Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
This Office Action is in response to the Amendment filed on 03/18/2021.
In the instant Amendment, claims 1-20 have been withdrawn; claims 21-40 have been added. Claims 21, 30 and 39 are independent claims.  Claims 21-40 have been examined and are pending.  This Action is made FINAL.
Response to Arguments
Applicants’ arguments with respect to claims 1-20 have been considered but are moot as claims 1-20 have been withdrawn and Applicants’ arguments with respect to claims 21-40 have been considered but are moot in view of the new ground(s) of rejection.
Priority
This application is a continuation of U.S. application Ser. No. 15/842,714, filed Dec.14, 2017, which application claims priority to U.S. Provisional Application No. 62/434,456, filed on Dec. 15, 2016. 
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows: 
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 30-38 are rejected under 35 U.S.C. 101 as being directed to non-statutory subject matter.
Regarding claim 30, claim 30 recites a “computer-readable medium”.  In the applicant's specification [0129], applicant recites “The term "computer readable medium" or "computer usable medium" as used herein refers to any medium that participates in providing instructions to a data processor for execution. Such a medium may take many forms including, but not limited to, non-volatile media and volatile media”.  It appears that the medium recited in the claims are described in the specification as including a propagation medium which could include communication medium.  Thus, the “computer-readable medium” recited in claim 30 is not within a statutory class as defined in 35 U.S.C. 101 (i.e., a “process,” a “machine,” a “manufacture” or a “composition of matter”). A claim drawn to such a computer readable medium that covers both transitory and non-transitory embodiments may be amended to narrow the claim to cover only statutory embodiments to avoid a rejection under 35 U.S.C. § 101 by adding the limitation “non-transitory” to the claim. 
Regarding claims 31-38; claims 31-38 are also rejected under 35 U.S.C. 101 as being directed to non-statutory subject matter for the same reason. 
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 21-40 are rejected under 35 U.S.C. 103 as being unpatentable over Daniel (US 9,641,385) and in view of Ramprasad (US 2014/0038545).
Regarding claim 21, Daniel discloses a method comprising: 
determining, at a virtualization environment, an external service provided by an environment that is external to the virtualization environment (collected from a plurality of servers in the multi-tenant environment), the external service providing a firewall function to a resource entity in the virtualization environment (Daniel abstract, Col. 2; lines 41-45. Daniel teaches that an example method of launching a virtual machine in a multi-tenant environment using dynamic configuration may include receiving a customer request to launch a virtual machine in the multi-tenant environment. The configuration parameters may be associated with at least one desired performance characteristic of the virtual machine to be launched. In some instances, computing resources (e.g., a host server computer) may be initially allocated for instance launching based on one or more performance metrics collected from a plurality of servers in the multi-tenant environment); 
receiving, from the external service (collected from a plurality of servers) over an access interface, a firewall parameter (configuration policy) (Daniel Col. 2; lines 41-45 and Col. 5; lines 65-67. Daniel teaches that computing resources (e.g., a host server computer) may be initially allocated for instance launching based on one or more performance metrics collected from a plurality of servers in the multi-tenant environment and configuration policy 214 may specify parameters for configuring a firewall used by any of the customer's virtual machines launched in the multi-tenant environment);
associating the firewall parameter (configuration policy)  with an internal parameter in the virtualization environment (Daniel Col. 5; lines 62-67. Daniel teaches that configuration policy 212 may specify parameters for configuring a storage volume for use by any of the customer's virtual machines launched in the multi-tenant environment. Configuration policy 214 may specify parameters for configuring a firewall used by any of the customer's virtual machines launched in the multi-tenant environment); 
receiving a request to perform an action with respect to the external service (Daniel abstract, Col. 2; lines 41-45. Daniel teaches that an example method of launching a virtual machine in a multi-tenant environment using dynamic configuration may include receiving a customer request to launch a virtual machine in the multi-tenant environment); 


However, in an analogous art, Ramprasad discloses wherein determining whether the internal parameter falls within a validity period of the firewall parameter (Ramprasad par. 0044-0045 and 0049. Ramprasad teaches that the response received from the control server 12 may provide a one-time modification of the replenishment of internally stored account parameters (e.g., provide an update or modification to internally stored rules within the wireless device 100 for the periodic replenishment of internally-stored account parameters going forward or for a certain period of time. The replenishment module 136 will first ensure that the calendar date for the Plan End Date for the recurring replenishment plan is later than the calendar date for the Plan Start Date for the recurring replenishment plan in operation 220. The Plan End Date must be greater than the Plan Start Date for any replenishment to occur, where the sanity check fails (operation 228) if this situation does not existSee also table I and par. 0012); and 5 NUT-PAT-509-03092 1-FinalAtty. Dkt. No.: NUT-PAT-509 
responding to the request at least by: when the internal parameter falls within the validity period, performing an operation that authorizes the external service to access the internal parameter (Ramprasad par. 0012 and 0049. Ramprasad teaches that the wireless device determines whether the internally-stored account parameter(s) should be replenished at a predetermined time according to a secure timestamp available within the wireless device. The replenishment module optionally determine in operation whether the Replenishment Date falls on a day in the range. As long as the day of the Replenishment Date falls within this range, the sanity check is passed where it otherwise fails if the date is greater than 27 or less than 2. See also table I (replenishment timeout) and Par. 0006); and when the internal parameter falls outside the validity period, executing a different operation (Ramprasad table I; (Replenishment timeout). Ramprasad teaches that this represents the timeout period 144 that a handset Timeout waits prior to replenishing itself. In one or more aspects, this may be used only rare instances for the system to correct itself where a subscription parameter changed. If set to TRUE, the handset performs replenishment, and if set to FALSE, the handset does not perform replenishment).
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify the firewall parameters of Daniel using the account parameters taught in Ramprasad in order to secure authorize for usage of the resource using the stored parameters (Ramprasad abstract). 
Regarding claim 22, Daniel and Ramprasad disclose the method of claim 21, 
Ramprasad further discloses wherein the validity period for the internal parameter corresponds to a time-to-live indication, a keep-alive value associated with the firewall parameter and the internal parameter, and the validity period for the internal parameter further corresponds to an age of the firewall parameter (Ramprasad par. 0060. Ramprasad teaches that the provider of the prepaid subscription plan can arrange for a recalibration/recalculation message (e.g., AR_PSMS_RECAL message) to be sent to those wireless devices 100 intended to have their replenishment parameters updated during the replenishment timeout period 144 (or at another time)).
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify the firewall parameters of Daniel using the account parameters taught in Ramprasad in order to secure authorize for usage of the resource using the stored parameters (Ramprasad abstract). 
Regarding claim 23, Daniel and Ramprasad disclose the method of claim 21, 
Daniel further discloses wherein execution of the firewall function in the virtualization environment protects the resource entity, and a change in a state of the resource entity pertains to cloning or migrating the resource entity in the virtualization environment (Daniel Col. 15; lines 55-60. Daniel teaches that the placement manager 106 may be operable to detect that the launched virtual machine is no longer matching one or more of the desired performance characteristics (e.g., VMPCs 402). In response to such detection, the virtual machine may be migrated to another host server computer that matches the desired performance characteristic).  
Regarding claim 24, Daniel and Ramprasad disclose the method of claim 21, 
Daniel further discloses wherein the internal parameter pertains to an internally-managed parameter in a resource entity state data structure, and the firewall parameter pertains to an externally-managed parameter in the resource entity state data structure stored in the virtualization environment (Daniel Col. 2; lines 41-45 and Col. 5; lines 65-67. Daniel teaches that computing resources (e.g., a host server computer) may be initially allocated for instance launching based on one or more performance metrics collected from a plurality of servers in the multi-tenant environment and configuration policy 214 may specify parameters for configuring a firewall used by any of the customer's virtual machines launched in the multi-tenant environment). 
Ramprasad further discloses responding to the request further comprising applying an entity attribute access rule to an attribute of the internal parameter to determine a first operation when the internal parameter is determined to be valid or a second operation when the internal parameter is determined to be invalid (Ramprasad par. 0044-0045; the response received from the control server 12 may provide a one-time modification of the replenishment of internally stored account parameters (e.g., provide an update or modification to internally stored rules within the wireless device 100 for the periodic replenishment of internally-stored account parameters going forward or for a certain period of time. See also table I and par. 0012).
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify the firewall parameters of Daniel using the account parameters taught in Ramprasad in order to secure authorize for usage of the resource using the stored parameters (Ramprasad abstract). 
Regarding claim 25, Daniel and Ramprasad disclose the method of claim 21, 
Daniel further discloses wherein determining the external service comprises implementing a firewall box having a hardware component and a software component received from a provider of the external service, and the resource entity comprises a virtual (Daniel Col. 1; lines 5-9; Col. 2; lines 41-45 and Col. 5; lines 65-67. Daniel teaches that cloud computing is the use of computing resources (hardware and software) that are available in a remote location and accessible over a network, such as the Internet and computing resources (e.g., a host server computer) may be initially allocated for instance launching based on one or more performance metrics collected from a plurality of servers in the multi-tenant environment and configuration policy 214 may specify parameters for configuring a firewall used by any of the customer's virtual machines launched in the multi-tenant environment).
Regarding claim 26, Daniel and Ramprasad disclose the method of claim 21, 
Ramprasad further discloses wherein responding to the request comprising rejecting the request to perform the action and performing an alternative action rather than proceed with the request to perform the action (Ramprasad par. 0012, 0049 and table I (replenishment timeout); the wireless device determines whether the internally-stored account parameter(s) should be replenished at a predetermined time according to a secure timestamp available within the wireless device. The replenishment module optionally determine in operation whether the Replenishment Date falls on a day in the range. As long as the day of the Replenishment Date falls within this range, the sanity check is passed where it otherwise fails if the date is greater than 27 or less than 2. This represents the timeout period 144 that a handset Timeout waits prior to replenishing itself. In one or more aspects, this may be used only rare instances for the system to correct itself where a subscription parameter changed. If set to TRUE, the handset performs replenishment, and if set to FALSE, the handset does not perform replenishment).
(Ramprasad abstract). 
Regarding claim 27, Daniel and Ramprasad disclose the method of claim 21, 
Daniel further discloses wherein responding to the request further comprising invoking the action in response to a detection, at the external service, of an event that triggers a change of a state of the resource entity, wherein the external service communicates with the virtualization 6NUT-PAT-509-03092 1-FinalAtty. Dkt. No.: NUT-PAT-509environment over an external access application programming interface from which the firewall parameter is received in the virtualization environment (Daniel abstract, Col. 2; lines 41-45. Col. 5; lines 62-67. Daniel teaches that configuration policy 212 may specify parameters for configuring a storage volume for use by any of the customer's virtual machines launched in the multi-tenant environment. Configuration policy 214 may specify parameters for configuring a firewall used by any of the customer's virtual machines launched in the multi-tenant environment. An example method of launching a virtual machine in a multi-tenant environment using dynamic configuration may include receiving a customer request to launch a virtual machine in the multi-tenant environment).  
Regarding claim 28, Daniel and Ramprasad disclose the method of claim 21, 
Daniel further discloses wherein further comprising in response to a change in a state of the resource entity, triggering a state management operation that comprises information about the firewall parameter, wherein the internal parameter is determined at (Daniel Col. 2; lines 41-45 and Col. 10; lines 26-37. Daniel teaches that an example method of launching a virtual machine in a multi-tenant environment using dynamic configuration may include receiving a customer request to launch a virtual machine in the multi-tenant environment. The configuration parameters may be associated with at least one desired performance characteristic of the virtual machine to be launched. In some instances, computing resources (e.g., a host server computer) may be initially allocated for instance launching based on one or more performance metrics collected from a plurality of servers in the multi-tenant environment and  an auto scaling component 512 can scale the instances 506 based upon rules defined by the customer. In one embodiment, the auto scaling component 512 allows a customer to specify scale-up rules for use in determining when new instances should be instantiated and scale-down rules for use in determining when existing instances should be terminated. The auto scaling component 512 can consist of a number of subcomponents executing on different server computers 502 or other computing devices. The auto scaling component 512 can monitor available computing resources over an internal management network and modify resources available based on need). 
Regarding claim 29, Daniel and Ramprasad disclose the method of claim 21, 
Ramprasad further discloses wherein further comprising in response to a result of determining whether the internal parameter falls within the validity period, establishing a relationship between the internal parameter and the firewall parameter based at least in part upon a result of determining whether the internal parameter falls within the validity period (Ramprasad par. 0012 and 0049. Ramprasad teaches that the wireless device determines whether the internally-stored account parameter(s) should be replenished at a predetermined time according to a secure timestamp available within the wireless device. The replenishment module optionally determine in operation whether the Replenishment Date falls on a day in the range. As long as the day of the Replenishment Date falls within this range, the sanity check is passed where it otherwise fails if the date is greater than 27 or less than 2. See also table I (replenishment timeout) and Par. 0006).
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify the firewall parameters of Daniel using the account parameters taught in Ramprasad in order to secure authorize for usage of the resource using the stored parameters (Ramprasad abstract).  
Regarding claims 30-38; claims 30-38 are directed to a non-transitory computer readable medium associated with the method claimed in claims 21-29 respectively.  Claims 30-38 are similar in scope to claims 21-29 respectively, and are therefore rejected under similar rationale respectively.
Regarding claims 39-40; claims 39-40 are directed to a system associated with the method claimed in claims 21and 25 respectively.  Claims 39-40 are similar in scope to claims 21 and 25 respectively, and are therefore rejected under similar rationale respectively.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SANCHIT K SARKER whose telephone number is (571)270-7907.  The examiner can normally be reached on M-F 8:30 AM-5:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, FARID HOMAYOUNMEHR can be reached on 571-272-3739.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information 






/SANCHIT K SARKER/Examiner, Art Unit 2495                                                                                                                                                                                                        
/FARID HOMAYOUNMEHR/Supervisory Patent Examiner, Art Unit 2495