DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office correspondence is in response to the application filed on February 9, 2021. 
Claims 1-20 are pending.
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 02/09/2021 is filed with the instant application, IDS(s) submitted on 12/06/2021, 05/11/2022, and 08/04/2022 was filed after the mailing date of the instant application on 02/09/2021.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claim(s) 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Jain et al. (US Publication 2019/0173851) hereafter Jain, in view of Hu et al. (US Publication 2014/0056146) hereafter Hu.
As per claim 1, a system comprising: one or more processors; and one or more computer-readable media storing instructions that, when executed by the one or more processors, cause the one or more processors to perform operations comprising: receiving, at a load balancer and from a client device, first data-plane traffic having a first security parameter index (SPI) value and a set of 5-tuple values (paragraphs 0005, 0009-10, 0052-53: policies requires encryption for establishing tunnels and uses encryption parameters/keys (SPI) and packet attributes (e.g. 5-tuple header values)); sending the first data-plane traffic to a first node based at least in part on the first SPI value, the first node being associated with a first encrypted tunnel (paragraphs 0036, 0058-59: policy specified for a particular encryption tunnel with matching parameter/keys (SPI)); receiving, at the load balancer, an indication that additional data-plane traffic received from the client device is to be sent to a second node, the second node being associated with a second encrypted tunnel (paragraphs 0049, 0053, 0058-59: data message requiring encryption using different tunnel); receiving, at the load balancer and from the client device, second data-plane traffic with set of 5-tuple values; and sending the second data-plane traffic to the second node (paragraphs 0067-69, 0079-81: use of IP rule table to specify policies and to encrypt traffic for different source and destination subnets using different types of encryption).  Although, Jain discloses encrypted data messages are received at multiple interfaces of the destination computer and include an identifier for a set of encryption parameters (SPI), but he fails to expressly disclose receiving, at the load balancer and from the client device, second data-plane traffic having a second SPI value and the set of 5-tuple values; and based at least in part on the second data-plane traffic having the set of 5-tuple values, sending the second data-plane traffic to the second node.
However, in the same field of endeavor, Hu discloses the claimed limitation of receiving, at the load balancer and from the client device, second data-plane traffic having a second SPI value and the set of 5-tuple values; and based at least in part on the second data-plane traffic having the set of 5-tuple values, sending the second data-plane traffic to the second node (paragraphs 0036, 0038-40: data packets are load generating SPI value for each data packet and sending data packet to proper servers accordingly).
Accordingly, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate Hus’ teaching with Jain for using load balancer having second data plane traffic with SPI. One would be motivated to distribute encrypted data messages with header modification and select server according to the encryption parameters/keys for providing services to appropriate destination. Thereby, increasing the load balancing of network traffic flows in multi-node system.
As per claim 2, Jain discloses the system, the operations further comprising: removing a first association between the first SPI value and the set of 5-tuple values; and storing a second association between the second SPI value and the set of 5-tuple values (paragraphs 0005, 0009-10, 0053: each data packets with 5-tuple values about source and destination).  
As per claim 3, Jain discloses the system wherein the indication is sent to the load balancer by the first node, the operations further comprising: receiving, at a controller, telemetry data indicating a load capacity associated with at least one of the first encrypted tunnel or the first node; determining, based at least in part on the telemetry data, that the load capacity meets or exceeds a threshold load capacity; and prompting the first node to send the indication based at least in part on the load capacity meeting or exceeding the threshold load capacity (paragraphs 0090: encryption tunnel is chosen based on load-balancing algorithm, and each new encryption tunnel is assigned an encryption-parameter-set identifier based on a current load).  
As per claim 4, Jain discloses the system wherein the load capacity is a first load capacity, the operations further comprising: determining, at the controller and based at least in part on the telemetry data, that a second load capacity associated with the second node is less than the threshold load capacity, wherein sending the second data-plane traffic to the second node is further based at least in part on the second load capacity being less than the threshold load capacity (paragraphs 0053, 0090: encryption tunnel is chosen based on load-balancing algorithm, and each new encryption tunnel is assigned an encryption-parameter-set identifier based on a current load).  
As per claim 5, Jain discloses the system the operations further comprising sending a message to the second node based at least in part on receiving the indication, the message configured to prompt the second node to provision one or more interfaces such that the second data-plane traffic is sent to the second node (paragraphs 0067-69, 0079-81).  
As per claim 6, Jain discloses the system wherein the message is a null encapsulating security payload (ESP) packet that includes at least an internet protocol (IP) address and a port associated with the client device (paragraphs 0058, 0062, 0065).  
As per claim 7, Jain discloses the system wherein the first node is a first data node, the second node is a second data node, and the first data-plane traffic and the second data-plane traffic is encapsulating security payload (ESP) traffic, the operations further comprising sending, to a control node that processes internet key exchange (IKE) traffic and based at least in part on the indication, a request for the control node to generate the second SPI value (paragraphs 0009, 0058, 0067-69, 0072).  
As per claim 8, Jain discloses a method comprising: receiving, at a load balancer and from a client device, first data-plane traffic having a first security parameter index (SPI) value and a set of 5-tuple values; sending the first data-plane traffic to a first node based at least in part on the first SPI value and the set of 5-tuple values (paragraphs 0005, 0009-10, 0052-53: policies requires encryption for establishing tunnels and uses encryption parameters/keys (SPI) and packet attributes (e.g. 5-tuple header values)); receiving, at the load balancer, an indication that at least a portion of the first data-plane traffic is to be sent to a second node (paragraphs 0036, 0058-59: policy specified for a particular encryption tunnel with matching parameter/keys (SPI)); based at least in part on the indication, prompting the second node to provision one or more interfaces such that the at least the portion of the first data-plane traffic is sent to the second node (paragraphs 0049, 0053, 0058-59: data message requiring encryption using different tunnel); receiving, at the load balancer and from the client device, second data-plane traffic and the set of 5-tuple values; determining that the second data-plane traffic is the at least the portion of the first data-plane traffic; and sending the second data-plane traffic to the second node (paragraphs 0067-69, 0079-81: use of IP rule table to specify policies and to encrypt traffic for different source and destination subnets using different types of encryption). Although, Jain discloses encrypted data messages are received at multiple interfaces of the destination computer and include an identifier for a set of encryption parameters (SPI), but he fails to expressly disclose receiving, at the load balancer and from the client device, second data-plane traffic having a second SPI value and the set of 5-tuple values; based at least in part on the second SPI value and the set of 5-tuple values, determining that the second data-plane traffic is the at least the portion of the first data-plane traffic; and sending the second data-plane traffic to the second node.
However, in the same field of endeavor, Hu discloses the claimed limitation of receiving, at the load balancer and from the client device, second data-plane traffic having a second SPI value and the set of 5-tuple values; based at least in part on the second SPI value and the set of 5-tuple values, determining that the second data-plane traffic is the at least the portion of the first data-plane traffic; and sending the second data-plane traffic to the second node (paragraphs 0036, 0038-40: data packets are load generating SPI value for each data packet and sending data packet to proper servers accordingly).
The same motivation that was utilized in the combination of claim 1 applies equally as well to claim 8.
As per claim 9, Jain discloses the method further comprising: removing a first association between the first SPI value and the set of 5-tuple values; and storing a second association between the second SPI value and the set of 5-tuple values (paragraphs 0005, 0009-10, 0053: each data packets with 5-tuple values about source and destination).
As per claim 10, Jain discloses the method further comprising: sending, to a third node and based at least in part on the indication, a request for the third node to generate the second SPI value; and receiving, at the load balancer, an indication of the second SPI value (paragraphs 0009-10, 0053, 0058-59).  
As per claim 11, Jain discloses the method further comprising: receiving, at a controller, telemetry data indicating a load capacity associated with the first node; determining, based at least in part on the telemetry data, that the load capacity meets or exceeds a threshold load capacity; and wherein prompting the second node to provision the one or more interfaces is further based at least in part on the load capacity associated with the first node (paragraphs 0090: encryption tunnel is chosen based on load-balancing algorithm, and each new encryption tunnel is assigned an encryption-parameter-set identifier based on a current load).
As per claim 12, Jain discloses the method further comprising determining, by the controller and based at least in part on the telemetry data, that a second load capacity associated with the second node is less than the threshold load capacity (paragraphs 0067-69, 0079-81).
As per claim 13, Jain discloses the method further comprising: generating, at the load balancer, a null encapsulating security payload (ESP) packet that includes at least an internet protocol (IP) address and a port associated with the client device; and wherein prompting the second node comprises sending the null ESP packet to the second node (paragraphs 0058, 0062, 0065).
As per claim 14, Jain discloses the method wherein the first node is a first data node, the second node is a second data node, and the first data-plane traffic and the second data-plane traffic is encapsulating security payload (ESP) traffic, the method further comprising sending, to a control node that processes internet key exchange (IKE) traffic and based at least in part on the indication, a request for the control node to generate the second SPI value (paragraphs 0009, 0058, 0067-69, 0072).
As per claim 15, Jain discloses the method wherein determining that the second data-plane traffic comprises the at least the portion of the first data-plane traffic is further based at least in part on the second SPI value being unknown to the load balancer, the method further comprising storing an association between the second SPI value and the set of 5-tuple values (paragraphs 0067-69, 0079-81).
Claim 16 is an Independent claim with similar limitation but different in preamble and hence are rejected based on the rejection provided in claim 1.
As per claim 17, Jain discloses the non-transitory computer-readable media, the operations further comprising: removing a first association between the first SPI value and the set of 5-tuple values; and storing a second association between the second SPI value and the set of 5-tuple values (paragraphs 0005, 0009-10, 0053: each data packets with 5-tuple values about source and destination).
As per claim 18, Jain discloses the non-transitory computer-readable media, the operations further comprising: sending, to a third node and based at least in part on the indication, a request for the third node to generate the second SPI value; and receiving, at the load balancer, an indication of the second SPI value (paragraphs 0009-10, 0053, 0058-59).
As per claim 19, Jain discloses the non-transitory computer-readable media, the operations further comprising: receiving, at a controller, telemetry data indicating a load capacity associated with the first node; determining, based at least in part on the telemetry data, that the load capacity meets or exceeds a threshold load capacity; and wherein prompting the second node to provision the one or more interfaces is further based at least in part on the load capacity associated with the first node (paragraphs 0079-81, 0090: encryption tunnel is chosen based on load-balancing algorithm, and each new encryption tunnel is assigned an encryption-parameter-set identifier based on a current load).
As per claim 20, Jain discloses the non-transitory computer-readable media the operations further comprising: generating, at the load balancer, a null encapsulating security payload (ESP) packet that includes at least an internet protocol (IP) address and a port associated with the client node; and wherein prompting the second node comprises sending the null ESP packet to the second node (paragraphs 0058, 0062, 0065).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to FARZANA B HUQ whose telephone number is (571)270-3223. The examiner can normally be reached Monday - Friday: 8:30-5:30 ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Emmanuel L Moise can be reached on 571-272-3865. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/FARZANA B HUQ/Primary Examiner, Art Unit 2455