Detailed Action
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Amendment filed on 02/17/2021 has been acknowledged. This communication is in response to RCE filed on 02/17/2021. Claims 1, 3, 6-7, 9-13, 15 and 25-37 are currently pending and have been considered below. Claims 1, 28 and 31 are independent claim. Claims 2, 4-5, 8, 14 and 16-24 are cancelled. Claims 1, 7, 9-13, 25, 28, 30-32, 35-36 have been amended.

Continued Examination under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 02/17/2021 has been entered.

Priority
The application claims the benefit of 62/652,320 filed on 04/04/2018.

Remarks and Response 
Applicant’s arguments filed in the amendments on 02/17/2021 have been fully considered but are moot in view of new grounds of rejection.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees.   A nonstatutory obviousness-type double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the conflicting application or 
The USPTO internet Web site contains terminal disclaimer forms which may be used.  Please visit http://www.uspto.gov/forms/. The filing date of the application will determine what form should be used.  A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission.  For more information about eTerminal Disclaimers, refer to http://www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.  
Claims 1, 28 and 31 are provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1 of co-pending applications 16/024,863. Although the claims at issue are not identical, they are not patentably distinct from each other because the claims in the co-pending application contains every element of claims of the instant application.  A later patent claim is not patentably distinct from an earlier patent claim if the later claim is obvious over, or anticipated by, the earlier claim. In re Longi, 759 F.2d at 896, 225 USPQ at 651 (affirming a holding of obviousness-type double patenting because the claims at issue were obvious over claims in four prior art patents); In re Berg, 140 F.3d at 1437, 46 USPQ2d at 1233 (Fed. Cir. 1998) (affirming a holding of obviousness-type double patenting where a patent application claim to 
Claims 1, 28 and 31are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1 of co-pending application 16/024,863 in view of Shimamura (US Patent Application Publication No 2019/0166221 A1) in view of Moore (US Patent Application Publication No 2007/0266433 A1). This is a nonstatutory obviousness type double patenting rejection. 
This is a provisional non-statutory double patenting rejection because the conflicting claims have not been patented yet.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed 

Claim 1, 3, 6-7, 9-11, 15 and 25-37 are rejected under 35 U.S.C. 103 as being unpatentable over Shimamura (US Patent Application Publication No 2019/0166221 A1) in view of Moore (US Patent Application Publication No 2007/0266433 A1). 

Regarding Claim 1, Shimamura discloses a method comprising: 
based on detection of an event that is a trigger for a serverless function, an application firewall inspecting input for the serverless function prior to execution of the serverless function (Shimamura, ¶[0016], Fig-1, a REST API is utilized in order implement an interface layer between serverless computing environment and external networks and computing devices that wish to access or otherwise utilize the computational resources of serverless computing environment. ¶[0019], master node can broadly viewed as a central executor and central information hub in serverless computing environment, operable to monitor the state of the worker nodes and storage nodes and analyze and assign UDFs to a task queue);
wherein the serverless function and the application firewall are in same runtime environment (Shimamura, ¶[0028], provisioner module receive tasks to task queue and the corresponding characterizing information for tasks to master node. ¶[0029], master node receives 
Shimamura does not explicitly disclose the following limitation that Moore teaches:
to determine whether said input contains unsafe data (Moore, ¶[0029], the VSA may include a security function module having one or more threat analysis modules adapted for evaluating threats posed by received data packets);
based on a determination that the input does not contain unsafe data, allowing the serverless function to execute with the input (Moore, ¶[0029], the threat module may be adapted to evaluate the data based on predetermined criteria including particular security rules stored in a rules module. A response control module may be configured for carrying out or initiating any of various actions based on the output of the threat analysis module. These may include accepting or allowing the data to pass or to block or reroute the data transmission. The action may include initiating an alert, e-mail or other advisory message. Fig-4, ¶[0032]); and
based on a determination that the input includes unsafe data that is malicious or abnormal, raising a security action (Moore, ¶[0029], the threat module may be adapted to evaluate the data based on predetermined criteria including particular security rules stored in a rules module. A response control module may be configured for carrying out or initiating any of various actions based on the output of the threat analysis 
Shimamura in view of Moore are analogous art because they are from the “same field of endeavor” and are from the same “problem solving area”. Namely, they pertain to the field of “data management system and security of data access”. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the invention of Shimamura in view of Moore to include the idea of having an interface to receive data communication directed to other network device for initiating a security function. It will enhance the security of the system by blocking the fraudulent users (Moore, ¶[0020]).

Regarding claim 3, Shimamura in view of Moore discloses the method of claim 1, wherein raising a security action one or more of: 
raising an alert (Moore, ¶[0029], a response control module may be configured for carrying out or initiating any of various actions based on the output of the threat analysis module. These may include accepting or allowing the data to pass or to block or reroute the data transmission. The action may include initiating an alert, e-mail or other advisory message. Fig-4, ¶[0032], VSA can intercept and inspect communication traffic between virtualized and 
preventing the serverless function from executing (Moore, ¶[0029], a response control module may be configured for carrying out or initiating any of various actions based on the output of the threat analysis module. These may include accepting or allowing the data to pass or to block or reroute the data transmission. The action may include initiating an alert, e-mail or other advisory message. Fig-4, ¶[0032], VSA can intercept and inspect communication traffic between virtualized and external resources and allow or deny traffic based on the presence of unauthorized or undesirable content), 
removing said malicious, suspicious or abnormal data from said input (the limitation is in alternate form),
raising an exception in code of the serverless function (the limitation is in alternate form), 
generating a log entry of detection of said malicious data (the limitation is in alternate form), and
generating forensic information related to execution of the serverless function (the limitation is in alternate form).

Regarding Claim 6, Shimamura in view of Moore discloses the method of claim 1, wherein said application firewall inspects said input at an application layer (Moore, ¶[0019], they may be configured to pass through conventional network security devices such as firewall, anti-virus 

Regarding Claim 7, Shimamura in view of Moore discloses the method of claim 1, wherein the application firewall inspecting said input comprises the application firewall classifying an event message of the event and parsing the event message based on an event type determined from the classifying (Moore, ¶[0019], they may be configured to pass through conventional network security devices such as firewall, anti-virus or intrusion detection systems. ¶[0028], the virtual network resides in a virtualization layer on a host machine. Fig-4, ¶[0032], VSA can intercept and inspect communication traffic between virtualized and external resources and allow or deny traffic based on the presence of unauthorized or undesirable content).

Regarding Claim 9, Shimamura in view of Moore discloses the method of claim 1, wherein the application firewall inspecting the input comprises the application firewall decoding encoded fields after parsing an event message of said event (Moore, ¶[0019], they may be configured to pass through conventional network security devices such as firewall, anti-virus 

Regarding Claim 10, Shimamura in view of Moore discloses the method of claim 1, wherein the application firewall inspecting said input comprises the application firewall clearing fields in said event which do not affect execution of the serverless function (Moore, ¶[0019], they may be configured to pass through conventional network security devices such as firewall, anti-virus or intrusion detection systems. ¶[0028], the virtual network resides in a virtualization layer on a host machine. Fig-4, ¶[0032], VSA can intercept and inspect communication traffic between virtualized and external resources and allow or deny traffic based on the presence of unauthorized or undesirable content).

Regarding Claim 11, Shimamura in view of Moore discloses the method of claim 1, further comprising: 
based on a determination that the input contains safe data, collecting sample data from the event (Moore, ¶[0030], it may be used to profile communication flows between network nodes and identify changes or addition to system services. ¶[0039], the VSAs to profile attributes 
building a profile of normal input based, at least in part, on the collected sample data (Moore, ¶[0030], it may be used to profile communication flows between network nodes and identify changes or addition to system services. ¶[0039], the VSAs to profile attributes related to their configurations, active services, roles, communication flows and other dimensions).

Regarding Claim 15, Shimamura in view of Moore discloses the method of claim 1, further comprising: 
the application firewall inspecting function output data from the serverless function to determine whether the function output data is acceptable (Moore, ¶[0019], they may be configured to pass through conventional network security devices such as firewall, anti-virus or intrusion detection systems. ¶[0028], the virtual network resides in a virtualization layer on a host machine. Fig-4, ¶[0032], VSA can intercept and inspect communication traffic between virtualized and external resources and allow or deny traffic based on the presence of unauthorized or undesirable content); and
blocking communication of the function output data to a caller of the serverless function based on a determination that the function output data is not aceptable (Moore, ¶[0019], they may be configured to pass 

Regarding Claim 25, Shimamura in view of Moore discloses the method of claim 1 further comprising: 
based on the serverless function being allowed to execute, inserting security sensors into the runtime environment to monitor execution behavior of the serverless function (Moore, ¶[0019], they may be configured to pass through conventional network security devices such as firewall, anti-virus or intrusion detection systems. ¶[0028], the virtual network resides in a virtualization layer on a host machine. Fig-4, ¶[0032], VSA can intercept and inspect communication traffic between virtualized and external resources and allow or deny traffic based on the presence of unauthorized or undesirable content); and 
raising a security action if unsafe or abnormal execution behavior is detected (Moore, ¶[0019], they may be configured to pass through conventional network security devices such as firewall, anti-virus or intrusion detection systems. ¶[0028], the virtual network resides in a virtualization layer on a host machine. Fig-4, ¶[0032], VSA can intercept 

Regarding Claim 26, Shimamura in view of Moore discloses the method of claim 25 further comprising building a normal execution behavior profile based partly on monitored execution behavior of the serverless function if the serverless function executes with the input to completion without unsafe or abnormal behavior (Moore, ¶[0030], it may be used to profile communication flows between network nodes and identify changes or addition to system services. ¶[0039], the VSAs to profile attributes related to their configurations, active services, roles, communication flows and other dimensions).

Regarding Claim 27, Shimamura in view of Moore discloses the method of claim 1 further comprising: 
based on a determination that the input includes safe and unsafe data, allowing the serverless function to execute with the safe data and raising a security action for the unsafe data (Moore, ¶[0029], a response control module may be configured for carrying out or initiating any of various actions based on the output of the threat analysis module. These may include accepting or allowing the data to pass or to block or reroute the data transmission. The action may include initiating an alert, e-mail or 

Regarding Claim 28, Shimamura discloses a non-transitory computer-readable medium having program code stored thereon, the program code comprising instructions to (Shimamura, ¶[0048]): 
based on detection of an event that is a trigger for a serverless function inspect input for the serverless function prior to execution of the serverless function to determine whether said input contains unsafe data, wherein the serverless function and the application firewall program code are in a same runtime environment (Shimamura, ¶[0016], Fig-1, a REST API is utilized in order implement an interface layer between serverless computing environment and external networks and computing devices that wish to access or otherwise utilize the computational resources of serverless computing environment. ¶[0019], master node can broadly viewed as a central executor and central information hub in serverless computing environment, operable to monitor the state of the worker nodes and storage nodes and analyze and assign UDFs to a task queue); 
wherein the serverless function and the application firewall are in same runtime environment (Shimamura, ¶[0028], provisioner module 
Shimamura does not explicitly disclose the following limitation that Moore teaches:
based on a determination that the input does not contain unsafe data, allow the serverless function to execute with the input (Moore, ¶[0029], the threat module may be adapted to evaluate the data based on predetermined criteria including particular security rules stored in a rules module. A response control module may be configured for carrying out or initiating any of various actions based on the output of the threat analysis module. These may include accepting or allowing the data to pass or to block or reroute the data transmission. The action may include initiating an alert, e-mail or other advisory message. Fig-4, ¶[0032]); 
based on a determination that the input includes unsafe data that is malicious, raise a security action (Moore, ¶[0029], the threat module may be adapted to evaluate the data based on predetermined criteria including particular security rules stored in a rules module. A response control module may be configured for carrying out or initiating any of various actions based on the output of the threat analysis module. These may include accepting or allowing the data to pass or to block or reroute 
Shimamura in view of Moore are analogous art because they are from the “same field of endeavor” and are from the same “problem solving area”. Namely, they pertain to the field of “data management system and security of data access”. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the invention of Shimamura in view of Moore to include the idea of having an interface to receive data communication directed to other network device for initiating a security function. It will enhance the security of the system by blocking the fraudulent users (Moore, ¶[0020]).

Regarding Claim 29, Shimamura in view of Moore discloses the non-transitory computer-readable medium of claim 28, wherein the program code further comprises at least one of: 
instructions to determine whether the event conforms to a normal event profile, wherein the instructions to allow the serverless function to execute with the input also allow the serverless function to execute with the input based on a determination that the event conforms to the normal event profile (Moore, ¶[0030], it may be used to profile communication flows between network nodes and identify changes or addition to system services. ¶[0039], the VSAs to profile attributes related to their 
instructions to determine whether the input includes data indicated in a white list, wherein the instructions to allow the serverless function to execute with the input also allow the serverless function to execute with the data indicated in the white list (Moore, ¶[0030], it may be used to profile communication flows between network nodes and identify changes or addition to system services. ¶[0039], the VSAs to profile attributes related to their configurations, active services, roles, communication flows and other dimensions. Fig-4, ¶[0032], VSA can intercept and inspect communication traffic between virtualized and external resources and allow or deny traffic based on the presence of unauthorized or undesirable content); and 
instructions to determine whether the input includes data indicated in a black list, wherein the instructions to raise a security action also raise a security action if the input is determined to include data indicated in the black list (Moore, ¶[0030], it may be used to profile communication flows between network nodes and identify changes or addition to system services. ¶[0039], the VSAs to profile attributes related to their configurations, active services, roles, communication flows and other dimensions. Fig-4, ¶[0032], VSA can intercept and inspect communication traffic between virtualized and external resources and 

Regarding Claim 30, Shimamura in view of Moore discloses the non-transitory computer-readable medium of claim 28, wherein the program code further comprises instructions to: 
inspect output from the serverless function executing with the input to determine whether the output is acceptable (Moore, ¶[0019], they may be configured to pass through conventional network security devices such as firewall, anti-virus or intrusion detection systems. ¶[0028], the virtual network resides in a virtualization layer on a host machine. Fig-4, ¶[0032], VSA can intercept and inspect communication traffic between virtualized and external resources and allow or deny traffic based on the presence of unauthorized or undesirable content); and 
prevent communicating of the output to a caller of the serverless function if the output is determined to not be acceptable (Moore, ¶[0019], they may be configured to pass through conventional network security devices such as firewall, anti-virus or intrusion detection systems. ¶[0028], the virtual network resides in a virtualization layer on a host machine. Fig-4, ¶[0032], VSA can intercept and inspect communication traffic between virtualized and external resources and allow or deny traffic based on the presence of unauthorized or undesirable content).

Regarding Claim 31, Shimamura in view of Moore discloses a system comprising: 
a processor (Shimamura, ¶[0048]); 
one or more machine-readable media having program code for a serverless function and program code for an application firewall stored thereon, the program code for the application firewall executable by the processor to cause the system to (Shimamura, ¶[0048]), 
based on detection of an event that is a trigger for the of the serverless function, inspect input for the runtime environment of both the application firewall and the serverless function (Shimamura, ¶[0016], Fig-1, a REST API is utilized in order implement an interface layer between serverless computing environment and external networks and computing devices that wish to access or otherwise utilize the computational resources of serverless computing environment. ¶[0019], master node can broadly viewed as a central executor and central information hub in serverless computing environment, operable to monitor the state of the worker nodes and storage nodes and analyze and assign UDFs to a task queue);
wherein the application firewall and the serverless function are in a same runtime environment (Shimamura, ¶[0028], provisioner module receive tasks to task queue and the corresponding characterizing information for tasks to master node. ¶[0029], master node receives 
Shimamura does not explicitly disclose the following limitation that Moore teaches:
to determine whether the input contains unsafe data (Moore, ¶[0029], the VSA may include a security function module having one or more threat analysis modules adapted for evaluating threats posed by received data packets); 
based on a determination that the input does not contain unsafe data, allow the serverless function to execute with the input (Moore, ¶[0029], the threat module may be adapted to evaluate the data based on predetermined criteria including particular security rules stored in a rules module. A response control module may be configured for carrying out or initiating any of various actions based on the output of the threat analysis module. These may include accepting or allowing the data to pass or to block or reroute the data transmission. The action may include initiating an alert, e-mail or other advisory message. Fig-4, ¶[0032]); and 
based on a determination that the input includes unsafe data that is malicious or abnormal, raise a security action (Moore, ¶[0029], the threat module may be adapted to evaluate the data based on predetermined criteria including particular security rules stored in a rules module. A response control module may be configured for carrying out or initiating any of various actions based on the output of the threat analysis module. 
Shimamura in view of Moore are analogous art because they are from the “same field of endeavor” and are from the same “problem solving area”. Namely, they pertain to the field of “data management system and security of data access”. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the invention of Shimamura in view of Moore to include the idea of having an interface to receive data communication directed to other network device for initiating a security function. It will enhance the security of the system by blocking the fraudulent users (Moore, ¶[0020]).

Regarding Claim 32, Shimamura in view of Moore discloses the machine-readable media further has program code for execution behavior monitoring that is executable by the processor to cause the system to: 
based on a determination by the application firewall that the input includes unsafe data that is suspicious, insert security sensors into the runtime environment and apply a more strict security policy for this execution of the serverless function to monitor execution behavior of the serverless function (Moore, ¶[0019], they may be configured to pass 
raise a security action if unsafe or abnormal execution behavior is detected (Moore, ¶[0019], they may be configured to pass through conventional network security devices such as firewall, anti-virus or intrusion detection systems. ¶[0028], the virtual network resides in a virtualization layer on a host machine. Fig-4, ¶[0032], VSA can intercept and inspect communication traffic between virtualized and external resources and allow or deny traffic based on the presence of unauthorized or undesirable content).

Regarding Claim 33, Shimamura in view of Moore discloses the system of claim 32, wherein the machine-readable media further has program code executable by the processor to cause the system to build a normal execution behavior profile based partly on monitored execution behavior of the serverless function if the serverless function executes with the input to completion without detection of unsafe or abnormal behavior (Moore, ¶[0030], it may be used to profile communication flows between network nodes and identify changes or addition to system services. 

Regarding Claim 34, Shimamura in view of Moore discloses the system of claim 31, wherein the program code for the application firewall is further executable by the processor to cause the system to: 
based on a determination that the input includes safe and unsafe data, allow the serverless function to execute with the safe data and raise a security action for the unsafe data (Moore, ¶[0029], a response control module may be configured for carrying out or initiating any of various actions based on the output of the threat analysis module. These may include accepting or allowing the data to pass or to block or reroute the data transmission. The action may include initiating an alert, e-mail or other advisory message. Fig-4, ¶[0032], VSA can intercept and inspect communication traffic between virtualized and external resources and allow or deny traffic based on the presence of unauthorized or undesirable content).

Regarding Claim 35, Shimamura in view of Moore discloses the system of claim 31, wherein the program code for the application firewall is executable by the processor to cause the system to at least one of:
determine whether the event conforms to a normal event profile, wherein the program code for the application firewall to allow the 
determine whether the input includes data indicated in a white list, wherein the program code for the application firewall to allow the serverless function to execute with the input is also executable to allow the serverless function to execute with the data indicated in the white list (Moore, ¶[0030], it may be used to profile communication flows between network nodes and identify changes or addition to system services. ¶[0039], the VSAs to profile attributes related to their configurations, active services, roles, communication flows and other dimensions. Fig-4, ¶[0032], VSA can intercept and inspect communication traffic between virtualized and external resources and allow or deny traffic based on the presence of unauthorized or undesirable content); and 
determine whether the input includes data indicated in a black list, wherein the program code for the application firewall to raise a security 

Regarding Claim 36, Shimamura in view of Moore discloses the system of claim 31, wherein the program code for the application firewall is further executable by the processor to cause the system to:
inspect output from the serverless function executing with the input to determine whether the output is acceptable (Moore, ¶[0029], a response control module may be configured for carrying out or initiating any of various actions based on the output of the threat analysis module. These may include accepting or allowing the data to pass or to block or reroute the data transmission. The action may include initiating an alert, e-mail or other advisory message. Fig-4, ¶[0032], VSA can intercept and inspect communication traffic between virtualized and external resources and allow or deny traffic based on the presence of unauthorized or undesirable content); and 


Regarding Claim 37, Shimamura in view of Moore discloses the system of claim 36, wherein the program code for the application firewall being executable to inspect output from the serverless function executing with the input to determine whether the output is acceptable comprises the program code being executable to inspect the output to determine whether the output is sensitive information (Moore, ¶[0029], a response control module may be configured for carrying out or initiating any of various actions based on the output of the threat analysis module. These may include accepting or allowing the data to pass or to block or reroute the data transmission. The action may include initiating an alert, e-mail or other advisory message. Fig-4, ¶[0032], VSA can intercept and inspect communication traffic between virtualized and external resources and .

Claim 12-13 are rejected under 35 U.S.C. 103 as being unpatentable over Shimamura (US Patent Application Publication No 2019/0166221 A1) in view of Moore (US Patent Application Publication No 2007/0266433 A1) and further in view of Chan (US Patent Application Publication No 2013/0318098 A1). 

Regarding Claim 12, Shimamura in view of Moore discloses the method of claim 11, but Shimamura in view of Moore does not teach the following limitation that Chan teaches:
further comprising extrapolating acceptable parameters based on statistical analysis of the sample data and additional sample data collected from other events over time for which no unsafe data was detected, wherein building said profile of normal input is based, at least in part, on the acceptable parameters (Chan, ¶[0071], the number of people in each industry can be tabulated from the found profiles and then extrapolated. The statistical confidence level of the extrapolated results can be calculated using the number of found profiles as the statistical sample size and the number of email addresses in an email address list as the statistical population size).


Regarding Claim 13, Shimamura in view of Moore and Chan discloses the method of claim 11, further comprising: 
based on detection of a second event that is a trigger for the serverless function, the application firewall inspecting second input for the serverless function to determine whether the second input conforms to the profile of normal input (Moore, ¶[0019], they may be configured to pass through conventional network security devices such as firewall, anti-virus or intrusion detection systems. ¶[0028], the virtual network resides in a virtualization layer on a host machine. Fig-4, ¶[0032], VSA can intercept and inspect communication traffic between virtualized and external resources and allow or deny traffic based on the presence of unauthorized or undesirable content); and 
.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure (see PTO-Form 892).
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WASIKA NIPA whose telephone number is (571)272-8923.  The examiner can normally be reached on M-F, 8 am to 5 pm. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on 571-272-6798.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To 
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/WASIKA NIPA/           Primary Examiner, Art Unit 2433