DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

This action is responsive to communication filed 1/4/2021.
Claims 1-2, 4-6, 8, 11-13 and 16-19 are presented for examination.

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in a telephone interview with Patrick J. Buckley (Reg. NO# 40928) on 3/4/2021.

Please amend the following claims:
1. A system associated with a cloud computing environment, comprising:
a cloud resource credential management system that is separate from a hypervisor running a virtual machine, associated with a cloud orchestrator, provisioned as part of [[a]] deploying the virtual machine in the hypervisor the application to be executed in connection with the the hypervisor external to the virtual machine executing the application 
the cloud resource credential provisioning system to:
(i) intercept a cloud resource call from the application to a cloud resource provider,
(ii) validate that the cloud resource call complies with the cloud resource policy, and
(iii) if the cloud resource call complies with the cloud resource policy, extend the cloud resource call with the cloud resource credential and forward the extended cloud resource call to the cloud resource provider.

13. A computer-implemented method associated with a cloud computing environment, comprising:
provisioning a cloud resource credential management system that is separate from a hypervisor running a virtual machine, associated with a cloud orchestrator, as part of [[a]] deploying the virtual machine in the hypervisor;
accessing, by the cloud resource credential management system, information associated with an application or a service configuration file;
establishing, by the cloud resource credential management system, a cloud resource credential provisioning system external to [[an]] the application to be executed in connection with the virtual machine, wherein the cloud resource credential provisioning system executes in the hypervisor external to the virtual machine executing the application 
intercepting, by the cloud resource credential provisioning system, a cloud resource call from the application to a cloud resource provider, wherein the cloud resource call is associated with a virtual Internet Protocol (“IP”) attachment;
validating, by the cloud resource credential provisioning system, that the cloud resource call complies with the cloud resource policy; and
if the cloud resource call complies with the cloud resource policy, extending, by the cloud resource credential provisioning system, the cloud resource call with the cloud resource credential and forward the extended cloud resource call to the cloud resource provider.

19. A non-transitory, computer readable medium having executable instructions stored therein, the medium comprising:
instruction to provision a cloud resource credential management system that is separate from a hypervisor running a virtual machine, associated with a cloud orchestrator, as part of [[a]] deploying the virtual machine in the hypervisor;
instruction to access, by the cloud resource credential management system, information associated with an application or a service configuration file;
instruction to establish, by the cloud resource credential management system, a cloud resource credential provisioning system external to [[an]] the application to be executed in connection with the virtual machine, wherein the cloud resource credential provisioning system (1) executes in the hypervisor external to the virtual machine 
instruction to intercept, by the cloud resource credential provisioning system, a cloud resource call from the application to a cloud resource provider;
instruction to validate, by the cloud resource credential provisioning system, that the cloud resource call complies with the cloud resource policy; and
if the cloud resource call complies with the cloud resource policy, instruction to extend, by the cloud resource credential provisioning system, the cloud resource call with the cloud resource credential and forward the extended cloud resource call to the cloud resource provider.

REASONS FOR ALLOWANCE
The following is an examiner’s statement of reasons for allowance:

Claims 1-2, 4-6, 8, 11-13 and 16-19  are allowable over the prior art of record because the Examiner found neither prior art cited in its entirety, nor based on the prior art, found any motivation to combine any of the said prior arts.

As per independent Claims 1, 13 and 19, the primary reason for allowance is “a cloud resource credential management system that is separate from a hypervisor running a virtual machine, associated with a cloud orchestrator, provisioned as part of deploying the virtual machine in the hypervisor to access information associated with an application or a service configuration file and establish a cloud resource credential provisioning system external to the the hypervisor external to the virtual machine executing the application and maps a cloud resource policy and a cloud resource credential” in conjunction with the rest of the limitations at claims.

The previous cited prior art reference Clothier et al. (US PGPUB 20150074183 A1) discloses: a hypervisor as claimed resource credential management system to run/establish interception management system 108, i.e., claimed cloud resource credential provisioning system (see [0031]), wherein such interception management system intercepts and forward API requests to a remote cloud server for satisfying the API requests (see Figs 1-2 and [0031]-[0032]. Also see [0002] and [0024]). The previous cited prior art reference Malakapalli et al. (US PGPUB 2013018998 A1) discloses: a hypervisor can be provisioned as part of virtual machine deployment during deploying a virtual machine (see [0046]). Thereby, the combination of these two references would disclose concept of provisioning resource credential management system as part of VM deployment during deploying a virtual machine. However, the resource credential management system from such combination is same component as the hypervisor of the such combination while the claimed invention requires these two components are two separate and distinct components.

The followings are some new found prior art references.
Ylonen (US PGPUB 20150222604 A1) discloses: management system credentials are installed on a new virtual machine before booting it or during the early stages of its boot/self-configuration process (see [0225]). 

Nirwal (US PGPUB 20180145955 A1) discloses: a storage solution that can be provisioned during virtual machine provisioning operations (see [0039]).
Madden (US PGPUB 20180359323 A1) discloses: outputting an IP-VPN or other virtual network attachment request (see [0071]).
Beser (US Patent 6331987 B1) discloses: establishing a virtual IP connection in response to receiving a message (see lines 31-37 of col. 9).
Mann et al. (US PGPUB 20130097325 A1) discloses: creating a virtual IP-CAN session in response to receiving a message (see [0009]).
Reddy et al. (US PGPUB 20160330230 A1) discloses: a client sends a request to a virtual server having virtual IP address (see [0257]).

However, none of the new found prior art references teaches concept of a component that separates from a hypervisor establishes/creates/runs credential verification components is provisioned during deploying a virtual machine runs on the hypervisor.

The remaining claims, not specifically mentioned, are allowed because they are dependent upon the claims mentioned above.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue 

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZHI CHEN whose telephone number is (571)272-0805.  The examiner can normally be reached on Monday-Friday 9:30AM-5PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Emerson Puente can be reached on (571)272-3652.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/Zhi Chen/
Patent Examiner, AU2196

/EMERSON C PUENTE/Supervisory Patent Examiner, Art Unit 2196