DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
The amendments filed on October 15, 2020 have been entered.
Claims 1-20 are allowed.

      Response to Arguments
Applicant’s arguments filed on October 15, 2020 have been fully considered and are persuasive.

This communication warrants No Examiner's Reason for Allowance, applicant's reply make evident the reasons for allowance, satisfying the “record as a whole” proviso of the rule 37 CFR 1.104(e). Specifically, the substance of applicant’s remarks, pages 8-10, filed October 15, 2020 are persuasive and the proposed amendment below, as such the reasons for allowance are in all probability evident from the record and no statement is deemed necessary (see MPEP 1302.14).

Examiner’s amendment
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given by Attorney Nolan Hubbard Registration No. 62,327.
The application is amended as follows:



a host with a processor, a memory, and a network interface (NIC), with a hypervisor executing on the host;
a container with a filtering module executing on the host; and
a virtual machine (VM) with a first virtual network interface (VNIC) executing on the container, 
wherein the VM is configurable with a public internet protocol (IP) address, the filtering module is configured to check whether the public IP address of the VM executing on the container is included in messages, and the processor is configured to execute to:
receive, by the first VNIC, a first message for transmission over a network;
determine, by the filtering module, whether an IP address in the first message matches a validation IP address configured in the filtering module, wherein the validation IP address is the public address of the VM executing on the container;
responsive to determining that the IP address in the first message is invalid, cancel transmission of the first message and send the first message to a remediation service, wherein the remediation service is a Dynamic Host Configuration Protocol (DHCP) service; and
responsive to determining that the IP address in the first message is valid, forward, by the container, the first message to the hypervisor, which transmits the first message to the network using the IP address via the NIC.

Claim 2 (original):	The system of claim 1, wherein the remediation service generates an error indicating that at least one of (i) the VM lacks an assigned IP address, (ii) the VM is assigned to an incorrect IP address, (iii) the first message includes an incorrect IP address, and (iv) the first message fails to include any IP address.

Claim 3 (original):	The system of claim 1, wherein the container further includes a second VNIC.


interpret the first message as a DHCP request from the VM; 
select an IP address based on a media access control (MAC) address of the VM as a configured IP address of the VM; and
assign the configured IP address to the VM.

Claim 5 (original):	The system of claim 4, wherein the configured IP address is added to the first message generating an amended message, and the amended message is forwarded to one of the second VNIC and the hypervisor.

Claim 6 (previously presented): 	The system of claim 4, wherein the DHCP service sends the configured IP address to at least one of the VM and the filtering module, causing the VM to be configured with the configured IP address and the validation IP address in the filtering module to be updated with the configured IP address, and wherein a second message received by the filtering module from the first VNIC includes the updated configured IP address.

Claim 7 (original):	The system of claim 3, wherein a second message received by the NIC from the network is redirected to the second VNIC based on the second message including the IP address of the VM, and the second VNIC passes the second message through to the first VNIC enabling the VM to interpret the second message.

Claim 8 (original):	The system of claim 3, wherein the container and the second VNIC are only associated with the IP address of the VM, resulting in all network communications directed towards the container being redirected into the VM.

Claim 9 (original):	The system of claim 3, wherein a query to the second VNIC for an IP address of one of the second VNIC and the container results in a response including the IP address of the VM.



Claim 11 (original):	The system of claim 1, wherein the IP address of the VM is a global IP address.

Claim 12 (original):	The system of claim 1, wherein the VM has restricted access to computing resources of the host, which access is restricted by the hypervisor.

Claim 13 (original):	The system of claim 1, wherein the first message is divided into packets and each packet of the first message includes the IP address of the VM.

Claim 14 (currently amended):	A method comprising:
receiving, by a first virtual network interface (VNIC) of a virtual machine (VM), a first message for transmission over a network, wherein the VM is configurable with a public internet protocol (IP) address;
determining, by a filtering module, a container with the filtering module executes on a host, the filtering module is configured to check whether the public IP address of the VM executing on the container is included in messages, and the validation IP address is the public address of the VM executing on the container;
responsive to determining that the IP address in the first message is invalid, canceling transmission of the first message and sending the first message to a remediation service, wherein the remediation service is a Dynamic Host Configuration Protocol (DHCP) service executing on the host; and
responsive to determining that the IP address in the first message is valid, forwarding, by the container, the first message to a hypervisor, which transmits the first message to the network using the IP address via a network interface (NIC).


interpreting the first message as a DHCP request from the VM; 
selecting an IP address based on a media access control (MAC) address of the VM as a configured IP address of the VM; and
assigning the configured IP address to the VM.

Claim 16 (previously presented):	The method of claim 15, further comprising:
attaching the configured IP address to the first message generating an amended message; and
forwarding the amended message to one of the second VNIC and the hypervisor.

Claim 17 (currently amended):	The method of claim 15, further comprising:
sending the configured IP address to at least one of the VM and the filtering module, causing the VM to be configured with the configured IP address and the validation IP address in the filtering module to be updated with the configured IP address, and
receiving a second message by the filtering module from the first VNIC, wherein the second message includes the updated configured IP address.

Claim 18 (original):	The method of claim 15, wherein the container and the second VNIC are only associated with the IP address of the VM, resulting in all network communications directed towards the container being redirected into the VM, and wherein a query to the second VNIC for an IP address of one of the second VNIC and the container results in a response including the IP address of the VM.

Claim 19 (original):	The method of claim 14, wherein a supervisor of the host has direct access to the container and has control over the container, and wherein the VM has restricted access to computing resources of a host of the container and the VM, which access is restricted by the hypervisor.


receive, by a first virtual network interface (VNIC) of a virtual machine (VM), a message for transmission over a network, wherein the VM is configurable with a public internet protocol (IP) address;
determine, by a filtering module, a container with the filtering module executes on a host, the filtering module is configured to check whether the public IP address of the VM executing on the container is included in messages, and the validation IP address is the public address of the VM executing on the container;
responsive to determining that the IP address in the message is invalid, cancel transmission of the message and send the message to a remediation service, wherein the remediation service is a Dynamic Host Configuration Protocol (DHCP) service executing on the host; and
responsive to determining that the IP address in the message is valid, forward, by the container, the message to a hypervisor, which transmits the message to the network using the IP address via a network interface (NIC).












Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ABDELBASST TALIOUA whose telephone number is (571)272-4061.  The examiner can normally be reached on Monday-Thursday 7:30 am - 5:30 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, William Trost can be reached on 571-272-7872.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/A.T./Examiner, Art Unit 2442                                                                                                                                                                                                        
/WILLIAM G TROST IV/Supervisory Patent Examiner, Art Unit 2442