DETAILED ACTION
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
This Office Action is in reply to the amendment filed on 9/20/2022.
Claim 1 has been amended.
Claims 1-10 are pending for consideration.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
The rejections under 35 U.S.C. 112(a) and 112(b) of claims 1-10 have been withdrawn based on the amendment filed on 9/20/2022.  However, the amendment raises new issues.  Therefore, a new 112 rejection has been issued.
Applicant’s arguments (i.e., network packet handling for network communications by orchestrating a hashing method that controls interrupt request queue affinity to allow for maximum distribution of network data across the set of CPU cores) with respect to claim(s) 1-10 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 1-10 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. 
Claim 1 recites the limitation “orchestrating a hashing method that controls interrupt request queue affinity to allow for maximum distribution of network data across the set of CPU cores”.  
Applicant is respectfully reminded, for computer-implemented features, “examiners should determine whether the specification discloses the computer and the algorithm (e.g., the necessary steps and/or flowcharts) that perform the claimed function in sufficient detail such that one of ordinary skill in the art can reasonably conclude that the inventor invented the claimed subject matter.” MPEP § 2161.01(I).
The instant claim 1 does not provide an algorithm that performs the function “orchestrating a hashing method that controls interrupt request queue affinity to allow for maximum distribution of network data across the set of CPU cores” in sufficient detail such that one of ordinary skill in the art can reasonably conclude that the inventor invented the claimed subject matter. For example, applicant’s specification discloses “[0054] process 400 can orchestrate a hashing method that controls IRQ Queue affinity to allow for maximum distribution of network data across CPU cores” and “[0066] hash functions and the like have been disclosed by way of example and not of limitation. These can be substituted/integrated with other types of cyphers, network protocols, hash functions and the like in some embodiments”.
However, such statements do not clearly provide how the hashing method is used to control IRQ Queue affinity to allow for maximum distribution of network data across CPU cores.  
Furthermore, Applicant’s specification does not describe an algorithm/steps/flows that perform the function “orchestrating a hashing method that controls interrupt request queue affinity to allow for maximum distribution of network data across the set of CPU cores” in sufficient detail such that one of ordinary skill in the art can reasonably conclude that the inventor invented the claimed subject matter.  
Applicant is also respectfully reminded, “[i]f the specification does not provide a disclosure of the computer and algorithm in sufficient detail to demonstrate to one of ordinary skill in the art that the inventor possessed the invention including how to program the disclosed computer to perform the claimed function, a rejection under 35 U.S.C. 112(a) or pre-ATA 35 U.S.C. 112, first paragraph, for lack of written description must be made.” MPEP § 2161.01(1).  Therefore, claim 1 is rejected for lack of written description.
Dependent claims 2–10 fail to cure this deficiency of independent claim 1 (set forth directly above) and are rejected accordingly.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-10 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Regarding claim 1, Claim 1 is rejected for lack of sufficient written description.  According to MPEP 2161.01 (I), a rejection under 35 U.S.C. 112(b) or the second paragraph of pre-AIA  35 U.S.C. 112 must be made in addition to the written description rejection.  According to MPEP 2173, 35 U.S.C. 112(b) or pre-AIA  35 U.S.C. 112, second paragraph requires that a patent application specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.  A secondary purpose is to provide a clear measure of what the inventor or a joint inventor regards as the invention so that it can be determined whether the claimed invention meets all the criteria for patentability and whether the specification meets the criteria of 35 U.S.C. 112(a) or pre-AIA  35 U.S.C. 112, first paragraph with respect to the claimed invention.  Therefore, the claim must be rejected under 112(b) because it does not comply with written description requirement under 35 U.S.C 112(a).
Dependent claims 2–10 fail to cure this deficiency of independent claim 1 (set forth directly above) and are rejected accordingly.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-10 are rejected under 35 U.S.C. 103 as being unpatentable over Hutchison et al. (US 20140056307) (hereinafter Hutchison) in view of Green et al. (Reference U: “Elliptic Curve Algorithm Integration in the Secure Shell Transport Layer”) (hereinafter Green).
Regarding claim 1, Hutchison teaches a method for packet orchestration to provide data encryption at the internet protocol (IP) layer, comprising the steps of: 
providing a set of software-based network bridges (Hutchison: see figures 2 and 4; and paragraphs 0023-0024, 0039 and 0056, “if the packets or subset of the flow is segmented or otherwise divided for processing by multiple cores or processors, performing the transformations may be very complex, as the cores may be forced to process the packet or subset in a coordinated fashion” [Examiner notes: paragraph 0057 of the Applicant’s disclosure discloses the bridges can each represent a segmented group of network traffic]); 
assigning a set of network ports to the set of software-based specific bridges, wherein the set of network ports implement segmentation and isolation based on an organizational policy (Hutchison: paragraphs 0039, 0043-0044 and 0057, “each packet may be entirely processed by an individual core rather than segmenting the packet and distributing the processing of the segments across multiple parallel cores”… “even with smaller flows, assigning individual flows to individual processing cores may entail that the classification function for the flows to be included in the higher data rate domain”);
provisioning and configuring of a set of computer processing unit (CPU) cores to handle wire-speed data encryption and decryption on a per bridge segmentation standpoint, wherein each network bridge segment, has it own CPU core affinity, and recommended buffer allocation (Hutchison: paragraphs 0057 and 0062, “multiple cryptographic cores (e.g., parallel processing cores) may be utilized in a single network appliance for data encryption. A DEU may be configured to encrypt packets in a data network environments such as Internet Protocol (e.g., IPsec, High Assurance Internet Protocol Encryptor (HAIPE) protocol, etc.) or Ethernet (e.g., MACsec), for example using multiple keys selected on a per-user basis. The DEU may encrypt the packets in such a way that the use of many parallel cores does not affect the external behavior of the unit”); 
provisioning per bridge, an IP overlay encapsulation of a set of encrypted packets (Hutchison: paragraphs 0008, 0062 and 0070, “The received packets may be multiplexed such that each packet is assigned to one of the encryption cores.” … “The count-based multiplexor positioned to receive the encrypted packets from the individual CP cores (e.g., MUX 620) may be configured to ensure in-sequence delivery of the encrypted packet.”); and 
provisioning a Network interface card (NIC) offloading and packet steering functionality, wherein the NIC offloading and packet steering functionality provides network packet handling for network communications (Hutchison: paragraphs 0039 and 0070, “The count-based multiplexor positioned to receive the encrypted packets from the individual CP cores (e.g., MUX 620) may be configured to ensure in-sequence delivery of the encrypted packet.” … “Second FIFO/multiplexing elements may be implemented at the output of the processing pool to Black Network I/O 212. The result may be for Output Packets 216 to be sent onto a network via Black Network I/O 212”), by orchestrating a hashing method that controls interrupt request queue affinity to allow for maximum distribution of network data across the set of CPU cores (Hutchison: paragraphs 0025, 0035, 0039, 0052-0053, 0062 and 0069, “Therefore, in the systems and methods described herein, entire packets may be multiplexed to individual cores in order to allow the distribution of complex functions such as packet classification and checksum calculation individually in each of a plurality of parallel cores. By doing so, the methods and systems disclosed herein may avoid the very low efficiency performance for small packet sizes associated with previous parallel processing approaches. The result may be the capability to scale the performance of a given technology by a large factor (e.g., 16.times. or more) over that of traditional methods without negative consequences of other parallel schemes. The amount of scaling may be directly related to the number of cores utilized”).
Hutchison does not explicitly teach the following limitation which is taught by Green, providing a quantum secure pre-shared key derivation scheme for a data link layer bulk encryption algorithm, setting up a separate communication channel using an Secure Shell Protocol (SSH) protocol (Green: pages 5-6 and 7-9, “The Elliptic Curve Diffie-Hellman (ECDH) key exchange method  generates a shared secret from an ephemeral local elliptic curve private key and ephemeral remote elliptic curve public key. This key exchange method provides explicit server authentication as defined in [RFC4253] using a signature on the exchange hash. Every compliant SSH ECC implementation MUST implement ECDH key exchange”); leveraging Elliptic-curve Diffie-Hellman (ECDH) protocol over said separate communication channel to share a set of pre-shared keys (Green: pages 5, 9 and 13-15, “it is important that the size of elliptic curve be chosen to match the security strength of other elements of the SSH handshake” … “Every SSH ECC implementation MUST support the named curves below. These curves are defined in [SEC2]”).  
Hutchison and Green are analogous art because they are from the same field of endeavor, data exchange in a secure way.  Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Hutchison and Green before him or her, to modify the system of Hutchison to include the SSH ECC algorithm integration of Green.  The suggestion/motivation for doing so would have been to increase security in the combined system.
Regarding claim 2, Hutchison as modified further teaches wherein the set of network ports are assigned to set of software-based network bridges based on a set of communication and isolation requirements (Hutchison: paragraphs 0039, 0043-0044 and 0057, “each packet may be entirely processed by an individual core rather than segmenting the packet and distributing the processing of the segments across multiple parallel cores”… “even with smaller flows, assigning individual flows to individual processing cores may entail that the classification function for the flows to be included in the higher data rate domain”).
Regarding claim 3, Hutchison as modified further teaches wherein the mechanism for provisioning per bridge is provided using segment isolation (Hutchison: paragraphs 0039, 046 and 0057, “Input Packets 214 may be demultiplexed into a pool of packet processing resources. For example, DPA 200 may include two or more parallel processing (PP) cores (e.g., PP Core 1 202, PP Core 2 204, PP Core 3 206, PP Core N 208). Input Packets 214 may be demultiplexed in a number of different ways. Each packet may be assigned and routed to an individual core. Thus, each packet may be entirely processed by an individual core rather than segmenting the packet and distributing the processing of the segments across multiple parallel cores.”).
Regarding claim 4, Hutchison as modified further teaches wherein the provisioning per bridge of the IP overlay encapsulation of the set of encrypted packets is implemented with a specified encapsulation/decapsulation functionality of an operating-system software and a network vendors ethernet controller (Hutchison: paragraphs 0039 and 0070, “The count-based multiplexor positioned to receive the encrypted packets from the individual CP cores (e.g., MUX 620) may be configured to ensure in-sequence delivery of the encrypted packet.”… “Second FIFO/multiplexing elements may be implemented at the output of the processing pool to Black Network I/O 212. The result may be for Output Packets 216 to be sent onto a network via Black Network I/O 212”).
Regarding claim 5, Hutchison as modified further teaches wherein the IP overlay encapsulation is implemented with a tunneling protocol (Hutchison: paragraph 0039, “Second FIFO/multiplexing elements may be implemented at the output of the processing pool to Black Network I/O 212. The result may be for Output Packets 216 to be sent onto a network via Black Network I/O 212”).
Regarding claim 6, Hutchison as modified further teaches wherein the network packet handling of the NIC offloading and packet steering functionality comprises an encapsulation operation (Hutchison: paragraphs 0039 and 0070, “The count-based multiplexor positioned to receive the encrypted packets from the individual CP cores (e.g., MUX 620) may be configured to ensure in-sequence delivery of the encrypted packet.” … “Second FIFO/multiplexing elements may be implemented at the output of the processing pool to Black Network I/O 212. The result may be for Output Packets 216 to be sent onto a network via Black Network I/O 212”).
Regarding claim 7, Hutchison as modified further teaches wherein the network packet handling of the NIC offloading and packet steering functionality comprises a checksum operation (Hutchison: paragraphs 0005, 0024 and 0062, “Each of the plurality of processing units may be configured to determine an integrity check value (ICV) on a per processing unit basis. The processing may include one or more of packet encryption, packet decryption, packet classification, or a checksum determination.” .. “he received packets may be multiplexed such that each packet is assigned to one of the encryption cores. The multiplexing of entire packets may facilitate the distribution of complex functions such as packet classification, checksum calculations (e.g., a Galois checksum calculation) to the parallel cores”).
Regarding claim 8, Hutchison as modified further teaches wherein the network packet handling of the NIC offloading and packet steering functionality comprises a buffer allocation operation (Hutchison: paragraphs 0034 and 0039, “Pipelining may result in some amount of buffer storage being inserted between elements.”… “For example a series of FIFO elements/buffers may be used as an interface between the Red Network I/O 210 and the packet processing elements (e.g., PP Core 1 202, PP Core 2 204, PP Core 3 206, PP Core N 208). Second FIFO/multiplexing elements may be implemented at the output of the processing pool to Black Network I/O 212. The result may be for Output Packets 216 to be sent onto a network via Black Network I/O 212”).
Regarding claim 9, Hutchison as modified further teaches wherein the provisioning per bridge and the IP overlay encapsulation of encrypted packets with post quantum encryption is implemented per the specifications of a specified Ethernet Controller manufacturer (Hutchison: paragraphs 0039 and 0070, “For example a series of FIFO elements/buffers may be used as an interface between the Red Network I/O 210 and the packet processing elements (e.g., PP Core 1 202, PP Core 2 204, PP Core 3 206, PP Core N 208). Second FIFO/multiplexing elements may be implemented at the output of the processing pool to Black Network I/O 212. The result may be for Output Packets 216 to be sent onto a network via Black Network I/O 212”).
Regarding claim 10, Hutchison as modified further teaches wherein an Ethernet Controller enables and configures the encapsulation/decapsulation offloading functionality (Hutchison: paragraphs 0039 and 0070, “The count-based multiplexor positioned to receive the encrypted packets from the individual CP cores (e.g., MUX 620) may be configured to ensure in-sequence delivery of the encrypted packet. For example, when a large packet with an earlier count value is delayed in arriving at the output relative to small packets with later count values, MUX 620 may delay servicing the small packets arriving out of order until the larger packet has been serviced. The smaller packets may be stored in rate matching FIFOs in order to match the delay of a larger packet. Once the count value criteria is satisfied, DEU 600 may serve encrypted Output Packets 616 to an untrusted network via Black Network I/O 612”).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure, such as, Wang (US 20210185025); Varghese (US 20190372948).
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TRANG T DOAN whose telephone number is (571)272-0740. The examiner can normally be reached Monday-Friday 7-4 ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn D Feild can be reached on (571)272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/TRANG T DOAN/Primary Examiner, Art Unit 2431