DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 
This written action is responding to the amendment dated on January 18, 2022.
Claims 21-40 are allowed.
Examiner’s Note
The prior rejection of double patenting has been withdrawn in view of the electronic terminal disclaimer received on March 07, 2022.

Allowable Subject Matter
Claims 21-40 are allowed.

Examiner’s Statement of Reasons for Allowance
The following is an examiner’s statement of reasons for allowance.
Independent Claim 21 is allowable based on the amendment presented on January 18, 2022 and electronic terminal disclaimer filed on March 07, 2022.
Specifically, the independent Claim 21 now recites limitations as follows:
“A method of providing encryption keys comprising: 
generating first and second different encryption keys for first and second secure wires; 
in response to a selection of a first machine to add to the first secure wire, associating an interface of the first machine with the first secure wire and using the first key [[to]] at a first host computer on which the first machine executes in order for the first host computer to encrypt and decrypt messages exchanged between the first machine and a plurality of other machines connected to the first secure wire on at least a second host computer without the first host computer being required to negotiate any key for the first secure wire on a point-to- point basis with any other host computer including the second host computer; and 
in response to a selection of a second machine to add to the second secure wire, associating an interface of the second machine with the second secure wire and using the second key [[to]] at a third host computer on which the second machine executes in order for the third host computer to encrypt and decrypt messages exchanged between the second machine and a plurality of other machines connected to the second secure wire on at least a fourth host computer without the third host computer being required to negotiate any key for the second secure wire on a point-to-point basis with any other host computer including the fourth host computer”.
The cited reference by Nakae et al. (US PGPUB. # US 2011/0179412) discloses, the key managing unit 12 carries out processes for generating an encryption key specific to the business project when the project is newly generated, for updating the key when the project members are changed or the like, and stores the key in a non-volatile memory or a secondary storage device which are contained inside. Also, the key managing unit 12 distributes the encryption key to encryption processing units 232-1 to 232-N in the computers 2-1 to 2-N, at the times of generating and updating. (¶46). Thus Nakae teaches, generating different encryption keys. The encryption processing units 232-1 to (¶49). 
The reference by Alden et al. (US PAT. # US 6,101,543) discloses, during operation of the elements shown in FIG. 3, the present system establishes a tunnel connection between the private network N1 48 and the private network N2 60. The embodiment of FIG. 3 thus eliminates the need for a dedicated physical cable or line to provide secure communications between the private network 48 and the private network 60. The tunnel connection between Tunnel Server A 46 and Tunnel Server D 62 is composed of reliable, pair-wise transport layer connections between Tunnel Server A 46 (node "A"), Tunnel Relay B 54 (node "B"), Tunnel Relay C 56 (node "C"), and Tunnel Server D 62 (node "D"). For example, such pair-wise connections may be individual transport layer connections between each node A and node B, node B and node C, and node C and node D. In an alternative embodiment, as will be described below, a tunnel connection may alternatively be formed between a stand-alone PC in a public (Fig. 3, CL(7), LN(1-14)).  FIG. 14 shows an example embodiment of a virtual private network 249 formed by a pseudo network adapter 248 and a tunnel connection between a tunnel client 247 and a tunnel server 253 across a public network 251. The tunnel server 253 and tunnel client 247 are for example network stations including a CPU or microprocessor, memory, and various I/O devices. The tunnel server 253 is shown physically connected to a private LAN 256 including a Network Node 1 257 and a Network Node 2 258, through a physical network adapter 254. The tunnel server 253 is further shown physically connected with a firewall 252 which separates the private LAN 256 from the public network 251. The firewall 252 is physically connected with the public network 251. The tunnel server 253 is further shown including a pseudo network adapter 255. The client system 247 is shown including a physical network adapter 250 physically connected to the public network 251. (Cl14), LN(11-14)). Examiner interprets tunnel as a secure wire. The following are provided by use of a key exchange/authentication REQUEST frame and a key exchange/authentication RESPONSE frame: (24) a) mutual authentication of both endpoints of the tunnel connection; (25) b) establishment of shared session encryption keys and key lifetimes for encrypting/authenticating subsequent data sent through the tunnel connection; (26) d) agreement on a shared set of cryptographic transforms to be applied to subsequent data; and (27) e) exchange of any other connection-specific data between the tunnel endpoints, for example strength and type of cipher to be used, any compression of the data to be used, etc. This data can (CL(8), LN(30-44)).  The attributes exchanged using the steps shown in FIG. 5 may be used for the lifetime of the tunnel connection. In an alternative embodiment the steps shown in FIG. 5 are repeated as needed for the tunnel end points to exchange sufficient key exchange material to agree upon a set of session parameters for use during the tunnel connection such as cryptographic keys, key durations, and choice of encryption/decryption algorithms. (CL(8), LN(53-57)). At step 334 the pseudo network adapter encrypts the message using an encryption engine such that only the receiver is capable of decrypting and reading the message. At step 336 the pseudo network adapter encapsulates the encrypted message into a tunnel data frame. At step 338 the pseudo network adapter transmits the tunnel data frame through the tunnel connection using the TCP/IP protocol stack. (CL(17), LN(3-5)). Thus Alden teaches that messages are encrypted and decrypted.
The reference by Edwards et al. (US PGPUB. # US 2010/0107162) discloses, in figure 15 discloses a physical host has multiple of virtual machines communicates with at least one host computer via a physical network (secure wire).
Marino et al. (US PAT. # US 9,154,327) discloses, a virtual network is overlaid upon physical networks. The virtual network is a layer-2 network that appears to expand an organization's LAN using virtual MAC addresses. A VN device driver shim intercepts LAN packets and their virtual MAC and IP addresses and encapsulates them with physical packets that can be routed over (Abstract).
Eric Obligacion (US PGPUB. # US 2014/0189235) discloses, a stealth appliance may be coupled between a storage controller and a disk array. The stealth appliance may be configured to receive a request from the storage controller encrypted with a first community-of-interest (COI) key, to decrypt the request with the first COI key, to encrypt the request with a second COI key, and to transmit the encrypted request to the disk array. (Abstract).
Raizen et al. (US PAT. # US 8,751,828) discloses, a host in an encrypted data storage system sends encryption metadata associated with an encrypted logical volume (LV) from a key controller module to an encryption endpoint via a storage I/O stack. The encryption metadata identifies an encryption key and encrypted regions of the LV, and the sending results in establishment of one or more shared associations between the key controller module and the encryption endpoint which associates the encrypted LV with the encryption metadata for the encrypted LV. A data storage operation is performed on the encrypted LV by (Abstract).
Cohen et al. (US PGPUB. # US 2014/0122675) discloses, allowing servers connected over an InfiniBand fabric to communicate using multiple private virtual interconnects (PVIs). In particular embodiments, the PVIs appear as virtual Ethernet networks to users on individual servers and virtual machines running on the individual servers. Each PVI is represented on the server by a virtual network interface card (VNIC) and each PVI is mapped to its own InfiniBand multicast group. Data can be transmitted on PVIs as Ethernet packets fully encapsulated, including the layer 2 header, within InfiniBand messages. Broadcast and multicast frames are propagated using InfiniBand. (Abstract).
Korthny et al. *US PGPUB. # US 2014/0095868) discloses, providing sensitive data protection in a virtual computing environment. The systems and methods utilize a sensitive data control monitor on a virtual appliance machine administering guest virtual machines in a virtual computing environment, wherein each of the guest virtual machines may include a local sensitive data control agent. The sensitive data control monitor generates encryption keys for each guest virtual machine which are sent to the local sensitive data control agents and used to encrypt data locally on a protected guest virtual machine. In this manner the data itself on the virtual (or physical) disc associated with the guest virtual machine is encrypted while access attempts are gated by a combination of (Abstract).
However, each of the cited references or reference from the updated search, at least, fails to teach or suggest the limitations regarding “………associating an interface of the first machine with the first secure wire and using the first key at a first host computer on which the first machine executes in order for the first host computer to encrypt and decrypt messages exchanged between the first machine and a plurality of other machines connected to the first secure wire on at least a second host computer without the first host computer being required to negotiate any key for the first secure wire on a point-to- point basis with any other host computer including the second host computer,,,”, in combination with the rest of the limitations recited in the independent claim(s).
None of the previous cited prior art references or reference(s) from the updated search yield any specific references that would reasonably, either singularly or in combination with previous cited reference, result a reasonable and proper rejection for each of the cited feature limitations of the independent claim 21 under 35 U.S.C. 102 or 35 U.S.C. 103 with proper motivation.
Claims 31 is a non-transitory computer machine readable medium claim of above method claim 21, and therefore, they are also allowed.
Claims 22-30 depend on the allowed claim 21, and therefore, they are also allowed.
Claims 32-40 depend on the allowed claim 31, and therefore, they are also allowed.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled "Comments on Statement of Reasons for Allowance".

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DARSHAN I DHRUV whose telephone number is (571)272-4316. The examiner can normally be reached M-F 9:00 AM-5:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 571-272-8878. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For 





/DARSHAN I DHRUV/Primary Examiner, Art Unit 2498