Notice of Pre-AIA  or AIA  Status

The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION

This action is in response to the communication filed on 6/14/21.
All objections and rejections not set forth below have been withdrawn.
Claims 1 – 20 are pending.
Any references to applicant’s specification are made by way of applicant’s U.S. pre-grant printed patent publication.

Continued Examination Under 37 CFR 1.114

A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 6/14/21 has been entered.
 

Drawings

The drawings are objected to under 37 CFR 1.83(a).  The drawings must show every feature of the invention specified in the claims.  Therefore, the features of “a computing device executing a directory service thereon … a login event on the computing device …” (e.g. claim 1), “a directory service executing on a computing device … a login event on the computing device” (e.g. claim 8), and “…the ESG VM executed on a computing device … a login event on the computing device…” (e.g. claim 15) must be shown or the feature(s) canceled from the claim(s).  No new matter should be entered.
Specifically, the examiner notes that the claimed “computing device”, upon which a “login event” is detected, is clearly described within applicant’s written description as corresponding to the user’s device (e.g. Specification, par. 3, 4, 41; fig. 1:102).  However, the applicant’s drawings fail to illustrate any of a “directory service” (e.g. fig. 1:101) or “ESG VM” (e.g. fig. 1:110) as executed on the user’s “computing device” upon which “a login event” is detected.

 Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid abandonment of the application. Any amended replacement drawing sheet should include all of the figures appearing on the immediate prior version of the sheet, even if only one figure is being amended. The figure or figure number of an amended drawing should not be labeled as “amended.” If a drawing figure is to be canceled, the appropriate figure must be removed from the replacement sheet, 

Specification

The specification is objected to as failing to provide proper antecedent basis for the claimed subject matter.  See 37 CFR 1.75(d)(1) and MPEP § 608.01(o).  Correction of the following is required:
Specifically, the applicant’s specification fails to disclose the detection of a login event on “a computing device”, wherein “the computing device” executes any of a “directory service” or ESG VM, as claimed.  See also the above objection to the drawings.





Claim Rejections - 35 USC § 112

The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 1 – 20 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.

Specifically, regarding claims 1, 8, and 15, the applicant’s specification fails to disclose the features of “a computing device executing a directory service thereon … a login event on the computing device …” (e.g. claim 1), “a directory service executing on a computing device … a login event on the computing device” (e.g. claim 8), and “…the ESG VM executed on a computing device … a login event on the computing device…” (e.g. claim 15).
Rather, the examiner notes that the claimed “computing device”, upon which a “login event” is detected, is clearly described within applicant’s written description as corresponding to the user’s device (e.g. Specification, par. 3, 4, 41; fig. 1:102).  The user’s “computing device” upon which “a login event” is detected is not disclosed as also executing any of a “directory service” (e.g. fig. 1:101) or “ESG VM” (e.g. fig. 1:110) as claimed.  

Depending claims are rejected by virtue of dependency.

The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1 – 20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.

Regarding claims 1, 8, and 15, the recitations of “…detect … a login event on the computing device …” (e.g. claim 1), “…detecting … a login event on the computing device” (e.g. claim 8), and “…detect … a login event on the computing device…” (e.g. claim 15) render the scope of the claims indefinite.
Specifically, it is unclear as to what constitutes a “login event on the computing device” and as to where and how such an event is “detected”.   As currently claimed, the “login event” is “detected … on” either the directory service device or the ESG VM device.  But, as disclosed, the “login event” is “detected … on” the user’s client device (e.g. fig. 1:102; par. 41).  Applicant’s claims are to be interpreted in light of the applicant’s disclosure.  However, it is unclear to one of ordinary skill in the art as to how a login event detected on a user’s device (as disclosed) corresponds to a login event detected on an ESM VM or directory server (as claimed).  Thus, the scope of the claims are indefinite.    

Depending claims are rejected by virtue of dependency.


Claim Rejections - 35 USC § 101

35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 15 – 20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  The claim(s) does/do not fall within at least one of the four categories of patent eligible subject matter because claims 15 – 20 are directed solely towards a “virtual machine (VM)”.  The examiner notes that a virtual machine is not a hardware or physical device, but is rather a virtual thing modeled by software.  Software per se, or virtual things, fail to fall within any statutory category of invention.
Furthermore, regarding the recitation that the virtual machine is “executed on a computing device”, it is noted that this recitation amounts only to an intended use of the virtual machine, i.e. that the VM is to be executed on a computer.  The recitation does not limit the claimed “virtual machine” or the claim itself to a “computing device” or any other specific structure.  
Additionally, the examiner notes that while the claim does appear to incorporate means-plus-function language (e.g. “configured to”), this language is recited within the context of a “monitor” and “engines”, which have been explicitly defined within the applicant’s specification to be virtual or software per se. (e.g. see fig. 2, virtual machine).


Claim Rejections - 35 USC § 103

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1 – 20 are rejected under 35 U.S.C. 103 as being unpatentable over  Glazemakers et al. (Glazemakers), US 2020/0106745 A1 in view of Cui et al., US 2014/0281030 A1.

Regarding claim 1, as best determined in view of the above noted deficiencies of clarity, Glazemakers discloses a system comprising:
a computing device executing a directory service thereon (e.g. Glazemakers, par. 50 – active directory); 
a network; one or more … gateway … machines … that monitor traffic for the network (e.g. Glazemakers, fig. 1:100; par. 3, 4, 26, 82).

It would have been obvious to one of ordinary skill in the art to accept the virtualization network teachings of Cui within the system of Glazemakers because one of ordinary skill in the art would have been motivated by the teachings that virtualization, including the use of virtual gateway services, is popularly implemented within the art, and that virtual gateways provide protection and ability to analyze network traffic at the logical “edge” of a network (e.g. Cui, par. 1, 17).
Thus, the combination enables “…edge service gateway (ESG) virtual machines (VM)…” (e.g. Glazemakers, fig. 1:100; par. 3, 4, 26, 82; Cui, par. 17, 46; fig. 9), and furthermore:
each of the one or more ESG VMs comprising: an event log monitor configured to: detect, from the directory service, a login event on the computing device (e.g. Glazemakers, par. 32-34, 49, 50); and obtain, from the detected login event, login event information comprising an identifier that identifies a user (e.g. Glazemakers, par. 48-50); 
a context engine configured to: receive the login event information from the event log monitor; and store the login event information as one or more context attributes in an attribute table (e.g. Glazemakers, par. 49, 50; fig. 4a, 4b;  – the context aware firewall maps context attributes to a rule tables of attributes); 
and a firewall engine configured to: determine attributes of a data message received by the ESG VM; compare the data message attributes with the one or more context attributes stored in the attribute table (e.g. Glazemakers, par. 52, 53; fig. 4a, 4b); and identify a firewall rule to enforce on the data message based on the comparing, wherein, based the identified firewall rule, the firewall engine causes the data message to be dropped or forwarded (e.g. Glazemakers, par. 52, 53). 

Regarding claim 2, the combination enables:
wherein firewall engine is further configured to compare a five-tuple identifier from the data message with attributes in the attribute table to determine the data message corresponds to the one or more context attributes (e.g. Glazemakers, par. 48, “5-tuples”). 

Regarding claim 3, the combination enables:
wherein the computing device is a personal computer (e.g. Glazemakers, fig. 1, par. 26, 27, 50, 71, 85;  – herein devices can be VMs, containers, or hardware, personal computers). 

Regarding claim 4, the combination enables:
wherein the login event comprising a user logging into the network through a directory server (e.g. Glazemakers, par. 4, 32-34, 49, 50).

Regarding claim 5, the combination enables:
wherein the event log monitor is further configured to poll the directory server for login events (e.g. Glazemakers, 50, 71 – herein the gateway must reference [i.e. “poll”] a directory server for any triggered logon events). 

Regarding claim 6, the combination enables:
wherein the network is a logical overlay network  (e.g. Glazemakers, par. 1, 26-28; Cui, par. 1, 4, 17 – herein, Glazemakers and Cui disclose, separately and in combination, a virtual network comprising virtual nodes and tunnels/links  –i.e. “logical overlay network”). 

Regarding claim 7, the combination enables:
wherein the computing device does not execute a guest-introspection (GI) agent thereon (e.g. Glazemakers, fig. 1, entire disclosure – the system does not comprise or execute a guest introspection agent). 

Regarding claims 8 – 20, they are method and software claims essentially corresponding to the above apparatus claims, and they are rejected, at least, for the same reasons.  Furthermore:

Regarding claim 10, the combination enables:
wherein the computing device is a hardware computing device (e.g. Glazemakers, fig. 1, par. 26, 27, 50, 71, 85; e.g. Cui, fig. 2, 3;  – herein devices can be VMs, containers, or hardware computers). 

Regarding claim 11, the combination enables:
wherein the computing device is a virtual machine or container (e.g. Glazemakers, fig. 1, par. 26, 27, 50, 71, 85; e.g. Cui, fig. 2, 3  – herein devices can be VMs, containers, or hardware computers). 

Regarding claim 12, the combination enables:
wherein the login event information further comprises one or more of the following: a five-tuple identifier and a group identifier (e.g. Glazemakers, par. 48, “5- tuples”).

Regarding claim 13, the combination enables:
wherein the directory service is an active directory service, and wherein the user group identifier is a group identifier in an active directory (e.g. Glazemakers, par. 50); 

Regarding claim 14, the combination enables:
wherein the login event is a request to access an application in the network monitored by the ESG VM directory (e.g. Glazemakers, par. 7, 53). 

Response to Arguments

Applicant's arguments filed 6/14/21 have been fully considered but they are not persuasive.

Applicant argues or alleges essentially that:
…
In particular, the Office asserts that Claims 15-20 are directed solely towards a VM. Applicant respectfully disagrees. In particular, independent Claim 15 recites that the ESG VM is executed on a computer device and “detect, from a directory service, a login event on a computing device.” Thus, while the ESG VM monitors a log in event, the ESG VM, and more specifically, the event log monitor in the ESG VM detects the login event on the computing device on which the ESG VM is executed thereon. As such, Applicant respectfully submits that Claims 15-20 are not solely directed towards a VM.
…
(Remarks, pg. 6)

Examiner respectfully responds:
The examiner respectfully disagrees.  Specifically, the “computing device” is not part of the VM or virtual machine as claimed.  Thus, the claim 15 is clearly directed towards a virtual machine only.  Furthermore, regarding the recitation of detecting a login event on the computing device, it is noted that this recitation does not require that the computing device be part of the claimed VM.
The examiner points out that the recitation characterizing the virtual machine as  “executed on a computing device”, amounts only to an intended use of the virtual machine, i.e. that the VM is to be executed on a computer.  The recitation does not limit the claimed “virtual machine” or the claim itself to a “computing device” or any other specific structure.  

Therefore, the examiner maintains that the claims are directed towards software per se and fail to fall within any statutory category.

Applicant argues or alleges essentially that:
…
… That is, at best, Glazemakers describes a user associated with a client device making a connection request to connect to a gateway. However, a request to connect to a gateway is not a login event as provided in Claim 1.
…
(Remarks, pg. 8)

Examiner respectfully responds:
The examiner respectfully notes that the applicant’s arguments are unpersuasive, at least, for the reason that they Glazemakers clearly discloses that the connection event between the client and the gateway is for the purpose of authenticating the user and the user’s client for access to the network (e.g. Glazemakers, par. 29, 32-34, 48-50).  Thus, the connection event is clearly a “login” event.  

Applicant argues or alleges essentially that:
…
…That is, in Claim 1, the firewall rules is based on a comparison of data message attributes and context attributes that are obtained from login event information (e.g., the ID of a user) from the login event on a computing device. In contrast, the alleged firewall rules in Glazemakers define the access rules for a respective client devices, not access rules/firewall rules specific to a user as provided in Claim 1. Firewall rules based on a user identification as provided in Claim 1 is not the same as firewall rules based on client devices (e.g., more than one user may access a client device). 
…
(Remarks, pg. 7, 8)

Examiner respectfully responds:
The examiner respectfully notes that the applicant’s arguments are unpersuasive, at least, for the reason that claim 1 is not limited by the features of “…access rules/firewall rules specific to a user…” or “…Firewall rules based on a user identification…”, as is alleged by the applicant.   
In response to applicant's argument that the references fail to show certain features of applicant’s invention, it is noted that the features upon which applicant relies are not recited in the rejected claim(s).  Although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims.  See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993).

Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to JEFFERY L WILLIAMS whose telephone number is (571)272-7965.  The examiner can normally be reached on 7:30 am - 4:00 pm.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 571-272-3739.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/JEFFERY L WILLIAMS/Primary Examiner, Art Unit 2495