Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
Claims 2-18 and 20-22 are pending. 

Response to Arguments
Applicant’s arguments on the appeal brief filed 09/11/2020, see pages 6-16, with respect to the rejection(s) of claim(s) 7, 12-16, 18, and 20-21 under 35 U.S.C. 103 have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made in view of Kawarai et al. (US 20050265356) and Mick et al. (US 20130304903).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 4-6, 8-11, 16-17, 20 and 22 is/are rejected under 35 U.S.C. 103 as being unpatentable over Spiers et al (US 2012/0266231) hereinafter Spiers in view of Kawarai et al. (US 2005/0265356) hereinafter Kawarai. 
Regarding claim 16, Spiers teaches a computing device comprising: a hardware processor (i.e. a computing device having a processor, [0031]); and a non-transitory storage 
However, Spiers does not explicitly disclose obtain, from a network controller that controls the back-end network, a controller configuration that specifies plurality of network elements included in the back- end network, send to each respective network element of the plurality of network elements specified by the controller configuration, a request for attestation of a network element configuration of the respective network element; receive, from each respective network element of the plurality of network elements, response data that specifies the network element configuration of the respective network element, wherein the network element configuration received from the respective network element includes data specifying links between the respective network element and other network elements, and includes a port forwarding rule used by the respective network element to handle network traffic; verify that the response data received from each network element meets the back-end configuration requirement included in the request for attestation of the back-end network.
However, Kawarai teaches obtain, from a network controller that controls the back-end network, a controller configuration that specifies plurality of network elements included in the back- end network (i.e. obtains the addresses of nodes constituting the virtual LAN to be 
Based on Spiers in view of Kawarai it would have been obvious to one of ordinary skilled in the art before the effective filing data of the claimed invention to incorporate obtains the addresses of nodes constituting the virtual LAN to be verified, the verification requesting NE multicasts request packets for keeping track of virtual LAN configuration, reply packets are sent 
One of ordinary skilled in the art would have been motivated to utilize Asenjo into Spiers system in order to enhance the trusted cloud environment of Spiers system.

Regarding claim 4, Spiers teaches the back-end configuration requirement includes a back-end network configuration requirement and a back-end software configuration requirement (i.e. cloud orchestrator deem the Measured VM, the virtualization platform , and the infrastructure on which the platform is running to be authentic and configured as expected for the tenant to deliver the to the Measured VM, [0127]); and wherein each network element 
Regarding claim 5, Spiers teaches the back-end network and computing device are included in a software defined network controlled by the network controller, (i.e. an organization computer network, [0013]), and wherein each network element comprises one of: a server device; a router device; or a switch device (i.e. a firewall 316 to control communication between tenant network 320 and router 314, and router 314 may communicate with a router 324 of cloud provider data center, [0058]). Therefore, the limitations of claim 5 are rejected in the analysis of claims 1 above, and the claim is rejected on that basis.

Regarding claim 6, Spiers teaches the instructions further cause the hardware processor to: receive, from the client device, a request for attestation of the computing device (i.e. a tenant of the cloud use for remote attestation. Remote attestation may include a process of remotely verifying the integrity and authenticity of cloud infrastructure, [0041]); and provide computing device attestation proof to the client device in response to the request for attestation of the computing device (i.e. the TPM creates the TPM quote as a function of a, a set of one or more of the measurement values (e.g., software version, configuration information, hardware type, etc.) stored in the PCR registers, [0122]).

Regarding claims 8-11 the limitations of claims 8-11 are similar to the limitations of claims 4-6. Therefore, the limitations of claims 8-11 are rejected in the analysis of claims 4-6 above, and the claims are rejected on that basis.



Regarding claim 20, Spiers does not explicitly disclose wherein the network element configuration received from each respective network element of the plurality of network elements comprises a port forwarding rule used by the respective network element to handle network traffic.
However, Kawarai teaches wherein the network element configuration received from each respective network element of the plurality of network elements comprises a port forwarding rule used by the respective network element to handle network traffic (i.e. the reply packet may include the sending port number as well as the sender address and the number of a receiving port through which the request packet was received as well as the replying node address, [0013] and see a table on lower right in FIG. 6).Therefore, the limitations of claim 20 are rejected in the analysis of claim 16 above, and the claim is rejected on that basis.

Regarding claim 22, Spiers teaches the controller configuration specifies the plurality of network elements for communicating data of the client device in the back-end network, the plurality of network elements comprises routers or switches (i.e. router 314, and router 314 may communicate with a router 324 of cloud provider data center 304, [0058]). 9 Therefore, the limitations of claim 22 are rejected in the analysis of claim 16 above, and the claim is rejected on that basis. 

Claims 7, 12-13, 18 and 21 is/are rejected under 35 U.S.C. 103 as being unpatentable over Spiers et al (US 2012/0266231) hereinafter Spiers in view of Kawarai et al. (US 2005/0265356) hereinafter Kawarai and further in view of Mick et al. (US 20130304903) hereinafter Mick. 
Regarding claim 7, Spiers in view of Kawarai teach the limitations of claim 16 above including the limitation verify that the response data received from each network element meets the back-end configuration requirement (i.e. reply packets are sent from nodes other than the verification requesting NE to the verification requesting NE. Thus, the verification requesting NE has to enter a reply packet receiving mode immediately after multicasting request packets to verify virtual LAN configuration, [0073]). Therefore, after sending a request to verify the configuration of the nodes in the virtual LAN, the verification requesting NE receives a reply packet and extracts necessary information from the reply packets to verify the virtual LAN configuration, ([0048]). 
However, Spiers does not explicitly disclose the client device is associated with a first client, the request for attestation of the back-end network comprises a request for attestation of isolation of each network element included in the back-end network from network traffic of a second client, a communication of the network traffic of the second client through the back-end network is isolated from communication of network traffic of the first client through the back-end network.
However, Mick teaches the client device is associated with a first client (i.e. user device, Fig. 1, item, 102), the request for attestation of the back-end network comprises a request for attestation of isolation of each network element included in the back-end network from network traffic of a second client (i.e. a security group specifies which incoming network traffic should be delivered to all VM instances in the group, all other incoming traffic being discarded, [0146]), a communication of the network traffic of the second client through the back-end network is 
Based on Spiers in view of Mick it would have been obvious to one of ordinary skilled in the art before the effective filing data of the claimed invention to incorporate a security group specifies which incoming network traffic should be delivered to all VM instances in the group, all other incoming traffic being discarded and network traffic between VM instances belonging to the same VLAN is always open but the system can enforce isolation of network traffic between different projects by enforcing one VLAN per project to Spiers because Spiers teaches creating a trusted cloud environment ([0010]) and Mick suggests a security group specifies which incoming network traffic should be delivered to all VM instances in the group, all other incoming traffic being discarded, [0146]) and network traffic between VM instances belonging to the same VLAN is always open but the system can enforce isolation of network traffic between different projects by enforcing one VLAN per project, [0099]).
One of ordinary skilled in the art would have been motivated to utilize Spiers in view of Mick into Spiers system in order to improve secure cloud environment of Spiers system.

Regarding claims 12-13, the limitations of claims 12-13 are similar to the limitations of claims 7 and 16. The combination of Spiers and Mick further teaches communicating data of the first client in the back-end network (i.e. he VPN may use a digital certificate, username/unique token, and password to create a secure channel for the traffic, Spiers, [0059]), wherein the verifying comprises verifying that the network traffic of the first client communicated through the back-end network is isolated from network traffic of a second client communicated through the back-end network (i.e. network traffic between VM instances belonging to the same VLAN is always open but the system can enforce isolation of network traffic between different projects by 

Regarding claim 18, Spiers does not explicitly disclose verifying that the communication of the network traffic of the second client through the back-end network is isolated from the communication of the network traffic of the first client through the back- end network comprises obtaining a network configuration of the second client from the network controller.
However, Mick teaches the verifying that the communication of the network traffic of the second client through the back-end network is isolated from the communication of the network traffic of the first client through the back- end network comprises obtaining a network configuration of the second client from the network controller (i.e. a security group specifies which incoming network traffic should be delivered to all VM instances in the group, all other incoming traffic being discarded, [0146])). Therefore, the limitations of claim 18 are rejected in the analysis of claims 7 and 16 above, and the claims are rejected on that basis.

Regarding claim 21, the limitations of claims 21 are similar to the limitations of claims 7. Therefore, the limitations of claim 21 are rejected in the analysis of claim 7 above, and the claim is rejected on that basis.

Claims 2-3, and 14-15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Spiers et al (US 2012/0266231) hereinafter Spiers in view of Kawarai et al. (US 2005/0265356) hereinafter Kawarai and further in view of Kulka et al. (US 2014/0013451) hereinafter Kulka.
Regarding the limitation of claim 2, Spiers in view of Kawarai teach the limitations of claim 16 above.

However, Kulka teaches generate obfuscated response data based on the response data received from each network element, and wherein the data verifying that the back-end network meets the back-end configuration requirements includes the obfuscated response data (i.e. Data obfuscation can be used to modify, manipulate, or change sensitive data originating from one or more backend systems before presentation to an end user, [0002]).
Based on Spiers in view of Kulka it would have been obvious to one of ordinary skilled in the art before the effective filing data of the claimed invention to incorporate Data obfuscation can be used to modify, manipulate, or change sensitive data originating from one or more backend systems before presentation to an end user to Spiers because Spiers teaches creating a trusted cloud environment ([0010]) and Kulka suggests Data obfuscation can be used to modify, manipulate, or change sensitive data originating from one or more backend systems before presentation to an end user, [0002]).
One of ordinary skilled in the art would have been motivated to utilize Kulka into Spiers system in order to improve capability of the trusted cloud environment of Spiers system.

Regarding claim 3, Spiers does not explicitly disclose the obfuscated response data is generated by reducing a granularity of at least one measurement included in the network element configuration.
However, Kulka teaches the obfuscated response data is generated by reducing a granularity of at least one measurement included in the network element configuration (i.e. the intended obfuscation output for another user such as the employee's manager ("Jane Doe"), may be intended to allow the manager to only see the reporting hierarchy and the salary group 

Regarding claim 14, the limitations of claims 14 are similar to the limitations of claims 2. Therefore, the limitations of claim 14 are rejected in the analysis of claim 2 above, and the claim is rejected on that basis.

Regarding claim 15, Spiers teaches the back-end configuration requirement further specifies a first version of a software application (i.e. a create Measured VM request includes the networking settings (e.g., VIP address I), tenant-specified configurations, to create the virtual machine, [0089]); the network element configuration received from a given network element specifies that the given network element is running a second version of the software application, the second version being different from the first version (i.e. a measurement may be of at least one of a configuration parameter (e.g., software version, hardware, etc.) of a device or software, or of a configuration that the tenant may wish to authenticate prior to communicating with the device, [0083]); and the data verifying that the back-end network meets the back-end configuration requirement specifies that each network element included in the back-end network is running the first version of the software application, (i.e. the tenant may determine measurements of a configuration of the virtualization platform match an expected configuration, in the manner provided above, to determine whether to authenticate the platform, [0146]).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to AYELE F WOLDEMARIAM whose telephone number is (571)270-5196.  The examiner can normally be reached on M_F 8:30AM-5:00PM.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joon H Hwang can be reached on 571-272-4036.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/A F. W/
Ayele Woldemariam
Examiner
Art Unit 2447
1/27/2021


/CHEIKH T NDIAYE/Primary Examiner, Art Unit 2447