DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 

Response to Arguments
The rejections of Claims 25-44 under obvious-type double patenting is maintained as applicant’s have requested the rejection be held in abeyance.  
Applicant's arguments filed 11/19/2020 with respect to 35 U.S.C. 103 have been fully considered but they are not persuasive. 
	Applicant Argues: The connections between elements of Applicant's claim appear to have been overlooked in the rejection. In particular, Applicant's interface record links the claim element assign an interface record to a network-accessible service, wherein the interface record comprises one or more Internet Protocol (IP) addresses and one or more security properties with the claim element configure the one or more security properties to allow attachment of the interface record to a resource instance and with the claim element attach the interface record to a resource instance, wherein the attachment enables the resource instance to transmit network messages from at least one of the one or more IP addresses. Thus, Applicant's claim describes that the interface record that is assigned to a network- accessible service has security properties that allow attachment of the interface record to a resource instance, wherein the attachment enables the resource instance to transmit network messages from at least one of the one or more IP addresses. The cited combination fails to teach or suggest such an interface record. 
	Examiner’s Response:  The examiner respectfully disagrees.  The examiner notes in the Dhawan’s policy and routing wrapper is the aforementioned interface record (FIG. 5A) as (Gbadegesin, FIG. 3 – Associating at least one security policy with a resource (i.e., network accessible service)   and [0041] – cloud computing environment and [0047]) further configure... to allow attachment of the interface record to a resource instance (Gbadegesin, FIG. 3 – Associating at least one security policy with a resource → Generating an authentication token when credential satisfies policy → Attaching security policy related information to a resource link)  and [0005]-[0006] - issue an authentication token.  More specifically, Gbadegesin is configured to allow attachment of the “security policy related information” (i.e., interface record) to a resource instance based on generation of the authentication token of when a credential satisfies a policy, see FIG. 3 and [0046]-[0047]).  Thus, the examiner notes the aforementioned references do in fact disclose an interface record. 
Applicant Argues: But the cited combination of the two references makes little sense and fails to teach the above-noted connections between the claims. In an overly-strained attempt to combine disparate features of unrelated references to achieve Applicant’s claimed subject matter through improper hindsight analysis, the Office attempts to combine the association of security policies with a resource (Gbadegesin) to the routing table 506 in Dhawan (alleging that the routing table of Dhawan, modified to be associated with the security policy of Gbadegesin somehow teaches or suggests Applicant’s assign an interface record (mapped to Dhawan’s routing table) to a network-accessible service (mapped to the resource of Gbadegesin). But it makes no sense to substitute Dhawan’s routing table for Gbadegesin’s security policy in Gbadegesin description of “Associating at least one security policy with a resource.” ... Instead, such a combination as suggested in the Office Action is merely an attempt to combine disparate features of unrelated references to achieve the Applicant’s claimed subject matter through improper hindsight analysis.
Examiner’s Response:  The examiner respectfully disagrees.  In response to applicant's argument that the examiner's conclusion of obviousness is based upon improper hindsight reasoning, it must be recognized that any judgment on obviousness is in a sense necessarily a reconstruction based upon hindsight reasoning.  But so long as it takes into account only knowledge which was within the level of ordinary skill at the time the claimed invention was made, and does not include knowledge gleaned only from the applicant's disclosure, such a reconstruction is proper.  More specifically, Dhawan focuses on the use of routing and policy wrapper (e.g., interface record) to provide IP address and security properties to a resource instance when attached, see [0048]-[0050].  Gbadegesin teaches similar concepts as a “security policy related information” is attached to a resource instance that is provided network accessible service.  The use of the attached “security policy related information” allows a token to be used as it is provided to the network accessible service for authentication to the resource instance ([0005]-[0006]).  Both references focus on the attachment of wrappers/policies to a resource instance to provide IP address (i.e., Dhawan) and authentication (i.e., Gbadegesin) and thus are able to be combined.  
Applicant Argues: Additionally, the cited combination fails to teach or suggest configure the one or more security properties (security properties of the interface record) to allow attachment of the interface record to a resource instance. Continuing with the Office’s above-noted mapping, FIG. 3 and paragraphs 5-6 of Gbadegesin are cited on p. 5 of the Office Action for this feature. But cited paragraphs 5-6 instead describe that authentication policies (associated with targeted resources) are used to determine whether to issue authentication tokens that “grant access to the resource and issue an authentication token for use by an instance of the resource to use in related requests to other resources.” Thus, the cited portions of Gbadegesin describe authentication policies for resources; there is no mention of configuration, to say nothing of configuring the one or more security properties (security properties of the interface record) to allow attachment of the interface record to a resource instance.
Examiner’s Response:  The examiner respectfully disagrees. It is the combination of Dhawan in view of Gbadegesin that discloses the aforementioned limitation.  The examiner has noted that configure the one or more security properties [for] attachment of the interface record to a resource instance (FIG. 5a – FIG. 5a – Carrier Virtual Machine and Routing and Policy Wrapper and [0049] – Routing and policy wrapper can provide network routing and policy environment... Furthermore, routing and policy wrapper 508 may provide additional control over hardware functionality, such as but not limited to, copying, or printing secured data encapsulated by the carrier virtual machine)).  The examiner further noted that Gbadegesin configure... to allow attachment of the interface record to a resource instance (Gbadegesin, FIG. 3 – Associating at least one security policy with a resource → Generating an authentication token when credential satisfies policy → Attaching security policy related information to a resource link)  and [0005]-[0006] - issue an authentication token for use by an instance of the resource to use in related requests to other resources).  More specifically, Gbadegesin is configured to allow attachment of the “security policy related information” (i.e., interface record) to a resource instance based on generation of the authentication token of when a credential satisfies a policy, see FIG. 3 and [0046]-[0047]).  Thus allowing of attachment based on 
Applicant Argues: Applicant’s attorney has reviewed the latest office action and the reference and has been unable to determine what security properties (security properties of the interface record) to allow attachment of the interface record to a resource instance could possibly be mapped to in the combination of references. Thus, because the Office Action has not adequately articulated what functionality in the references is mapped to Applicant’s security properties (security properties of the interface record) to allow attachment of the interface record to a resource instance, a prima facie rejection has not been established. In re Jung, 637 F.3d 1356, 1362 (Fed. Cir. 2011) (thePTO fails to establish a prima facie case "when a rejection is so uninformative that it prevents the applicant from recognizing and seeking to counter the grounds for the rejection") (citation omitted). Furthermore, Gbadegesin’s description of policy-based authentication fails to teach or suggest Applicant’s recited security properties to allow attachment of the interface record (mapped to Dhawan’s routing table) to a resource instance at least because the former says nothing about attachment of a routing table to a resource, to say nothing of security properties to allow the attachment and configuring such a security property.
(FIG. 5a – FIG. 5a – Carrier Virtual Machine and Routing and Policy Wrapper and [0049] – Routing and policy wrapper can provide network routing and policy environment... Furthermore, routing and policy wrapper 508 may provide additional control over hardware functionality, such as but not limited to, copying, or printing secured data encapsulated by the carrier virtual machine)).  The examiner further noted that Gbadegesin configure... to allow attachment of the interface record to a resource instance (Gbadegesin, FIG. 3 – Associating at least one security policy with a resource → Generating an authentication token when credential satisfies policy → Attaching security policy related information to a resource link)  and [0005]-[0006] - issue an authentication token for use by an instance of the resource to use in related requests to other resources).  More specifically, Gbadegesin is configured to allow attachment of the “security policy related information” (i.e., interface record) to a resource instance based on generation of the authentication token of when a credential satisfies a policy, see FIG. 3 and [0046]-[0047]).  Thus allowing of attachment based on satisfying credential/policy of Gbadegesin can be implemented as a similar means for  the configuration of the one or more security properties [for] attachment of the interface record to a resource instance of Dhawan.  As an example, it can be reasonably constructed from the teachings of security properties which are configured that allow additional control as in taught Dhawan, [0049]; these security properties must satisfy conditions (i.e., from Gbadegesin) to allow attachment of the interface record to a resource instance, thus this would render a 
Applicant Argues: Applicant’s attorney has reviewed the latest office action and the reference and has been unable to determine what attachment of the interface record to a resource instance could possibly be mapped to in the combination of references. Thus, because the Office Action has not adequately articulated what functionality in the references is mapped to Applicant’s attachment of the interface record to a resource instance, a prima facie rejection has not been established.
Examiner’s Response: The examiner respectfully disagrees.  The examiner notes in the Dhawan’s policy and routing wrapper is the aforementioned interface record (FIG. 5A) as provides network routing and policy enforcement when attached to a resource instance, see [0049], as Dhawan states furthermore, routing and policy wrapper provides additional control over... [the] carrier virtual machine.  The examiner cited to Gbadegesin to further teach concepts of a “interface record” as the form a security policy related information (Gbadegesin, FIG. 3 – Associating at least one security policy with a resource (i.e., network accessible service)   and [0041] – cloud computing environment and [0047]) further configure... to allow attachment of the interface record to a resource instance (Gbadegesin, FIG. 3 – Associating at least one security policy with a resource → Generating an authentication token when credential satisfies policy → Attaching security policy related information to a resource link)  and [0005]-[0006] - issue an authentication token.  More specifically, Gbadegesin is configured to allow attachment of the “security policy related information” (i.e., interface record) to a resource instance based on generation of the authentication token of when a credential satisfies a policy, see FIG. 3 and 
Applicant Argues: Additionally, the cited combination fails to teach or wherein the attachment enables the resource instance to transmit network messages from at least one of the one or more IP addresses. On p. 4 of the Office Action paragraphs 48-50 of Dhawan are quoted, but describe a routing and policy wrapper 508 that “can provide network routing and policy enforcement prior to VM packet events” and “provide additional control over hardware functionality, such as but not limited to, copying or printing secured data encapsulated by carrier virtual machine.” Clearly, accessing a policy wrapper prior to VM packet events, where the policy wrapper provides control over copying or printing secured data encapsulated by carrier virtual machine fails to teach or suggest anything like Applicant’s enable the resource instance to transmit network messages from at least one of the one or more IP addresses. In particular, control over copying or printing clearly does not correspond to enable the resource instance to transmit network messages from at least one of the one or more IP addresses at least because the former describes copying and printing instead and also because the former says nothing about enabling [...] transmission of network messages from at least one of the one or more IP addresses (the IP addresses in the interface record). Applicant’s attorney has reviewed the cited sections of the reference and at best, the quoted sections of the reference are silent with regard to enabling transmission from an IP address in an interface record.
Examiner’s Response: The examiner respectfully disagrees.  The routing and policy wrapper of  Dhawan provides routing and policy enforcement and the carrier virtual machines reference the routing and policy wrapper prior to events such as routing or broadcasting, see [0049].  The examiner notes the routing and broadcasting is based on typical IP datagrams, see 
Applicant Argues: Applicant's attorney has reviewed the latest office action and the reference and has been unable to determine what enabling transmission from an IP address in an interface record could possibly be mapped to in the combination of references. Thus, because the Office Action has not adequately articulated what functionality in the references is mapped to Applicant's enabling transmission from an IP address in an interface record, a prima facie rejection has not been established.
Examiner’s Response: As similar to above the examiner respectfully disagrees.  The routing and policy wrapper of  Dhawan provides routing and policy enforcement and the carrier virtual machines reference the routing and policy wrapper prior to events such as routing or broadcasting, see [0049].  The examiner notes the routing and broadcasting is based on typical IP datagrams, see [0038] and thus have IP address information.  Thus when a carrier virtual machine’s broadcasting or routing is enforced using the attached routing and policy wrapper it enables the carrier machine to broadcast or route.  Thus the broadcast or routing enforcement applies to the IP datagrams leaving the carrier virtual machine and encompass IP address as typical ID datagrams are used.  
Applicant Argues:  Furthermore, the cited combination fails to teach or suggest wherein the at least one of the one or more IP addresses is provided to the network-accessible service as a source IP address for authentication of the resource instance. On p. 5 of the Office Action, the Office explicitly maps Applicant's one or more IP addresses to "security policy-related information in Gbadegesin. But when read has a whole, Applicant's claim describes that the source of the IP addresses that are provided to the network-accessible service as a source IP address for authentication of the resource instance is the interface record that comprises one or more Internet Protocol (IP) addresses and one or more security properties. In contrast, the quoted security policy in Gbadegesin is associated with a resource (not located in an interface record or a routing table (Applicant's interface record mapped to Dhawan's routing table)). Thus, the cited combination of reference fails to teach or suggest the connections between Applicant's claim elements because the references fail to teach or suggest that the IP address that is provided to the network-accessible service as a source IP address for authentication of the resource instance is an IP address from an interface record (the record mapped to Dhawan's routing table). Again, for at least these reasons, such a combination as suggested in the Office Action is merely an attempt to combine disparate features of unrelated references to achieve the Applicant's claimed subject matter through improper hindsight analysis.
Examiner’s Response:  The examiner respectfully disagrees.  In response to applicant's argument that the examiner's conclusion of obviousness is based upon improper hindsight reasoning, it must be recognized that any judgment on obviousness is in a sense necessarily a reconstruction based upon hindsight reasoning.  But so long as it takes into account only knowledge which was within the level of ordinary skill at the time the claimed invention was made, and does not include knowledge gleaned only from the applicant's disclosure, such a reconstruction is proper. Gbadegesin teaches attach the interface record to a resource instance... wherein the at least one of the one or more [security policy related information] is provided to the network-accessible service as a [security policy related information] for authentication of the (Gbadegesin, FIG. 3 – Associating at least one security policy with a resource → Attaching security policy related information to a resource link → Inspecting the rouse link for the security policy related information to determine the security rudiment of the resource and [0005]-[0006] - issue an authentication token for use by an instance of the resource to use in related requests to other resources and [0041] and [0047]-[0048] - At block 310, security policy-related information may be attached to a resource link used to traverse to the resource. The security policy-related information may correspond to the one or more security policies attached to the resource. The security policy-related information may be an authorization token link 238 identifying a second resource from which the authorization token is retrievable. At block 312, security policy information attached to the resource link, e.g. an authorization token link 238, may be inspected to determine a security requirement for the resource).  The examiner reasonably constructs that the [security policy related information] for authentication can be based on the use of IP information as found in Dhawan, as both oth references focus on the attachment of wrappers/policies to a resource instance to provide IP address (i.e., Dhawan) and authentication (i.e., Gbadegesin) and thus are able to be combined.  
Similar Rational Applies to Claims 32 and 39.
Therefore the examiner finds these arguments not persuasive.





Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.

Claim(s) 25, 26, 29, 32, 33, 36, 38, 39, 40, 43, and 44 is/are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Dhawan et al. (US 2007/0079307 A1) in view of Gbadegesin et al. (US 2009/0228967 A1).

Regarding Claim 25, and similarly Claim 32 and 39;
Dhawan teaches a system, comprising:
one or more computers configured to:
assign an interface record..., wherein the interface record comprises one or more Internet Protocol (IP) addresses and one or more security properties (FIG. 5a and [0048] – In an embodiment of the invention, predetermined routing table 506 can translate between physical network addresses and virtual network addresses as typically implemented in a virtual network (VNET) whether the VNET is implemented on a Local Area Network (LAN), a Wide Area Network (WAN) such as the Internet or a corporate intranet, or a combination of public and/or private network technologies and protocols. In an embodiment of the invention, predetermined routing table 506 may also include routing, event tree, and security information regarding individual physical or virtual network hops between two endpoints and [0049] – Routing and policy wrapper can provide network routing and policy environment... Furthermore, routing and policy wrapper 508 may provide additional control over hardware functionality, such as but not limited to, copying, or printing secured data encapsulated by the carrier virtual machine and [0050] -  Furthermore, virtual machine monitor 116 can interact with routing and policy wrapper 508 to access information contained by predetermined routing table 506 and/or VM packet management 504 to facilitate the secure transfer of data across a network environment);
configure the one or more security properties [for] attachment of the interface record to a resource instance (FIG. 5a – FIG. 5a – Carrier Virtual Machine and Routing and Policy Wrapper and [0049] – Routing and policy wrapper can provide network routing and policy environment... Furthermore, routing and policy wrapper 508 may provide additional control over hardware functionality, such as but not limited to, copying, or printing secured data encapsulated by the carrier virtual machine)); and
 attach the interface record to a resource instance (FIG. 5a – Carrier Virtual Machine and Routing and Policy Wrapper) wherein the attachment enables the resource instance to transmit network messages from at least one of the one or more IP addresses (FIG. 5a – Carrier Virtual Machine and Routing and Policy Wrapper and [0048]-[0049] – managing originating and terminating network addresses and [0050] -  Furthermore, virtual machine monitor 116 can interact with routing and policy wrapper 508 to access information contained by predetermined routing table 506 and/or VM packet management 504 to facilitate the secure transfer of data across a network environment); wherein the at least one of the one or more IP addresses is provided ... as a source IP address ...  of the resource instance (FIG. 5a – Carrier Virtual Machine and Routing and Policy Wrapper and [0048]-[0049] – managing originating and terminating network addresses and [0050] -  Furthermore, virtual machine monitor 116 can interact with routing and policy wrapper 508 to access information contained by predetermined routing table 506 and/or VM packet management 504 to facilitate the secure transfer of data across a network environment);
Dhawan fails to explicitly disclose: 
assign an interface record to a network-accessible service...
configure... to allow attachment of the interface record to a resource instance;
attach the interface record to a resource instance... wherein the at least one of the one or more IP addresses is provided to the network-accessible service as a source IP address for authentication of the resource instance.
However, in an analogous art, Gbadegesin teaches
assign an interface record to a network-accessible service... [wherein the interface record comprises... one or more security properties] (Gbadegesin, FIG. 3 – Associating at least one security policy with a resource (i.e., network accessible service)   and [0041] – cloud computing environment and [0047]);
(Gbadegesin, FIG. 3 – Associating at least one security policy with a resource → Generating an authentication token when credential satisfies policy → Attaching security policy related information to a resource link)  (i.e., as reasonably constructed a form of configured for allowing attachment and [0005]-[0006] - issue an authentication token (i.e., form of an attachment of the interface record) for use by an instance of the resource to use in related requests to other resources);
attach the interface record to a resource instance... wherein the at least one of the one or more [security policy related information] is provided to the network-accessible service as a [security policy related information] for authentication of the resource instance (Gbadegesin, FIG. 3 – Associating at least one security policy with a resource → Attaching security policy related information to a resource link → Inspecting the rouse link for the security policy related information to determine the security rudiment of the resource and [0005]-[0006] - issue an authentication token for use by an instance of the resource to use in related requests to other resources and [0041] and [0047]-[0048] - At block 310, security policy-related information may be attached to a resource link used to traverse to the resource. The security policy-related information may correspond to the one or more security policies attached to the resource. The security policy-related information may be an authorization token link 238 identifying a second resource from which the authorization token is retrievable. At block 312, security policy information attached to the resource link, e.g. an authorization token link 238, may be inspected to determine a security requirement for the resource).
Therefore, it would have been obvious at the time the invention was made to combine the teachings of Gbadegesin to the system of Dhawan to include assign an interface record to a (Gbadegesin, [0008]).

Regarding Claim 26, and similarly Claim 33 and 40;
Dhawan and Gbadegesin disclose the system to Claim 25.
Dhawan further discloses wherein the one or more security properties are configured to allow a client to request an attachment of the interface record to another resource instance ([0019] - a user specifies which payload should be secured and needs to be sent to particular hosts. A special carrier virtual machine (VM) is created that can transfer the payload to its predetermined destination host(s). VM migration and/or routing tables are built in the carrier VM, which determine which hosts will be participating), and wherein the one or more computers are configured to: attach the interface record to the other resource instance (FIG. 5A-B and [0074] - a user specifies data residing within local storage 608 that is to be secured and then transferred to a predetermined participating destination host (e.g., participating host `2`). A carrier virtual machine `C` 626, residing on participating physical host `1` 604, is created and VM routing tables are created which may also include routing, event tree, and security information regarding individual physical or virtual network hops between two endpoints as described in more detail hereinabove); wherein the other resource instance is enabled to transmit network messages from the at least one IP address using one or more network interfaces associated with the other resource instance (FIG. 5a – Carrier Virtual Machine and Routing and Policy Wrapper and FIG. 5B and [0048]-[0049] – managing originating and terminating network addresses and [0050] -  Furthermore, virtual machine monitor 116 can interact with routing and policy wrapper 508 to access information contained by predetermined routing table 506 and/or VM packet management 504 to facilitate the secure transfer of data across a network environment); wherein the at least one of the one or more IP addresses is provided ... as a source IP address ...  of the resource instance (FIG. 5a – Carrier Virtual Machine and Routing and Policy Wrapper and [0048]-[0049] – managing originating and terminating network addresses and [0050] -  Furthermore, virtual machine monitor 116 can interact with routing and policy wrapper 508 to access information contained by predetermined routing table 506 and/or VM packet management 504 to facilitate the secure transfer of data across a network environment and [0053]-[0054]).

Regarding Claim 29, and similarly Claim 36 and 43;

Dhawan further discloses wherein the one or more computers are combined to: : provice... .the source IP address (FIG. 5a – Carrier Virtual Machine and Routing and Policy Wrapper and [0048]-[0049] – managing originating and terminating network addresses and [0050] -  Furthermore, virtual machine monitor 116 can interact with routing and policy wrapper 508 to access information contained by predetermined routing table 506 and/or VM packet management 504 to facilitate the secure transfer of data across a network environment and [0053]-[0054]).
Gbadegesin further teaches provide a request for service to the network-accessible service, wherein the request for service comprises the [security policy related information] (Gbadegesin, FIG. 3 – Associating at least one security policy with a resource → Attaching security policy related information to a resource link → Inspecting the rouse link for the security policy related information to determine the security rudiment of the resource and [0005]-[0006] - issue an authentication token for use by an instance of the resource to use in related requests to other resources and [0041] and [0047]-[0048] - At block 310, security policy-related information may be attached to a resource link used to traverse to the resource. The security policy-related information may correspond to the one or more security policies attached to the resource. The security policy-related information may be an authorization token link 238 identifying a second resource from which the authorization token is retrievable. At block 312, security policy information attached to the resource link, e.g. an authorization token link 238, may be inspected to determine a security requirement for the resource).
Similar motivation is used to combine as noted, supra.

Regarding Claim 38;
Dhawan and Gbadegesin disclose the method to Claim 32.
Dhawan further discloses implement[ing] at a respective resource instance; and initiating one or more operations associated ... based on use of one or more of the IP addresses by the resource instance (FIG. 5a – Carrier Virtual Machine and Routing and Policy Wrapper and [0048]-[0049] – managing originating and terminating network addresses and [0050] -  Furthermore, virtual machine monitor 116 can interact with routing and policy wrapper 508 to access information contained by predetermined routing table 506 and/or VM packet management 504 to facilitate the secure transfer of data across a network environment);
Gbadegesin further teaches further comprising: assigning the interface record to one or more additional network-accessible services, wherein at least a portion of each of the additional network-accessible services is implemented at a respective resource instance (Gbadegesin, [0005]-[0006] - issue an authentication token (i.e., form of an attachment of the interface record) for use by an instance of the resource to use in related requests to other resources and [0029]-[0030] - The cloud-based services platform, or simply, the computing cloud 204, may include a number of resources that are navigable by links or references. For example, in FIG. 2, resources include R0 212, R1 214, R2 216, R3 218, and R4 220. The resources may each have an associated security policy P1 222, P2 224, or more (not depicted)); and initiating one or more operations associated with each of the one or more additional network-accessible services based on use .... by the resource instance (Gbadegesin, FIG. 3 – Associating at least one security policy with a resource → Attaching security policy related information to a resource link → Inspecting the rouse link for the security policy related information to determine the security rudiment of the resource and [0005]-[0006] - issue an authentication token for use by an instance of the resource to use in related requests to other resources and [0041] and [0047]-[0048] - At block 310, security policy-related information may be attached to a resource link used to traverse to the resource. The security policy-related information may correspond to the one or more security policies attached to the resource. The security policy-related information may be an authorization token link 238 identifying a second resource from which the authorization token is retrievable. At block 312, security policy information attached to the resource link, e.g. an authorization token link 238, may be inspected to determine a security requirement for the resource).
Similar motivation is used to combine as noted, supra.

Regarding Claim 44;
Dhawan and Gbadegesin disclose the medium to Claim 39.
Dhawan further discloses assign [an] interface record..., wherein the other interface record comprises one or more other IP addresses and one or more other security properties (FIG. 5a and [0048] – In an embodiment of the invention, predetermined routing table 506 can translate between physical network addresses and virtual network addresses as typically implemented in a virtual network (VNET) whether the VNET is implemented on a Local Area Network (LAN), a Wide Area Network (WAN) such as the Internet or a corporate intranet, or a combination of public and/or private network technologies and protocols. In an embodiment of the invention, predetermined routing table 506 may also include routing, event tree, and security information regarding individual physical or virtual network hops between two endpoints and [0049] – Routing and policy wrapper can provide network routing and policy environment... Furthermore, routing and policy wrapper 508 may provide additional control over hardware functionality, such as but not limited to, copying, or printing secured data encapsulated by the carrier virtual machine and [0050] -  Furthermore, virtual machine monitor 116 can interact with routing and policy wrapper 508 to access information contained by predetermined routing table 506 and/or VM packet management 504 to facilitate the secure transfer of data across a network environment);
Gbadegesin further wherein the instructions when executed on one or more processors: assign another interface record to the network-accessible service, wherein the other interface record comprises ...one or more other security properties; and (Gbadegesin, [0005]-[0006] - issue an authentication token (i.e., form of an attachment of the interface record) for use by an instance of the resource to use in related requests to other resources and [0029]-[0030] - The cloud-based services platform, or simply, the computing cloud 204, may include a number of resources that are navigable by links or references. For example, in FIG. 2, resources include R0 212, R1 214, R2 216, R3 218, and R4 220. The resources may each have an associated security policy P1 222, P2 224, or more (not depicted)); and configure the one or more other security properties to allow a client to request an attachment of the other interface record to another resource instance to enable access to the network-accessible service from the other resource instance (Gbadegesin, FIG. 3 – Associating at least one security policy with a resource → Attaching security policy related information to a resource link → Inspecting the rouse link for the security policy related information to determine the security rudiment of the resource and [0005]-[0006] - issue an authentication token for use by an instance of the resource to use in related requests to other resources and [0041] and [0047]-[0048] - At block 310, security policy-related information may be attached to a resource link used to traverse to the resource. The security policy-related information may correspond to the one or more security policies attached to the resource. The security policy-related information may be an authorization token link 238 identifying a second resource from which the authorization token is retrievable. At block 312, security policy information attached to the resource link, e.g. an authorization token link 238, may be inspected to determine a security requirement for the resource).
Similar motivation is used to combine as noted, supra.

Claim(s) 27, 28, 34, 35, 41, and 42  is/are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Dhawan et al. (US 2007/0079307 A1) in view of Gbadegesin et al. (US 2009/0228967 A1) and further in view of Yamuna et al. (US 2012/0131469 A1).

Regarding Claim 27, and similarly Claim 34 and 41;
Dhawan and Gbadegesin disclose the system to Claim 25.
Dhawan further teaches wherein the one or more security properties are configured [for the interface record assigned the resource instance] to: ... transmitting network messages from the at least one IP address(FIG. 5a – Carrier Virtual Machine and Routing and Policy Wrapper and [0048]-[0049] – managing originating and terminating network addresses and [0050] -  Furthermore, virtual machine monitor 116 can interact with routing and policy wrapper 508 to access information contained by predetermined routing table 506 and/or VM packet management 504 to facilitate the secure transfer of data across a network environment and [0053]-[0054]).
Dhawan and Gbadegesin fail to disclose wherein the one or more security properties are configured to allow a client to request a detachment of the interface record from the resource 
However, in an analogues art, Yamuna wherein the one or more security properties are configured to allow a client to request a detachment of the interface record from the resource instance (Yamuna, [0048] - The policy manager user interface 134 may also provide features for deleting policy-subject associations by detaching selected policies (i.e., interface record) from selected subjects (i.e., resource instance), and updating policy-subject associations, e.g., by detaching a selected policy from a selected subject and attaching a different selected policy to the subject) and wherein the one or more computers are configured to: detach the interface record from the resource instance, wherein the resource instance is disabled from... (Yamuna, [0034] - The security policies attached to the Service(s) of a component apply to interactions in which other components invoke (e.g., send messages to) the component. The security policies attached to the Reference(s) of a component apply to interactions in which the component invokes (e.g., sends messages) to another component (i.e., as reasonably constructed if not invoke due to a security policy it would be not invoked (e.g. disabled)) and [0048] - The policy manager user interface 134 may also provide features for deleting policy-subject associations by detaching selected policies (i.e., interface record) from selected subjects (i.e., resource instance), and updating policy-subject associations, e.g., by detaching a selected policy from a selected subject and attaching a different selected policy to the subject).
Therefore, it would have been obvious at the time the invention was made to combine the teachings of Yamuna to the system of Dhawan and Gbadegesin to include wherein the one or more security properties are configured to allow a client to request a detachment of the interface record from the resource instance, and wherein the one or more computers are configured to: (Yamuna, [0008]).

Regarding Claim 28, and similarly Claim 35 and 42;
Dhawan and Gbadegesin disclose the system to Claim 25.
Dhawan further teaches wherein the one or more security properties are configured [for the interface record assigned the resource instance] to: ... transmitting network messages from the at least one IP address(FIG. 5a – Carrier Virtual Machine and Routing and Policy Wrapper and [0048]-[0049] – managing originating and terminating network addresses and [0050] -  Furthermore, virtual machine monitor 116 can interact with routing and policy wrapper 508 to access information contained by predetermined routing table 506 and/or VM packet management 504 to facilitate the secure transfer of data across a network environment and [0053]-[0054]).

However, in an analogues art, Yamuna teaches wherein the one or more security properties are configured to allow a client to request the attachment of the interface record to the resource instance (Yamuna, [0048] - The policy manager user interface 134 may also provide features for deleting policy-subject associations by detaching selected from selected subjects, and updating policy-subject associations, e.g., by detaching a selected policy from a selected subject and attaching a different selected policy (i.e., interface record) to the subject (i.e., resource instance), and wherein the one or more computers are configured to: attach the interface record to the resource instance in response to receiving a request from the client to attach the interface record to the resource instance (Yamuna, [0048] - The policy manager user interface 134 may also provide features for deleting policy-subject associations by detaching selected from selected subjects, and updating policy-subject associations, e.g., by detaching a selected policy from a selected subject and attaching a different selected policy (i.e., interface record) to the subject (i.e., resource instance),
Therefore, it would have been obvious at the time the invention was made to combine the teachings of Yamuna to the system of Dhawan and Gbadegesin to include wherein the one or more security properties are configured to allow a client to request a detachment of the interface record from the resource instance, and wherein the one or more computers are configured to: detach the interface record from the resource instance, wherein the resource instance is disabled (Yamuna, [0008]).

Claim(s) 30 is/are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Dhawan et al. (US 2007/0079307 A1) in view of Gbadegesin et al. (US 2009/0228967 A1) and further in view of Ferris (US 2010/0131649 A1).

Regarding Claim 30;
Dhawan and Gbadegesin disclose the system to Claim 25.
Dhawan and Gbadegesin further disclose and/or teach wherein to attach the interface record to a resource instance... (Dhawan, FIG. 5a – Carrier Virtual Machine and Routing and Policy Wrapper and/or Gbadegesin, FIG. 3)
Dhawan and Gbadegesin fail to disclose ...the one or more computers are configured to: receive, from a client, a selection of the resource instance from among a plurality of available resource instances allocated to the client.
 (Ferris, [0028] - In embodiments, the cloud management system 104 can further store, track and manage a user's identity and associated set of rights or entitlements to software, hardware, and other resources. Each user that populates a set of virtual machines in the cloud can have specific rights and resources assigned and made available to them).
Therefore, it would have been obvious at the time the invention was made to combine the teachings of Ferris to the system of Dhawan and Gbadegesin to include ...the one or more computers are configured to: receive, from a client, a selection of the resource instance from among a plurality of available resource instances allocated to the client.  One would have been motivated to combine the teachings of to provide users with a means for instantiation or update ...to a cloud based network (Ferris, [0001]).

Claim(s) 31 is/are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Dhawan et al. (US 2007/0079307 A1) in view of Gbadegesin et al. (US 2009/0228967 A1) and further in view of Lal et al. (US 7,089,594 B2).

Regarding Claim 31;
Dhawan and Gbadegesin disclose the system to Claim 25.
Gbadegesin wherein the interface record comprises an indication ... for the network-accessible service, and wherein the one or more computers are configured to: verify validity... (Gbadegesin, FIG. 3 – Associating at least one security policy with a resource → Attaching security policy related information to a resource link → Inspecting the rouse link for the security policy related information to determine the security rudiment of the resource and [0041] and [0047]-[0048] - At block 310, security policy-related information may be attached to a resource link used to traverse to the resource. The security policy-related information may correspond to the one or more security policies attached to the resource. The security policy-related information may be an authorization token link 238 identifying a second resource from which the authorization token is retrievable. At block 312, security policy information attached to the resource link, e.g. an authorization token link 238, may be inspected to determine a security requirement for the resource).
Dhawan and Gbadegesin fail to disclose wherein the interface record comprises an indication of a license for the ... service, and wherein the one or more computers are configured to: verify validity of the license.
However, in an analogous art, Lal teaches wherein the interface record comprises an indication of a license for the ... service, and wherein the one or more computers are configured to: verify validity of the license (Lal, col. 7, lines 1-14 - In effect, DRM Packager 110 is responsible for generating a container, which is a digital wrapper around the digital content. Hence, the container consists of the digital content and optional digital rights that govern the usage (i.e., validation)  of the digital content. The container enforces the digital on mobile device 106. The set of digital rights associated with the digital content is a license and col. 8, lines 7-37).
Therefore, it would have been obvious at the time the invention was made to combine the teachings of Lal to the system of Dhawan and Gbadegesin to include ... wherein the interface record comprises an indication of a license for the ... service, and wherein the one or more (Lal, col. 1, lines 5-10).

Claim(s) 37 is/are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Dhawan et al. (US 2007/0079307 A1) in view of Gbadegesin et al. (US 2009/0228967 A1) and further in view of Beresnevichiene et al. (US 2005/0060568 A1).

Regarding Claim 37;
Dhawan and Gbadegesin disclose the system to Claim 25.
Dhawan and Gbadegesin further disclose and/or teach wherein ...the interface record is attached to the resource (Dhawan, FIG. 5a – Carrier Virtual Machine and Routing and Policy Wrapper and/or Gbadegesin, FIG. 3)

However, in an analogues art, Beresnevichiene teaches further comprising: determining a billing amount to be charged to a client for use of the network-accessible service based at least in part on: an amount of time ... (Beresnevichiene [0006] - The second type of wrapper is the invasive wrapper. Developers have to insert code into their products to launch the wrapper's user registration validation scheme. Each time the product is executed, the wrappers generate an appropriate billing. New selling models are possible, such as rental, try-before-you-buy and metered sales of software (i.e., as reaosnbly constructed renal is a charge based on an amount of item)), or an amount of time that has elapsed since ...was....
Therefore, it would have been obvious at the time the invention was made to combine the teachings of Beresnevichiene to the system of Dhawan and Gbadegesin to include further comprising: determining a billing amount to be charged to a client for use of the network-accessible service based at least in part on: an amount of time....  One would have been motivated to combine the teachings of to provide users with a means for new selling models (Beresnevichiene [0006]).

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159.  See MPEP §§ 706.02(l)(1) - 706.02(l)(3) for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
s 25, 32, and 39 is/are rejected on the ground of nonstatutory double patenting as being unpatentable over claim 1 of U.S. Patent No. 9,916,545 B1. Although the claims at issue are not identical, they are not patentably distinct from each other because claim 1 of U.S. Patent No. 9,916,545 B1 recites A system, comprising: one or more computers configured to implement: a plurality of resource instances, including a producer resource instance configured to implement at least a portion of a network-accessible service; and an authentication coordinator; wherein the authentication coordinator is configured to: assign an interface record to the network-accessible service, wherein the interface record comprises one or more Internet Protocol (IP) addresses and a set of security properties that control authorization of a client to request attachment of the interface record to a consumer resource instance, and wherein attachment of the interface record to the consumer resource instance enables the consumer resource instance to transmit network messages from the one or more IP addresses of the interface record; and configure one or more security properties of the set to allow a client to request an attachment of the interface record to a consumer resource instance distinct from said producer resource instance, wherein after the attachment is completed, the consumer resource instance is enabled to transmit network messages from the one or more IP addresses of the interface record using one or more physical network interfaces of the consumer resource instance; and wherein the producer resource instance is configured to: subsequent to receipt of a network message from the consumer resource instance, initiate one or more authentication operations associated with the network-accessible service implemented by the producer resource instance, wherein an authentication operation includes use of an IP address of the message sender for the authentication operation, and wherein the IP address of the message sender is an IP address of the one or more IP addresses of the interface record. (emphasis added).  The examiner notes the noted features above (i.e., (emphasis added)) are features found to be substantially similar and/or obvious variants to that claimed in claims 25, 32, and 39 of the Instant Application.  
Regarding 26-31, 33-38, and 40-44, claims 26-31, 33-38, and 40-44d epend from independent claim 25, 32, and 39 respectively and inherit the Double Patenting rejection.


Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ASFAND M SHEIKH whose telephone number is (571)272-1466.  The examiner can normally be reached on M-F: 9a-5:30p (MDT).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Florian (Ryan) M Zeender can be reached on (571)272-6790.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/ASFAND M SHEIKH/Primary Examiner, Art Unit 3627