Notice of Pre-AIA  or AIA  Status

The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION

This action is in response to the communication filed on 10/25/21.
All objections and rejections not set forth below have been withdrawn.
Claims 1 – 20 are pending.
Any references to applicant’s specification are made by way of applicant’s U.S. pre-grant printed patent publication.

Claim Rejections - 35 USC § 101

35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 15 – 20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  The claim(s) does/do not fall within at least one of the four categories of patent eligible subject matter because claims 15 – 20 are directed solely towards a “virtual machine (VM)”.  The examiner notes that a virtual machine is not a hardware or physical device, but is rather a virtual thing modeled by 
Furthermore, regarding the recitation that the virtual machine is “executed on a computing device”, it is noted that this recitation amounts only to an intended use of the virtual machine, i.e. that the VM is to be executed on a computer.  The recitation does not limit the claimed “virtual machine” or the claim itself to a “computing device” or any other specific structure.  
Additionally, the examiner notes that while the claim does appear to incorporate means-plus-function language (e.g. “configured to”), this language is recited within the context of a “monitor” and “engines”, which have been explicitly defined within the applicant’s specification to be virtual or software per se. (e.g. see fig. 2, virtual machine).


Claim Rejections - 35 USC § 103

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:


Claims 1 – 20 are rejected under 35 U.S.C. 103 as being unpatentable over  Glazemakers et al. (Glazemakers), US 2020/0106745 A1 in view of Cui et al., US 2014/0281030 A1.

Regarding claim 1, Glazemakers discloses a system comprising:
a computing device (e.g. Glazemakers, fig. 1:121);
a directory server executing a directory service thereon (e.g. Glazemakers, par. 50 – active directory); 
a network; one or more … gateway virtual machines (VM) that monitor traffic for the network (e.g. Glazemakers, fig. 1:100, fig. 7; par. 3, 4, 26, 82, 83).
Glazemakers discloses a gateway machine that may be implemented as a virtual machine, however, does not appear to explicitly disclose a virtualization environment, wherein his gateway service is a virtual machine located at the “edge” of a network.  However, Cui teaches that virtualization networks are popular within cloud computing, and that a gateway service for monitoring network traffic is known by those having ordinary skill in the art to be implemented as virtual machines located at an “edge” of the network (e.g. Cui, par. 17, 46; fig. 9).
It would have been obvious to one of ordinary skill in the art to accept the virtualization network teachings of Cui within the system of Glazemakers because one of ordinary skill in the art would have been motivated by the teachings that virtual 
Thus, the combination enables “…edge service gateway (ESG) virtual machines (VM)…” (e.g. Glazemakers, fig. 1:100; par. 3, 4, 26, 82; Cui, par. 17, 46; fig. 9), and furthermore:
each of the one or more ESG VMs comprising: an event log monitor configured to: detect, from the directory service, a login event on the computing device (e.g. Glazemakers, par. 4, 32-34, 49, 50).  Herein, a “login event”, comprising a user’s authentication for accessing a service, via a gateway, is detected.  This authentication is facilitated by the provision of the user’s login or authentication information from the directory service to the gateway for authenticating the user.   
and obtain, from the detected login event, login event information comprising an identifier that identifies a user (e.g. Glazemakers, par. 48-50); 
a context engine configured to: receive the login event information from the event log monitor; and store the login event information comprising the identifier as one or more context attributes in an attribute table (e.g. Glazemakers, par. 49, 50, 71; fig. 4a, 4b).  Herein, the context aware firewall maps context attributes, including the user attributes received from the directory server (e.g. LDAP, Active Directory, RADIUS), to a rule tables of attributes. 
and a firewall engine configured to: determine attributes of a data message received by the ESG VM; compare the data message attributes with the one or more context attributes stored in the attribute table (e.g. Glazemakers, par. 52, 53; fig. 4a, 4b); and identify a firewall rule to enforce on the data message based on the comparing, wherein, based the identified firewall rule, the firewall engine causes the data message to be dropped or forwarded (e.g. Glazemakers, par. 52, 53). 

Regarding claim 2, the combination enables:
wherein firewall engine is further configured to compare a five-tuple identifier from the data message with attributes in the attribute table to determine the data message corresponds to the one or more context attributes (e.g. Glazemakers, par. 48, “5-tuples”). 

Regarding claim 3, the combination enables:
wherein the computing device is a personal computer (e.g. Glazemakers, fig. 1, par. 26, 27, 50, 71, 85;  – herein devices can be VMs, containers, or hardware, personal computers). 

Regarding claim 4, the combination enables:
wherein the login event comprising a user logging into the network through a directory server (e.g. Glazemakers, par. 4, 32-34, 49, 50).

Regarding claim 5, the combination enables:
wherein the event log monitor is further configured to poll the directory server for login events (e.g. Glazemakers, 50, 71 – herein the gateway must reference [i.e. “poll”] a directory server for any triggered logon events). 


wherein the network is a logical overlay network  (e.g. Glazemakers, par. 1, 26-28; Cui, par. 1, 4, 17 – herein, Glazemakers and Cui disclose, separately and in combination, a virtual network comprising virtual nodes and tunnels/links  –i.e. “logical overlay network”). 

Regarding claim 7, the combination enables:
wherein the computing device does not execute a guest-introspection (GI) agent thereon (e.g. Glazemakers, fig. 1, entire disclosure – the system does not comprise or execute a guest introspection agent). 

Regarding claims 8 – 20, they are method and software claims essentially corresponding to the above apparatus claims, and they are rejected, at least, for the same reasons.  Furthermore:

Regarding claim 10, the combination enables:
wherein the computing device is a hardware computing device (e.g. Glazemakers, fig. 1, par. 26, 27, 50, 71, 85; e.g. Cui, fig. 2, 3;  – herein devices can be VMs, containers, or hardware computers). 





wherein the computing device is a virtual machine or container (e.g. Glazemakers, fig. 1, par. 26, 27, 50, 71, 85; e.g. Cui, fig. 2, 3  – herein devices can be VMs, containers, or hardware computers). 

Regarding claim 12, the combination enables:
wherein the login event information further comprises one or more of the following: a five-tuple identifier and a group identifier (e.g. Glazemakers, par. 48, “5- tuples”).

Regarding claim 13, the combination enables:
wherein the directory service is an active directory service, and wherein the user group identifier is a group identifier in an active directory (e.g. Glazemakers, par. 50); 

Regarding claim 14, the combination enables:
wherein the login event is a request to access an application in the network monitored by the ESG VM directory (e.g. Glazemakers, par. 7, 53). 

Response to Arguments

Applicant's arguments filed 10/25/21 have been fully considered but they are not persuasive.

Applicant argues or alleges essentially that:
…
In particular, the Office asserts that Claims 15-20 are directed solely towards a VM. Applicant respectfully disagrees. In particular, independent Claim 15 recites that the ESG VM is executed on a computer device and “detect, from a directory service, a login event on a computing device.” Thus, while the ESG VM monitors a log in event, the ESG VM, and more specifically, the event log monitor in the ESG VM detects the login event on the computing device on which the ESG VM is executed thereon. As such, Applicant respectfully submits that Claims 15-20 are not solely directed towards a VM.  Further, Claim 15 has been amended to further define practical application in that the firewall rule is enforced on the data message.
…
(Remarks, pg. 7)

Examiner respectfully responds:
The examiner respectfully disagrees.  
First, regarded the suggestion that claim 15 defines a practical application, the examiner respectfully notes that a practical application of software is irrelevant to the issue of the patentability of software per se.
Second, the examiner maintains that the “computing device” is not part of the VM or virtual machine as claimed.  Thus, the claim 15 is clearly directed towards a virtual machine only.  Furthermore, regarding the recitation of detecting a login event on the computing device, it is noted that this recitation does not require that the computing device be part of the claimed VM.

Additionally, the examiner notes that while the claim does appear to incorporate means-plus-function language (e.g. “configured to”), this language is recited within the context of a “monitor” and “engines”, which have been explicitly defined within the applicant’s specification to be virtual or software per se. (e.g. see fig. 2, virtual machine).
Therefore, the examiner maintains that the claims are directed towards software per se and fail to fall within any statutory category.

Applicant argues or alleges essentially that:
…
… That is, at best, Glazemakers describes a user associated with a client device making a connection request to connect to a gateway. However, a request to connect to a gateway is not a login event as provided in Claim 1.
…
(Remarks, pg. 8, 9)

Examiner respectfully responds:
The examiner respectfully notes that this argument was previously presented by the applicant, and the examiner disagrees for the reasons already established of record.  .   
Applicant's arguments fail to comply with 37 CFR 1.111(b) because they amount to a general allegation that the claims define a patentable invention without specifically pointing out how the language of the claims patentably distinguishes them from the references.


Applicant argues or alleges essentially that:
…
…That is, in Glazemakers, the identity of the user is determined by the IP address of the device, not a login event as provided in Claim 1. …
…
(Remarks, pg. 8, 9)

Examiner respectfully responds:
The examiner respectfully notes that the applicant’s arguments are unpersuasive, at least, for the reason that they are based upon the above noted and unpersuasive allegation that Glazemakers does not disclose a “login event”. 
Furthermore, the examiner respectfully notes that the applicant is mistaken.  Specifically, the user is not only identified by the IP address of their client, but 

Conclusion

THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JEFFERY L WILLIAMS whose telephone number is (571)272-7965. The examiner can normally be reached 7:30 am - 4:00 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 571-272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/JEFFERY L WILLIAMS/           Primary Examiner, Art Unit 2495