DETAILED ACTION
The non-final office action is responsive to U.S. Patent Application 16/584,832, last communication received on 09/26/2018. Claims 1-15 are pending; claims 1, 4-11, and 15 are rejected, claims 2-3, 12-14 are objected to.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Specification
Applicant is reminded of the proper language and format for an abstract of the disclosure.
The abstract should be in narrative form and generally limited to a single paragraph on a separate sheet within the range of 50 to 150 words in length. The abstract should describe the disclosure sufficiently to assist readers in deciding whether there is a need for consulting the full patent text for details.
The language should be clear and concise and should not repeat information given in the title. It should avoid using phrases which can be implied, such as, “The disclosure concerns,” “The disclosure defined by this invention,” “The disclosure describes,” etc.  In addition, the form and legal phraseology often used in patent claims, such as “means” and “said,” should be avoided.
The abstract of the disclosure is objected to because there are more than 150 words in the abstract.  Correction is required.  See MPEP § 608.01(b).

Claim Objections
Claim 1 is objected to because of the following informalities:  “and/or” and “an application (701)” in the last limitation.  Appropriate correction is required.

As to claims 3, 6, 8, 9, and 13, the claims are objected to because of the following informalities:  “and/or” in the claims.  Appropriate correction is required.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 11 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.

As to claim 11, the phrase "such as" renders the claim indefinite because it is unclear whether the limitations following the phrase are part of the claimed invention.  See MPEP § 2173.05(d).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 4-11, and 15 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent Application Publication 2011/0137805 A1 to Brookbanks et al. (hereinafter Brookbanks) in view of U.S. Patent Application Publication 2005/0216414 A1 to Higuchi (hereinafter Higuchi), U.S. Patent 9,928,517 B1 to Hitchcock et al. (hereinafter Hitchcock), and U.S. Patent Application Publication 2013/0311778 A1 to Cherukuri et al. (hereinafter Cherukuri).

As to claim 1, Brookbanks teaches method for the integrated use of a secondary cloud resource (The present invention provides a system and method for establishing inter-Cloud resource sharing agreements and policies such that dynamic expansion / contraction of Cloud resource requests can be seamlessly addressed without requiring physical build-out of the primary Cloud infrastructure and advertising the need for additional resources or the offer to provide additional resources can be brokered through an established marketplace, Brookbanks, Abstract), provided by a secondary cloud service software function executed on secondary hardware, from a primary cloud service, provided by a primary cloud service software function executed service consumers 70 are accessing services with a primary Cloud provider 72A (e.g. primary cloud).  Cloud provider 72A can make service requests to the Cloud Community through the web portal or other medium 76.  The portal 76 maintains the directory 78 of available resources and each resource's specific attributes (e.g., price, availability, type, etc).  In addition, Cloud providers 72B-N  (e.g. secondary cloud) can broadcast their resource needs or offers.  A transaction engine 80 drives the analytic assessment of which provider is the `best fit` for a given transaction, Brookbanks, [0058]-[0059]. Note: hardware used by cloud is disclosed in Brookbanks, [0042]-[0050], Fig. 1), the method comprising
Brookbanks does not explicitly disclose the secondary hardware being physically tamper-proof.
Higuchi discloses hardware is physically tamper-proof (The hardware for the platform 2 is constituted so as to obtain a tamper-proof property.  The tamper-proof hardware is hardware having physical and logical functions to protect confidential information from being leaked or altered through an external, illegal action, such as the wrenching open of a case, and to prevent an illegal access.  More specifically, the platform 2 is constituted by a computer, which has a physical and electrical tamper-proof property, and an OS and a program executed by the computer, or is constituted by an IC card having a physical and electrical tamper-proof property, Higuchi, [0060]).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to use tamper-proof  hardware as taught by Higuchi to modify the cloud hardware in the method of Brookbanks in order to protect confidential information from being leaked or altered through an external, illegal action.
Brookbanks-Higuchi discloses
in a provision step, providing an integration database as well as an integration software function, which integration software function is arranged to provide a primary integration interface and a secondary integration interface (Cloud provider 72A can make service requests to the Cloud Community through the web portal or other medium 76.  The portal 76 maintains the directory 78 of available resources and each resource's specific attributes (e.g., price, availability, type, etc), Brookbanks, [0058]-[0059], [0060]-[0062]).
Brookbanks-Higuchi does not explicitly discloses in a shadow instance initiation step, initiating a shadow instance as a shadow software function executing in an execution environment of said primary cloud service and providing or constituting a primary cloud resource corresponding to said secondary cloud resource.
Hitchcock discloses initiating a shadow instance as a shadow software function executing in a primary execution environment and providing or constituting a primary execution environment corresponding to a secondary execution environment (the test environment may be configured to shadow the production environment, such that individual test services represent shadow instances of corresponding production services.  When the production environment is run in shadow mode, copies of requests generated by production services may be forwarded to shadow instances in the test environment to execute the same transactions, Hitchcock, Col. 5, Line 17-26).
Hitchcock to modify the method of Brookbanks-Higuchi in order to identify and provide paths of service requests and responses from service to service.
Brookbanks-Higuchi-Hitchcock discloses
in a resource request step, the integration software function receiving from the shadow instance, via the said primary integration interface, an allocation request regarding a certain cloud resource, and the integration software function in response thereto identifying a set of secondary user data and requesting, via the secondary integration interface, said secondary cloud resource from the secondary cloud service, the secondary cloud resource request being performed using said secondary user data (service consumers 70 are accessing services with a primary Cloud provider 72A.  Cloud provider 72A can make service requests to the Cloud Community through the web portal or other medium 76.  The portal 76 maintains the directory 78 of available resources and each resource's specific attributes (e.g., price, availability, type, etc).  In addition, Cloud providers 72B-N can broadcast their resource needs or offers.  A transaction engine 80 drives the analytic assessment of which provider is the `best fit` for a given transaction, Brookbanks, [0058]-[0059], [0060]-[0062]);
in a resource allocation step, the secondary cloud service allocating the requested secondary cloud resource and providing, via the secondary integration interface, corresponding secondary cloud resource allocation information to the integration software function (transaction engine 80 implements an algorithm that will track transactions for each member, such that future transactions are optimized towards a cost-neutral objective.  In this case, a token will have been assigned to Acme Cloud provider 82A representing that they have an outstanding balance with Standard Cloud provider 82B.  In the example below, the transaction engine 80 has identified that at least two Cloud providers can meet Acme Cloud provider 82A's resource request and it has also recognized that `Cloud Provider: Standard` has a negative token balance with Acme Cloud provider 82B, whereas `Cloud Provider: Ace` has a positive token balance.  It is therefore to Acme's benefit to transact with Standard Cloud at this time vs.  increasing the outstanding token balance it has with Ace, Brookbanks, [0060]-[0062]);
in an information association step, the integration software function associating, in the integration database, said secondary cloud resource allocation information with said secondary cloud user data and also with a set of primary user data, identifying the shadow instance (transaction engine 80 implements an algorithm that will track transactions for each member, such that future transactions are optimized towards a cost-neutral objective.  In this case, a token will have been assigned to Acme Cloud provider 82A representing that they have an outstanding balance with Standard Cloud provider 82B.  In the example below, the transaction engine 80 has identified that at least two Cloud providers can meet Acme Cloud provider 82A's resource request and it has also recognized that `Cloud Provider: Standard` has a negative token balance with Acme Cloud provider 82B, whereas `Cloud Provider: Ace` has a positive token balance.  It is therefore to Acme's benefit to transact with Standard Cloud at this time vs.  increasing the outstanding token balance it has with Ace, Brookbanks, [0058]-[0059], [0060]-[0062]).
Brookbanks-Higuchi-Hitchcock does not explicitly disclose in a user authentication step, the integration software function authenticating the primary cloud service user access to said secondary cloud resource, by identifying in said integration database said secondary user data based upon said primary user data and authenticating, via said secondary integration interface, said secondary user data with the secondary cloud service.
Cherukuri discloses authenticating cloud service user access to a cloud service by identifying the user data and authenticating said user data with the cloud service (it may be also possible for IKE processing node 22 to assign cloud capabilities locally (or from authentication/authorization/accounting (AAA) services for subscribers 18), for example, based on the IKE-ID (e.g., identifier of a particular IKE negotiation).  For example, the cloud request may be received from service catalogs 28(1)-28(N), which contain authorized cloud capabilities derived from respective SLAs between corresponding subscribers 18(1)-18(N) and cloud service provider 29 managing cloud 12, Cherukuri, [0046]-[0047])
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to authenticate users as taught by Cherukuri to modify the method of Brookbanks-Higuchi-Hitchcock in order to protect user’s private information.
Brookbanks-Higuchi-Hitchcock-Cherukuri discloses
in a resource use step, the shadow instance receiving a use request for its primary cloud resource from an external client and in turn initiating a corresponding use request to the secondary cloud service for the secondary cloud resource (Brookbanks, [0058]-[0059], [0060]-[0062]), and Cherukuri further discloses an encapsulating cryptographically secured channel further being established between the shadow instance and the secondary cloud resource (embodiments of communication system 10 can support mix and match of cryptographic modules 24(1)-24(M) and pay-as-you-grow deployments in cloud 12 and, further, provide for dynamically offloading cloud capabilities (e.g., IPsec VPN services) from private cloud to public clouds, thereby enabling true on-demand elastic cloud services, Cherukuri, [0060], [0023]-[0024]), which encapsulating channel is furthermore caused to encapsulate a control communication channel between the external user and the secondary cloud resource and/or a communication channel between the external user and an application (701) executing within an execution environment provided by the secondary cloud resource (Brookbanks, [0058]-[0059], [0060]-[0062]. In view of Cherukuri, [0023]-[0024]).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to use VPN tunnel as taught by Cherukuri to modify the method of Brookbanks-Higuchi-Hitchcock-Cherukuri further in order to bypass censorship and geo-blocked websites and services and to do so without giving away who is doing the bypassing.

As to claim 4, Brookbanks-Higuchi-Hitchcock-Cherukuri discloses Method according to claim 1, wherein the integration software function is executed on hardware of an integration adapter, in turn providing communication interfaces for integrating the first and second cloud services (Brookbanks, [0058]-[0059], [0060]-[0062]).

Brookbanks-Higuchi-Hitchcock-Cherukuri discloses Method according to claim 1, wherein the integration software function is executed as a part of the secondary cloud service (Brookbanks, [0058]-[0059], [0060]-[0062]).

As to claim 6, Brookbanks-Higuchi-Hitchcock-Cherukuri discloses Method according to claim 1, wherein the primary user data comprises user and/or account credentials for the primary cloud service user, and wherein the primary user data is provided to the integration software function via the said primary integration interface (Cherukuri, [0046]-[0047]). It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to authenticate users as taught by Cherukuri to modify the method of Brookbanks-Higuchi-Hitchcock-Cherukuri in order to protect user’s private information.

As to claim 7, Brookbanks-Higuchi-Hitchcock-Cherukuri discloses Method according to claim 6, wherein in the user authentication step the integration software function identifies a user access policy pertaining to the primary cloud service user and applies the said user access policy to said authentication with the secondary cloud service (Cherukuri, [0046]-[0047]).

As to claim 8, Brookbanks-Higuchi-Hitchcock-Cherukuri discloses Method according to claim 7, wherein the method further comprises a step in which the integration software function, via the primary integration interface, verifies the accuracy of the primary user and/or account credentials, and, if said credentials are accurate, updates information pertaining to said user access policy in the integration database Cherukuri, [0046]-[0047]). It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to authenticate users as taught by Cherukuri to modify the method of Brookbanks-Higuchi-Hitchcock-Cherukuri in order to protect user’s private information.

As to claim 9, Brookbanks-Higuchi-Hitchcock-Cherukuri discloses Method according to claim 1, wherein the secondary user data comprises user and/or account credentials for the secondary user, wherein the resource request step comprises the integration software function requesting, via the secondary integration interface, the creation of the secondary user from the secondary cloud service (Cherukuri, [0046]-[0047]). It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to authenticate users as taught by Cherukuri to modify the method of Brookbanks-Higuchi-Hitchcock-Cherukuri in order to protect user’s private information.

As to claim 10, Brookbanks-Higuchi-Hitchcock-Cherukuri discloses Method according to claim 1, wherein in the shadow instance initiation step, the primary user data is provided by an external user to the shadow instance (Brookbanks, [0058]-[0059], [0060]-[0062]).

As to claim 11, Brookbanks-Higuchi-Hitchcock-Cherukuri discloses Method according to claim 1, wherein the shadow instance initiation step, the shadow software Brookbanks, [0058]-[0059], [0060]-[0062]. In view of 112(b)).


As to claim 15, Brookbanks-Higuchi-Hitchcock-Cherukuri discloses method according to claim 1, Hitchcock further discloses wherein the secondary cloud resource is an execution environment in which a user-specific application is allowed to be loaded and executed (Each service 110A-110N may be configured to perform one or more functions upon receiving a suitable request.  For example, a service may be configured to retrieve input data from one or more storage locations and/or from a service request, transform or otherwise process the data, and generate output data, Hitchcock, Col. 4, Line 5-25, 37-54). It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide service by running application as taught by Hitchcock to modify the method of Brookbanks-Higuchi-Hitchcock-Cherukuri further in order to identify and provide paths of service requests and responses from service to service.

Allowable Subject Matter
Claims 2-3, 12-14 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to RUOLEI ZONG whose telephone number is (571)270-7522.  The examiner can normally be reached on Monday-Friday 9:00AM-5:30PM IFP.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Wing F Chan can be reached on (571)272-7493.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.