Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Election/Restrictions
Applicant elects, without traverse, Group-1, comprising claims 1-8, for prosecution of this patent application in the reply filed on 03/02/2021 is acknowledged.
DETAILED ACTION
This office action is in response to the application 16/172,006 filed on 03/02/2021.
As per instant Amendment, Claims 1, 5 and 6 have been amended; claims 9-22 have been canceled and claims 23-36 have been added.
An Examiner’s Amendment to the record appears below.  Should the changes and/or additions be unacceptable to Applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this Examiner’s Amendment was given in a telephone interview with Applicant’s representative, Mrs. Agatha H. Liu (Reg. No. 65,323) on March 8th, 2021.  During the telephone conference, Mrs. Agatha has agreed and authorized the Examiner to amend claims 1 and 27 and to cancel claims 4 and 30. 
Information Disclosure Statement
The information disclosure statement (IDS), submitted on 03/12/2019, is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Claims
Replacing claims 1, 4, 27 and 30 as following:
1. (Currently Amended) A computer-implemented method of managing security services for one or more cloud computing platforms, comprising: 
receiving, by a main controller, a security policy from a client device, 
	the client device being associated with a set of computing applications hosted by one or more virtual clusters that are independent and private on one or more cloud computing platforms,
	the main controller residing outside the one or more virtual clusters,
	each of the one or more virtual clusters to be served by a security gateway system residing within the one or more cloud computing platforms,
the security policy indicating how threat intelligence data is to be applied to the set of computing applications with respect to a plurality of application scopes;
receiving application data from the client device,

the application data indicating, for the one application property of the specific computing application, a key and a corresponding value of the key, the key being defined by the client device or the cloud computing platform having the virtual cluster hosting the specific computing application,
the plurality of application properties corresponding to the plurality of application scopes, 
the one or more application properties including a functional attribute related to a function of the specific computing application,
obtaining a piece of threat intelligence data from a data source;
mapping the piece of threat intelligence data to the plurality of application scopes;
determining to which of the one or more security gateway systems to send the piece of threat intelligence data based on the security policy;
transmitting the piece of threat intelligence data to at least one of the one or more security gateway systems based on the determining.
4. (Canceled) 
27.  (Currently amended) (Currently Amended) One or more non-transitory computer-readable storage media storing sequences of instructions which when executed 
receiving, by a main controller, a security policy from a client device, 
	the client device being associated with a set of computing applications hosted by one or more virtual clusters that are independent and private on one or more cloud computing platforms,
	the main controller residing outside the one or more virtual clusters,
	each of the one or more virtual clusters to be served by a security gateway system residing within the one or more cloud computing platforms,
the security policy indicating how threat intelligence data is to be applied to the set of computing applications with respect to a plurality of application scopes;
receiving application data from the client device,
the application data indicating whether a specific computing application of the set of computing applications has one or more application properties of a plurality of application properties,
the application data indicating, for the one application property of the specific computing application, a key and a corresponding value of the key, the key being defined by the client device or the cloud computing platform having the virtual cluster hosting the specific computing application, 

the one or more application properties including a functional attribute related to a function of the specific computing application,
obtaining a piece of threat intelligence data from a data source;
mapping the piece of threat intelligence data to the plurality of application scopes;
determining to which of the one or more security gateway systems to send the piece of threat intelligence data based on the security policy;
transmitting the piece of threat intelligence data to at least one of the one or more security gateway systems based on the determining.
30. (Canceled) 
Allowable Subject Matter
Claims 1-3, 5-8, 23-29 and 31-36 are allowed in light of the Applicant’s amendments and in light of the prior art made of record.
The following is an examiner’s statement of reasons for allowance: 
As to claims 1-3, 5-8, 23-29 and 31-36, the closest prior arts, Zhao (US 2017/0250870), in view of Janakiraman (US 2020/0059492), in view of Fadida (US 2014/0075494), in view of Chuang (US 2017/0093675), in view of Bingram (US 2015/0215334) and further in view of Li (US 2012/0304277), alone or in combination fails to anticipate or render obvious the claim invention.  
Zhoa (Prior art) discloses a virtual network policy configuration method and system, and a virtual network element and a network administration system thereof. The virtual network element includes: a receiving module, configured to receive policy configuration information; and a processing module, configured to perform service control according to the policy configuration information received by the receiving module.
Janakiraman (Prior art) discloses deploying a cluster of policy agents on a virtual private cloud that interconnects a plurality of virtual private clouds, the virtual private cloud and the plurality of virtual private clouds residing in a cloud associated with a multi-cloud fabric.
Fadida (Prior art) discloses maintaining the security of computing systems in virtual operating environments to increase security in a cloud computing environment. By grouping systems with similar security levels in a single cluster, the security of the virtual machines within the cluster may be managed more effectively and/or efficiently.
Chuang (Prior art) discloses a system that can fully manage individual virtual security appliance (such as IPS or IDS) components in a cloud environment while introducing minimal overheads and route flows first through a protocol identifier to determine the traffic type and then through an inspector to check for potential threats, with any events or incidents found passed to an event handler which can then be used in accordance with security policies to initiate actions in response to the possible threats.

Li (Prior art) discloses system, comprising a network security gateway appliance associated with an enterprise or other network and communicatively coupled to a cluster of security gateway appliances instantiated as a cloud-based service, wherein said cluster of security gateway appliances is configured to provide specified services to said enterprise or other network via said security gateway appliance, said services comprising some or all of data loss protection, anti-virus/anti-malware scanning and policy enforcement, dynamic real time rating of content sources, security services, network acceleration, and other policy based services.
However, none of Zhoa, Janakiraman, Fadida, Chuang, Bingram and Li, teaches or suggests, alone or in combination, the particular combination of steps or elements as recited in the independent claims, 1 and 27.  For example, none of the cited prior art teaches or suggest the steps of receiving, by a main controller, a security policy from a client device, the main controller residing outside the one or more virtual clusters; the security policy indicating how threat intelligence data is to be applied to the set of computing applications with respect to a plurality of application scopes; receiving application data from the client device, the application data indicating whether a specific computing application of the set of computing applications has one or more application properties of a plurality of application properties, the application data indicating, for the one application property of the specific computing application, a key and a corresponding value of the key, the key being defined by the client device or the cloud computing platform having the virtual cluster hosting the specific computing application; obtaining a piece of threat intelligence data from a data source; mapping the piece of threat intelligence data to the plurality of application scopes; determining to which of the one or more security gateway systems to send the piece of threat intelligence data based on the security policy and transmitting the piece of threat intelligence data to at least one of the one or more security gateway systems based on the determining.
These limitations, in conjunction with all other limitations, has not been disclosed, suggested or made obvious over the prior art of record either taken by itself or in any combination, would have anticipated or made obvious the invention of the present application at or before the time it was filed.  For these reasons, as well as the other limitations and in the light of amendments to the claims of the independent claims, puts these claims in condition for allowance.
Claims 2-3, 5-8, 23-26, 28-29 and 31-36 are directly or indirectly dependent upon claims 1 and 27 therefore, they are also allowable over the prior arts of record.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SANCHIT K SARKER whose telephone number is (571)270-7907.  The examiner can normally be reached on M-F 8:30 AM-5:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, FARID HOMAYOUNMEHR can be reached on 571-272-3739.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/SANCHIT K SARKER/Examiner, Art Unit 2495    

/FARID HOMAYOUNMEHR/Supervisory Patent Examiner, Art Unit 2495