DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This action is response to the amendments filed on 10/20/2021.
 Claims 1-18 are currently pending in this application. Claims 1-3 have been amended. Claims 4-18 are new.
No new IDS has been filed.

Examiner’s Note
Applicants are suggested to include information/description related to fig. 5 of the disclosure in the claims to provide a better condition for an allowance.

Response to Arguments
The previous objection to the abstract of the specification has been withdrawn in response to the applicants’ amendments/remarks.
Regarding the 112(b) rejections, the applicants amended the claims and have, in page 7 of the remarks, argued that “… the applicant amended claims 1-3 to address the examiner’s rejection. However, the amendments do not overcome all previous rejections and the current amendments cause the new rejections stated in the 112(b) rejections section below.

Regarding the 103 rejections, the applicants, in pages 7-8 of the remarks, have argued that “… the claims disclose a virtual cyber range in a private network, where network traffic is restricted … Brueckner then define an external network … may comprise a private network or a public network … the distinction between Brueckner’s private network and the claimed virtual public network is important because in accordance with the current invention, the concept of a private network is one that is built on top of a public network, but is private only in the sense that network traffic is restricted … ”.
The applicants’ this argument is not persuasive.
As the applicants noted, Brueckner clearly teaches the automated execution and evaluation of computer network training exercises in a virtual machine environment – see abstract. The environment is established with managed/controlled virtual networks on top of the external network 102, which is a public network (see figs. 1A, 1B). The managed/controlled virtual networks perform as virtual private network as in monitoring, controlling, managing (or restricting) the network traffic of the system components – see columns 2 and 3 of Brueckner. Although Brueckner’s managed virtual network performs as a virtual private network, the second reference by Nicholov is added in the rejections for a compact prosecution or clearly matching the same term of “private”.
  
The applicants, in page 8 of the remarks, further argued that “… Nicholov discloses virtual private networks as part of the service … Brueckner expressly teaches away from building a virtual private network on a public network, it would not be obvious … to combine …”.
Examiner respectfully disagrees with the argument
As taught in Nickolov, Nickolov clear teaches building virtual private networks on top of a public network (e.g., the Internet or WAN) – see fig. 1B and columns 9, 11, 12 of Nickolov. As a same manner, Brueckner’s training environment is established with managed/controlled virtual networks on top of the public network (e.g., the external network 102) – see above. Moreover, the rejections clearly stated the motivation for combining two references in addition to what stated in above paragraph 10. Therefore, the applicants’ arguments are not persuasive.

The applicants’ statement for the new claims 4-18 are not persuasive and the detailed rejections under 112(a), 112(b) and 103 for the new claims are stated in respective sections below.
 
Thus, the applicant’s arguments are not persuasive. Please see amended rejections below for amended claims. This action is Final. 

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a)  IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

Claims 1-18 are rejected under 35 U.S.C. 112(a) as failing to comply with the written description requirements (e.g., a new matter issue).

Claim 1 is amended to include subject matter, “… isolating said cyber range from a remainder of said public computing platforms not accessible via said network”, which were not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, at the time the application was filed, had possession of the claimed invention.
The specification describes that “… a cyber range is created and supported via one or more existing, publicly accessible platforms or networks …” – see par. 0026. However, the information disclosed in the specification does not describe the claimed/amended limitations, “… isolating said cyber range from a remainder of said public computing platforms not accessible via said network”.
Claims 2 and 3 depend from the claim 1, and are analyzed and rejected accordingly.

New claims 4 and 11 include subject matter, “… said virtual cyber range comprising a cyber range perimeter, cyber range protocols … restricting, via a master controller, cyber range activities within said range perimeter and restricting, via said master controller, network traffic to said set of cyber range protocols”, “… cyber range definitions, said definitions comprising … updating said set of cyber range definitions” – see the claim 11, which were not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, at the time the application was filed, had possession of the claimed invention.
The specification describes that “… a secure public cloud-based cyber range where threats and other cyber activities are contained and unable to breach the range perimeter into the public domain … a cyber range where activities can be paused and restored, such as by allowing participants to continue their event from a known state at a later date …” – see paras. 0014 and 0015. However, the information disclosed in the specification does not describe the claimed limitations, “… said virtual cyber range comprising a cyber range perimeter, cyber range protocols … restricting, via a master controller, cyber range activities within said range perimeter and restricting, via said master controller, network traffic to said set of cyber range protocols” and “… cyber range definitions, said definitions comprising … updating said set of cyber range definitions”.
Claims 5-10 and 12-18 depend from the claim 4 or 11, and are analyzed and rejected accordingly (also limitations claimed in the claims 5-10 and 12-18 are not described in the specification).
Note: the applicants are suggested to indicate supporting information of the specification for the new claims 4-18 to avoid the 112(a) rejections. 

The following is a quotation of 35 U.S.C. 112(b):
(B)  CONCLUSION. — The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


Claims 1-18 are rejected under 35 U.S.C. 112(b) as being indefinite for failing to particularly point out and distinctly claim the subject matter which applicant regards as the invention. 
Applicants are suggested to review all claims to clarify the terms with some issues (e.g., compatibility, antecedent basis issues, etc.) used in different locations. Some of them (NOT all because there are too many) are defined below.

Claim 1 recites:
“… creating a plurality of subscription-based virtual private networks on each of a plurality of public computing platforms … at least one server …”, however, it is not clear whether a multiple VPNs are created in a single public computing platforms with one server or not;
“… a plurality of public computing platforms … said public computing platforms …”, however, it is not clear whether “said public computing platforms” is the same as “a plurality of public computing platforms” – suggested to use the same term if they are the same;
“… each of a plurality of public computing platforms which are accessible via a network … said public computing platforms not accessible via said network”, however, it is not clear how each (or all) public computing platform accessible via a network is/are not accessible via the network (e.g., one is not compatible with other);
“… from a remainder of said public computing platforms …”, it is not clear how to define the remainder of the public computing platforms (e.g., omitting necessary steps/components with cause the claimed limitations unclear).
Claims 2 and 3 depend from the claim 1, and are analyzed and rejected accordingly.

Claim 2 recites “… said cyber range is generated from one or more cyber range templates which define one characteristics of said cyber range”, it is not clear whether a plurality of templates are used to generate a single cyber range or not.
Claim 3 recites “… at least one of said cyber range at a given time … said cyber range … at a later time”, however, it is not clear (1) how to define at least one of one said cyber range; (2) how to define “a given time” and “a later time”.

Claims 4 and 11 recite “… said virtual cyber range comprising a cyber range perimeter, cyber range protocols … within said range perimeter … said set of cyber range protocols”, however, it is not clear (1) whether “said range perimeter” is the same as “a cyber range perimeter” or not; (2) whether “said set of cyber range protocols” is the same as “cyber range protocols” or not – note: for examining purpose, different terms are considered as different components, entities or information.
Claim 11 recites:
“A method of creating a dynamic cloud-based cyber range comprising: creating a first virtual private network … generating … a virtual cyber range … restricting …”, however, it is not clear how the claimed functions (e.g., creating the first VPN, generating the virtual cyber range and restricting, etc.) can create “the dynamic cloud-based cyber range” (e.g., omitting necessary steps/components with cause the claimed limitations unclear);
“… a virtual cyber range comprising cyber range definitions, said definitions comprising a cyber range perimeter …”, however, it is not clear (1) 
“… comprising cyber range definitions, said definitions … said set of cyber range definitions”, however, it is not clear whether “the cyber range definitions”, “said definitions” and “said set of cyber range definitions” are the same or not - ” – suggested to use the same term (e.g., “cyber range definitions”, “said cyber range definitions”, etc.) if they are the same. 
Claims 5-10 and 12-18 depend from the claim 4 or 11, and are analyzed and rejected accordingly.
 
Claims 6 and 13-15 include the term “may” (e.g., may be triggered/used/created …etc.), however, it is not clear the limitations followed by the term “may” (e.g., the usage of the term) are actually limiting or not (e.g., intended uses).

Claims 6 and 7 include “… of claim 5 wherein said cyber threat …”, however, the “cyber threat” in the claim 5 is one of the selection which may not be selected for the claim 5 (note: if the applicant would like to further limit the cyber threat of the claim 5, the claim 5 must include the limitation of the cyber threat, for example, “… components comprises the following: … cyber threat …”.

Claim Rejections - 35 USC § 103


The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.


Claims 1-18 are rejected under 35 U.S.C. 103 as being unpatentable over Brueckner et al. (US 10,777,093 B1) in view of Nickolov et al. (US 8,429,630 B2).

As per claim 1, Brueckner teaches a method of creating a secure public cloud-based cyber range [abstract; col. 1, lines 32-40 of Brueckner] comprising:
creating a plurality of virtual managed networks on each of a plurality of public computing platforms which are accessible via a network, each of said public computing platforms comprising at least one server [figs. 1A, 1B, 4; col. 4, lines 21-59; col. 5, lines 15-37; col. 8, lines 1-7, 23-41 of Brueckner teaches creating a plurality of virtual managed networks (e.g., the managed/controlled networks including the trainee/participant devices, the control/monitoring system, attack/target systems, etc.) on each of a plurality of public computing platforms (e.g., the operational platforms of 1A and 1B) which are accessible via a network (e.g., the external network 102), each of said public computing platforms comprising at least one server (e.g., the server shown in fig. 1B)];
creating at least one virtual cyber range relative to each of said managed networks, each cyber range comprising a virtual network of one or more virtual computing components [fig. 1; col. 2, lines 34-35; col. 5, lines 15-67; col. 6, lines 1-11 of Brueckner teaches creating at least one virtual cyber range relative to each of said managed/controlled networks (e.g., the networks via external network 102), each cyber range comprising a virtual network of one or more virtual computing components (e.g., the virtual machines, virtual control bridges, etc.)]; and
managing network traffic to each of said cyber ranges via at least one master controller, said master controller isolating said cyber range from a remainder of said public computing platforms not accessible via said network [figs. 1, 2A; col. 4, lines 39-59; col. 8, lines 59-67; col. 9, lines 31-55; col. 10, lines 1-18 of Brueckner teaches managing network traffic (e.g., the traffic between systems 106, 110, 112) of said cyber ranges via at least one master controller (e.g., the control/monitoring system 106), said master controller isolating said cyber range (e.g., the training scenario with a targeted system) from a remainder of said public computing platforms not accessible via said network (e.g., the isolation provided by the training engine 202)].

Although Brueckner teaches the training environment for services, such as training students, testing skills of applicants during examination, team exercises (see fig. 9 and col. 9, lines 13-21 of Brueckner) with creating the managed/controlled virtual networks, which process as virtual private networks as increases in functionality, security and management of the networks, Brueckner does not explicitly teaches the created managed networks are the subscription-based virtual private networks.
However, Nickolov teaches creating virtual networks as subscription-based virtual private networks [fig. 29A; col. 11, lines 1-41, col. 13, lines 7-67; col. 14, lines 1-30 of Nickolov teaches creating virtual networks as subscription-based virtual private networks (e.g., the various pricing models or subscription model)].
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Brueckner with the teaching of Nickolov to include the subscription-based service because it provides techniques for implementing exchange of computing resources 

As per claim 2, Brueckner in view of Nickolov teaches the method in accordance with Claim 1.  
Brueckner further teaches wherein said cyber range is generated from one or more cyber range templates which define one or more characteristics of said cyber range [col. 10, lines 19-31 of Brueckner].

As per claim 3, Brueckner in view of Nickolov teaches the method in accordance with Claim 1. 
Brueckner further comprising the step of storing a state of at least one of said cyber range at a given time and restoring said cyber range to said state at a later time [figs. 4, 5A; col. 10, lines 19-31; col. 14, lines 10-13 of Brueckner].

As per claim 4, Brueckner teaches a method of creating a secure public cloud-based cyber range [abstract; col. 1, lines 32-40 of Brueckner] comprising:
creating a virtual managed network on a public computing platform, said public computing platform accessible via a network [figs. 1A, 1B, 4; col. 4, lines 21-59; col. 5, lines 15-37; col. 8, lines 1-7, 23-41 of Brueckner teaches creating a virtual managed/controlled network (e.g., the managed/controlled network including the trainee/participant devices, the control/monitoring system, attack/target systems, etc.) on a public computing platform (e.g., the operational 
generating a virtual cyber range on said virtual managed network, said virtual cyber range comprising a cyber range perimeter, cyber range protocols, and virtual computing components [fig. 1; col. 2, lines 34-35; col. 5, lines 15-67; col. 6, lines 1-11; col. 8, lines 1-28 of Brueckner teaches generating a virtual cyber range on said virtual managed network (e.g., the networks via external network 102), said virtual cyber range comprising a cyber range perimeter (see the perimeter of figs. 1A and 1B), cyber range protocols (e.g., the protocols used in functionality of devices), and virtual computing components (e.g., the virtual machines, virtual control bridges, etc.)];
restricting, via a master controller, cyber range activities within said range perimeter; and restricting, via said master controller, network traffic to said set of cyber range protocols [figs. 1, 2A; col. 4, lines 39-59; col. 7, lines 4-21; col. 8, lines 59-67; col. 9, lines 31-55; col. 10, lines 1-18 of Brueckner teaches restricting (e.g., the isolation or control provided by the training engine 202), via a master controller (e.g., the control/monitoring system 106), cyber range activities (e.g., network defense activities, observation activities, etc.) within said range perimeter (see the perimeter of figs. 1A and 1B); and restricting, via said master controller, network traffic (e.g., the traffic between systems 106, 110, 112) to said set of cyber range protocols (e.g., the protocols used in functionality of devices)].

Although Brueckner teaches the training environment for services, such as training students, testing skills of applicants during examination, team exercises (see fig. 9 and col. 9, lines 13-21 of Brueckner) with creating the managed/controlled virtual networks, which process as virtual private networks as increases in functionality, security and management of the networks, Brueckner does not explicitly disclose the created the virtual managed network is the virtual private network.
However, Nickolov teaches creating virtual managed network as a virtual private networks [fig. 29A; col. 11, lines 1-41, col. 13, lines 7-67; col. 14, lines 1-30 of Nickolov teaches creating virtual networks as a virtual private networks – see also rejections to the claim 1].
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Brueckner with the teaching of Nickolov to disclose creating a virtual private network because it provides techniques for implementing exchange of computing resources between computing resource providers and computing resource subscribers of a computing network - see columns 3 and 4 of Nickolov.

As per claim 5, Brueckner in view of Nickolov teaches the method of claim 4. 
Brueckner further teaches wherein said set of virtual computing components comprises one or more of the following: a network host, a network router, a network switch, a firewall, cyber threat, an internal network, and system configuration [figs. 1A, 2A; col. 15, lines 51-61 of Brueckner].

As per claim 6, Brueckner in view of Nickolov teaches the method of claim 5. 
Brueckner further teaches wherein said cyber threat may be automatically or manually triggered [figs. 1A, 2A; col. 17, lines 1-50 of Brueckner].

As per claim 7, Brueckner in view of Nickolov teaches the method of claim 5. 
Brueckner further teaches wherein said cyber threat comprises malware (e.g., the malicious DoS traffic) [figs. 1A, 2A; col. 15, lines 51-61; col. 17, lines 1-50 of Brueckner].

As per claim 8, Brueckner in view of Nickolov teaches the method of claim 4. 
Brueckner further teaches wherein said virtual cyber range is configured to operate on any router or firewall using a logical mirror/synchronization [figs. 5A, 9; col. 15, lines 43-61; col. 16, lines 12-27 of Brueckner].

As per claim 9, Brueckner in view of Nickolov teaches the method of claim 4. 
Brueckner further teaches the step of capturing network traffic forensics/observations [figs. 1A, 2A; col. 15, lines 51-67 of Brueckner].

As per claim 10, Brueckner in view of Nickolov teaches the method of claim 4. 
Brueckner further teaches wherein said virtual cyber range further comprises port mirroring to support networking monitoring systems and network analysis systems [figs. 8, 9; col. 6, lines 39-51; col. 20, lines 1-27 of Brueckner].

As per claim 11, Brueckner teaches a method of creating a dynamic cloud-based cyber range [abstract; col. 1, lines 32-40; col. 2, lines 41-57 of Brueckner] comprising:
creating a first virtual managed network on a first public computing platform which is accessible via a first network  [figs. 1A, 1B, 4; col. 4, lines 21-59; col. 5, lines 15-37; col. 8, lines 1-7, 23-41 of Brueckner teaches creating a first virtual managed network (e.g., the virtual network including the attack/target system 130A) on a first public computing platform (e.g., the operational platforms of 1A and 1B with the system 130A) which is accessible via a first network (e.g., the external network 102 with the system 130A)]; 
generating, on said virtual managed network, a virtual cyber range comprising cyber range definitions, said definitions comprising a cyber range perimeter, cyber range protocols, and virtual computing components [fig. 1; col. 2, lines 34-35; col. 5, lines 15-67; col. 6, lines 1-11; col. 8, lines 1-28 of Brueckner teaches generating, on said virtual private network (e.g., the virtual network with the system 130A), a virtual cyber range (see the virtual cyber range, for example 130A of the fig. 1B) comprising cyber range definitions (e.g., defining the cyber range or system 130A), said definitions comprising a cyber range perimeter (see the perimeter of figs. 1A and 1B), cyber range protocols (e.g., the protocols used in functionality of devices), and virtual computing components (e.g., the virtual machines, virtual control bridges, etc.)];
 restricting, via a master controller, cyber range activities within said range perimeter; restricting, via said master controller, network traffic to said set of cyber range protocols; and updating said set of cyber range definitions [figs. 1, 2A, 5A, 5B; col. 4, lines 39-59; col. 7, lines 4-21; col. 8, lines 59-67; col. 9, lines 31-55; col. 10, lines 1-18; col. 16, lines 12-40 of Brueckner teaches restricting (e.g., the isolation or control provided by the training engine 202), via a master controller (e.g., the control/monitoring system 106), cyber range activities (e.g., network defense activities, observation activities, etc.) within said range perimeter (see the perimeter of figs. 1A and 1B); restricting, via said master controller, network traffic (e.g., the traffic between systems 106, 110, 112) to said set of cyber range protocols (e.g., the protocols used in functionality of devices); and updating said set of cyber range definitions (e.g., updating defining the cyber range or system 130A)].

Although Brueckner teaches the training environment for services, such as training students, testing skills of applicants during examination, team exercises (see fig. 9 and col. 9, lines 13-21 of Brueckner) with creating the managed/controlled virtual networks, which process as virtual private networks as increases in functionality, security and management of the networks, Brueckner does not explicitly disclose the created the virtual managed network is the virtual private network.
However, Nickolov teaches creating virtual managed network as a virtual private networks
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Brueckner with the teaching of Nickolov to disclose creating a virtual private network because it provides techniques for implementing exchange of computing resources between computing resource providers and computing resource subscribers of a computing network - see columns 3 and 4 of Nickolov. 

As per claim 12, Brueckner in view of Nickolov teaches the method of claim 11. 
Brueckner further teaches the step of storing said cyber range definitions in cloud [figs. 2A, 4; col. 12, lines 59-67; col. 14, lines 31-54 of Brueckner, see also Cloudware network of Nickolov of the rejections of claim 1].

As per claim 13, Brueckner in view of Nickolov teaches the method of claim 12. 
Brueckner further teaches wherein said cyber range definitions in cloud may be used to create said virtual cyber range on a second virtual managed/private network (e.g., the virtual network including the attack/target system 130B, 130N) [figs. 1B, 2A, 4; col. 8, lines 1-41; col. 12, lines 59-67; col. 14, lines 31-54 of Brueckner, see also Cloudware network and virtual private network of Nickolov of the rejections of claim 1].

As per claim 14, Brueckner in view of Nickolov teaches the method of claim 13. 
Brueckner further teaches wherein said second virtual private network may be created relative to a second public computing platform (e.g., the operational 

As per claim 15, Brueckner in view of Nickolov teaches the method of claim 14. 
Brueckner further teaches wherein said second computing platform may be accessible via a second network (e.g., the external network 102 with the system 130B or N) [figs. 1A, 1B; col. 8, lines 1-41 of Brueckner].

As per claim 16, Brueckner in view of Nickolov teaches the method of claim 11. 
Brueckner further teaches wherein said set of cyber range definitions is based on a training objective [figs. 1A, 1B, 5A, 5B; col. 15, lines 43-67 of Brueckner].

As per claim 17, Brueckner in view of Nickolov teaches the method of claim 16. 
Brueckner further teaches wherein said updating of said set of cyber range definitions is responsive to updating said training objective [figs. 1A, 1B, 5A, 5B; col. 15, lines 43-67; col. 16, lines 1-59 of Brueckner].

As per claim 18, Brueckner in view of Nickolov teaches the method of claim 11. 
Brueckner further teaches wherein said updating of said set of cyber range definitions comprises adding, deleting, or modifying one or more of the following: a network system, a virtual network, and a physical network [figs. 1A, 1B, 5A, 5B; col. 10, lines 19-31; col. 15, lines 43-67; col. 16, lines 1-59 of Brueckner].

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MAUNG T LWIN whose telephone number is (571)270-7845.  The examiner can normally be reached on Monday - Friday 10:00 am - 6:00 pm.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 571-272-3739.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.





/MAUNG T LWIN/Primary Examiner, Art Unit 2495