DETAILED ACTION
This Office Action is in response to application 17/547,960 filed on December 10, 2021 and preliminary amendment filed on February 23, 2022.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Claims 1-20 are pending and herein considered.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 03/11/2022 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.

Claims 1-20 rejected on the ground of nonstatutory double patenting as being unpatentable over the following U.S. Patent in view of the prior art of record (Bugenhagen, He and Gizis)
U.S. Patent No. 11,201,858 which is directed towards receive, process, and forward data packets between a physical network interface and a logical network interface.

Although the claims at issue are not identical, they are not patentably distinct from each
other because the claim limitations are either anticipated by the claims of the issued patents, or
are otherwise obvious variations. Any limitations of the claims of the Instant Application not
disclosed in the claims of the (parent) patents are obvious in view of the cited prior art of record.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1-10 are rejected under 35 U.S.C. 101 as being directed to non-statutory subject matter.
Regarding claim 1; claim 1 calls for a device; however, the body of the claim does not positively recite any hardware element. As recited in the body of the claim, the claimed device contains “a processor” one of ordinary skill in the art would understand that a “processor” could be a software processor (See “The Authoritative Dictionary of IEEE Standards Terms,” Seventh Edition, published in 2000). Because the elements of claim 16 are interpreted as merely software and the claim lacks any physical device or machine, the claim is directed to non-statutory subject matter. It is suggested that the claim be further amended to positively recite at least one hardware element within the body of the claim to make the claim statutory under 35 U.S.C. 101.

Regarding claims 2-10; claims 2-10 do not recite any hardware element to resolve the issue in the independent claim 1. Therefore, claims 2-10 are also non-statutory under 35 U.S.C. 101.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 3-4, 6-11, 13-14 and 16-20 are rejected under 35 U.S.C. 103 as being unpatentable over Bugenhagen U.S. Pub. Number 2017/0097842, in view of He U.S. Pat. Number 7,389,534 and further in view of Gizis et al. (Gizis) U.S. Pub. Number 2016/0112495.
Regarding claim 1; Bugenhagen discloses a device comprising: 
a processor configured to run a first virtual machine, [[wherein the first virtual machine is configured to establish a first IP security (IPSEC) Virtual Private Network (VPN)]] and receive data, [[apply a first encryption to the data thereby generating one-layer encrypted data, and send the one-layer encrypted data to a first set of ports]] (par. [0050] the two or more virtual ports might include, but are not limited to, a first virtual port 140a, a second virtual port 140b, through an N.sup.th virtual port 140n (collectively, "virtual ports 140"), each corresponding to the first VM 120a, the second VM 120b, through the N.sup.th VM 120n, respectively); and 
the processor is further configured to run a second virtual machine, [[wherein the second virtual machine is configured to establish a second IPSEC VPN and receive the one-layer encrypted data at the first set of ports, apply a second encryption to the one-layer encrypted data thereby generating two-layer encrypted data, and send the two-layer encrypted data to a second set of ports]] (par. [0051] the VM-to-Port peripheral device driver 135… when installed on the host computing system 110, allows, via the configuration of the physical ports 130 and the mapping of virtual ports to the physical ports, proper communication between each VM of the two or more VMs 120 running on the host computing system 110 and each physical port 130).

Bugenhagen does not disclose, which He discloses wherein the first virtual machine establish a first IP security (IPSEC) virtual private Network (VPN) and receives data, apply a first encryption to the data thereby generating one-layer encrypted data and send the one-layer encrypted data to a first set of ports (focus on underlined)(He: [col. 5, lines 28-38) if the wireless user 10 wishes to send data to the VPN host through the VPN tunnel, the wireless user 10 encrypts the data using the wireless LAN L2 encryption protocol in use on the wireless network and sends the data to the wireless access point 14. The wireless access point removes the encryption in use on the wireless network and sends the data out over the VPN tunnel to the VPN host network. Where the VPN tunnel is formed using encryption, such as IPSec encryption, the wireless access point encrypts the data using the agreed-upon encryption protocol prior to transmission to the VPN host network; He: [col. 5, lines 46-50) the wireless access point may support VPN tunnels with the VPN host networks by instantiating a virtual router to handle communications over the VPN tunnels, or may instantiate VPN routing).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Bugenhagen to provide establish a first IP security (IPSEC) virtual private Network (VPN) and receives data, apply a first encryption to the data thereby generate one layer encrypted layer and send the one layer encrypted data to a first set of ports, as taught by He, in order to provide a secure communications link during transmission of data. The motivation is to provide allowing a user to participate in communications over VPN tunnels via a wireless network without gaining admittance to the VPN network, and authentication session to join or establish a VPN tunnel with a VPN host network (i.e. using wireless access point to establish a VPN tunnel).

The combination above does not disclose, which Gizis discloses wherein the second virtual machine is configured to establish a second IPSEC VPN and receive the one-layer encrypted data at the first set of ports, apply a second encryption to the one-layer encrypted data thereby generating two-layer encrypted data, and send the two-layer encrypted data to a second set of ports (Gizis: par. [0020] a virtual network interface to communicate with a plurality of client computers, and a virtual private network to encrypt data prior to transmitting said encrypted data to one of said network address translators… and a virtual switch and router in communication connectivity with a virtual private network to encrypt data prior to transmitting said encrypted data to one of said network address translators; par. [0047] the VPN 534 itself applies encryption to each packet, then sends it down the appropriate Internet Protocol tunnel 538 to another Network Address Translator 542. This second NAT translates the VPN packet addresses to match the network conventions of the physical network interfaces 112. VPN packets are then sent 110 to the appropriate NICs 112, and then on to each respective network 114).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Bugenhagen, in view of He to provide establish a second IPSEC VPN and receive the one-layer encrypted data at the first set of logical ports, apply a second encryption to the one-layer encrypted data thereby generating two-layer encrypted data, and send the two-layer encrypted to a second set of ports, as taught by Gizis. The motivation is to provide providing a client computer with access to a plurality of Internet connections and to provide for creating a flexible and secure network connection between two or more computers in communication connectivity with an external network.

Regarding claim 3; the combination of Bugenhagen, He and Gizis discloses the device of claim 1, wherein the device sends the two-layer encrypted data connected over the internet to a remote second device via the second set of ports (Bugenhagen: par. [0072] the one or more client devices 145 (also referred to as "peripheral appliances" or "peripheral devices"), in some embodiments, might include, without limitation, a small form factor pluggable ("SFP") device, an enhanced SFP ("SFP+") device, a compact SFP ("CSFP") device… In some instances, at least one of the SFP device, the SFP+ device, or the CSFP device might include, but is not limited to, a SFP network interface device ("NID"), a SFP router, a SFP modem) (The Examiner interpret the host device using the second set of network ports 130b-130n to connect to internet via client device 145b that function as an SFP modem to connect to the internet).

Regarding claim 4; the combination of Bugenhagen, He and Gizis discloses the device of claim 1, wherein the device receives the data from an external source, or an internal source, wherein the external source comprises a computer, a laptop, a tablet, a cell phone, a cellular base station, wherein the internal source includes a keyboard of the device, a USB port of the device, or a network port of the device (Bugenhagen: par. [0036] host computing system to configure, using a virtual-machine (“VM”)-to-port peripheral device driver, at least one physical port of the one or more physical ports to establish two or more virtual ports that are associated with the at least one physical port; para. [0037] a client device is communicatively coupled to a particular physical port of the at least one physical port).

Regarding claim 6; the combination of Bugenhagen, He and Gizis discloses the device of claim 1, wherein the first virtual machine or the second virtual machine implements a virtual server, router, or switch to control the sending and receiving of any data (Gizis: par. [0020] a virtual network interface to communicate with a plurality of client computers, and a virtual switch). The reason to combine Bugenhagen, He and Gizis is similar as claim 1.

Regarding claim 7; the combination of Bugenhagen, He and Gizis discloses the device of claim 1, wherein the device is a laptop, a computer, a smartphone, or a tablet (Gizis: par. [0021] one switchboard computer in a client mode to communicate with said at least one switchboard computer in a hub mode through an external network). The reason to combine Bugenhagen, He and Gizis is similar as claim 1.

Regarding claim 8; the combination of Bugenhagen, He and Gizis discloses the device of claim 1, wherein a set of physical ports includes the first set of ports, wherein a set of logical ports includes the second set of ports (Bugenhagen: par. [0025] the host device might be one of a router; par. [0049] the host device 105 might further comprise one or more physical ports 130). 

Regarding claim 9; the combination of Bugenhagen, He and Gizis discloses the device of claim 1, wherein the first set of ports include a wired connection and the second set of ports include a wireless connection (Bugenhagen: par. [0070] a client device … communicatively couples to one of the physical ports 330—either via direct insertion of the client device 345 in the particular port, via wired connection to the particular port, or via wireless connection to the particular port).

Regarding claim 10; the combination of Bugenhagen, He and Gizis discloses the device of claim 1, wherein the device is a component of an apparatus, wherein the apparatus is a laptop, a computer, a smartphone, or a tablet (Bugenhagen: par. [0070] a host device 305 might comprise a host computing system 310 on which a single host operating system (“OS”) 325 is running. The single host OS 325 communicates with one or more physical ports 330 of the host device 305, in some cases via one or more interface devices).

Regarding claims 11, 13-14 and 16-20; claims 11, 13-14 and 16-20 are directed to a method which have similar scope as claims 1, 3-4, 6-10, respectively. Therefore, claims 11, 13-14 and 16-20 remain un-patentable for the same reasons. 

Claims 2, 5, 12 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Bugenhagen U.S. Pub. Number 2017/0097842, in view of He U.S. Pat. Number 7,389,534, in view of Gizis et al. (Gizis) U.S. Pub. Number 2016/0112495 and further in view of Agarwal et al. (Agarwal) U.S. Pub. Number 2015/0281042.
Regarding claim 2; the combination of Bugenhagen, He and Gizis discloses the router of claim 1, wherein the processor and memory are further configured to run (routing) [[Router Firmware Virtualization Infrastructure (RFVI)]] for the virtual machine (Bugenhagen: pars. [0035] the host device might be a device selected from a group consisting of a router, a switch, a network element; [0036] In another aspect, a host device might comprise one or more physical ports and a host computing system… The at least one non-transitory computer readable medium might have stored thereon computer software comprising a set of instructions that, when executed by the at least one processor, causes the host computing system to configure, using a virtual-machine ("VM")-to-port peripheral device driver). 
The combination above does not disclose, which Agarwal discloses Router Firmware Virtualization Infrastructure (Agarwal:  par. [0055] the host machines running the LREs are in a network virtualization infrastructure over a physical network. Such a network virtualization infrastructure in some embodiments includes physical network nodes (such as external edge routers) that belong to a network segment that is served by one of the LREs and yet does not operate the LRE itself).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Bugenhagen, in view of He and further in view Gizis to provide Router Firmware Virtualization Infrastructure, as taught by Agarwal. The motivation is to provide consolidated multiple physical network appliances into a single server running multiple virtual network functions which can result in deploying of services quickly and in a timely manner to improve performance.

Regarding claim 5; the combination of Bugenhagen, He and Gizis discloses the router of claim 1.
The combination above does not disclose, which Agarwal discloses  wherein the device comprises a set of physical ports mapped to a set of logical ports, wherein the mapping is static or dynamic (Agarwal: par. [0167] the controllers not only provide static configuration data for configuring the LREs operating in the host machines (as MPRE/bridges), but also provide static and/or dynamic routing information to the local LRE instantiations running as MPREs).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Bugenhagen, in view of He and further in view of Gizis to provide wherein the mapping is static or dynamic, as taught by Agarwal. The motivation is to improve performance (i.e.; status of the network traffic flow in each network segment as well as the network/computation load on each of the host machines).

Regarding claims 12 and 15; claims 12 and 15 are directed to a method which have similar scope as claims 2 and 5, respectively. Therefore, claims 12 and 15 remain un-patentable for the same reasons. 

 Examiner’s remarks to overcome the rejection above
The Examiner encourage to contact the examiner to discuss claim’s amendment before responding to this Office Action to expedite prosecution.

Related Art
The following prior art made of record and cited on PTO-892, but not relied upon, is considered pertinent to applicant’s disclosure:
U.S. Pub. Number 2016/0182458 to Shatzkamer- Shatzkamer teaches first virtual machine is established in a virtual private service chain to provide a first network service to virtual private service chain traffic. A second virtual machine is also established the virtual private service chain to provide a second network service to the virtual private service chain traffic. The virtual private service chain traffic is encrypted for transmission within the virtual private service chain from the first virtual machine to the second virtual machine, wherein the encryption uses a key shared by the first and second virtual machines. 
U.S. Pub. Number 2018/0302243 to Li-Li teaches cloud management platform sends virtual private cloud (VPC) network information of a computing instance running on a host to a network processing device, a virtual switch receives a data packet from the computing instance using a virtual port of the computing instance, and the virtual switch sends the data packet according to the VLAN identifier, and routes the data packet to the network processing device.

Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to VU V TRAN whose telephone number is (571)270-1708.  The examiner can normally be reached on M-F, 8 AM- 4 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 571-272-3972.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




                                                                                                                                                                                                   
/VU V TRAN/Primary Examiner, Art Unit 2491