DETAILED ACTION
Claims 21-37 and 39-40 are presented for examination.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 12/23/2020 has been entered.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 21-22, 25-37 and 40 is/are rejected under 35 U.S.C. 103 as being unpatentable over Gridnev et al. (EP 2933748 A1) in view of Shveidel et al. (US Pat No. 10,048,874), further in view of Vangheepuram et al. (US PG Pub No. US 2017/0126479 A1).
Gridnev was disclosed in IDS dated 05/30/2019.

Regarding claim 21, Gridnev teaches a computer program product comprising computer executable code embodied in a non-transitory computer readable medium that, when executing on one or more computing devices ([0018]), performs the steps of: 

managing communications between the guest virtual machine and a first security virtual machine with the security agent ([0034], "ensure an uninterrupted connection of the antivirus agent and the security virtual machine"), the first security virtual machine providing one or more security services to the guest virtual machine ([0024], "The antivirus protection of the virtual machines may be realized by [...] a security virtual machine (SVM) 130"; [0025], "antivirus checking tasks may be sent by the antivirus agent 140 to the security virtual machine (SVM) 130."; [0026], "The result of the antivirus check is sent by the SVM 130 to the antivirus agent 140 which relayed the given task."); 
measuring a latency of a connection between the first security virtual machine and the guest virtual machine ([0042], "A failure in a connection may occur for one or more of the following reasons: [...] the time to process a request for the performance of an antivirus task has taken longer than the waiting time”; wherein connection latency between VM and SVM is measured against the waiting time); 
when the latency ([0042], "the time to process a request")  increases beyond a predetermined threshold ([0042], "has taken longer than the waiting time"), randomly selecting a second security virtual machine from among a group of security virtual machines within the virtualized computing environment having ([0044], the connection module 270 may randomly choose for connecting to a temporary SVM from the entire block of available SVMs) a communication latency above a predetermined threshold for 
transitioning use of the one or more security services by the guest virtual machine from the first security virtual machine to the second security virtual machine ([0045], "the VM is connected to a nonprimary (e.g., temporary) SVM [...] interaction of the antivirus agent 140 of the given VM and the antivirus module 150 installed on the nonprimary SVM."). 
Gridnev does not teach randomly selecting a second security virtual machine when the latency is above a predetermined threshold for more than a predetermined time. 
While Gridnev teaches taking a single peak latency measurement, it is old and well known to also take an average measurement during a set time interval for applying a smoothing function to the measurement. For example, Shveidel teaches performing a latency measurement by taking an average during a monitoring interval in addition to measuring a peak latency value when performing a comparison against a threshold (col 8 lines 35-58). It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to average the latency over a time interval. One would be motivated by the desire to reduce the number of potential false indications of failure. If a person of ordinary skill in the art can implement a predictable variation, and would see the benefit of doing so, §103 likely bars its patentability.  KSR v. Teleflex
Gridnev does not teach using a heartbeat indicative of a healthy state for the selecting the second security virtual machine.
Vangheepuram teaches collecting the operational state information on computing nodes including a heartbeat in addition to an indication as to whether a computing node 

Regarding claim 22, Gridnev teaches the predetermined threshold is a time for the communication latency within a predetermined range of a lowest latency one of the security virtual machines ([0042]). 

Regarding claim 25, Gridnev teaches a method comprising: 
executing a security agent ([0018], [0024], "antivirus agent") on a guest virtual machine ([0018], [0024], "virtual machine") in a virtualized computing environment (Fig. 1, [0023], "virtual infrastructure"); 
managing communications between the guest virtual machine and a first security virtual machine ([0034], "ensure an uninterrupted connection of the antivirus agent and the security virtual machine"), the first security virtual machine providing one or more security services to the guest virtual machine ([0024], "The antivirus protection of the virtual machines may be realized by [...] a security virtual machine (SVM) 130"; [0025], "antivirus checking tasks may be sent by the antivirus agent 140 to the security virtual machine (SVM) 130."; [0026], "The result of the antivirus check is sent by the SVM 130 to the antivirus agent 140 which relayed the given task."); 

in response to the condition, selecting a second security virtual machine from among a number of other security virtual machines within the virtualized computing environment based on one or more connectivity criteria ([0044], the connection module 270 may randomly choose for connecting to a temporary SVM from the entire block of available SVMs; and 
transitioning use of the security services by the guest virtual machine from the first security virtual machine to the second security virtual machine ([0045], "the VM is connected to a nonprimary (e.g., temporary) SVM [...] interaction of the antivirus agent 140 of the given VM and the antivirus module 150 installed on the nonprimary SVM."). 
Gridnev does not teach selecting a second security virtual machine in response to the condition indicating a decrease in quality of connectivity to the first security virtual machine for a time exceeding a predetermined duration  
While Gridnev teaches taking a single peak latency measurement, it is old and well known to also take an average measurement during a set time interval for applying a smoothing function to the measurement. For example, Shveidel teaches performing a latency measurement by taking an average during a monitoring interval in addition to measuring a peak latency value when performing a comparison against a threshold (col 8 lines 35-58). It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to average the latency over a time interval. One would be motivated by the desire to reduce the number of potential false indications of failure. If a person of ordinary skill in the art can implement a predictable variation, and would see the benefit of doing so, §103 likely bars its patentability.  KSR v. Teleflex
Gridnev does not teach selecting the second security virtual machine having a heartbeat indicative of a healthy state.
Vangheepuram teaches collecting the operational state information on computing nodes including a heartbeat in addition to an indication as to whether a computing node has high latency ([0050]). It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to monitor a heartbeat of a computing node. One would be motivated by the desire to utilize a heartbeat to determine whether a node has actually failed as opposed to suffering a communication link failure as taught by Vangheepuram ([0018]).

Regarding claim 26, Gridnev teaches the condition includes a network performance dropping below a predetermined threshold for latency ([0042]). 

Regarding claim 27, Gridnev teaches the condition includes a network performance dropping below a predetermined threshold for bandwidth ([0042]).

 Regarding claim 28, Gridnev teaches the condition includes a notification that the first security virtual machine will stop providing security services ([0045]). 

Regarding claim 29, Gridnev teaches the condition includes a notification that the guest virtual machine will migrate to a different physical machine ([0046]; [0050]).

Regarding claim 30, Gridnev teaches the one or more security services include file scanning ([0026]). 

Regarding claim 31, Gridnev teaches the one or more security services include at least one of malware definition updates for use by the security agent in detecting malware on the guest virtual machine and network monitoring ([0027]).

Regarding claim 32, Gridnev teaches the one or more connectivity criteria include a latency of communications with each of the number of other security virtual machines ([0042]). 

Regarding claim 33, Gridnev teaches the one or more connectivity criteria include a bandwidth of communications with each of the number of other security virtual machines ([0042]). 

Regarding claim 34, Gridnev teaches the one or more connectivity criteria include a guest machine load for each of the number of other security virtual machines ([0042]).

Regarding claim 35, Gridnev teaches at least one of the other security virtual machines is hosted on a first physical computing device separate from, and connected in a communicating relationship through a physical data network to, a second physical computing device hosting the guest virtual machine (Figs 1-2). 

Regarding claim 36, Gridnev teaches the second security virtual machine is hosted on a second physical computing device separate from, and connected in a communicating relationship through a physical data network to, a first physical computing device hosting the guest virtual machine (Figs 1-2). 

Regarding claim 37, Gridnev teaches the second security virtual machine is hosted on a second physical computing device separate from, and connected in a communicating relationship through a physical data network to, a first physical computing device hosting the first security virtual machine (Figs 1-2). 

Regarding claim 40, it is the device claim of claim 25 above. Therefore, it is rejected for the same reasons as claim 25 above. 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 23-24 and 39 is/are rejected under 35 U.S.C. 103 as being unpatentable over Gridnev et al. (EP 2933748 A1) in view of Shveidel et al. (US Pat No. 10,048,874), in view of Vangheepuram et al. (US PG Pub No. US 2017/0126479 A1), further in view of Krishnan et al. (US Pat No. 9,769,248). 

Regarding claim 23 Gridnev does not teach the predetermined threshold is determined based on the communication latency among a top percentile group of the security virtual machines available in the virtualized computing environment. 
Krishnan teaches sorting a list of clients in order to define performance categories based on percentile groups (col 7 line 49- col 8 line 7). It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to determine the predetermined threshold based on the communication latency among a top percentile group of the security virtual machines available in the virtualized computing environment. One would be motivated by the desire to quantify performance categories as taught by Krishnan.

Regarding claim 24, Krishnan teaches the predetermined threshold is determined based on an average communication latency among a top percentile group of the security virtual machines available in the virtualized computing environment (col 7 line 49- col 8 line 7). 

Regarding claim 39, Gridnev and Krishnan teach selecting the second security virtual machine includes randomly selecting one of the security virtual machines in the lowest latency group (Gridnev [0044]). 

Response to Arguments
Applicant’s arguments with respect to claim(s) 21-37 and 39-40 have been considered but are moot because the new ground of rejection does not rely on any reference applied in 

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ERIC C WAI whose telephone number is (571)270-1012.  The examiner can normally be reached on Monday - Friday 9-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/Eric C Wai/Primary Examiner, Art Unit 2195