DETAILED ACTION
	This Office Action is in response to an Amendment, filed 23 September 2021, wherein Claims 1-20 are pending and ready for examination.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
	Applicant’s arguments and amendments, filed 23 September 2021, with regard to the previous claim rejections under 35 USC 102(a)(2), have been fully considered and are persuasive. The Examiner respectfully withdraws the previous claim rejections under 35 USC 102(a)(2). However, new rejections may be found below as necessitated by amendment.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

s 1-3, 13, and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Grant (US 20190334869) in view of Parekh et al. (US 7219142) and further in view of Phillips (US 20180026944).

As to Claim 1, Grant discloses a computer-implemented method for protecting credentials in a cloud environment, comprising: establishing a header policy that is to be applied at a metadata proxy, the header policy indicating that specified header information is to be included in each metadata service request sent to a metadata service (Fig. 1, the Abstract, and Paragraphs [0016][0030] describe how the IoT protection module 160 contains configured rules (i.e. policy), that may be periodically updated, for the IoT protection module to utilize when receiving requests for client requests to access, use, modify IoT devices – the rules including a user-agent [field] checks of the headers, other header checks, IP address checks, and various other rules); accessing the established header policy at the metadata proxy, the metadata proxy being configured to intercept metadata service requests and check the intercepted requests for the specified header information (The Abstract, Fig. 3 and Paragraphs [0048]-[0050] describe how the received requests are analyzed by applying on or more web application firewall rules against the request to determine whether the request should be transmitted or blocked/denied); determining, at the metadata proxy, that the metadata service request does not include the specified header information (The Abstract, Fig. 3 and Paragraphs [0048]-[0050] describe how the received requests are analyzed by applying one or more rules, and if any of the rules are triggered, the request is blocked (see [0016][0030] for examples of rules including specific header information like user-agent)); and (The Abstract, Fig. 3 and Paragraphs [0048]-[0050] describe how the received requests are analyzed by applying one or more rules, and if any of the rules are triggered, the request is blocked (see [0016][0030] for examples of rules including specific header information like user-agent)).
Grant discloses the use of multiple configured rules (i.e. policies) that may be periodically updated – the rules including user-agent [field] checks of the headers, other header checks, IP address checks, and various other rules (See e.g. Fig. 1, the Abstract, and Paragraphs [0016][0030]). However, Grant does not explicitly disclose injecting, by the metadata proxy, a sub-policy that is to be applied in addition to the established header policy, the sub-policy specifying a physical location or a logical location from which metadata service credentials granted upon compliance with the established header policy are valid.
In an analogous art, Parekh discloses injecting, by the metadata proxy, a sub-policy that is to be applied in addition to the established header policy (Col. 4 L 63 – Col. 5 L 3, Col. 6 L 15-40, and Col. 6 L 63 – Col. 7 L 14 describe a policy enforcement engine that compiles various non-scoping policy rules, scoping policy rules, and all the sub-rules within their scope to compile and generate a rules database for enforcing the policies).
It would have been obvious to one of ordinary skill in the art before the effective filing date of Applicant’s invention to modify the policy enforcement firewall, as taught by Grant, to include the sub-policy compilation, generation, and enforcement techniques put forth by Parekh.

	Grant/Parekh disclose policy rules that specify certain IP addresses, nodes, etc., but Grant/Parekh do not explicitly disclose the sub-policy specifying a physical location or a logical location from which metadata service credentials granted upon compliance with the established header policy are valid.
In an analogous art, Phillips discloses the sub-policy specifying a physical location or a logical location from which metadata service credentials granted upon compliance with the established header policy are valid (Paragraphs [0042][0044][0047][0059]-[0060] provide various examples of firewall policies wherein traffic is restricted to certain devices, VMs, networks, subnets, etc.).
It would have been obvious to one of ordinary skill in the art before the effective filing date of Applicant’s invention to modify the credential restrictions, put forth by Grant/Parekh, to include the firewall restrictions of Phillips, specifically the restriction of certain traffic to a particular [logical] area of a network.
The suggestion/motivation for doing so would be to mitigate security risks by isolating traffic from certain entities to an isolated region.

As to Claim 2, Grant discloses wherein the specified header information is stored in a user-agent field of the header (Fig. 1, the Abstract, and Paragraphs [0016][0030] describe how the IoT protection module 160 contains configured rules (i.e. policy), that may be periodically updated, for the IoT protection module to utilize when receiving requests for client requests to access, use, modify IoT devices – the rules including a user-agent [field] checks of the headers, other header checks, IP address checks, and various other rules).

As to Claim 3, Grant discloses wherein the metadata proxy is configured to store a list of acceptable user agents which, upon being identified in the user-agent field of the header, are allowed to access metadata service information (Fig. 1, the Abstract, and Paragraphs [0016][0030] describe how the IoT protection module 160 contains configured rules (i.e. policy), that may be periodically updated, for the IoT protection module to utilize when receiving requests for client requests to access, use, modify IoT devices – the rules including a user-agent [field] checks of the headers, other header checks, IP address checks, and various other rules (i.e. the configured rules contain the acceptable user-agents for the checks)).

As to Claim 19, Grant/Parekh/Phillips disclose wherein the specified header information comprises a customer value selected by a network administrator (Phillips: Paragraphs [0002][0021][0039][0041][0059] provide various examples of users and administrators configuring firewall rules based on certain [custom] values). Motivation provided above with reference to Claim 1.

Claims 13 and 20 contain all the same elements as Claim 1, but in System form (Grant, Fig. 1 – Edge Server 120 with IoT Protection Module 160) and non-transitory computer-readable medium form (Grant, Fig. 6). Therefore, the same rationale applies equally as well.

Claim 4 is rejected under 35 U.S.C. 103 as being unpatentable over Grant (US 20190334869) and Parekh et al. (US 7219142) in view of Phillips (US 20180026944), and further in view of Ferreira Gomes et al. (US 20180316764), as cited by Applicant in the IDS filed 12 March 2021, hereinafter “Gomes”.

As to Claim 4, Grant/Parekh/Phillips disclose the computer-implemented method of claim 1, as cited above. Grant discloses preventing/blocking the request (see citations above for claim 1). However, Grant/Parekh/Phillips do not explicitly disclose further comprising the metadata proxy sending a null result to at least one application that sent the metadata service request after preventing the metadata service request from being passed to the metadata service.
In an analogous art, Gomes discloses further comprising the metadata proxy sending a null result to at least one application that sent the metadata service request after preventing the metadata service request from being passed to the metadata service (Paragraphs [0312][0317][0327][0331] describe how the system performs authentication on the user’s request, and if the credentials are invalid, the system returns a response comprising an error reply, error message, etc.).
It would have been obvious to one of ordinary skill in the art before the effective filing date of Applicant’s invention to modify the protection module, put forth by Grant/Parekh/Phillips, specifically the procedures used to block an incoming request that is 
The suggestion/motivation for doing so would have been to inform the requesting entity that their request triggered a policy rule and why it triggered the policy rule, thereby allowing the entity to be more informed when making subsequent requests.

Claims 5, 14, and 16-17 are rejected under 35 U.S.C. 103 as being unpatentable over Grant (US 20190334869) and Parekh et al. (US 7219142) in view of Phillips (US 20180026944), and further in view of Cole (US 20180115551).

As to Claim 5, Grant/Parekh/Phillips disclose the computer-implemented method of claim 1, as cited above. Grant discloses requesting various information from the IoT devices through the protection module. However, Grant/Parekh/Phillips do not disclose the information comprising metadata service credentials. Formally, Grant/Parekh/Phillips do not explicitly disclose wherein the metadata service request comprises a metadata service credential request that is configured to request one or more metadata service credentials maintained by the metadata service.
In an analogous art, Cole discloses wherein the metadata service request comprises a metadata service credential request that is configured to request one or more metadata service credentials maintained by the metadata service (The Abstract and Paragraphs [0072][0073][0126] provide examples of entities requesting credential data from cloud environment to obtain cloud credential data for accessing one or more cloud accounts of the cloud environment).
It would have been obvious to one of ordinary skill in the art before the effective filing date of Applicant’s invention to modify the types of information that may be requested, in the system of Grant/Parekh/Phillips, to include the information put forth by Cole, specifically the credential requests.
The suggestion/motivation for doing so would have been to allow devices to first request credentials in order to locate and allow access to protected resources. 

Claim 14 contains all the same elements as Claim 5, therefore, the same rationale applies equally as well.

As to Claim 16, Grant/Parekh/Phillips disclose wherein the metadata service credentials are restricted to a specific subnet within a computing network, the specific subnet being identified by the metadata proxy (Phillips: Paragraphs [0042][0044][0047][0059]-[0060] provide various examples of firewall policies wherein traffic is restricted to certain devices, VMs, networks, subnets, etc.). Motivation provided above with reference to Claim 1.

As to Claim 17, Grant/Parekh/Phillips disclose wherein the metadata service credentials are restricted to a specific computer networking environment, the specific computer networking environment being identified by the metadata proxy (Phillips: Paragraphs [0042][0044][0047][0059]-[0060] provide various examples of firewall policies wherein traffic is restricted to certain devices, VMs, networks, subnets, etc.). Motivation provided above with reference to Claim 1.

Claims 6-12 are rejected under 35 U.S.C. 103 as being unpatentable over Grant (US 20190334869), Parekh et al. (US 7219142), and Phillips (US 20180026944), view of Cole (US 20180115551), and further in view of Knjazihhin et al. (US 20170317999), hereinafter “Knja”.

As to Claim 6, Grant/Parekh/Phillips/Cole disclose the computer-implemented method of claim 5, as cited above. Grant further discloses how the protection module is configured to limit the network nodes from which the metadata service credentials are valid (see citations above for claims 1-3). However, Grant/Parekh/Phillips/Cole do not explicitly disclose wherein the metadata proxy is booted in a manner that limits the network nodes from which the metadata service credentials are valid.
In an analogous art, Knja discloses wherein the metadata proxy is booted in a manner that limits the network nodes from which the metadata service credentials are valid (The Abstract and Paragraphs [0002][0015][0016] describe how the cloud management proxy obtains it’s bootstrap credentials in order to complete its boot operation and provide security to its managed devices).
It would have been obvious to one of ordinary skill in the art before the effective filing date of Applicant’s invention to modify the system of Grant/Parekh/Phillips/Cole, specifically the method in which the proxy device is initially configured with rules/policies, to include the 
The suggestion/motivation for doing so would have been to reduce the need for manual intervention when configuring the proxy device to perform the policy filtering duties by automating the boot/configuration process.

As to Claim 7, Grant/Parekh/Phillips/Cole/Knja disclose wherein the metadata proxy generates a sub-policy that specifies the network nodes from which the metadata service credentials are valid (Parekh: Col. 4 L 63 – Col. 5 L 3, Col. 6 L 15-40, and Col. 6 L 63 – Col. 7 L 14 describe a policy enforcement engine that compiles various non-scoping policy rules, scoping policy rules, and all the sub-rules within their scope to compile and generate a rules database for enforcing the policies) (Cole: Paragraphs [0042][0044][0047][0059]-[0060] provide various examples of firewall policies wherein traffic is restricted to certain devices, VMs, networks, subnets, etc.). Motivation provided above with regard to Claim 1.

As to Claim 8, Grant/Parekh/Phillips/Cole/Knja disclose wherein the metadata proxy is configured to assume a specified role, at boot, within the cloud environment (Knja: The Abstract and Paragraphs [0015][0016] describe how the cloud management proxy device obtains bootstrap credentials that are used to unlock its configuration/settings and to access the stored security credentials for the associated network devices upon completing its boot operation). Motivation provided above with reference to Claim 6.

(Knja: The Abstract and Paragraphs [0015][0016] describe how the cloud management proxy device obtains bootstrap credentials that are used to unlock its configuration/settings and to access the stored security credentials for the associated network devices upon completing its boot operation; Paragraph [0013] and Fig. 5 describe the proxy device as a VM [hosted on device in fig. 5]). Motivation provided above with reference to Claim 6.

As to Claim 10, Grant/Parekh/Phillips/Cole/Knja disclose wherein the metadata proxy is configured to assume the role used by the server computer system that is hosting the metadata proxy (Knja: The Abstract and Paragraphs [0015][0016] describe how the cloud management proxy device obtains bootstrap credentials that are used to unlock its configuration/settings and to access the stored security credentials for the associated network devices upon completing its boot operation). Motivation provided above with reference to Claim 6.

As to Claim 11, Grant/Parekh/Phillips/Cole/Knja disclose wherein the metadata proxy places one or more restrictions on credentials received from the metadata service (Cole: The Abstract and Paragraphs [0071][0079] describe how the policies on the proxy device contain constraints on which devices can access/perform/etc. with regard to computing resources) Motivation provided above with regard to claim 5. (Knja: [0002][0009][0028] describe how the proxy device performs one or more operations to configure and build the final credentials for the security policies it manages). Motivation provided above with reference to Claim 6.

As to Claim 12, Grant/Parekh/Phillips/Cole/Knja disclose wherein the metadata proxy provides the restricted credentials to at least one application that sent the intercepted metadata service request (Cole: Paragraphs [0070][0231] disclose how the newly created credentials and associated policies are returned to the requesting entity). Motivation provided above with reference to Claim 5.

Claim 15 is rejected under 35 U.S.C. 103 as being unpatentable over Grant (US 20190334869), Parekh et al. (US 7219142), and Phillips (US 20180026944), view of Cole (US 20180115551), and further in view of Ettema et al. (US 9882929).

As to Claim 15, Grant/Parekh/Phillips/Cole disclose the system of Claim 14, as cited above. Grant/Parekh/Phillips/Cole further disclose wherein the metadata service credentials are restricted. However, Grant/Parekh/Phillips/Cole do not explicitly disclose wherein the metadata service credentials are restricted to a specific web server identified by the metadata proxy.
In an analogous art, Ettema discloses wherein the metadata service credentials are restricted to a specific web server identified by the metadata proxy (Col. 13 L 50 – Col. 14 L 5 describe how data appliance 102 performs routing based on various rules to route certain traffic to a [particular] VM server based on rules and policies).

The suggestion/motivation for doing so would be to mitigate security risks by isolating traffic from certain entities to a single server.

Claim 18 is rejected under 35 U.S.C. 103 as being unpatentable over Grant (US 20190334869) and Parekh et al. (US 7219142) in view of Phillips (US 20180026944), and further in view of Amit et al. (US 20110225234).

As to Claim 18, Grant/Parekh/Phillips disclose the system of claim 13, as cited above. Grant discloses the utilization of firewall rules to prevent various security intrusions and to mitigate various security threats. Grant/Parekh/Phillips do not explicitly disclose wherein the metadata proxy is configured to prevent server-side request forgery (SSRF) by checking the intercepted requests for the specified header information.
In an analogous art, Amit discloses wherein the metadata proxy is configured to prevent server-side request forgery (SSRF) by checking the intercepted requests for the specified header information (The Abstract, Fig. 8, and Paragraphs [0004][0044] describe how a proxy device implements the disclosed techniques in order to prevent cross-site request forgery attacks that would affect the client and the server).

The suggestion/motivation for doing so would have been to provide a more secure firewall and prevent more security threats from infiltrating the protected resources.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Pisharody et al. (US 10594657) describes a policy enforcement system that utilizes multiple policy checks and sub-policy checks when enforcing traffic policies.
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Tonia Dollinger can be reached on 571-272-4170. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/JONATHAN A. SPARKS/
Examiner
Art Unit 2459


/Backhean Tiv/Primary Examiner, Art Unit 2459