DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-21 are pending in this application.

Information Disclosure Statement
The IDS filed on 02/14/2020 has been considered. 

Drawings
The drawings are objected to because item number 320 in the specification refers to installed packages, but in Fig. 3 it is labeled as “installed”.  Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid abandonment of the application. Any amended replacement drawing sheet should include all of the figures appearing on the immediate prior version of the sheet, even if only one figure is being amended. The figure or figure number of an amended drawing should not be labeled as “amended.” If a drawing figure is to be canceled, the appropriate figure must be removed from the replacement sheet, and where necessary, the remaining figures must be renumbered and appropriate changes made to the brief description of the several views of the drawings for consistency. Additional replacement sheets may be necessary to show the renumbering of the remaining figures. Each drawing sheet submitted after the filing date of an application must be labeled in the top margin as either “Replacement Sheet” or “New Sheet” pursuant to 37 CFR 1.121(d). If the changes are not accepted by the examiner, the applicant will be notified and 

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-21 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
As per claims 1, 8, and 15 (line numbers refer to claim 1):
	Lines 3-4 recite “receiving, by an intelligent quality assurance (iQA) platform executed by the one or more processors, a desired state (DS) file” but it is unclear who/what sent the desired state file.
Lines 6-10 recite “triggering, by the iQA platform, an auto-discovery process to provide an actual state of the cloud computing environment based on cloud resources instantiated within the cloud environment, and application resources executing within the cloud environment, the auto-discovery process comprising retrieving first credentials to enable automated access to the cloud computing environment”. It is unclear whether the auto-discovery process is triggered by the iQA platform, or if first credentials need to first be acquired in order to trigger auto-

As per claims 2, 9, and 16 (line numbers refer to claim 2):
	Lines 3-5 recite “the one or more applications, and/or application servers being identified based on auto-discovery of cloud resources within the cloud environment based on the first credentials” but it is unclear what is based on the first credentials (ie. Are the second credentials based on the first credentials or is access to applications and/or application servers when second credentials are received based on having first credentials first?).

As per claims 5, 12, and 19 (line numbers refer to claim 5):
	Lines 1-2 recite “wherein the auto-discovery process is triggered in response to one of a schedule, an occurrence of an event, and receipt of the DS file” but claim 1 recites “triggering, by the iQA platform, an auto-discovery process”. Therefore, it is unclear what is triggering the auto-discovery process (ie. Does the iQA platform include the schedule, detect occurrence of an event, or detect the receipt of the DS file in order to trigger the auto-discovery process?). Additionally, it unclear if a schedule, an occurrence of an event, and receipt of the DS file trigger auto-discovery or if only one of a schedule, an occurrence of an event, or receipt of the DS file trigger auto-discovery. 

As per claims 9-14 (line numbers refer to claim 9):


Claims 3, 4, 6, 7, 17, 18, 20, and 21 are dependent claims 1 and 15, respectively, so they are rejected for the same reasons as claims 1 and 15 above.
	
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 2, 4, 6, 8, 9, 11, 13, 15, 16, 18, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Kinsella et al. (US 9521151 B2 herein Kinsella) in view of Agarwal (US 10984112 B2) and further in view of Han et al. (CN107959689A herein Han).
Claim mappings of Han are made with a translation of CN107959689A.

As per claim 1, Kinsella teaches the invention substantially as claimed including a computer-implemented method executed by one or more processors (Col. 12 lines 65-67 The processor executes the instructions that are stored in the memory or memories in order to process data.), the method comprising: 
receiving, by an intelligent quality assurance (iQA) platform executed by the one or more processors, a desired state (DS) file comprising data indicative of a desired state of a cloud computing environment (Fig. 5, 86 policy; Col. 3 lines 51-53 The Cloud Optimization System 10 may store this data for use of historical data in identifying deviations from a policy and making recommendations to achieve a desired state; Col. 3 lines 11-18 A policy represents a desired state for a cloud environment. The policy may be for a single cloud resource (for example, a virtual instance or a virtual disk), a collection of cloud resources (for example, a production SAP application), or for optimizing across all cloud usage (for example, optimizing costs through the purchase of reserved capacity). The desired state can span a plurality of objectives, such as cost, performance, availability and security; Col. 10 lines 22-26 the Cloud Optimization System 10 may receive a policy from a user through a web-based application that is denoted through User Interface 70. This policy may be stored in a Data Store 80 for use by the Cloud Optimization System 10; Col. 6 lines 39-42 The user-defined policies and approval workflow are captured in a Data Store 80. The Data Store 80 may be a persistent store that could be embodied by a database, file system); 
triggering, by the iQA platform, an auto-discovery process to provide an actual state of the cloud computing environment based on cloud resources instantiated within the cloud environment, and application resources executing within the cloud environment, and retrieving first credentials to enable access to the cloud computing environment (Fig. 4, 10 cloud optimization system, 120 monitoring engine; Col. 2 lines 51-53 An example of cloud infrastructure may include provisioned computer and storage supporting an application (for example, virtual instances and disks); Col. 5 lines 54-57 the Cloud Optimization System 10 may be characterized as a system that collects and stores data on the current state of a cloud-based environment; Col. 11 lines 15-18 The Monitoring Engine 120 may collect and store in a Data Store 80, information such as the current configuration and security settings for all resources obtain the necessary credentials (as first credentials) to perform changes to a cloud environment); and 
determining, by the iQA platform, a delta between the actual state, and the desired state (Col. 5 lines 54-61 the Cloud Optimization System 10 may be characterized as a system that collects and stores data on the current state of a cloud-based environment having a policy engine capable of interpreting policies describing the desired states for one or more environments, a recommendation engine that can propose changes to an environment to make it consistent with the policies; Col. 11 lines 15-24 The Monitoring Engine 120 may collect and store in a Data Store 80, information such as the current configuration and security settings for all resources comprising the public website… The collected data may get evaluated, either at the direction of the Manager 90 or on-demand at the time of collection, to determine if the security policy has been violated; Col. 6 lines 53-59 The Manager 90 may interface with a Policy Engine 140 to determine if the Cloud Environment 30 has deviated from a desired state defined in one or more policies. It may be necessary in some cases for the Policy Engine 140 to interact with a Recommendation Engine 150 in order to determine whether or not a policy has been violated); and 
providing, by the iQA platform, the delta (Col. 11 lines 10-12 The Cloud Optimization System 10 may actively monitor the Cloud Environment 30 through a Monitoring Engine 120; Col. 6 lines 1-3 combining a management system capable of interpreting a policy, a monitoring engine capable of monitoring a cloud environment for deviation from this policy).

	Kinsella teaches retrieving first credentials to enable access to the cloud computing environment but fails to teach the auto-discovery process that retrieves the first credentials; and providing a report comprising the delta.

However, Agarwal teaches the auto-discovery process that retrieves first credentials to enable automated access to the cloud computing environment (Col. 36 lines 41-44 Once the access credentials for the cloud computing environment are known, the system 100 may be used to automatically detect (as auto-discovery process) all accounts in the cloud computing environment.).

It would have been obvious to one having ordinary skill in the art before the effective filling date of the claimed invention to have combined Kinsella with the teachings of Agarwal because Agarwal’s teaching of discovering the resources in a cloud computing environment using an access credential provides the advantage of increased security in accessing a cloud computing environment.
	
	Kinsella and Agarwal fail to teach providing a report comprising the delta.

However, Han teaches providing a report comprising the delta ([0020] 170 lines 1-5 By comparing the actual cloud platform tenant network isolation matrix with the expected matrix and the corresponding results generated, it shows that this method can determine the connectivity of the cloud platform multi-tenant network, thereby discovering the communication path that does not match the expected network, and providing it to the cloud audit The real-time cloud report provides a way to account for security issues that may occur in cloud tenant network services.).

	It would have been obvious to one having ordinary skill in the art before the effective filling date of the claimed invention to have combined Kinsella and Agarwal with the teachings of Han because Han’s teaching of a report that shows the comparison between actual and expected states allows for security issues to be exposed (see Han, [0020] 170 lines 4-5 The real-time cloud platform tenant network isolation report provides a way to account for security issues that may occur in cloud tenant network services). 
	
As per claim 2, Kinsella, Agarwal, and Han teach the method of claim 1. Kinsella specifically teaches auto-discovery process of cloud resources within the cloud environment and first credentials (Col. 5 lines 54-57 the Cloud Optimization System 10 may be characterized as a system that collects and stores data on the current state of a cloud-based environment; Col. 11 lines 15-18 The Monitoring Engine 120 may collect and store in a Data Store 80, information such as the current configuration and security settings for all resources comprising the public website;  Col. 4 lines 48-50 obtain the necessary credentials to perform changes to a cloud environment). 
Additionally, Agarwal teaches wherein the auto-discovery process further comprises receiving second credentials that enable automated access to one or more applications, and/or application servers of the cloud environment, the one or more applications, and/or application servers being identified based on auto-discovery of cloud resources within the cloud environment based on the first credentials (Col. 36 lines 41-47 Once the access software application is selected, the system 100 accesses the scanned information of the software application; Col. 47 line 36 the software application may…be a cloud application).

As per claim 4, Kinsella, Agarwal, and Han teach the method of claim 1. Kinsella specifically teaches wherein the first credentials are retrieved based on data provided in the DS file (Col. 4 lines 32-35 A user or system may prove their identity using one set of credentials, and if policies (as DS file) are in place to allow it, they are provided a new set of credentials with elevated privileges).

As per claim 6, Kinsella, Agarwal, and Han teach the method of claim 1. Kinsella specifically teaches further comprising parsing the DS file to provide a desired state database table, wherein the desired state database table is compared to an actual state database table resulting from the auto-discovery process to determine the delta (Col. 1 line 64-Col. 2 line 1 The system comprises a monitoring system that gathers data from a cloud environment. The memory of the system maintains a policy database for storing a set of policies representing user-desired operation of the cloud environment; Col. 5 lines 54-57 the Cloud deviations from a policy; Col. 10 lines 26-29 A Monitoring Engine 120 may continuously gather data on the current usage of cloud infrastructure and pricing from the cloud provider, which may be stored in the Data Store 80; Col. 6 lines 40-41 The Data Store 80 may be a persistent store that could be embodied by a database).

As per claim 8, it is a non-transitory computer-readable storage medium claim of claim 1, so it is rejected for the same reasons as claim 1 above. Additionally, Kinsella teaches a non-transitory computer-readable storage medium coupled to one or more processors and having instructions stored thereon which, when executed by the one or more processors, cause the one or more processors to perform operations (Col. 12 lines 65-67 The processor executes the instructions that are stored in the memory or memories in order to process data; Col. 14 lines 34-38 the instructions that form a program may be in the form of a suitable programming language, which is converted to machine language or object code to allow the processor or processors to read the instructions; Col. 15 lines 10-13 the medium may be in the form of…a RAM, a ROM).

As per claims 9, 11, and 13, they are computer-readable storage medium claims of claims 2, 4, and 6, so they are rejected for the same reasons as claims 2, 4, and 6 above. 

As per claim 15, it is a system claim of claim 1, so it is rejected for the same reasons as claim 1 above. Additionally, Kinsella teaches a system, comprising: one or more processors; and a computer-readable storage device coupled to the one or more processors and having instructions stored thereon which, when executed by the one or more processors, cause the one or more processors to perform operations (Col. 1 lines 61-64 In accordance with an exemplary embodiment of the present invention, there is provided a computer-implemented cloud infrastructure optimization system including at least a computer and a memory; Col. 12 lines 65-67 The processor executes the instructions that are stored in the memory or memories in order to process data; Col. 14 lines 34-38 the instructions that form a program may be in the form of a suitable programming language, which is converted to machine language or object code to allow the processor or processors to read the instructions).

As per claims 16, 18, and 20, they are system claims of claims 2, 4, and 6, so they are rejected for the same reasons as claims 2, 4, and 6 above.

Claims 3, 10 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Kinsella, Agarwal, and Han, as applied to claims 1, 8, and 15 above, in view of Baset et al. (US 20180095739 A1 herein Baset).

As per claim 3, Kinsella, Agarwal, and Han teach the method of claim 2. Kinsella specifically teaches the first credentials (Col. 4 lines 48-50 obtain the necessary credentials (as first credentials) to perform changes to a cloud environment).
Agarwal teaches the second credentials (Col. 46 lines 22-33 Interface 2500 may have fields for receiving AVOCADO credentials (as second credentials), as a non-limiting example, and for selecting a specific software/application (similar to selecting a specific VPC identifier for the network examples)…Once the credentials are input and the specific software application is selected, the system 100 accesses the scanned information of the software application).

Kinsella, Agarwal, and Han fail to teach wherein the first credentials and the second credentials are stored in and retrieved from a vault service.

	However, Baset teaches wherein the first credentials and the second credentials are stored in and retrieved from a vault service ([0052] lines 5-11 the NGINX web server application component communicates with the secure vault 104 to retrieve the security credentials needed to access the MYSQL database server. These security credentials are incorporated into the NGINX web server image, either when the NGINX's web server image is built or when it is executed in the cloud computing platform; claim 20 retrieving security credentials allowing access to the second application component from a secure vault database).

It would have been obvious to one having ordinary skill in the art before the effective filling date of the claimed invention to have combined Kinsella, Agarwal, and Han with the teachings of Baset because Baset’s teaching of a vault to store first and second credentials provides better security ([0050] lines 1-3 the secure vault 104 generates, stores, and/or retrieves identity and access management data (e.g., security credentials).).

As per claims 10 and 17, they are computer-readable storage medium and system claims of claim 3, so they are rejected for the same reasons as claim 3 above.

Claims 5, 12, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Kinsella, Agarwal, and Han, as applied to claims 1, 8, and 15 above, in view of Tung et al. (US 20130060933 A1 herein Tung).

As per claim 5, Kinsella, Agarwal, and Han teach the method of claim 1. Kinsella specifically teaches wherein the auto-discovery process is triggered in response to one of a receipt of the DS file (Col. 10 lines 22-28 the Cloud Optimization System 10 may receive a policy (as DS file) from a user through a web-based application that is denoted through User Interface 70. This policy may be stored in a Data Store 80 for use by the Cloud Optimization System 10. A Monitoring Engine 120 may continuously gather data on the current usage of cloud infrastructure and pricing from the cloud provider).
Additionally, Agarwal teaches wherein the auto-discovery process is triggered in response to an occurrence of an event (Col. 36 lines 41-47 Once the access credentials for the cloud computing environment are known (as event), the system 100 may be used to automatically detect all accounts in the cloud computing environment. With regards to the AWS virtual private cloud (VPC) example, this could include detection of all servers, databases, dockers, routers, computers, containers, and so forth.).

Kinsella, Agarwal, and Han fail to teach wherein the auto-discovery process is triggered in response to a schedule. 

However, Tung teaches wherein the auto-discovery process is triggered in response to a schedule ([0006] lines 9-13 The CSMS observes the cloud computing environment by the CSMS receiving passive measurements from the environment (e.g., from the service provider or another source), and actively probing the environment to determine state information for the cloud computing environment; [0056] lines 3-4 The CSMS 102 executes active measurements when required, and/or as scheduled.).

It would have been obvious to one having ordinary skill in the art before the effective filling date of the claimed invention to have combined Kinsella, Agarwal, and Han with the teachings of Tung because Tung’s teaching of taking measurements of a cloud environment according to a schedule allows for user requirements to be met (see Tung, [0029] lines 15-18 The user (142, 144) may merely listen to the environment and/or be provided with measurements specific to the user in a passive data collection mode.).
	
As per claims 12 and 19, they are computer-readable storage medium and system claims of claim 5, so they are rejected for the same reasons as claim 5 above.

Claims 7, 14, and 21 are rejected under 35 U.S.C. 103 as being unpatentable over Kinsella, Agarwal, and Han, as applied to claims 1, 8, and 15 above, in view of Le et al. (US 20160366233 A1 herein Le).

As per claim 7, Kinsella, Agarwal, and Han teach the method of claim 1. Kinsella specifically teaches the DS file (Col. 3 lines 11-18 A policy represents a desired state for a cloud 

Kinsella, Agarwal, and Han fail to teach wherein the DS file comprises a Javascript object notation (JSON) file.

However, Le teaches wherein the DS file comprises a Javascript object notation (JSON) file ([0014] lines 10-11 The system stores a desired state for a particular host agent in a database; [0022] lines 30-33 Enterprise customers can use a SaaS management console interface to install a host agent onto each server selected for inclusion in the requisite private cloud environment; [0046] lines 3-6 Each application/agent has two parts: an installed component and a ‘configuration’ object. A configuration object is a JavaScript Object Notation (JSON) data structure with variables).

It would have been obvious to one having ordinary skill in the art before the effective filling date of the claimed invention to have combined Kinsella, Agarwal, and Han with the teachings of Le because a JSON file is compact.

As per claims 14 and 21, they are computer-readable storage medium and system claims of claim 7, so they are rejected for the same reasons as claim 7 above.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HSING CHUN LIN whose telephone number is (571)272-8522.  The examiner can normally be reached on Mon - Fri 9AM-5PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Meng-Ai An can be reached on (571)272-3756.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to 




/H.L./Examiner, Art Unit 2195                                                                                                                                                                                                        

/MENG AI T AN/Supervisory Patent Examiner, Art Unit 2195