DETAILED ACTION
1.	This action is responsive to the communication filed on September 24, 2019.  Claims 1-20 are pending.  At this time, claims 1-20 are rejected.
Notice of Pre-AIA  or AIA  Status
2.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Double Patenting
3.	The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees.   A nonstatutory obviousness-type double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and  In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the conflicting application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. 
Effective January 1, 1994, a registered attorney or agent of record may sign a terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply with 37 CFR 3.73(b).
Claims 1-20 are rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 10,462,136 B2.  Although the conflicting claims are not identical, they are not patentably distinct from the two inventions have similar subject matter, especially relating to hybrid cloud security groups, wherein a request may be received from a first cloud network of a hybrid cloud environment to transmit data to a second cloud network of the hybrid cloud environment, wherein the request can include a security profile related to the data. The security profile may be automatically analyzed to determine access permissions related to the data. Based at least in part on the access permissions, data can be allowed to access to the second cloud network.
Claim Rejections - 35 USC § 103
4.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. 
5.	This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention. 
6.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

7.	The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. 	Determining the scope and contents of the prior art.

3.	Resolving the level of ordinary skill in the pertinent art.
4.	Considering objective evidence present in the application indicating obviousness or nonobviousness.
8.	Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Beaty; Kirk A. et al (US 9063789 B2) - IDS, and further in view of Qi; Zheng et al. (US 8700891 B2).
a.	Referring to claim 1:
		i.	Beaty teaches a method comprising:
(1)	receiving, at a network device of a first cloud network of a hybrid cloud environment and from a second cloud network of the hybrid cloud environment, a request to transmit data from the first cloud network (see Figures 7-10, and column 2, lines 29-31 of Beaty, where request from a consumer of data processing resources to acquire first data processing resources is received via the first interface (i.e. public cloud, private cloud, community cloud, etc..); see also column 11, lines 14-31 of Beaty for transmitting data where Operation of hybrid cloud 426 requires communication between consumer data processing resources 402 and provider data processing resources 404.  However, security concerns may require the prevention of unauthorized access to consumer data processing resources 402 from provider data processing resources 404 or from any other unauthorized sources.  Therefore, firewall 428 may be provided between consumer data processing resources 402 and provider data processing resources 404.  Firewall 428 is designed to block unauthorized access to consumer data processing resources 402 by provider data processing resources 404 or by any other resources on the internet while permitting authorized communications between consumer data processing resources 402 and provider data processing resources 404.  Firewall 428 may be implemented in either hardware or software or using a combination of both hardware and software.  For example, without limitation, firewall 428 may be implemented in consumer data processing resources 402);
(see column 3, line 63 through column 4, line 2 of Beaty, where cloud systems automatically control and optimize resource use by leveraging a metering capability at some level of abstraction appropriate to the type of service (e.g., storage, processing, bandwidth, and active user accounts).  Resource usage can be monitored, controlled, and reported providing transparency for both the provider and consumer of the utilized service.  See also the combination of teaching between Beaty and Qi below for security tag, wherein the method may also include determining if the data packet includes a security tag that includes a role based authentication tag. In some embodiments, the method may include, if the data packet includes a security tag that includes a role based authentication tag, transmitting, via an egress port, at least the payload portion and the role based authentication tag towards, in a topological sense, the destination network address (column 2, lines 2-10 of Qi); and
(3)	when the security tag includes the access permissions indicating the data is allowed to enter the second cloud network, allowing the data to exit the first cloud network via the network device ((see column 8, lines 30-41 of Beaty, where the different illustrative embodiments recognize and take into account that easy access to public cloud services allows such services to be consumed within an enterprise in a non-centralized and unmanaged manner.  De-centralizing and moving data processing resources to off-site vendors increases the complexity and time required to support them.  Typically, this complexity is only evident when the cloud resources being consumed are reported to the enterprise information technology department.  Security and system governance lapses may result from this lack of management.  Regulatory and business compliance may require policy based data sharing across a hybrid cloud; See also the combination of teaching between Beaty and Qi below for security tag, wherein the method may also include determining if the data packet includes a security tag that includes a role based authentication tag. In some embodiments, the method may include, if the data packet includes a security tag that includes a role based authentication tag, transmitting, via an egress port, at least the payload portion and the role based authentication tag towards, in a topological sense, the destination network address (column 2, lines 2-10 of Qi).
ii.	Although Beaty teaches security provides identity verification for cloud consumers and tasks as well as protection for data and other resources.  User portal provides access to the cloud computing environment for consumers and system administrators, Beaty is silent on the capability of showing security tag.  On the other hand, Qi teaches security tag, wherein the method may also include determining if the data packet includes a security tag that includes a role based authentication tag. In some embodiments, the method may include, if the data packet includes a security tag that includes a role based authentication tag, transmitting, via an egress port, at least the payload portion and the role based authentication tag towards, in a topological sense, the destination network address (column 2, lines 2-10 of Qi).
	iii.	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to:
(1)	have modified the invention of Beaty with the teaching of Qi to apply various security mechanisms to protect their data, applications and networks functions (see column 1, lines 25-26 of Qi).
iv.	The ordinary skilled person would have been motivated to:
(1)	have modified the invention of Beaty with the teaching of Qi to define a security infrastructure to provide data confidentiality, data integrity and data origin authentication (see column 1, lines 34-36 of Qi).
b.	Referring to claim 2:
	i.	The combination of teaching between Beaty and Qi teaches the claimed subject matter.  Beaty further teaches:
(1)	wherein the hybrid cloud environment is configured to prevent unauthorized access to the hybrid cloud environment while providing scalability to accommodate increases and decreases in demand for one or more computing (see column 11, lines 14-31 of Beaty).
c.	Referring to claim 3:
	i.	The combination of teaching between Beaty and Qi teaches the claimed subject matter.  Beaty further teaches:
(1)	further comprising: screening the request via a firewall of the first cloud; and based at least in part on the determining whether the security tag associated with the data includes any access permissions to the data, denying access to data that is not permitted to exit the first cloud network (see Figures 7-10, and column 2, lines 29-31 of Beaty).
d.	Referring to claim 4:
	i.	The combination of teaching between Beaty and Qi teaches the claimed subject matter.  Beaty further teaches:
	(1)	transmitting the data from the first cloud network via a hybrid link, the hybrid link utilized for secure communications between the first cloud network and the second cloud network, wherein the hybrid link does not allow connection to the Internet (see column 11, lines 14-31 of Beaty).
e.	Referring to claim 5:
	i.	The combination of teaching between Beaty and Nagpal teaches the claimed subject matter.  Beaty and Qi further teach:
	(1)	wherein the security tag is automatically applied to applications initialized in the hybrid cloud environment (see column 11, lines 40-50 of Beaty; see also column 2, lines 2-10 of Qi).
f.	Referring to claim 6:
	i.	The combination of teaching between Beaty and Nagpal teaches the claimed subject matter.  Beaty further teaches:
	(1)	receiving a request for a virtual machine in the hybrid cloud environment (see Figures 7-10, and column 2, lines 29-31 of Beaty, where request from a consumer of data processing resources to acquire first data processing resources is received via the first interface (i.e. public cloud, private cloud, community cloud, etc..); see also column 3, lines 32-40 of Beaty for virtual machine, where cloud computing is a model of service delivery for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g. networks, network bandwidth, servers, processing, memory, storage, applications, virtual machines, and services) that can be rapidly provisioned and released with minimal management effort or interaction with a provider of the service.  This cloud model may include at least five characteristics, at least three service models, and at least four deployment models); determining that the second request originates from an address of a private cloud network of the hybrid cloud environment (see Figures 7-10, and column 2, lines 29-31 of Beaty, where request from a consumer of data processing resources to acquire first data processing resources is received via the first interface (i.e. public cloud, private cloud, community cloud, etc..);  gee also Figure 4 and column 4, lines 33-35 of Beaty for private cloud, where Private cloud: the cloud infrastructure is operated solely for an organization.  It may be managed by the organization or a third party and may exist on-premises or off-premises); and providing the virtual machine in the hybrid cloud environment (see also column 3, lines 32-40 of Beaty for virtual machine, where cloud computing is a model of service delivery for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g. networks, network bandwidth, servers, processing, memory, storage, applications, virtual machines, and services) that can be rapidly provisioned and released with minimal management effort or interaction with a provider of the service.  This cloud model may include at least five characteristics, at least three service models, and at least four deployment models).
g.	Referring to claim 7:
	i.	This claim has similar limitations as claim 1, thus it is rejected with the same rationale applied against claim 1 above.  The different is that this claim associates with private cloud (see Figure 4 and column 4, lines 33-35 of Beaty for private cloud, where Private cloud: the cloud infrastructure is operated solely for an organization.  It may be managed by the organization or a third party and may exist on-premises or off-premises).
h.	Referring to claim 8:
(see Figure 7 and column 1, line 60 through column 2, line 3 of Beaty for public cloud, where the consumer typically continues to operate its own computer network while some data processing resources are being obtained from a public cloud.  Thus, data processing resources from the public cloud typically are obtained in order to supplement the data processing resources of the consumer's own private cloud at certain times of need.  The simultaneous and coordinated operation of data processing resources from multiple clouds may be referred to as hybrid cloud computing.  For example, operation of the consumer's private cloud along with resources obtained from one or more public clouds is a specific example of hybrid cloud computing; and column  4, lines 42-44 of Beaty, where Public cloud: the cloud infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services).
i.	Referring to claims 9-14:
i.	This claim consists a system to implement the steps of claims 1, 3-4 and 6-8, thus they are rejected with the same rationale applied against claims 1, 3-4 and 6-8 above.
i.	Referring to claims 14-20:
i.	This claim consists a non-transitory computer-readable medium having stored therein instructions which, when executed by one or more processors, cause the one or more processors to perform the steps of claims 1, 3-8; thus they are rejected with the same rationale applied against claims 1, 3-8 above.
Information Disclosure Statement
9.	The information disclosure statements (IDS) filed on September 24, 2019 and November 20, 2019 are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statements are being considered by the examiner.
Conclusion

	a.	Lawson; Douglas C. et al. (US 20130211546 A1) discloses SMART DEVICE FOR INDUSTRIAL AUTOMATION (see Title).
b.	Sinn; Richard (US 20140331300 A1) discloses HYBRID CLOUD IDENTITY MAPPING INFRASTRUCTURE (see Title).
	Any inquiry concerning this communication or earlier communications from the examiner should be directed to Thanhnga B. Truong whose telephone number is 571-272-3858. 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached at 571-272-8878.  The fax and phone numbers for the organization where this application or proceeding is assigned is 571-273-8300.
Any inquiry of a general nature or relating to the status of this application or proceeding should be directed to the receptionist whose telephone number is 571-272-2100.

/THANHNGA B TRUONG/Primary Examiner, Art Unit 2498                                                                                                                                                                                                        
January 28, 2021