Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


DETAILED ACTION
2.	This action is in response to the application filed August 16, 2019.

3.	Claims 1-20 have been examined and are pending with this action.

4.	The Information Disclosure Statement filed August 16, 2019 has been considered.


Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

s 1-4, 6, 7, 10-12, 14, and 16-19 are rejected under 35 U.S.C. 102(a)(1) and 102(a)(2) as being anticipated by Hinton et al. (US 2012/0011578).
INDEPENDENT:
As per claim 1, Hinton teaches a method comprising: 
receiving, by a processing device, one or more asymmetric key pairs associated with a user, wherein each of the one or more asymmetric key pairs comprises a public key and a private key to be associated with remote access of cloud computing resources (see Hinton, [0008]: “For protocols where key pairs are used for authentication (e.g., SSH), F-SSO functionality is used to enable the exchange of key pairs, thus enabling an overall trust relationship between a customer and a cloud provider. Thus, a customer's end users may be authorized (or not) by the customer and have their overall lifecycle management maintained by the customer while still having a simple on-boarding process to the cloud environment”; and [0075]: “As is well-known, an SSH key pair comprises a private key, and a public key that is related to the private key by a predetermined mathematical relationship”); 
selecting a first asymmetric key pair of the one or more asymmetric key pairs, wherein the first asymmetric key pair comprises a first public key and a first private key (see Hinton, [0077]: “at step 1 the end user opens the SSH application and selects his or her private key (that was created during the key generation step)”); 
determining one or more cloud service providers associated with the user (see Hinton, [0008]: “For protocols where key pairs are used for authentication (e.g., SSH), F-SSO functionality is used to enable the exchange of key pairs, thus enabling an overall trust relationship between a customer and a cloud provider. Thus, a customer's end users may be authorized (or not) by the customer and have their overall lifecycle management maintained by the customer while still having a simple on-boarding process to the cloud environment”); 
selecting a first cloud service provider of the one or more cloud service providers to be associated with the first asymmetric key pair (see Hinton, [0008]: “For protocols where key pairs are used for authentication (e.g., SSH), F-SSO functionality is used to enable the exchange of key pairs, thus enabling an overall trust relationship between a customer and a cloud provider. Thus, a customer's end users may be authorized (or not) by the customer and have their overall lifecycle management maintained by the customer while still having a simple on-boarding process to the cloud environment”); 
determining one or more cloud service components associated with the first cloud service provider that are accessible to the user (see Hinton, [0010]: “a method to manage access to resources hosted in a shared pool of configurable computing resources (e.g., a compute cloud) begins…for use to enable direct user access to a resource hosted in the compute cloud. Upon validation of the assertion, the authentication data is deployed or provisioned within the cloud to enable direct user access to the compute cloud resource using the authentication data”); 
provisioning, by the processing device, at least one of the one or more cloud service components with the first public key (see Hinton, [0010]: “for use to enable direct user access to a resource hosted in the compute cloud. Upon validation of the assertion, the authentication data is deployed or provisioned within the cloud to enable direct user access to the compute cloud resource using the authentication data”; and [0048]: “Cloud computing is a model of service delivery for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g. networks, network bandwidth, servers, processing, memory, storage, applications, virtual machines, and services) that can be rapidly provisioned and released with minimal management effort or interaction with a provider of the service”); and 
configuring, by the processing device, a connection component to establish a secure connection to the at least one of the one or more cloud service components using the first private key (see Hinton, [0077]: “An SSH authentication and login to the requested virtual machine is step 2. At step 3, the user is validated. If validation is successful, the user is provided direct access to the target application over the SSH protocol.”).

As per claim 10, Hinton teaches a computing apparatus comprising: 
a memory; and a processing device, operatively coupled to the memory (see Hinton, [0010]: “the above-described method is performed in an apparatus comprising a processor, and computer memory holding computer program instructions that when executed by the processor perform the method”), to: 
receive an asymmetric key pair to be associated with remote access of cloud computing resources, wherein the asymmetric key pair comprises a public key and a private key (see Hinton, [0008]: “For protocols where key pairs are used for authentication (e.g., SSH), F-SSO functionality is used to enable the exchange of key pairs, thus enabling an overall trust relationship between a customer and a cloud provider. Thus, a customer's end users may be authorized (or not) by the customer and have their overall lifecycle management maintained by the customer while still having a simple on-boarding process to the cloud environment”; and [0075]: “As is well-known, an SSH key pair comprises a private key, and a public key that is related to the private key by a predetermined mathematical relationship”); 
determine a cloud service provider to be associated with the asymmetric key pair, wherein the cloud service provider is associated with the user (see Hinton, [0008]: “For protocols where key pairs are used for authentication (e.g., SSH), F-SSO functionality is used to enable the exchange of key pairs, thus enabling an overall trust relationship between a customer and a cloud provider. Thus, a customer's end users may be authorized (or not) by the customer and have their overall lifecycle management maintained by the customer while still having a simple on-boarding process to the cloud environment”); 
determine one or more cloud service components associated with the cloud service provider that are accessible to the user (see Hinton, [0010]: “a method to manage access to resources hosted in a shared pool of configurable computing resources (e.g., a compute cloud) begins…for use to enable direct user access to a resource hosted in the compute cloud. Upon validation of the assertion, the authentication data is deployed or provisioned within the cloud to enable direct user access to the compute cloud resource using the authentication data”); 
provision at least one of the one or more cloud service components with the public key (see Hinton, [0010]: “for use to enable direct user access to a resource hosted in the compute cloud. Upon validation of the assertion, the authentication data is deployed or provisioned within the cloud to enable direct user access to the compute cloud resource using the authentication data”; and [0048]: “Cloud computing is a model of service delivery for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g. networks, network bandwidth, servers, processing, memory, storage, applications, virtual machines, and services) that can be rapidly provisioned and released with minimal management effort or interaction with a provider of the service”); and 
configure a connection component to establish a secure connection to the at least one of the one or more cloud service components using the private key (see Hinton, [0077]: “An SSH authentication and login to the requested virtual machine is step 2. At step 3, the user is validated. If validation is successful, the user is provided direct access to the target application over the SSH protocol.”).

As per claim 16, Hinton teaches a non-transitory computer readable storage medium, having instructions stored therein, which when executed by a processing device of a computer system, cause the processing device to (see Hinton, [0012]: “the above-described method is performed by a computer program product in a computer readable medium for use in a data processing system. The computer program product holds computer program instructions which, when executed by the data processing system, perform the method”): 
receive one or more asymmetric key pairs associated with a user, wherein each of the one or more asymmetric key pairs comprises a public key and a private key to be associated with remote access of cloud computing resources (see Hinton, [0008]: “For protocols where key pairs are used for authentication (e.g., SSH), F-SSO functionality is used to enable the exchange of key pairs, thus enabling an overall trust relationship between a customer and a cloud provider. Thus, a customer's end users may be authorized (or not) by the customer and have their overall lifecycle management maintained by the customer while still having a simple on-boarding process to the cloud environment”; and [0075]: “As is well-known, an SSH key pair comprises a private key, and a public key that is related to the private key by a predetermined mathematical relationship”); 
select a first asymmetric key pair of the one or more asymmetric key pairs, wherein the first asymmetric key pair comprises a first public key and a first private key (see Hinton, [0077]: “at step 1 the end user opens the SSH application and selects his or her private key (that was created during the key generation step)”); 
determine one or more cloud service providers associated with the user (see Hinton, [0008]: “For protocols where key pairs are used for authentication (e.g., SSH), F-SSO functionality is used to enable the exchange of key pairs, thus enabling an overall trust relationship between a customer and a cloud provider. Thus, a customer's end users may be authorized (or not) by the customer and have their overall lifecycle management maintained by the customer while still having a simple on-boarding process to the cloud environment”); 
select a first cloud service provider of the one or more cloud service providers to be associated with the first asymmetric key pair (see Hinton, [0008]: “For protocols where key pairs are used for authentication (e.g., SSH), F-SSO functionality is used to enable the exchange of key pairs, thus enabling an overall trust relationship between a customer and a cloud provider. Thus, a customer's end users may be authorized (or not) by the customer and have their overall lifecycle management maintained by the customer while still having a simple on-boarding process to the cloud environment”); 
determine one or more cloud service components associated with the first cloud service provider that are accessible to the user (see Hinton, [0010]: “a method to manage access to resources hosted in a shared pool of configurable computing resources (e.g., a compute cloud) begins…for use to enable direct user access to a resource hosted in the compute cloud. Upon validation of the assertion, the authentication data is deployed or provisioned within the cloud to enable direct user access to the compute cloud resource using the authentication data”); 
provision, by the processing device, at least one of the one or more cloud service components with the first public key (see Hinton, [0010]: “for use to enable direct user access to a resource hosted in the compute cloud. Upon validation of the assertion, the authentication data is deployed or provisioned within the cloud to enable direct user access to the compute cloud resource using the authentication data”; and [0048]: “Cloud computing is a model of service delivery for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g. networks, network bandwidth, servers, processing, memory, storage, applications, virtual machines, and services) that can be rapidly provisioned and released with minimal management effort or interaction with a provider of the service”); and 
configure a connection component to establish a secure connection to the at least one of the one or more cloud service components using the first private key (see Hinton, [0077]: “An SSH authentication and login to the requested virtual machine is step 2. At step 3, the user is validated. If validation is successful, the user is provided direct access to the target application over the SSH protocol.”).

DEPENDENT:
As per claims 2 and 17, which respectively depend on claims 1 and 16, Hinton teaches further comprising: providing a graphical user interface for display by a client device; displaying the one or more asymmetric key value pairs associated with the user in the graphical user interface; and receiving a request to select the first asymmetric key pair from the graphical user interface (see Hinton, FIG. 6; [0045]: “The user application 304 can include logic (e.g., a web browser) to present content (e.g., web pages) to the user”; and [0077]: “This is illustrated in FIG. 6, wherein the end user at machine 600 executes a client-side SSH application 602 (such as PuTTY) to SSH into the target application 604 executing in the cloud provider's virtual machine environment 606. In particular, at step 1 the end user opens the SSH application and selects his or her private key (that was created during the key generation step). An SSH authentication and login to the requested virtual machine is step 2. At step 3, the user is validated. If validation is successful, the user is provided direct access to the target application over the SSH protocol”).
As per claims 3, 11, and 18, which respectively depend on claims 2, 10, and 16, Hinton further teaches wherein determining the one or more cloud service providers further comprises: sending a request to a server device for a list of cloud service providers accessible by the user; receiving the list of cloud service providers accessible to the user from the server device; and providing the list of the cloud service providers for display in the graphical user interface (see Hinton, [0059] The Deployment Models typically are as follows:”; [0063]: “Hybrid cloud: the cloud infrastructure is a composition of two or more clouds (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load-balancing between clouds)”; [0077]: “In particular, at step 1 the end user opens the SSH application and selects his or her private key (that was created during the key generation step}”; and [0089]: “The cloud provider (in real-time, near real-time, or periodically) then uses this list for authenticating the identity provider's users”).
As per claims 4 and 12, which respectively depend on claims 2 and 10, Hinton further teaches wherein determining the one or more cloud service providers further comprises: querying a data store of cloud service providers to generate a list of cloud service providers accessible by the user; and providing the list of the cloud service providers for display in the graphical user interface (see Hinton, [0089]: “a CRL-like approach also can be implemented by having the cloud provider do a period request to the identity provider for a new CRL list, or by having an additional cloud service to which the identity provider (in real-time or near real-time) will update a CRL-like "valid SSH key" list. The cloud provider (in real-time, near real-time, or periodically) then uses this list for authenticating the identity provider's users”; and [0058]: “the capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, deployed applications, and possibly limited control of select networking components (e.g., host firewalls)”).
As per claim 6, which depends on claim 1, Hinton further teaches wherein the one or more cloud service components comprise at least one of one or more virtual machines or one or more containers (see Hinton, [0048]: “Cloud computing is a model of service delivery for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g. networks, network bandwidth, servers, processing, memory, storage, applications, virtual machines, and services) that can be rapidly provisioned and released with minimal management effort or interaction with a provider of the service”).


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

6.	Claims 5, 7, 13, 14, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Hinton et al. (US 2012/0011578) in view of Official Notice.
As per claims 5 and 13, which respectively depend on claims 2 and 10, although Hinton further teaches determining the one or more cloud service components associated with the first cloud service provider (see Hinton, [0048]: “As shown, each target application can be located in a different web environment, with different authentication mechanisms and different requirements. According to the techniques that are to be described below, a target application is located within a cloud-based operating environment. Cloud computing is a model of service delivery for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g. networks, network bandwidth, servers, processing, memory, storage, applications, virtual machines, and services) that can be rapidly provisioned and released with minimal management effort or interaction with a provider of the service”), Hinton does not explicitly teach the determining further comprises: sending a request to the first cloud service provider; receiving a response from the first cloud service provider; and providing for display in the graphical user interface.
However, the examiner takes Official Notice. Clearly, these are well-known communication functions between a server and a browser explicitly taught by Hinton (see Hinton, [0045]: “The user application 304 can include logic (e.g., a web browser) to present content (e.g., web pages) to the user”) since Hinton teaches the invention employs IaaS as a particular model, which allows the consumer/user to control the components (see Hinton, [0058]: “The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, deployed applications, and possibly limited control of select networking components (e.g., host firewalls)”).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the system of Hinton in view of Official Notice by implementing sending a request to the first cloud service provider for a list of cloud service components of the first cloud service provider that are accessible to the user; receiving a response from the first cloud service provider comprising the one or more cloud service components; and providing the list of the cloud service components for display in the graphical user interface.  One would be motivated to do so because Hinton explicitly teaches enabling the consumer/user to control the components.
As per claims 7, 14, and 19, which respectively depend on claims 1, 10, and 16, although Hinton further teaches wherein provisioning the at least one of the one or more cloud service components with the first public key further comprises: selecting a first cloud service component from the one or more cloud service components; associating the first public key with the first cloud service component; (see Hinton, [0008]: “For protocols where key pairs are used for authentication (e.g., SSH), F-SSO functionality is used to enable the exchange of key pairs, thus enabling an overall trust relationship between a customer and a cloud provider. Thus, a customer's end users may be authorized (or not) by the customer and have their overall lifecycle management maintained by the customer while still having a simple on-boarding process to the cloud environment”; and [0058]: “the capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, deployed applications, and possibly limited control of select networking components (e.g., host firewalls)”), Hinton does not explicitly teach the functionality of sending a request to associate, receiving a response whether the component has been associated, and updating the display to indicate that the component has been associated.
However, the examiner takes Official Notice.  Clearly, these are well-known communication functions between a server and a browser explicitly taught by Hinton (see Hinton, [0045]: “The user application 304 can include logic (e.g., a web browser) to present content (e.g., web pages) to the user”) since Hinton teaches updating the key in real-time (see Hinton, [0089]: “having an additional cloud service to which the identity provider (in real-time or near real-time) will update a CRL-like "valid SSH key" list. The cloud provider (in real-time, near real-time, or periodically) then uses this list for authenticating the identity provider's users”).  
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the system of Hinton in view of Official Notice by implementing sending a request to associate, receiving a response whether the component has been associated, and updating the display to indicate that the component has been associated.  One would be motivated to do so because Hinton teaches associating the first public key with the first cloud service component.

7.	Claims 8, 9, 15, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Hinton et al. (US 2012/0011578) in view of Cao et al. (US 2015/0128221).

As per claims 8, 15, and 20, which respectively depend on claims 7, 14, and 19, Hinton does not explicitly teach wherein configuring the connection component further comprises: determining location information associated with the first cloud service component; generating a mapping table entry that maps the location information to the first private key; and storing the mapping table entry in a data structure.
Cao teaches wherein configuring the connection component further comprises: determining location information associated with the first cloud service component (see Cao, Abstract: “When a user requires a logical partition to run in a known, specified physical location, the user specifies the physical location when the VM is created. The specified physical location is then incorporated into the user authentication process. Users are challenged and must know the physical location in order to be authenticated to the system”); generating a mapping table entry that maps the location information to the first private key (see Cao, [0066]: “The location of the VM and the authentication credentials can be mapped as a key pair by the local management system”); and storing the mapping table entry in a data structure (see Cao, [0064]: “When the VM 522 is provisioned in node2 514, an access point 524 is created and mapped to the physical location by the hypervisor 526. Access points 524 are preferably stored in the virtualization manager or the hypervisor”).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the system of Hinton in view of Cao by implementing wherein configuring the connection component further comprises: determining location information associated with the first cloud service component; generating a mapping table entry that maps the location information to the first private key; and storing the mapping table entry in a data structure. One would be motivated to do so because Hinton teaches the invention enables the consumer control over the provisioned components or services (see Hinton, [0058]: “Infrastructure as a Service (IaaS): the capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, deployed applications, and possibly limited control of select networking components (e.g., host firewalls)”).
As per claim 9, which depends on claim 8, Hinton does not explicitly teach further comprising: initiating the secure connection to the first cloud service component using the location information and the first private key.
Cao teaches initiating the secure connection to the first cloud service component using the location information and the first private key (see Cao, Abstract: “The specified physical location is then incorporated into the user authentication process”; and [0066]: “The location of the VM and the authentication credentials can be mapped as a key pair by the local management system. The same two prong process described above can be used here”).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the system of Hinton in view of Cao by implementing initiating the secure connection to the first cloud service component using the location information and the first private key. One would be motivated to do so because Cao teaches in paragraph [0072]: “Location based authentication as described herein helps insure the virtual machine will not be moved without the user's knowledge to increases the security of the system”.


Conclusion
8.	For the reasons above, claims 1-20 have been rejected and remain pending.

9.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL Y WON whose telephone number is (571)272-3993.  The examiner can normally be reached on Wk.1: M-F: 8-5 PST & Wk.2: M-Th: 8-7 PST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  Please note, the examiner generally will not hold interviews after a Final Office Action has been issued.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Vivek Srivastava can be reached on 571-272-7304.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


MICHAEL WON
Primary Examiner
Art Unit 2449



/Michael Won/
Primary Examiner, Art Unit 2449
November 17, 2021