DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
Claims 1-20 are pending. Claims 1-2, 4, 13 and 15-18 are currently amended.
Applicant’s amendments to the claims will overcome each and every claim objection and 112(b) rejection previously set forth in the Non-Final Office Action mailed 12/24/2020.

Allowable Subject Matter
Claims 1-20 are allowed.
Examiner’s Statement of Reason for Allowance
The following is an examiner's statement of reasons for allowance:  The prior art Parry et al. (US Patent No. 10,069,802) discloses securely configuring a customer premise equipment in a network.  The network including a configuration server, a DHCP server, and the customer premise equipment.  The method enables authentication of customer premise equipment, before providing configuration to the customer premise equipment.  The method includes use of characteristic attributes of the customer premise equipment to generate cryptographic keys for secure connection.  Moreover, the method includes establishing a secure connection between the configuration server and the customer premise equipment for transfer of a configuration file and a set of encryption keys.  The configuration file and the set of encryption Parry, Abstract), Gray et al. (US Pub No. 2014/0122674) discloses automatically uploading device information from a first network device in a first operating state to a second network device in response to an event, such as an initial power up.  The second network device is part of the cloud, and thus, providing cloud-based services.  Subsequent to the uploading of the device information, the first network device receives information controlling the operation of the first network device based on the device information (Gray, Abstract), Eldar (US Pub No. 2007/0297396) discloses a provisioning method and mechanism for computer systems having embedded network devices.  After an initial boot-up of a computer platform, an out-of-band (OOB) controller automatically connects to a corporate DHCP (Dynamic Host Configuration Protocol) server to obtain an IP (Internet Protocol) address and a domain name in which the computer platform is running.  The OOB controller then establishes a TCP connection to the provisioning server.  A server certificate chain received from the provisioning server is validated.  An attempt to login to the provisioning server is made.  If corporate security policy dictates granting access to the computer platform, then provisioning configuration data is received over a secure and encrypted channel (Eldar, Abstract), HTAY (US Pub No. 2018/0165110) discloses a workload management method for on-demand applications in distributed Network Functions Virtualization Infrastructure (dNFVI) includes receiving usage data from a unikernel implementing one or more functions of a plurality of functions related to a Virtual Network Function (VNF) (HTAY, Abstract), Liu (US Pub No. 2013/0046865) discloses zero configuration for a virtual distributed device in a distributed network is disclosed.  A plurality of peer devices are added as virtual devices to a network device.  Configuration information is imported to the Liu, Abstract and page 1, paragraph 0019), Mammoliti et al. (US Patent No. 8,532,095) discloses configuring customer premises equipment for communication with a provider network include establishing a physical layer network connection between a particular customer node and a first provider node. The particular customer node is automatically configured based on that configuration data.  The automatic provisioning of the customer node allows equipment to be more economically shipped and installed at customer premises and allows upgraded or replacement equipment to be more economically swapped in place of equipment previously installed.  Traffic management data can also be automatically received and used at the particular customer node (Mammoliti, Abstract), Burnett et al. (US Pub No. 2003/0018889) discloses remote, automated, and secure network device provisioning over a pre-existing communications network.  According to one embodiment, automated establishment of addressability of a network device is supported for a target network environment.  A boot time process of a network device in a factory default configuration detects the presence of a storage device containing therein addressability data that allows the network device to communicate and be addressable within the target network environment.  After detecting the presence of the storage device, the network device receives the addressability data from the storage device by using a communication protocol associated with the storage device.  Finally, addressability of the network device is established to enable it to communicate with and be addressed by other nodes in the target network environment by configuring one or more address parameters of the network device based upon the Burnett, Abstract) and Mc Bride et al. (US Pub No. 2016/0239330) discloses a virtualized network including one or more virtual machines is operable to instantiate dynamic reconfiguration of one or more virtual machines.  The virtualized network includes an analytics engine, autonomics module and orchestrator module.  The autonomics module receives intelligence data from the analytics engine and in one instance, may direct an action of dynamic reconfiguration of one or more virtual machines, based on the intelligence data.  The autonomics module instructs the orchestrator module, via a control plane, to instantiate the dynamic reconfiguration of one or more virtual machines.  The dynamic reconfiguration may involve, without limitation, replacing a configuration of a virtual machine, migration of a configuration from a first to a second virtual machine, or deploying a second (new) virtual machine to replace or supplement functionality of a first virtual machine (Mc Bride, Abstract), however, the prior art taken alone or in combination fails to teach or suggest “establishing a secure tunnel connection with a security gateway device via at least one out-of-band network, wherein the security gateway device is operatively coupled to a provider network; automatically and without user input establishing a connection with a configuration platform on the provider network via the secure tunnel connection automatically orchestrating the one or more VNFs based on the received orchestration instructions, wherein the one or more VNFs are configured to operate on a customer network that is different than the out-of-band network; advertising management domain routing information to the security gateway device via the secure tunnel connection; and receiving VNF management instructions from the security gateway device and via the secure tunnel connection based on the advertised management routing information, wherein the VNF management instructions include one of: updates, reconfigurations, or patches” (as recited in claims 1, 12 and 19), and in combination with the remaining claim limitations.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHAQUEAL D WADE whose telephone number is (571)270-0357.  The examiner can normally be reached on M-F 8:00-5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on 571-272-4063.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR 




/SHAQUEAL D WADE/Examiner, Art Unit 2437

/KRISTINE L KINCAID/Supervisory Patent Examiner, Art Unit 2437