DETAILED ACTION
The non-final office action is responsive to the RCE request filed on 03/01/2021. Claims 26-45 are pending; claims 26-45 are rejected.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 03/01/2021 has been entered.
 
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159.  See MPEP §§ 706.02(l)(1) - 706.02(l)(3) for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For 
Claims 26-45 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-23 of U.S. Patent No. 10,298,720 B1 (P720). Although the claims at issue are not identical, they are not patentably distinct from each other.

Claim 26 of the Instant Application
Claim 1 of P720
A system, comprising:
A system, comprising:
one or more computing devices of a provider network comprising respective processors and memory to implement a provider network service, wherein the provider network service is configured to, for individual clients of one or more clients of the provider network:
a provider network comprising a host device implementing a plurality of virtual machines (VMs), wherein one or more of the VMs are configured as resource instances of a client of the provider network; wherein the host device includes a network management component implemented at 
least by one or more processors and memory and configured to process packets in packet flows between the provider network and the plurality of VMs on the host device, wherein the network management component is configured to:

receive a connection request for one of the resource instances of the client on the host device;  query a client rules service of the provider network to obtain a decision on the connection request;
establish a connection to the resource instance in response to obtaining the decision on the connection request from the client rules service;  
receive, by the provider network service according to the interface, input from the client defining at least one rule for processing network traffic to or from the plurality of resource instances of the client; and
receive, from the client rules service, client-defined rules for packet flows for the connection between the provider network and the resource instance of the client, wherein the rules are defined and provided by the client;  and
instantiate the at least one rule at the provider network service, wherein the at least one rule is made available for application, by at least one of the host devices, to the network traffic to or from at least one of the plurality of resource instance of the client.
apply the client-defined rules to the packet flows between the provider network and the resource instance of the client, wherein the client-defined rules replace, modify, or extend provider network processing applied by the same network management component to process other packet flows between the 


Claims 26 of the instant application is anticipated by patent claim 1 in that claim 1 of the patent contains all the limitations of claim 26 of the instant application. Claim 26 of the instant application therefore is not patently distinct from the earlier patent claim and as such is unpatentable for obvious-type double patenting.

As to claims 27-45, claims 1-23 of P720 obviously disclose all the limitations of claims 27-45 of the instant application. Thus, claims 27-45 of the instant application are not patently distinct from the earlier patent claims and as such are unpatentable for obvious-type double patenting.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any 
Claims 26, 33, and 40 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent Application Publication 2014/0059226 A1 to Messerli et al. (hereinafter Messerli) in view of U.S. Patent Application Publication 2017/0078329 A1 to Hwang et al. (hereinafter Hwang) and U.S. Patent Application Publication 2014/0280884 A1 to SEARLE et al. (hereinafter SEARLE).

As to claims 26, 33, and 40, Messerli teaches a system, method, and one or more non-transitory computer-accessible storage media (hereinafter CRM) (cloud computing system 110, Messerli, [0032]), comprising:
one or more computing devices (information processing system 210, Messerli, [0042]-[0043]) of a provider network comprising respective processors and memory to implement a provider network service (The information processing system 210 may include any or all of the following: (a) a processor 212 for executing and otherwise processing instructions, (b) one or more network interfaces 214 (e.g., circuitry) for communicating between the processor 212 and other devices, those other devices possibly located across the network 205; (c) a memory device 216 (e.g., FLASH memory, a random access memory (RAM) device or a read-only memory (ROM) device for storing information (e.g., instructions executed by processor 212 and data operated upon by processor 212 in response to such instructions), Messerli, [0042]-[0043]), wherein the provider network service is configured to, for individual clients of one or more clients of the provider network:
Messerli does not explicitly disclose provide an interface for defining rules for processing network traffic to or from a plurality of resource instances of the client.
Hwang discloses provide an interface for defining rules for processing network traffic to or from one or more resource instances of a client (A computer system 102 such as a cloud management stack receives a request from a user 104 for provisioning of a server with one or more fire wall rules.  The computer system 102 sends the firewall rules to an ODM 106 for validation.  The ODM 106, for example, runs on one or more hardware processors operatively coupled with one or more storage devices that store firewall rules, e.g., in a database table.  Responsive to receiving the request for firewall rule validation, the ODM 106 checks the firewall rules against the existing ODM rules table and determines whether to approve or deny the firewall rule, Hwang, Para. 0033-0041, 0070)
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to use user provided rules and validate these rules as taught by Hwang to modify the method, method, and CRM of Messerli in order to validate rules and learn rules to validate and invalidate automatically.
Messerli-Hwang discloses wherein the resource instances are hosted by one or more host devices of the provider network on behalf of the client (A corresponding operating environment 234 would use the built-in threading, processing, and code loading capabilities to load and run code.  Adding, removing, or modifying a logical container 232 may or may not also involve adding, removing, or modifying an associated operating environment 234.  For ease of explanation below, these operating environments will be described in terms of an embodiment as "Virtual Machines," or "VMs," but this is simply one implementation among the options listed above, Messerli, [0048]-[0050]);
receive, by the provider network service according to the interface, input from the client defining at least one rule for processing network traffic to or from at least one of the resource instances of the client (When a packet arrives at edge router 402, the virtual router 406 identifies it as being logically addressed to a particular operating environment associated with the user and routes it to flow to the defined user router 426 instantiated for the customer by way of the physical interface 423 and possibly other virtual routers 426 along the way.  When the packet arrives at user router 426, the tenant-defined rules and filters are applied to the packet and the flow is stopped, edited, or redirected accordingly, Messerli, Para. 0074-0075, 0068-0072, Fig. 4. In view of Hwang, Para. 0033-0041); and
instantiate the at least one rule at the provider network service, wherein the at least one rule is made available for application, by at least one of the host devices, to the network traffic to or from the at least one resource instance of the client (When a packet arrives at edge router 402, the virtual router 406 identifies it as being logically addressed to a particular operating environment associated with the user and routes it to flow to the defined user router 426 instantiated for the customer by way of the physical interface 423 and possibly other virtual routers 426 along the way.  When the packet arrives at user router 426, the tenant-defined rules and filters are applied to the packet and the flow is stopped, edited, or redirected accordingly, Messerli, Para. 0074-0075, 0068-0072, Fig. 4).
Furthermore, Messerli-Hwang does not explicitly disclose a plurality of resource instances of the client.
SEARLE discloses a plurality of resource instances of a client (each host device includes a plurality of client resource instances, wherein each client resource instance is assigned to one of a plurality of clients of the provider network, SEARLE, claim 1, [0020]-[0023]).
Note Messerli, Hwang, and SEARLE are in the field of cloud computing services  and Messerli-Hwang discloses server and virtual machines, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide resource instances running on a host device as taught by SEARLE to modify the method, method, and CRM of Messerli-Hwang in order to manage large-scale computing resources for many clients with diverse needs, to allow various computing resources to be efficiently and securely shared by multiple clients.

Allowable Subject Matter
Claims 27-32, 34-39, 41-45 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Note: the rejection on the ground of nonstatutory double patenting must be obviated in order to allow the case.

Response to Arguments
Applicant’s arguments with respect to claim(s) 26-45 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
See attached form PTO-892.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to RUOLEI ZONG whose telephone number is (571)270-7522.  The examiner can normally be reached on Monday-Friday 9:00AM-5:30PM IFP.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Wing F Chan can be reached on (571)272-7493.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for 






/RUOLEI ZONG/Primary Examiner, Art Unit 2441                                                                                                                                                                                                        3/24/2021