged.
Claim Objections
Claims 2-5, 7-10 and 12 are objected to because of the following informalities:  
Regarding claims 2-5, 7-10 and 12 , claims 2-5, 7-10 and 12 recite the limitations “the method of claim ….” and “the computer readable medium of claim...” It should read as “the method of claim[,]” and “the computer readable medium of claim[,]”
Appropriate correction(s) is required.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior 
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains.  Patentability shall not be negatived by the manner in which the invention was made.
Claims 1-2, 6-7 and 12 are rejected under pre-AIA  35 U.S.C. 103(a)  as being unpatentable over Pellacuru (US 7,181,612), and in view of Hsu (US 2007/0133467).
Regarding claim 1, Pellacuru discloses a method for providing randomized Security Parameter Index (SPI) for distributed Internet Protocol security (IPsec) (Pellacuru col.7; lines 10-18 and fig. 2 (210 and 248). Pellacuru teaches that generates an IPsec based message with a randomly generated SPI, The use of a randomly generated four-byte SPI is typical for IPsec implementations, although other approaches for generating the SPI and other SPI sizes may be used), comprising:
 designating each IPsec node with a unique node identifier, the IPsec node ID (Pellacuru col.5; lines 11-13 and col. 13; 29-38 and fig.3. Pellacuru teaches that  the identifiers are IPsec Security Parameter Indexes (SPI's) used by an IPsec originator node and an IPsec responder node; IPsec traffic is analyzed to determine whether the destination node is known, and if the destination node is not known, the identifier associated with the IPsec traffic is used to determine to which destination node the traffic should be directed);
(Pellacuru col.7; lines 55-57 and fig. 2 (210, 244). Pellacuru teaches that the IPsec responder node performs a hash on the originator SPI of the IPsec based message from the IPsec originator node); and 
the randomized SPI to an IPsec tunnel associated with the each IPsec node (Pellacuru col.1; lines 64-67; col. 2; lines 27-29. Pellacuru teaches that some telecommunications networks secure traffic over networks through the use of the Internet Protocol Security (IPsec or IPSec), which may be used with a virtual private network (VPN). IPsec uses security associations (SA's) that specify the parameters for the IPsec secured traffic, and IPsec operates in one of two modes, transport mode or tunnel mode. IPsec uses Security Parameter Index (SPI) values to identify the security association (SA) used for the secured traffic between two nodes, such as over a VPN. The SA defines the encryption protocols, keys, and other parameters relating to the IPsec secured traffic. Conventionally, the SPI for each node communicating via IPsec is a randomly generated value).
Pellacuru discloses providing randomized Security Parameter Index (SPI) for distributed Internet Protocol security (IPsec); designating each IPsec node with a unique node identifier and the randomized SPI (Fig, 2 ,3 and col.1; lines 64-67; col. 2; lines 27-29) .However, Pellacuru does not explicitly discloses assigning the SPI to an IPsec tunnel associated with the each IPsec node. 
Hsu, however, also teaches a system of IPsec tunnel wherein assigning the SPI to an IPsec tunnel associated with the each IPsec node (Hsu par.0011. Hsu teaches that A first tunnel (IPSec tunnel) is established between a relay node (TTG) and a user equipment (UE) in the WLAN network by assigning parameters SPI and TS).
Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention was made to, combine the teachings of Hsu with the method and system of Pellacuru, wherein assigning the SPI to an IPsec tunnel associated with the each IPsec node to provide users with a means for establishing IPSec tunnel by assigning parameters SPI (Hsu abstract).
Regarding claim 2, Pellacuru and Hsu disclose the method of 1, 
Pellacuru further discloses wherein the randomized SPI is generated uniformly to ensure statistically uniform distribution of SPIs over IPsec nodes (Pellacuru col.7; lines 10-18, col. 17; lines 56-58 and fig. 2 (210 and 248). Pellacuru teaches that generates an IPsec based message with a randomly generated SPI, The use of a randomly generated four-byte SPI is typical for IPsec implementations, although other approaches for generating the SPI and other SPI sizes may be used and the responder SPI may consist of two bytes of a conventionally determined SPI and two bytes from the result value based on the originator SPI).
Regarding claims 6-7 and 12; .
Claims 3-5 and 8-10 are rejected under pre-AIA  35 U.S.C. 103(a)  as being unpatentable over Pellacuru (US 7,181,612), in view of Hsu (US 2007/0133467) and further in view of Pan (US 2017/0374025).
Regarding claim 3, Pellacuru and Hsu disclose the method of 1, 
Pellacuru and Hsu failed to disclose but Pan further discloses wherein further comprising splitting an IPsec subsystem into multiple IPsec virtual nodes, a logical unit that will be associated with a set of IPsec tunnels (Pan abstract and par.0036. Pan teaches bundling multiple IPsec dialup tunnels into a single IPsec interface are provided. making use of a single IPsec interface (created in advance or responsive to the first request for a secure connection) to which multiple separate tunnels for each client device are subsequently bound, thereby avoiding the inefficiencies associated with creation and termination of separate and independent IPsec interfaces for each requested secure session. See also par. 0022, 0032 and 0034).
Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention was made to, combine the teachings of Pan with the method and system of Pellacuru and Hsu, wherein splitting an IPsec subsystem into multiple IPsec virtual nodes to provide users with a means for bundling multiple IPsec dialup tunnels into a single IPsec interface to secure network packet processing (Pan abstract and par.0002).
Regarding claim 4, Pellacuru, Hsu and Pan disclose the method of 3, 
Pan further discloses further comprising distributing tunnels associated with a subsystem among all the nodes (Pan par.0036. Pan teaches the present invention a network device provides efficient communication between multiple client devices through a first network device and a second network device, while making use of a single IPsec interface (created in advance or responsive to the first request for a secure connection) to which multiple separate tunnels for each client device are subsequently bound).  
Regarding claim 5, Pellacuru and Hsu disclose the method of 1, 
Pellacuru and Hsu failed but Pan further discloses further comprising assigning to a load balancer a node associated with the incoming IPsec packet, then forwarding the packet to the IPsec node (Pan par. 0029 and 0056. Pan teaches that the first network device can create multiple IPsec interfaces, each associated with a corresponding second network device such that a packet received at the first network device is mapped to a defined IPsec interface selected from the multiple IPsec interfaces based on a destination IP address of the received packet. when subsequent packets are received from the same client and for the same destination, the network device can refer to the IPsec interface table 502 for making a decision on whether to transfer the newly received packets over an existing tunnel, or to create a new tunnel for an existing over IPsec interface. In an exemplary implementation, an existing IPsec interface can, depending on availability of resources and other such criteria, be discarded when the interface is not used for a predefined period of time).
Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention was made to, combine the teachings of Pan with the method and system of Pellacuru and Hsu, wherein splitting an IPsec subsystem into multiple IPsec virtual (Pan abstract and par.0002).
Regarding claims 8-10; claims 8-10 are directed to a computer readable medium associated with the method claimed in claims 3-5 respectively.  Claims 8-10 are similar in scope to claims 3-5 respectively and are therefore rejected under similar rationale respectively.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SANCHIT K SARKER whose telephone number is (571)270-7907. The examiner can normally be reached M-F 8:30 AM-5:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, FARID HOMAYOUNMEHR can be reached on 571-272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is 





/SANCHIT K SARKER/Examiner, Art Unit 2495