DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status
This instant application No. 15/521964 has claims 1-16 pending.  

Claim Objections
Claim 8 has been objected to for the following reasons: minor informalities. Please see claim objection below, along with suggested amendment. 
Claim 8 – claim needs semicolons (;) instead of commas (,)
“8. (Currently Amended) A computer system arranged to deploy a software application in a virtualized computing environment comprising: 
at least one processor and memory configured to: 	
receive a description of a software application for deployment in a virtualized computing environment, the description including an identification of a set of one or more application software resources;[[,]]
determine one or more types of security facility required for the set of application software resources and to determine a security requirement for each of the determined types of security facility;[[,]]
;[[,]] 
determine a security configuration for each of the selected security software resources, the security configuration being based on the security requirement associated with the security software resource; 
generate a deployment specification for the software application specifying the application software resources and the security software resources for deployment of the application in the virtualized computing environment, the security software resources to be instantiated with the application software resources, each of the security software resources having associated the determined security configuration; and 
deploy the software application in the virtualized computing environment according to the deployment specification.”
It is recommended that Applicant amend the claims to fix this issue of form. 

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claims 1, 8, and 15  rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
Regarding claims 1, 8, and 15, they each recite the claim language below: 
Claim 1 – 
“1. (Currently Amended) A computer implemented method of deploying a software application in a virtualized computing environment, the method comprising: 
receiving a description of the software application including an identification of a set of one or more application software resources; 
determining one or more types of security facility required for the set of application software resources and determining a security requirement for each of the determined types of security facility; 
selecting a security software resource for each of the determined types of security facility, wherein each of the selected security software resources is a particular software component providing at least one type of security facility associated with a security requirement; 
determining a security configuration for each of the selected security software resources, the security configuration being based on the security requirement associated with the security software resource; …”
Claim 8 – 
“8. (Currently Amended) A computer system arranged to deploy a software application in a virtualized computing environment comprising: 
at least one processor and memory configured to: 
receive a description of a software application for deployment in a virtualized computing environment, the description including an identification of a set of one or more application software resources, 
a security requirement for each of the determined types of security facility, 5Application No. 15/521,964 
select a security software resource for each of the determined types of security facility, wherein each of the selected security software resources is a particular software component providing at least one type of security facility associated with a security requirement, 
determine a security configuration for each of the selected security software resources, the security configuration being based on the security requirement associated with the security software resource; …”
Claim 15 – 
“15. (Currently Amended) A computer system comprising: 
a memory and a processor, the processor being arranged to: 
receive a description of a software application for deployment in a virtualized computing environment, the description including an identification of a set of one or more application software resources; 
determine at least one type of security facility required for the set of application software resources and determining a security requirement for each of the determined types of security facility; 
select a security software resource for each of the determined types of security facility, wherein each of the selected security software resources is a particular software component providing at least one type of security facility associated with a security requirement; 8Application No. 15/521,964 
determine a security configuration for each of the selected security software resources, the security configuration being based on the security requirement associated with the security software resource; …”

Next, a further “determining” recites “the security requirement”. This present an issue of lack in clarity for the claim scope. This is because it is unclear whether “the security requirement” is associated either a security facility or the security software resource within the determining/determine step and the selecting/select step.
As a result, the claimed subject matter is indefinite and requires further clarification. 
It is recommended that Applicant further amend the claims to define proper substance to claims 1, 8, and 15.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1, 3, 6-8, 10, and 13-16 are rejected under 35 U.S.C. 103 as being unpatentable over Bishop et al. (Pub. No. US2015/0312274; hereinafter Bishop) in view of Subramanian et al. (Pub. No. US2015/0222620; hereinafter Subramanian) in view of Hugard IV et al. (Pub. No. US2013/0275574; hereinafter Hugard IV).
Regarding claims 1 and 15, Bishop discloses the following: 
(Previously Presented) A computer implemented method of deploying a software application in a virtualized computing environment, the method comprising: 
receiving a description of the software application including an identification of a set of one or more application software resources; 
Bishop teaches receiving a description/template [0032] of the software application [0062] including an identification of a set of one or more application software resources or virtual assets [0068 0132], e.g. “virtual assets that have the same, or similar, operational parameters and are created by the same virtual asset creation template are generically referred to as virtual assets of the same "class."” [0068]. 
As cited by Bishop – “the virtual asset security compliance data and/or the application deployment security compliance data is provided to the application, and/or one or more virtual assets used to implement the application, through a virtual asset creation template used to instantiate at least one virtual asset used to implement the application” [0062])
determining one or more types of security facility required for the set of application software resources and determining a security requirement for each of the determined types of security facility; 
(Bishop teaches determining one or more types of security facility, e.g. virtual asset security policies [0051; Claim 1, Limitations 2 and 6 of Bishop], required for the set of application software resources or virtual assets, e.g. “the term "virtual asset" includes any virtualized entity or resource … the virtual assets can be, but are not limited to, virtual machines, virtual servers, and instances implemented in a cloud computing environment...”, [0051] and determining a security requirement for each of the determined types of security facility, e.g. “a virtual asset security policy requiring specific security requirements, or security level requirement, be associated with the virtual assets” [0051, 0087; Claim 3, All limitations of Bishop])
selecting a security software resource for each of the determined types of security facility, 
(Bishop teaches selecting a security software resource, e.g. “providing a security policy library” [0095], for each of the determined types of security facility or asset security policies, as evidenced by the security policy library provided from generated virtual asset security compliance data [0090; Claim 1 of Bishop])
determining a security configuration for each of the selected security software resources, the security configuration being based on [[a]] the security requirement associated with  
(Bishop teaches determining a security configuration for each of the selected security software resources [0087], the security configuration [0065, 0087-0090] being based on the security requirement associated with the security software resource [0087, 0110], e.g. “the asset security policies to be applied to the selection, operation, and deployment of assets to be used to implement the application in the production environment include, but are not limited to, an asset security policy indicating required connectivity and communication features for the assets” [0087])
generating a deployment specification for the software application specifying the application software resources and the security software resources for deployment of the application in the virtualized computing environment, 
***EXAMINER’S INTERPRETATION: 
	Generating a specified deployment sequence for the software application which specifies the application software component and further generating one or more security software resources for deployment of the application in the virtualized computing environment 
(Bishop teaches generating a deployment specification [0069, 0071-0072, 0074-0075], e.g. “the virtual asset security compliance data 112 and application deployment security compliance data 113” [0069] for the software application specifying the application software resources or virtual assets [0070-0071] and the security software resources or security policy libraries [0069] for deployment of the application in the virtualized computing environment [0029, 0074])
and deploying the software application in the virtualized computing environment according to the deployment specification.
Bishop teaches deploying the software application in the virtualized computing environment, e.g. “to ensure that both individual virtual assets used to implement an application are created and instantiated in compliance with defined virtual asset security policies and that each virtual asset used to implement an application in a cloud computing environment is deployed in the cloud computing environment in compliance with defined application deployment security policies associated with the deployment and operational coupling and interconnectivity of virtual assets used to implement the application in the cloud computing environment” [0072], according to the deployment specification [0069-0071], e.g. “each virtual asset to be used to implement the application to ensure each virtual asset used to implement the application is generated and instantiated in compliance with the one or more virtual asset security policies represented by the virtual asset security compliance data” [0070])

However, Bishop does not disclose the following:
the security software resources to be instantiated with the application software resources, each of the security software resources having associated the determined security configuration.
Nonetheless, this feature would have been made obvious, as evidenced by Subramanian.
(Subramanian teaches that the security software resources, e.g. “security extensions”, to be instantiated with the application software resources, e.g. “The user application can then be deployed as an application runtime to the cloud computing environment, including binding 270 one or more of the security extensions to the user application's security manager glue code” [0060], each of the security software resources having associated the determined security configuration [0067-0070], e.g. see citation where “the system determines, for one or more of the method invocations within the source code of the user application, matching hot-spot configurations and associated policies and actions” [0069] and “the user application is deployed as an application runtime to the cloud computing binding one or more security extensions to the user application's security manager” [0070])
At a time prior to the effective filing date of Applicant’s claimed invention, it would have been obvious to modify Bishop with the teachings of Subramanian. 
One of ordinary skill in the art would recognize the desirability of performing the following modification: Apply the teachings of Subramanian with respect to the security software resources of Bishop.
The motivations would have been “to thereafter enforce security, for example by deferring to the security extension to make the method invocations” [0060 – Subramanian] and “to enforce security upon access requests by the user application to the API usages” [0070 – Subramanian].

However, Bishop in view of Subramanian does not disclose the following:
	wherein each of the selected security software resources is a particular software component providing at least one type of security facility associated with a security requirement;
Nonetheless, this feature would have been made obvious, as evidenced by Hugard IV.
(Hugard IV teaches that each of the selected security software resources is a particular software component or security tool [0026] providing at least one type of security facility, e.g. “for example, firewalls, web gateways, mail gateways, host intrusion protection (HIP) tools, network intrusion protection (NIP) tools, anti-malware tools, data loss prevention (DLP) tools, system vulnerability managers, system policy compliance managers, asset criticality tools, intrusion detection systems (IDS), intrusion protection systems (IPS), and/or a security information management (SIM) tool, among other examples” [0036], associated with a security requirement [0036] enforced [0037] in accordance a security policy [0013], e.g. “security tools deployed either remote from (e.g., security tools 242) or locally (e.g., agent 244) on various computing devices (e.g., 220, 225, 230, 235, 240) can be used to enforce security policies for the system entities (e.g., network, system, application, and person entities)” Each system entity can have fundamental characteristics that are atomic to it. For instance, for system-type system entities, such characteristics, or attributes, can include an IP address (or IP addresses), corresponding media access control (MAC) address(es), fully qualified domain name (FQDN), operating system(s), etc. Knowing such characteristics can be a precondition for effective risk analysis and security enforcement to occur” [0037])
Apply this teaching of Hugard IV in accordance with the selected security software resources of Bishop in view of Subramanian. 
At a time prior to the effective filing date of Applicant’s claimed invention, it would have been obvious to modify Bishop in view of Subramanian with the teachings of Hugard IV. 
One of ordinary skill in the art would recognize the desirability of performing the following modification: 
Rationale G: Teaching, Suggestion, and Motivation. 
The motivation would have to provide this exemplary benefit: “database-specific security policies, scans, and policy enforcement techniques can be applied specifically to the system entities tagged with tag K, as an example” [0033 – Hugard IV].
Regarding claims 3 and 10, Bishop in view of Subramanian in view of Hugard IV disclose the following: 
wherein the application definition facility is an application designer for the virtualized computing environment, the application designer including a registry of selectable application components for the software application.  
(Bishop teaches that the application definition facility/tool is an application designer for the virtualized computing environment [0033-0034], the application designer including a registry of selectable application components for the software application [0028, 0039], e.g. “Examples of trusted computing environments include the assets and components making up data centers associated with, and/or controlled by, an application and/or any computing systems and/or virtual assets, and/or networks of 
Regarding claims 6 and 13, Bishop in view of Subramanian in view of Hugard IV disclose the following:
wherein the security configuration for an identified security software resource is generated automatically by a security service provider for the security software resource based on the associated security requirement. 
(Bishop teaches that the security configuration for an identified security software resource [0099] is generated automatically by a security service provider [0098] for the security software resource based on the associated security requirement [0087])
Regarding claims 7 and 14, Bishop in view of Subramanian in view of Hugard IV disclose the following: 
wherein deploying the software application in the virtualized computing environment according to the deployment specification (see Bishop, [0069-0072]) further comprises providing the deployment specification to the virtualized computing environment to: 
instantiate the software application including the application software resources and the security software resources; and 
(Bishop teaches instantiating the software application including the application software resources [Claim 1 of Bishop] and the security software resources [Claim 5 of Bishop], e.g. “instantiating, using the generated virtual asset security data of the virtual asset template, at least one virtual asset complying with the virtual asset security policies” [Claim 1 of Bishop])
configure the security software resources in accordance with the security configuration determined for each of the security software resources.  
Bishop teaches configuring the security software resources or library [0099] in accordance with the security configuration determined for each of the security software resources [0099], e.g. “one embodiment asset security compliance data 116 and application deployment security compliance data 117, once generated, are included in process module 114 as part of security policy library 115” [0099])
Regarding claim 8, Bishop disclose the following: 
(Currently Amended) A computer system arranged to deploy a software application in a virtualized computing environment comprising: 
at least one processor and memory (see Bishop [0186]) configured to: 
receive an interface, whereby a description of a software application for deployment in a virtualized computing environment is received, the description including an identification of a set of one or more application software resources, 
(Bishop teaches receive an interface [0028, 0031-0033], whereby a description/template [0032] of the software application [0062] including an identification of a set of one or more application software resources  or virtual asses [0068 0132], e.g. “virtual assets that have the same, or similar, operational parameters and are created by the same virtual asset creation template are generically referred to as virtual assets of the same "class."” [0068]. 
As cited by Bishop – “the virtual asset security compliance data and/or the application deployment security compliance data is provided to the application, and/or one or more virtual assets used to implement the application, through a virtual asset creation template used to instantiate at least one virtual asset used to implement the application” [0062])
determine one or more types of security facility required for the set of application software resources and to determine a security requirement for each of the determined types of security facility, 
(Bishop teaches determining one or more types of security facility, e.g. virtual asset security policies [0051; Claim 1, Limitations 2 and 6 of Bishop], required for the set of application software resources or Bishop])
select a security software resource for each of the determined types of security facility, 
(Bishop teaches selecting a security software resource, e.g. “providing a security policy library” [0095], for each of the determined types of security facility or asset security policies, as evidenced by the security policy library provided from generated virtual asset security compliance data [0090; Claim 1 of Bishop])
determine a security configuration for each of the selected security software resources, the security configuration being based on [[a]] the security requirement associated with 
(Bishop teaches determining a security configuration for each of the selected security software resources [0087], the security configuration [0065, 0087-0090] being based on the security requirement associated with the security software resource [0087, 0110], e.g. “the asset security policies to be applied to the selection, operation, and deployment of assets to be used to implement the application in the production environment include, but are not limited to, an asset security policy indicating required connectivity and communication features for the assets” [0087])
generate a deployment specification for the software application specifying the application software resources and the security software resources for deployment of the application in the virtualized computing environment,
Bishop teaches generating a deployment specification [0069, 0071-0072, 0074-0075], e.g. “the virtual asset security compliance data 112 and application deployment security compliance data 113” [0069] for the software application specifying the application software resources or virtual assets [0070-0071] and the security software resources or security policy libraries [0069] for deployment of the application in the virtualized computing environment [0029, 0074])
and deploy the software application in the virtualized computing environment according to the deployment specification.
(Bishop teaches deploying the software application in the virtualized computing environment, e.g. “to ensure that both individual virtual assets used to implement an application are created and instantiated in compliance with defined virtual asset security policies and that each virtual asset used to implement an application in a cloud computing environment is deployed in the cloud computing environment in compliance with defined application deployment security policies associated with the deployment and operational coupling and interconnectivity of virtual assets used to implement the application in the cloud computing environment” [0072], according to the deployment specification [0069-0071], e.g. “each virtual asset to be used to implement the application to ensure each virtual asset used to implement the application is generated and instantiated in compliance with the one or more virtual asset security policies represented by the virtual asset security compliance data” [0070])

However, Bishop does not disclose the following:
the security software resources to be instantiated with the application software resources, each of the security software resources having associated the determined security configuration.  
Nonetheless, this feature would have been made obvious, as evidenced by Subramanian.
(Subramanian teaches that the security software resources, e.g. “security extensions”, to be instantiated with the application software resources, e.g. “The user application can then be deployed as an application runtime to the cloud computing environment, including binding 270 one or more of the security extensions to the user application's security manager glue code” [0060], each of the security software resources having associated the determined security configuration [0067-0070], e.g. see citation where “the system determines, for one or more of the method invocations within the source code of the user application, matching hot-spot configurations and associated policies and actions” [0069] and “the user application is deployed as an application runtime to the cloud computing environment, including binding one or more security extensions to the user application's security manager” [0070])
At a time prior to the effective filing date of Applicant’s claimed invention, it would have been obvious to modify Bishop with the teachings of Subramanian. 
One of ordinary skill in the art would recognize the desirability of performing the following modification: Apply the teachings of Subramanian with respect to the security software resources of Bishop.
The prima facie case of obviousness would have been the same as that of claim 1.

However, Bishop in view of Subramanian does not disclose the following:
	wherein each of the selected security software resources is a particular software component providing at least one type of security facility associated with a security requirement;
Nonetheless, this feature would have been made obvious, as evidenced by Hugard IV.
(Hugard IV teaches that each of the selected security software resources is a particular software component or security tool [0026] providing at least one type of security facility, e.g. “for example, firewalls, web gateways, mail gateways, host intrusion protection (HIP) tools, network intrusion protection (NIP) tools, anti-malware tools, data loss prevention (DLP) tools, system vulnerability managers, system policy compliance managers, asset criticality tools, intrusion detection systems (IDS), intrusion protection systems (IPS), and/or a security information management (SIM) tool, among other Each system entity can have fundamental characteristics that are atomic to it. For instance, for system-type system entities, such characteristics, or attributes, can include an IP address (or IP addresses), corresponding media access control (MAC) address(es), fully qualified domain name (FQDN), operating system(s), etc. Knowing such characteristics can be a precondition for effective risk analysis and security enforcement to occur” [0037])
At a time prior to the effective filing date of Applicant’s claimed invention, it would have been obvious to modify Bishop in view of Subramanian with the teachings of Hugard IV. 
One of ordinary skill in the art would recognize the desirability of performing the following modification: Apply this teaching of Hugard IV in accordance with the selected security software resources of Bishop in view of Subramanian. 
At a time prior to the effective filing date of Applicant’s claimed invention, it would have been obvious to modify Bishop in view of Subramanian with the teachings of Hugard IV. 
One of ordinary skill in the art would recognize the desirability of performing the following modification: Apply this teaching of Hugard IV in accordance with the selected security software resources of Bishop in view of Subramanian. 
The prima facie case of obviousness would have been the same as that of claim 1.
Regarding claim 16, Bishop in view of Subramanian in view of Hugard IV disclose the following: 
(Currently Amended) A non-transitory computer-readable program storage element comprising computer program code to, when loaded into a computer system and executed thereon, cause the computer system to perform the method as claimed in claim 1.
(see [Paragraph 0186 of Bishop])
Claim(s) 2, 4-5, 9, and 11-12 are rejected under 35 U.S.C. 103 as being unpatentable over Bishop in view of Subramanian in view of Hugard IV in view of Nagaratnam et al. (Pub. No. US2017/0041347; hereinafter Nagaratnam).
Regarding claim 2, Bishop in view of Subramanian in view of Hugard IV does not disclose the following:
wherein the method is performed by a proxy deployed between a user specifying the application and an application definition facility for a virtualized computing environment, the application definition facility providing the description of the software application, and wherein the receiving comprises intercepting the description communicated between the application definition facility and the user.  
Nonetheless, this feature would have been made obvious, as evidenced by Nagaratnam.
(Nagaratnam teaches that the method is performed by a proxy [0077], deployed/located/positioned between a user specifying the application and an application definition facility [0077, 0079; FIG. 6, see APPLICATION OWNERS/ADMINS and CLOUD TEAMS/ADMINS] for a virtualized computing environment, e.g. “the virtual systems are deployed to the cloud” [0069], the application definition facility providing the description of the software application, e.g. “the security assurance service operates to define and/or tailor the security configuration changes required for that existing environment” [0082], and wherein the receiving comprises intercepting the description communicated between the application definition facility and the user [0077]. 
For further teaching about a proxy, the following is cited: 
These resources may be quite varied and include, among others, reverse proxies, …, and so forth. Preferably, the service invokes remote interfaces (e.g., REST-based interfaces) to update configurations for the security resources” [0077])
At a time prior to the effective filing date of Applicant’s claimed invention, it would have been obvious to modify Bishop in view of Subramanian in view of Hugard IV with the teachings of Nagaratnam.
One of ordinary skill in the art would recognize the desirability of performing the following modification: Applying the teachings of Nagaratnam in order to deploy the application of Bishop in view of Subramanian in view of Hugard IV.
The motivation would have been to provide “for a centralized or federated service that manages all (or defined ones of) security resources impacted by application deployment” [0077 – Nagaratnam].
Regarding claims 4 and 11, Bishop in view of Subramanian in view of Hugard IV in view of Nagaratnam disclose the following: 
wherein at least two the one or more types of security facilities are determined and are a set of more than one types of security facility, and the method further comprises optimizing the set of security facilities by at least one of de- duplicating the set of security facilities or consolidating two or more security facilities in the set of security facilities.  
(Nagaratnam teaches that at least two the one or more types of security facilities are determined and are a set of more than one types of security facility, e.g. “the service that provide easy-to-understand security categories or profiles, and their associated security levels, such as "high/medium/low internal network security" and "high/medium/low firewall security," and the like” [0077], and the method further comprises optimizing the set of security facilities – see example for "Internal Network Security":  
“generate a security-optimized deployment for an application” [0082], by consolidating two or more security facilities in the set of security facilities , e.g. “(i) creating a "junction" between a front-end proxy server and a back-end Web application server based on application endpoint, (ii) use basic authentication for the junction and configure a trust association interceptor (TAI) in the application server for single sign-on (SSO), and (iii) enable restrictive firewalls, and open ports to the application endpoint” [0086]) 
At a time prior to the effective filing date of Applicant’s claimed invention, it would have been obvious to modify Bishop in view of Subramanian in view of Hugard IV the teachings of Nagaratnam. 
One of ordinary skill in the art would recognize the desirability of performing the following modification: Apply the teachings of Nagaratnam for the security facilities of Bishop in view of Subramanian in view of Hugard IV.
The motivation would have been as follows: “Thus, when the cloud provider deploys the application (or initiates the deployment), it notifies the security assurance service of the one or more selected (or otherwise defined or prescribed) security templates” [0087].
Regarding claims 5 and 12, Bishop in view of Subramanian in view of Hugard IV in view of Nagaratnam disclose the following:
wherein the security software resources for each of the determined types of security facility constitute a set of security software resources, and the method further comprises optimizing the set of security software resources by at least one of de-duplicating the set of security software resources or consolidating two or more security software resources in the set of security software resources.  
(Nagaratnam teaches that the security software resources for each of the determined types of security facility constitute a set of security software resources, e.g. “A particular enterprise application being deployed thus may have one or more such security templates associated therewith, each defining a category and a specified security level. Thus, for example, a particular application being deployed may have the following specification: Internal Network Security (Low), Application Security (High), Data Security (High) and Intruder Protection (High)” [0084], and the method further comprises optimizing the set of security software resources by at least one of de-duplicating the set of security software resources 
“generate a security-optimized deployment for an application” [0082], by consolidating two or more security facilities in the set of security facilities , e.g. “(i) creating a "junction" between a front-end proxy server and a back-end Web application server based on application endpoint, (ii) use basic authentication for the junction and configure a trust association interceptor (TAI) in the application server for single sign-on (SSO), and (iii) enable restrictive firewalls, and open ports to the application endpoint” [0086])
At a time prior to the effective filing date of Applicant’s claimed invention, it would have been obvious to modify Bishop in view of Subramanian in view of Hugard IV the teachings of Nagaratnam. 
One of ordinary skill in the art would recognize the desirability of performing the following modification: Apply the teachings of Nagaratnam for security software resources of Bishop in view of Subramanian in view of Hugard IV.
The motivation would have been the same as that of claims 4 and 11.
Regarding claim 9, Bishop in view of Subramanian in view of Hugard IV in view of Nagaratnam disclose the following: 
wherein the computer system is a proxy deployed between a user specifying the application and an application definition facility for a virtualized computing environment, the application definition facility providing the description of the software application, and wherein the interface is arranged to intercept the description communicated between the application definition facility and the user.   
(Nagaratnam teaches that the computer system is a proxy [0077], deployed/located/positioned between a user specifying the application and an application definition facility [0077, 0079; FIG. 6, see APPLICATION OWNERS/ADMINS and CLOUD TEAMS/ADMINS] for a virtualized computing environment, e.g. “the virtual systems are deployed to the cloud” [0069], the application definition facility providing 
For further teaching about a proxy, the following is cited: 
“These resources may be quite varied and include, among others, reverse proxies, …, and so forth. Preferably, the service invokes remote interfaces (e.g., REST-based interfaces) to update configurations for the security resources” [0077])
At a time prior to the effective filing date of Applicant’s claimed invention, it would have been obvious to modify Bishop in view of Subramanian in view of Hugard IV the teachings of Nagaratnam. 
The prima facie case of obviousness would have been the same as that of claim 2.

Response to Arguments
Applicant’s arguments, see “REMARKS”, filed September 1, 2021, with respect to claims 1-16. 
However, these arguments/remarks are not persuasive. 
With respect to the claims, Examiner first states on record that they bring forth a new issues of substance under 35 U.S.C. 112(b). Please see section above titled “Claim Rejections - 35 USC § 112”.
Examiner second states that the claims are still rejected as unpatentable over 35 U.S.C. 103. Despite the arguments set forth by Applicant, Examiner has found citations in the prior art of record to justify the teachings of prior art of record. 
Applicant argues that: 
Hugard IV et al. (Pub. No. US2013/0275574; hereinafter Hugard IV
Hugard IV is silent about a cited “security tool” providing at least one type of security facility. However, Examiner respectfully disagrees to this also. Additional citations of Hugard IV show that security tools provide specific facilities. 
Examiner will respond to these arguments. But first, the broadest reasonable interpretation is provided for the claim below: 
“wherein each of the selected security software resources is a particular software component providing at least one type of security facility associated with a security requirement;”
***EXAMINER’S INTERPRETATION:
	“wherein each selected security software resource or security software component provides a security capability consistent with a security requirement defined in a policy for the system environment, the system environment comprising an application and a network”
In response to these arguments, Examiner submits the following: 
Hugard IV teaches that a security tool is a selected security software resource, and there are multiple “security tools” [0036]. The enforced security policy is a policy with requirements [0034] that are enforced for each tool, e.g. “Each system entity can have fundamental characteristics that are atomic to it. For instance, for system-type system entities, such characteristics, or attributes, can include an IP address (or IP addresses), corresponding media access control (MAC) address(es), fully qualified domain name (FQDN), operating system(s), etc. Knowing such characteristics can be a precondition for effective risk analysis and security enforcement to occur” [0037].  The system entities are applications [0020, 0033] within the network of the system environment [0030-0031], e.g. “a computing environment to define other dependencies and hierarchies other than network:system:application, etc” [0030] .
Hugard IV teaches that each cited security tool provides one type of security facility that is associated with an enforced security requirement, e.g. “Such security tools 242 can include, for 
Given this evidence above, the teachings of Hugard IV still meet the claimed language. When teachings are applied to the application software resources of Bishop in view of Subramaniam, it would have been obvious to securitize these applications/entities with those security tools. Examiner re-iterates a motivational benefit of Hugard IV below: “database-specific security policies, scans, and policy enforcement techniques can be applied specifically to the system entities tagged with tag K, as an example” [0033 – Hugard IV].
Therefore, Examiner maintains rejection of the claims as unpatentable over 35 U.S.C. 103. 
Examiner further suggests that Applicant amend the claims to overcome the current rejections set forth, as well as all prior art of record. 

Conclusion  
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH 

Contact Information
Any inquiry concerning this communication or earlier communications from the Examiner should be directed to Gilles Kepnang whose telephone number is (571) 270-7417. Business hours for Examiner are Monday – Friday (8:00 AM – 5:00 PM).
If attempts to reach the Examiner by telephone are unsuccessful, please contact Lewis Bullock (571) 272-3759. 
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/GILLES R KEPNANG/Examiner, Art Unit 2199                                                                                                                                                                                        
September 7, 2021

/LEWIS A BULLOCK  JR/Supervisory Patent Examiner, Art Unit 2199