DETAILED ACTION

This communication is in response to Application No. 17/371,490 filed on 7/9/2021.  The amendment presented on 6/30/2022, which amends claim 1 and adds new claims 2-20, is hereby acknowledged. Claims 1-20 have been examined.  The Examiner left a message to the attorney Kevin Jones to expedite prosecution by an Examiner’s amendments but no response has been received. 

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
Applicant’s arguments with respect to claims 1-20 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Claim Objections
Claims 2, 9, 16 are objected to because of the following informalities:
In claim 2, line 4, a conjunction word is required after the semicolon. Similar correction should be made for claims 9 and 16.
Appropriate correction is required.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention because the amended limitations are not consistent nor it is not clear to particularly point out the invention as follows:
It is not clear whether the loopback IP addresses belong to the first or second machine (see, claims 1, 8, and 15);
It is not clear how or where the port and the transparent transport layer security tunnels are utilized in the body of claims (see, claims 1, 8, and 15);
It is not clear whether the restore agent is implemented in the first machine or the second machine. Claim 1 describes in the second machine but claim 4 describes in the first machine (see, claims 1 and 4);
Also the location for client agent and server agent are not consistent over claims; and
Limitation of claim 2 does not consistent with the limitation of “replacing method” in claim 1.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1, 2, 8, 9, 15, and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Chang et al. (hereinafter Chang)(US 2017/0099188) in view of Ishihara et al. (hereinafter Ishihara)(US 2004/0258056), and further in view of Liu et al. (hereinafter Liu)(US 2017/0099161).
Regarding claims 1, 8, and 15, Chang teaches as follows:
a method for a virtual machine to use a port and loopback IP addresses allocation scheme for full-mesh communications with transparent transport layer security tunnels (network policies can be used to optimize the flow of network traffic between virtual machines (VMs) in a hybrid cloud environment.  In an example embodiment, one or more policies can drive a virtual switch controller, a hybrid cloud manager, a hypervisor manager, a virtual switch, or other orchestrator to create one or more direct tunnels that can be utilized by a respective pair of VMs to bypass the virtual switch and enable direct communication between the VMs, see, paragraph [0023] and [0030]), the method comprising: 
detecting, by a restore agent implemented in a second machine, a packet that is sent from a client application, executing on a first machine, toward a server application executing on the second machine (the agent 230 can cause a cVM to direct network traffic to the secure overlay network by establishing a secure tunnel to connect to the public cloud network gateway 212 for allowing the cVMs to communicate with private cloud VMs and other public cloud VMs, see, paragraph [0033] and figure 2A); 
determining whether a first restore rule matches the packet (data flow diagram 400 may be used for enforcing an on-demand DCT policy, such as when a network is configured to establish a DCT tunnel upon any attempted communication between cVMs connected to the gateway, or the network has defined a statistics-driven DCT policy and a threshold condition corresponding to the policy is satisfied, see, paragraph [0042] and figure 4); and
providing the translated packet to a client agent implemented in the second machine to cause the client agent to transmit the translated packet to a server agent implemented in the first machine (a direct connection or Directly Connected Tunnel (DCT) 234a may be established between cVM 218a and cVM 218d, and a direction connection or DCT 234b may be established between cVM 218b and 218c.  Network traffic between cVMs 218a and 218d can bypass the public cloud network gateway 212 by transmitting the traffic through the directly connected tunnel 234a, see, paragraph [0035] and figure 2B).
Chang teaches all limitations as presented above except for the well-known client-server application and the packet translation. 
Ishihara teaches as follows:
tunnel branching means for building up a second network tunnel between the system and a service network operated on a policy different from that of the provider network, a packet from the user terminal (equivalent to applicant’s client agent) to the contents server on the first network tunnel is extracted and converted to a packet on the second network tunnel, and the packet is transferred to the contents server (equivalent to applicant’s server agent)(see, paragraph [0017]).
	It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to modify Chang with Ishihara to include the well-known packet translation between the user terminal and the contents server as taught by Ishihara in order to efficiently interconnect two entities operated by different network policy.
	Chang in view of Ishihara teaches the tunneling between VMs as presented above except for replacing IP addresses.
	Liu teaches as follows:
	when the user-side gateway 101 receives a first packet sent by a user device to the IP core network, a source IP address of the first packet is an IP address of the user device. The user-side gateway 101 performs Network Address Translation, and obtains a second packet by replacing the source IP address of the first packet with the third IP address. The user-side gateway 101 may send the second packet on the GRE tunnel 21 and the GRE tunnel 22. If the user-side gateway 101 sends the second packet through the GRE tunnel 21, the user-side gateway 101 may perform GRE encapsulation on the second packet to obtain a third packet, where a source IP address of the third packet is the first IP address, and a destination IP address of the third packet is the IP address of the aggregation gateway 102 (seem paragraph [0034] and figure 1).
	It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to modify Chang in view of Ishihara with Liu to include translating packet by replacing IP address as taught by Liu in order to efficiently establish the tunneling between different networks.  
Regarding claims 2, 9, and 16, Liu teaches packet translation by replacing IP address as presented above (see, paragraph [0034] and figure 1).
	Therefore, Chang in view of Ishihara and Liu inherently teaches of overwriting IP address in the header of the packet because the Examiner interpreted the overwriting as the replacing IP addresses. 

Claims 3-7, 10-14, and 17-20 are rejected under 35 U.S.C. 103 as being unpatentable over Chang et al. (hereinafter Chang)(US 2017/0099188) in view of Ishihara et al. (hereinafter Ishihara)(US 2004/0258056) and Liu et al. (hereinafter Liu)(US 2017/0099161), and further in view of Kumar et al. (hereinafter Kumar)(US 2017/0170987).
Regarding claims 3-7, 10-14, and 17-20, Chang teaches as follows:
the secure site-to-site tunnel or communication link 108 can take one of several forms, such as various types of virtual private networks (VPNs) or Layer 2 (L2) tunneling protocols.  Some example embodiments may establish the secure transport layer tunnel 108 (e.g., Transport Layer Security (TLS), Datagram TLS (DTLS), Secure Socket Layer (SSL), etc.) over the public network 104, and can build a secure L2 switch overlay that interconnects public cloud resources with private clouds (see, paragraph [0030] and figure 1).
Chang in view of Ishihara and Liu teaches all limitations as presented above except for the well-known encryption and decryption process of the secure transport layer protocol.
Kumar teaches as follows:
Transport Layer Security (TLS) or Secure Sockets Layer (SSL) cryptographic protocol may be used for extended security, application control, reliability and ease of management.  SSL protocol works over Transmission Control Protocol Internet Protocol (TCP/IP) as a network medium to transfer secure data to destinations 140A and 140B.  In this case, tunnel 122A/122B represents an SSL tunnel and private network 142 represents a Secure Sockets Layer Virtual Private Network (SSL VPN).  Data is transferred through tunnel 122A/122B in the form of "tunnel segments," which are encrypted to facilitate secure communication between first endpoint 110A/110B and second endpoint 140A/140B over public network 120.  For example, security information for encryption and decryption (e.g., public key, private key, SSL certificate, etc.) may be exchanged when tunnel 122A/122B is established (see, paragraph [0022] and figure 1);
the chunk of data (see 162 in FIG. 4) may be compressed (see 410 in FIG. 4), encapsulated with a VPN header associated with private network 142 (see 420 and header labelled "V" in FIG. 4) and encrypted (see 430 in FIG. 4) to generate a chunk of processed data (see, paragraph [0047]); and 
if the chunk of processed data is encrypted by virtual adapter 119B, gateway 130 may perform decryption (see 460 in FIG. 4) using security information (e.g., public key, private key) exchanged when tunnel 122B is established (see, paragraph [0052]).
	It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to modify Chang in view of Ishihara and Liu with Kumar to include the well-known Transport Layer Security (TLS) cryptographic protocol as taught by Kumar in order to efficiently establish a secure tunnel between virtual machines.

Double Patenting
A rejection based on double patenting of the "same invention" type finds its support in the language of 35 U.S.C. 101 which states that "whoever invents or discovers any new and useful process ... may obtain a patent therefor ..."  (Emphasis added).  Thus, the term "same invention," in this context, means an invention drawn to identical subject matter.  See Miller v. Eagle Mfg. Co., 151 U.S. 186 (1894); In re Ockert, 245 F.2d 467, 114 USPQ 330 (CCPA 1957); and In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970).
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees.   A nonstatutory obviousness-type double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and  In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the conflicting application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. 
Effective January 1, 1994, a registered attorney or agent of record may sign a terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply with 37 CFR 3.73(b).

Claims 1-20 are rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 11,063,903 (hereinafter Patent ‘903).  Although the conflicting claims are not identical, they are not patentably distinct from each other because Patent ‘903 teaches as follows:

Claim 1 of Patent ‘903 
Applicant’s claims 1, 8, and 15
A method for a virtual machine to use a port and loopback IP addresses allocation scheme for full-mesh communications with transparent transport layer security tunnels, the method comprising:
A method for a virtual machine to use a port and loopback IP addresses allocation scheme for full-mesh communications with transparent transport layer security tunnels, the method comprising:
detecting, at a redirect agent implemented in a first machine, a packet that is sent from a client application, executing on the first machine, toward a server application executing on a second machine;  
detecting, by a restore agent implemented in a second machine, a packet that is sent from a client application, executing on a first machine, toward a server application executing on the second machine;
determining, by the redirect agent, whether a first redirect rule matches the packet;  
determining whether a first restore rule matches the packet;
wherein the first redirect rule specifies modifications to a header of the packet to cause redirecting the packet toward a secure tunnel between the first machine and the second machine;  
wherein the first restore rule specifies modifications to one or more loopback IP addresses in a header of the packet;
in response to determining that the first redirect rule matches the packet, applying, by the redirect agent, the first redirect rule to the packet to translate the packet into a translated packet by at least replacing, in the translated packet, a destination port identifier of a port implemented on the second machine with an identifier of a redirect port implemented on the first machine and replacing a source IP address with a loopback IP address of the first machine; and
in response to determining that the first restore rule matches the packet, applying the first restore rule to the packet to translate the packet into a translated packet by at least replacing a first loopback IP address with a source IP address of the first machine or a destination IP address of the second machine; and
providing the translated packet to a client agent implemented in the first machine, the client agent configured to encrypt the 
translated packet and transmit the encrypted translated packet over the secure tunnel to a server agent implemented in the second machine.
providing the translated packet to a client agent implemented in the second machine to cause the client agent to transmit the translated packet to a server agent implemented in the first machine.


	Therefore, Patent ‘903 teaches all limitations of applicant’s claims 1, 8, and 15 as presented above because the applicant’s claim is a broadened version of Patent ‘903.
	Rest of dependent claims are rejected for the dependency on the rejected claims 1, 8, and 15.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Jeong S Park whose telephone number is (571)270-1597. The examiner can normally be reached Monday through Friday 8:00-4:30 ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Glenton B Burgess can be reached on 571-272-3949. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/JEONG S PARK/Primary Examiner, Art Unit 2454                                                                                                                                                                                                        
October 7, 2022