Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
This Office Action is in response to the Amendment filed on 06/30/2022.
In the instant Amendment, claims 1-10 and 12 have been amended. Claims 1 and 6 are independent claims.  Claims 1-10 and 12 have been examined and are pending.  This Action is made FINAL.
Information Disclosure Statement
The information disclosure statement (IDS), submitted on 06/30/2022, is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Response to Arguments
The objection to the claims 2-5, 7-10 and 12 withdrawn as the claims have been amended.
Applicants’ arguments in the instant Amendment, filed on 06/30/2022, with respect to limitations listed below, have been fully considered but they are not persuasive.
 Applicant’s arguments: Applicant asserts that None of Pellacuru nor Hsu, taken alone or in combination, disclose or suggest there features nor the benefits associated therewith such as “the random SPI is a generated number over SPI space, and wherein the hashing is performed using a known hash collision resistant algorithm.”
The Examiner disagrees with the Applicants. The Examiner respectfully submits that Pellacuru does disclose the random SPI is a generated number over SPI space, and wherein the hashing is performed using a known hash collision resistant algorithm. As seen in col. 7; lines 17-18; col.10; lines 3-8; col. 18; lines 5-9 and Fig. 2A (210, 228) of Pellacuru. Pellacuru teaches that the SPI generated using a pseudo-random number generator and a specified scheme is used to generate a result based on an initial identifier. For example, the specified scheme may be the MD5 one-way hash function and the initial identifier is a randomly generated SPI. By applying MD5 to the randomly generated SPI, a hash value, or hash result, is produced. For example, with a four byte SPI, MD5 produces a sixteen byte hash. Furthermore, the risk of collisions can be lessened by using randomly generated originator SPI's, such that the result values based on the randomly generated originator SPI's are less likely to be the same. Further Examiner note that the Applicant repeatedly admits in the specification (par. 0024) that to make the random SPI generation uniform over full SPI space (either 64 bit or 32 bit), hashing of random SPI would give the ideal result. Therefore Pellacuru does disclose the random SPI is a generated number over SPI space, and wherein the hashing is performed using a known hash collision resistant algorithm. See also col. 10; lines 49-62.  
Independent claim 6 directed to a non-transitory computer readable medium that perform a method at least similar to that disclosed in claim 1 and claims 2-5, 7-10 and 12 depend from claim 1 and 6. Thus Applicants’ arguments with respect to claims -5, 7-10 and 12, have been fully considered but they are not persuasive for at least the reasons explained above with respect to claim 1. 
Thus, the amended limitations are still obvious over the prior art of record. Please see amended rejection below for the amended rejection.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains.  Patentability shall not be negatived by the manner in which the invention was made.
Claims 1-2, 6-7 and 12 are rejected under pre-AIA  35 U.S.C. 103(a)  as being unpatentable over Pellacuru (US 7,181,612), and in view of Hsu (US 2007/0133467).
Regarding claim 1, Pellacuru discloses a method for providing randomized Security Parameter Index (SPI) for distributed Internet Protocol security (IPsec) (Pellacuru col.7; lines 10-18 and fig. 2 (210 and 248). Pellacuru teaches that generates an IPsec based message with a randomly generated SPI, The use of a randomly generated four-byte SPI is typical for IPsec implementations, although other approaches for generating the SPI and other SPI sizes may be used), comprising:
 designating each IPsec node with a unique node identifier, the IPsec node ID (Pellacuru col.5; lines 11-13 and col. 13; 29-38 and fig.3. Pellacuru teaches that  the identifiers are IPsec Security Parameter Indexes (SPI's) used by an IPsec originator node and an IPsec responder node; IPsec traffic is analyzed to determine whether the destination node is known, and if the destination node is not known, the identifier associated with the IPsec traffic is used to determine to which destination node the traffic should be directed);
performing a hash function on a random SPI to provide a randomized SPI (Pellacuru col.7; lines 55-57 and fig. 2 (210, 244). Pellacuru teaches that the IPsec responder node performs a hash on the originator SPI of the IPsec based message from the IPsec originator node); wherein the random SPI is a generated number over SPI space, and wherein the hashing is performed using a known hash collision resistant algorithm (Pellacuru col. 7; lines 17-18; col.10; lines 3-8; col. 18; lines 5-9 and Fig. 2A (210, 228). Pellacuru teaches that the SPI may be generated using a pseudo-random number generator and a specified scheme is used to generate a result based on an initial identifier. For example, the specified scheme may be the MD5 one-way hash function and the initial identifier is a randomly generated SPI. By applying MD5 to the randomly generated SPI, a hash value, or hash result, is produced. For example, with a four byte SPI, MD5 produces a sixteen byte hash. Furthermore, the risk of collisions can be lessened by using randomly generated originator SPI's, such that the result values based on the randomly generated originator SPI's are less likely to be the same);  and 
the randomized SPI to an IPsec tunnel associated with the each IPsec node (Pellacuru col.1; lines 64-67; col. 2; lines 27-29. Pellacuru teaches that some telecommunications networks secure traffic over networks through the use of the Internet Protocol Security (IPsec or IPSec), which may be used with a virtual private network (VPN). IPsec uses security associations (SA's) that specify the parameters for the IPsec secured traffic, and IPsec operates in one of two modes, transport mode or tunnel mode. IPsec uses Security Parameter Index (SPI) values to identify the security association (SA) used for the secured traffic between two nodes, such as over a VPN. The SA defines the encryption protocols, keys, and other parameters relating to the IPsec secured traffic. Conventionally, the SPI for each node communicating via IPsec is a randomly generated value).
Pellacuru discloses providing randomized Security Parameter Index (SPI) for distributed Internet Protocol security (IPsec); designating each IPsec node with a unique node identifier and the randomized SPI (Fig, 2 ,3 and col.1; lines 64-67; col. 2; lines 27-29) .However, Pellacuru does not explicitly discloses assigning the SPI to an IPsec tunnel associated with the each IPsec node. 
Hsu, however, also teaches a system of IPsec tunnel wherein assigning the SPI to an IPsec tunnel associated with the each IPsec node (Hsu par.0011. Hsu teaches that A first tunnel (IPSec tunnel) is established between a relay node (TTG) and a user equipment (UE) in the WLAN network by assigning parameters SPI and TS).
Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention was made to, combine the teachings of Hsu with the method and system of Pellacuru, wherein assigning the SPI to an IPsec tunnel associated with the each IPsec node to provide users with a means for establishing IPSec tunnel by assigning parameters SPI (Hsu abstract).
Regarding claim 2, Pellacuru and Hsu disclose the method of 1, 
Pellacuru further discloses wherein the randomized SPI is generated uniformly to ensure statistically uniform distribution of SPIs over IPsec nodes (Pellacuru col.7; lines 10-18, col. 17; lines 56-58 and fig. 2 (210 and 248). Pellacuru teaches that generates an IPsec based message with a randomly generated SPI, The use of a randomly generated four-byte SPI is typical for IPsec implementations, although other approaches for generating the SPI and other SPI sizes may be used and the responder SPI may consist of two bytes of a conventionally determined SPI and two bytes from the result value based on the originator SPI).
Regarding claims 6-7 and 12; claims 6-7 and 12 are directed to a computer readable medium associated with the method claimed in claims 1-2 respectively.  Claims 6-7  and 12 are similar in scope to claims 1-2 respectively and are therefore rejected under similar rationale respectively.
Claims 3-5 and 8-10 are rejected under pre-AIA  35 U.S.C. 103(a)  as being unpatentable over Pellacuru (US 7,181,612), in view of Hsu (US 2007/0133467) and further in view of Pan (US 2017/0374025).
Regarding claim 3, Pellacuru and Hsu disclose the method of 1, 
Pellacuru and Hsu failed to disclose but Pan further discloses wherein further comprising splitting an IPsec subsystem into multiple IPsec virtual nodes, a logical unit that will be associated with a set of IPsec tunnels (Pan abstract and par.0036. Pan teaches bundling multiple IPsec dialup tunnels into a single IPsec interface are provided. making use of a single IPsec interface (created in advance or responsive to the first request for a secure connection) to which multiple separate tunnels for each client device are subsequently bound, thereby avoiding the inefficiencies associated with creation and termination of separate and independent IPsec interfaces for each requested secure session. See also par. 0022, 0032 and 0034).
Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention was made to, combine the teachings of Pan with the method and system of Pellacuru and Hsu, wherein splitting an IPsec subsystem into multiple IPsec virtual nodes to provide users with a means for bundling multiple IPsec dialup tunnels into a single IPsec interface to secure network packet processing (Pan abstract and par.0002).
Regarding claim 4, Pellacuru, Hsu and Pan disclose the method of 3, 
Pan further discloses further comprising distributing tunnels associated with a subsystem among all the nodes (Pan par.0036. Pan teaches the present invention a network device provides efficient communication between multiple client devices through a first network device and a second network device, while making use of a single IPsec interface (created in advance or responsive to the first request for a secure connection) to which multiple separate tunnels for each client device are subsequently bound).  
Regarding claim 5, Pellacuru and Hsu disclose the method of 1, 
Pellacuru and Hsu failed but Pan further discloses further comprising assigning to a load balancer a node associated with the incoming IPsec packet, then forwarding the packet to the IPsec node (Pan par. 0029 and 0056. Pan teaches that the first network device can create multiple IPsec interfaces, each associated with a corresponding second network device such that a packet received at the first network device is mapped to a defined IPsec interface selected from the multiple IPsec interfaces based on a destination IP address of the received packet. when subsequent packets are received from the same client and for the same destination, the network device can refer to the IPsec interface table 502 for making a decision on whether to transfer the newly received packets over an existing tunnel, or to create a new tunnel for an existing over IPsec interface. In an exemplary implementation, an existing IPsec interface can, depending on availability of resources and other such criteria, be discarded when the interface is not used for a predefined period of time).
Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention was made to, combine the teachings of Pan with the method and system of Pellacuru and Hsu, wherein splitting an IPsec subsystem into multiple IPsec virtual nodes to provide users with a means for bundling multiple IPsec dialup tunnels into a single IPsec interface to secure network packet processing (Pan abstract and par.0002).
Regarding claims 8-10; claims 8-10 are directed to a computer readable medium associated with the method claimed in claims 3-5 respectively.  Claims 8-10 are similar in scope to claims 3-5 respectively and are therefore rejected under similar rationale respectively.
Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SANCHIT K SARKER whose telephone number is (571)270-7907. The examiner can normally be reached M-F 8:30 AM-5:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, FARID HOMAYOUNMEHR can be reached on 571-272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SANCHIT K SARKER/Primary Examiner, Art Unit 2495