DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .  This action is in response to the communication filed on 6/23/2020. Claims 1-14 are pending in this application.
Examiner Note
If applicant has any questions or wishes to amend claims, applicant is encouraged to contact the examiner to ensure that any proposed amendments would overcome current rejection(s). The examiner can normally be reached at (571)270-3863 or michael.keller@uspto.gov, Monday-Friday, 9 AM - 10 PM EST, and examiner is happy assist applicant as needed to provide any help/feedback, thank you.
Priority
This application claims priority of SE1950838-1, filed 7/3/2019. The assignee of record is Telia Company AB. The listed inventor(s) is/are: Damm, Rickard; Huber, Michael.
Information Disclosure Statement
The information disclosure statement(s) (IDS) submitted on 6/23/2020 is/are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the IDS(s) is/are being considered by the examiner.
Allowable Subject Matter
Claims 6-7 & 13-14 objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims provided that all other rejections under 35 USC 101/112 (if any) are obviated upon upcoming amendments/arguments without raising new issues that necessitate further consideration/search.
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:


(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claim(s) 1 & 8 is/are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Newell et al. (US 20170222977 A1, published 8/3/2017; hereinafter New).
For Claim 1, New teaches a method performed by an edge cloud agent in an operator's network (Please see screen shots of New Figs. 1, 4 & 5 below, thank you:

    PNG
    media_image1.png
    741
    552
    media_image1.png
    Greyscale


    PNG
    media_image2.png
    627
    495
    media_image2.png
    Greyscale


    PNG
    media_image3.png
    653
    508
    media_image3.png
    Greyscale

), the method comprising: 
receiving a request for resources (New ¶ 0046 the administrator client device 105 requests an administration user interface from the network administration service 117 in order to manage the application catalog and/or network security on the internal network 118); 
(New ¶ 0046 At step 406, the network administration service 117 obtains security group data from a data store (e.g., the gateway configuration data store 126)); 
instantiating a secure container on the located computing device (New ¶ 0046 the internal network 118 can be preconfigured with a number of micro-segments, or sets of network resources 109 on separate virtual network segments. Each of these virtual network segments can be said to correspond to a separate security group. In some cases, a separate security group can be established for each grouping of roles within an organization. The security group data can include a mapping of security groups to predefined network address ranges or network address selection criteria. 
New ¶ 0047 At step 409, the network administration service 117 generates the user interface and sends data encoding the user interface to the administrator client device 105. ); 
setting up a Virtual Local Area Network/Virtual Private Network, VLAN/VPN, connection to the secure container on the computing device (New ¶ 0050 At step 424, the gateway 106 creates a VPN tunnel endpoint 125 for the client application 136); and 
allocating said resources to a storage instance based on available resources within the computing device (New ¶ 0051 At step 427, the gateway 106 creates network address assignment rules for the VPN tunnel endpoint 125. In particular, the gateway 106 determines a particular network address or predefined criteria for assigning network addresses that would enable the client application 136 to access the specified security group. Further, the gateway 106 creates rules that permit or deny access to the specified security group based on the MDM attributes of the client device 103 meeting or not meeting predefined criteria. 
New ¶ 0048 At step 412, the administrator client device 105 uploads an application package for a client application 136 to the network administration service 117. Alternatively, the administrator client device 105 can provide a uniform resource locator (URL) from which the application package can be obtained. At step 415, the network administration service 117 adds the client application 136 to the application catalog. The network administration service 117 can store the application package directly in the application catalog data store 127, or the network administration service 117 can cause the application catalog service 112 to import the application package into the application catalog.).
For Claim 8, the claim is substantially similar to claim 1 and therefore is rejected for the same reasoning set forth above. 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not 
Claims 2-3 & 9-10 is/are rejected under 35 U.S.C. 103 as being unpatentable over New in view of Barton et al. (US 20170063839 A1, published 3/2/2017; hereinafter Bar).
For Claim 2, New teaches the method according to claim 1, New does not explicitly teach wherein setting up a VLAN/VPN connection includes setting up a VLAN/VPN connection from a cloud termination point of the operator to the secure container on the computing device.
However, Bar teaches wherein setting up a VLAN/VPN connection includes setting up a VLAN/VPN connection from a cloud termination point of the operator to the secure container on the computing device (Bar Claim 1 storing, by a mobile device, a ticket in a secure container usable to store data related to a managed application being provided by the mobile device, wherein the ticket is configured to provide authentication in connection with creating a virtual private network (VPN) tunnel for the managed application to at least one resource accessible through an access gateway, and wherein the ticket is configured to expire after a validity duration).
Bar and New are analogous art because they are both related to providing network resources.
Before the effective filing date of the claimed invention it would have been obvious to one of ordinary skill in the art to use the container techniques of Bar with the system of New to place certain controls on how these devices can be used, what resources these devices can access, and how the applications running on these devices can interact with other resources (Bar ¶ 0004).
For Claim 3, New teaches the method according to claim 1, New does not explicitly teach further comprising: detecting a presence of at least one user device connected to the network where the computing device is residing and said user device is consuming said resources; when the user device leaves said network, informing said user device that the storage instance will be terminated within a predetermined time period; and terminating said storage instance upon expiry of the predetermined time period.
However, Bar teaches detecting a presence of at least one user device connected to the network where the computing device is residing and said user device is consuming said resources (Bar ¶ 0139 presence related functionality and providing ticket to server); when the user device leaves said network, informing said user device that the storage instance will be terminated within a predetermined time period (Bar ¶ 0199 ticket found to be not valid or expired); and terminating said storage instance upon expiry of the predetermined time period (Bar Claim 1 storing, by a mobile device, a ticket in a secure container usable to store data related to a managed application being provided by the mobile device, wherein the ticket is configured to provide authentication in connection with creating a virtual private network (VPN) tunnel for the managed application to at least one resource accessible through an access gateway, and wherein the ticket is configured to expire after a validity duration).
For Claim 9, the claim is substantially similar to claim 2 and therefore is rejected for the same reasoning set forth above. 
For Claim 10, the claim is substantially similar to claim 3 and therefore is rejected for the same reasoning set forth above. 

Claims 4 & 11 is/are rejected under 35 U.S.C. 103 as being unpatentable over New in view of Banerjee et al. (US 20120239792 A1, published 9/20/2012; hereinafter Ban).
For Claim 4, New teaches the method according to claim 1, New does not explicitly teach further comprising: acquiring storage capabilities of the computing device; and deploying or deleting at least one storage instance of the computing device on the basis of the acquired storage capabilities.
However, Ban teaches acquiring storage capabilities of the computing device (Ban ¶ 0044 assume that the client site 310 refers to the location of a client from which a request for cloud services was received. In such a scenario, upon receiving the request, the service placement component 150 may calculate metrics such as the geographical distance between the client site 310 and each of the data centers 305); and 
deploying or deleting at least one storage instance of the computing device on the basis of the acquired storage capabilities (Ban ¶ 0044 a metric would indicate that the data center DC1 305.sub.1 is physically closer to the client site 310 than the data center DC3 305.sub.3. Such a metric may be useful, for example, in estimating an average latency of network traffic between the client site 310 and the data centers 305).
New and Ban are analogous art because they are both related to providing network resources.
Before the effective filing date of the claimed invention it would have been obvious to one of ordinary skill in the art to use the storage techniques of Ban with the system of New for estimating an average latency of network traffic (Ban ¶ 0044).
For Claim 11, the claim is substantially similar to claim 4 and therefore is rejected for the same reasoning set forth above. 

Claims 5 & 12 is/are rejected under 35 U.S.C. 103 as being unpatentable over New in view of Carlson et al. (US 20030135609 A1, published 7/17/2003; hereinafter Car).
For Claim 5, New teaches the method according to claim 1, further comprising: allowing different cloud applications running in the edge cloud to communicate with each other and user devices over a local messaging bus (New ¶ 0001 An application catalog is a centralized interface through which users can browse information about various applications and easily launch downloads and installations of selected applications. New ¶ 0071 bus). 
New does not explicitly teach assigning policies to said message bus based on a set of rules.
However, Car teaches assigning policies to said message bus based on a set of rules (Car ¶ 0062 configuration policy software for assigning the host bus adaptors (HBAs) to a path according to the configuration policy parameters).
New and Car are analogous art because they are both related to providing network resources.
Before the effective filing date of the claimed invention it would have been obvious to one of ordinary skill in the art to use the bus techniques of Car with the system of New to manage the allocation of the host bus adaptors (Car ¶ 0062).
For Claim 12, the claim is substantially similar to claim 5 and therefore is rejected for the same reasoning set forth above. 
Citation of Pertinent Prior Art
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure is listed below, thank you:
i. US 20200209816 A1, BUILDING AUTOMATION SYSTEM WITH MICROSERVICE ARCHITECTURE TO SUPPORT MULTI-NODE ON-PREMISE BAS SERVER

Conclusion
Any inquiry concerning communications from the examiner should be directed to Michael Keller at (571)270-3863 or michael.keller@uspto.gov.  If attempts to reach the examiner are unsuccessful, the examiner’s supervisor, Brian Gillis can be reached on 571-272-7952. 
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/MICHAEL A KELLER/
Primary Patent Examiner, Art Unit 2446