DETAILED ACTION


1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

2.	Claims 2-24 are pending.  Claims 2, 14 and 24 are independent claims.

3.	Three IDS’es submitted on 4/20/2020, 9/15/2020, and 3/4/2021 have been considered.  

Invoking 35 USC § 112 (f)
4.	As regarding claim 24, claim limitation “means for establishing a secure channel …” has been interpreted under 35 U.S.C. 112(f) or 35 U.S.C. 112 (pre-AIA ), sixth paragraph, because it uses a non-structural term “means” coupled with functional language “for establishing” without reciting sufficient structure to achieve the function.  Furthermore, the non-structural term is not preceded by a structural modifier; 

5.	Similarly, claim limitation “means for communicating, via the secure channel, key data …” has been interpreted under 35 U.S.C. 112(f) or 35 U.S.C. 112 (pre-AIA ), sixth paragraph, because it uses a non-structural term “means” coupled with functional language “for communicating” without reciting sufficient structure to achieve the function.  Furthermore, the non-structural term is not preceded by a structural modifier; 

means for activating, via a cloud operating system, the at least one appliance …” has been interpreted under 35 U.S.C. 112(f) or 35 U.S.C. 112 (pre-AIA ), sixth paragraph, because it uses a non-structural term “means” coupled with functional language “for activating” without reciting sufficient structure to achieve the function.  Furthermore, the non-structural term is not preceded by a structural modifier.

7.	Since this claim limitation invokes 35 U.S.C. 112(f) or 35 U.S.C. 112 (pre-AIA ), sixth paragraph, claim 1 interpreted to cover the corresponding structure described in the specification that achieves the claimed function, and equivalents thereof.  
If applicant wishes to provide further explanation or dispute the examiner’s interpretation of the corresponding structure, applicant must identify the corresponding structure with reference to the specification by page and line number, and to the drawing, if any, by reference characters in response to this Office action. 
If applicant does not wish to have the claim limitation treated under 35 U.S.C. 112(f) or 35 U.S.C. 112 (pre-AIA ), sixth paragraph, applicant may amend the claim so that it will clearly not invoke 35 U.S.C. 112(f) or 35 U.S.C. 112 (pre-AIA ), sixth paragraph, or present a sufficient showing that the claim recites sufficient structure, material, or acts for performing the claimed function to preclude application of 35 U.S.C. 112(f) or 35 U.S.C. 112 (pre-AIA ), sixth paragraph.
For more information, see MPEP § 2173 et seq. and Supplementary Examination Guidelines for Determining Compliance with 35 U.S.C. § 112 and for Treatment of Related Issues in Patent Applications, 76 FR 7162, 7167 (Feb. 9, 2011).

Claim Rejections - 35 USC § 112
8.	The following is a quotation of 35 U.S.C. 112(b):

(B)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. 

9.	Claim 24 is rejected under 35 U.S.C. 112(b).  Independent claim 24 recites limitation “means for establishing a secure channel …”, “means for communicating, via the secure channel, key data …”, and “means for activating, via a cloud operating system, the at least one appliance …”; these limitations invoke 35 U.S.C. 112(f) or 35 U.S.C. 112 (pre-AIA ), sixth paragraph. However, the written description fails to disclose the corresponding structures, material, or acts for the claimed functions.  Therefore, independent claim 24 is rejected under 35 U.S.C. 112(b).

Applicant may:
(a)	Amend the claim so that the claim limitation will no longer be interpreted as a limitation under 35 U.S.C. 112(f) or 35 U.S.C. 112 (pre-AIA ), sixth paragraph; or
(b)	Amend the written description of the specification such that it expressly recites what structure, material, or acts perform the claimed function, without introducing any new matter (35 U.S.C. 132(a)).
If applicant is of the opinion that the written description of the specification already implicitly or inherently discloses the corresponding structure, material, or acts so that one of ordinary skill in the art would recognize what structure, material, or acts perform the claimed function, applicant should clarify the record by either:

(b)	Stating on the record what the corresponding structure, material, or acts, which are implicitly or inherently set forth in the written description of the specification, perform the claimed function. For more information, see 37 CFR 1.75(d) and MPEP §§ 608.01(o) and 2181.

10.	The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

11.	Claims 2-24 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. Independent claim 2, similarly independent claims 14 and 24, partially recites “establish a secure channel between security circuitry associated with the client host device and security circuitry associated with a remote license server, responsive to receipt by the client host device of a license request” (emphasis added).  The specification only have supports for establishing a secure channel responsive to receipt of a unique identifier [example 1 of page 11, example 9 of page 12, example 17 of page 13, example 25 of page 14], not a license request as recited in the claim.  Nowhere in the specification discloses “establish a secure channel between security circuitry associated with the client host device and security circuitry associated with a remote license server, responsive to receipt by the client host device of a license request” are recited in the independent claim 2, and similarly in independent claims 14 and 24.  Accordingly, dependent claims 3-13 and 15-23 are also rejected based on their dependency of the rejected claims 2 and 14, respectively.  

Claim Rejections - 35 USC § 103
12.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


13.	Claims 2-24 are rejected under 35 U.S.C. 103 as being unpatentable over Cureton (US PG Pub. 2014/0189346) in view of Coley (US PG Pub. 2005/0251490).
	As regarding claim 2, Cureton discloses A non-transitory storage device that includes instructions that, when executed by a client host device, cause processor circuitry in the client host device to: 
	establish a secure channel between security circuitry associated with the client host device and security circuitry associated with a remote license server, responsive to receipt by the client host device of a license request including license data associated with at least one appliance communicatively coupled to the client-host device [para. 6-7 and 16-17; creating SSH tunnel upon request]; 
communicate, via the secure channel, key data associated with the client host device security circuitry and license data associated with the at least one appliance to the remote license server security circuitry [para. 33; communicating data/messages/request via the secure channel]; and 
Cureton does not disclose the host device configured to activate, via a cloud operating system, the at least one appliance responsive to receipt by the client host device of a communication via the secure channel from the remote license server security circuitry, the communication including information indicative of a validity of the license data associated with the appliance.  However, Coley discloses it [para. 24-25, 31, and 46-47; enabling software application if the license is valid].   
It would have been obvious to one of ordinary skill in the art at the time of filing of the invention to modify Cureton's security device to further include the missing claim features, as disclosed by Coley, to provide validation of the license.

As regarding claim 3, Cureton further discloses The non-transitory storage device of claim 2 wherein the instructions that cause the processor circuitry to communicate the key data from the client-host device security circuitry and the license data from the at least one appliance to the remote license server security circuitry further cause the processor circuitry to: communicate key data that includes information representative of a unique data value stored in software guard extension (SGX) circuitry associated with the client-host device and the license data from the at least one appliance to the remote license server security circuitry [para. 33; communicating data/messages/request via the secure channel].  

As regarding claim 4, Cureton further discloses The non-transitory storage device of claim 2 wherein the instructions that cause the processor circuitry to communicate the key data from the client-host device security circuitry and the license data from the at least one appliance to the remote license server security circuitry further cause the processor circuitry to: communicate key data that includes information representative of a unique data value stored in trusted execution environment (TEE) circuitry associated with the client-host device and the license data from the at least appliance to the remote license server security circuitry [para. 33; communicating data/messages/request via the secure channel].  

As regarding claim 5, Coley further discloses The non-transitory storage device of claim 2 wherein the instructions that cause the processor circuitry to communicate the key data from the client-host device security circuitry and the license data from the at least one appliance to the remote license server security circuitry further cause the processor circuitry to: communicate key data that includes information representative of a unique data value generated using random number generation circuitry associated with the client host device and the license data from the at least one appliance to the remote license server security circuitry [para. 97; key being generated with a random number].  

As regarding claim 6, Cureton further discloses The non-transitory storage device of claim 2 wherein the instructions that cause the processor circuitry to communicate the key data from the client-host device security circuitry and the license data from the at least one appliance to the remote license server security circuitry further cause the processor circuitry to: communicate key data that includes information representative of a unique data value generated using secure clock circuitry associated with the client-host device and the license data from the at least one appliance to the remote license server security circuitry [para. 33; communicating data/messages/request via the secure channel].  

As regarding claim 7, Cureton further discloses The method of claim 6 wherein the instructions that cause the processor circuitry to communicate the key data that includes the information representative of the unique data value generated using the secure clock circuitry and the license data from the at least one appliance to the remote license server security circuitry further cause the processor circuitry to: communicate key data to the remote license server security circuitry that includes information representative of a unique data value generated using the license data associated with the at least one appliance and one or more of:  3data representative of a media access control (MAC) address associated with the client-host device; data representative of a client host device name associated with the client-host device; data representative of a client host device IP address associated with the client-host device; and data representative of metadata associated with the client-host device [para. 33; communicating data/messages/request via the secure channel].  

As regarding claim 8, Cureton further discloses The non-transitory storage device of claim 2 wherein the instructions that cause the processor circuitry to establish the secure connection between the security circuitry associated with the client-host device and the security circuitry associated with the remote license server further cause the processor circuitry to: establish a secure connection between security circuitry associated with a virtual machine implemented by the client-host device and security circuitry associated with a remote license server [para. 6-7 and 16-17; creating SSH tunnel upon request].  

As regarding claim 9, Cureton further discloses The non-transitory storage device of claim 2 wherein the instructions that cause the processor circuitry to communicate the key data associated with the client-host device security circuitry and the license data associated with the at least one appliance to the remote license server security circuitry further cause the processor circuitry to: communicate, at each of a plurality of temporal intervals, the key data associated with the client-host device security circuitry and license data associated with the at least one appliance to the remote license server security circuitry [para. 33; communicating data/messages/request via the secure channel].  

As regarding claim 10, Cureton further discloses The non-transitory storage device of claim 2 wherein the instructions that cause the processor circuitry to communicate the key data associated with the client-host device security circuitry and the license data associated with the at least one appliance to the remote license server security circuitry further cause the processor circuitry to: communicate, on an event-driven basis, key data associated with the client-host device security circuitry and license data associated with the at least one appliance to the remote license server security circuitry [para. 33; communicating data/messages/request via the secure channel].  

As regarding claim 11, Cureton further discloses The non-transitory storage device of claim 2 wherein the instructions that cause the processor circuitry to establish a secure channel between security circuitry associated with the client-host device and security circuitry associated with a remote license server, responsive to receipt by the client-host device of a license request including license data associated with at least one appliance communicatively coupled to the client-host device further cause the processor circuitry to: establish a secure channel between security circuitry associated with the client host device and security circuitry associated with a remote license server, responsive to receipt by the client host device of a license request including respective license data associated with each of a plurality of appliances communicatively coupled to the client-host device [para. 6-7 and 16-17; creating SSH tunnel upon request].  

As regarding claim 12, Cureton further discloses The non-transitory storage device of claim 2 wherein the instructions that cause the processor circuitry to establish a secure channel between security circuitry associated with the client host device and security circuitry associated with a remote license server, responsive to receipt by the client host device of a license request including respective license data associated with each of a plurality of appliances communicatively coupled to the client-host device further cause the processor circuitry to: establish a secure channel between security circuitry associated with the client host device and security circuitry associated with a remote license server, responsive to receipt by the client host device of a license request including respective license data associated with each of a plurality of cloned appliances communicatively coupled to the client-host device [para. 6-7 and 16-17; creating SSH tunnel upon request].  

As regarding claim 13, Cureton further discloses The non-transitory storage device of claim 2 wherein the instructions that cause the processor circuitry to establish a secure channel between security circuitry associated with the client-host device and security circuitry associated with a remote license server, responsive to receipt by the client-host device of a license request including license data associated with at least one appliance communicatively coupled to the client-host device further cause the processor circuitry to: establish a secure channel between security circuitry associated with the client-host device and security circuitry associated with a remote license server, responsive to receipt by the 5client-host device of a license request including license data associated with at least one virtual network function hosted by the client-host device [para. 6-7 and 16-17; creating SSH tunnel upon request].  

As regarding claim 14, Cureton and Coley disclose A method of validating at least one appliance, comprising: 
establishing, by a client-host device, a secure channel between security circuitry associated with the client host device and security circuitry associated with a remote license server, responsive to receipt by the client host device of a license request including license data associated with at least one appliance communicatively coupled to the client-host device [Cureton para. 6-7 and 16-17; creating SSH tunnel upon request]; 
communicating, by a client-host device via the secure channel, key data associated with the client host device security circuitry and license data associated with the at least one appliance to the remote license server security circuitry [Cureton para. 33; communicating data/messages/request via the secure channel]; and 
activating, by a client-host device via a cloud operating system, the at least one appliance responsive to receipt by the client host device of a communication via the secure channel from the remote license server security circuitry, the communication including information indicative of a validity of the license data associated with the appliance [Coley para. 24-25, 31, and 46-47; enabling software application if the license is valid].  

As regarding claim 15, Cureton further discloses The method of claim 14 wherein communicating the key data associated with the client-host device security circuitry and the license data associated with the at least one appliance to the remote license server security circuitry further comprises: communicating, by the client-host device via the secure channel, key data that includes information representative of a unique data value stored in software guard extension (SGX) circuitry associated with the client-host device and the license data from the at least one appliance to the remote license server security circuitry [para. 33; communicating data/messages/request via the secure channel].  

As regarding claim 16, Cureton further discloses The method of claim 14 wherein communicating, via the secure channel, the key data associated with the client-host device security circuitry and the license data associated with the at least one appliance to the remote license server security circuitry further comprises: communicating, by the client-host device via the secure channel, key data that includes information representative of a unique data value stored in trusted execution environment (TEE) 6circuitry associated with the client-host device and the license data associated with the at least one appliance to the remote license server security circuitry [para. 33; communicating data/messages/request via the secure channel].  

As regarding claim 17, Cureton further discloses The method of claim 14 wherein communicating, via the secure channel, the key data associated with the client-host device security circuitry and the license data associated with the at least one appliance to the remote license server security circuitry further comprises: communicating, by the client host device via the secure channel, key data that includes information representative of a unique data value generated using random number generation circuitry associated with the client-host device and the license data associated with the at least one appliance to the remote license server security circuitry [para. 33; communicating data/messages/request via the secure channel].  

As regarding claim 18, Cureton further discloses The method of claim 14 wherein communicating, via the secure channel, the key data associated with the client-host device security circuitry and the license data associated with the at least one appliance to the remote license server security circuitry further comprises: communicating, by the client host device via the secure channel, key data that includes information representative of a unique data value generated using secure clock circuitry associated with the client host device and the license data associated with the at least one appliance to the remote license server security circuitry [para. 33; communicating data/messages/request via the secure channel].  

As regarding claim 19, Cureton further discloses The method of claim 18 wherein communicating, via the secure channel, key data that includes information representative of the unique data value generated using secure clock circuitry associated with the client host device and the license data associated with the at least one appliance to the remote license server security circuitry further includes: communicating, by the client-host device via the secure channel, key data to the remote license server security circuitry that includes information representative of a unique data value generated using the license data associated with the at least one appliance and one or more of: data representative of a media access control (MAC) address associated with the client-host device; data representative of a client host device name associated with the client-host device;  7data representative of a client host device IP address associated with the client-host device; and data representative of metadata associated with the client-host device [para. 33; communicating data/messages/request via the secure channel].  

As regarding claim 20, Cureton further discloses The method of claim 14 wherein establishing a secure channel between security circuitry associated with the client-host device and security circuitry associated with a remote license server further comprises: establishing, by a virtual machine, the secure channel between the security circuitry associated with the virtual machine and the security circuitry associated with a remote license server [para. 6-7 and 16-17; creating SSH tunnel upon request].  
As regarding claim 21, Cureton further discloses The method of claim 14 wherein communicating key data, via the secure channel, associated with the client-host device security circuitry and license data associated with the at least one appliance to the remote license server security circuitry further comprises: communicating, by the client host device at each of a plurality of temporal intervals and via the secure channel, key data from the client host device security circuitry and license data from the appliance to the remote license server security circuitry [para. 33; communicating data/messages/request via the secure channel].  

As regarding claim 22, Cureton further discloses The method of claim 14 wherein communicating key data, via the secure channel, associated with the client-host device security circuitry and license data associated with the at least one appliance to the remote license server security circuitry further comprises: communicating, by the client-host device on an event-driven basis and via the secure channel, key data associated with the client host device security circuitry and license data associated with the at least one appliance to the remote license server security circuitry [para. 33; communicating data/messages/request via the secure channel].  

As regarding claim 3, Coley further discloses The method of claim 14 wherein activating the at least one appliance via a cloud operating system, the activation of the at least one appliance responsive to receipt by the client-host device of a communication via the secure channel from the remote license server security circuitry, the communication including information indicative of a validity of the license data associated with the at least one appliance further comprises:  8activating the at least one appliance responsive to receipt by the client host device of a communication from the remote license server security circuitry that includes information indicative a signature generated by the license server security circuitry that confirms the validity of the license data associated with the at least one appliance [para. 24-25, 31, and 46-47; enabling software application if the license is valid].  

As regarding claim 24, Cureton and Coley disclose A system for validating an appliance, comprising: 
means for establishing a secure channel between security circuitry associated with the client host device and security circuitry associated with a remote license server, responsive to receipt by the client host device of a license request including license data associated with at least one appliance communicatively coupled to the client-host device [Cureton para. 6-7 and 16-17; creating SSH tunnel upon request]; 
means for communicating, via the secure channel, key data associated with the client host device security circuitry and license data associated with the at least one appliance to the remote license server security circuitry [Cureton para. 33; communicating data/messages/request via the secure channel]; and 
means for activating, via a cloud operating system, the at least one appliance responsive to receipt by the client host device of a communication via the secure channel from the remote license server security circuitry, the communication including information indicative of a validity of the license data associated with the at least one appliance [Coley para. 24-25, 31, and 46-47; enabling software application if the license is valid].

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to THONG P TRUONG whose telephone number is (571)270-7905.  The examiner can normally be reached on M-F 8:30AM - 5:30PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on 57127267986798.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).  If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/THONG TRUONG/
Examiner, Art Unit 2433

/JEFFREY C PWU/Supervisory Patent Examiner, Art Unit 2433