Notice of Pre-AIA  or AIA  Status
The present application filed on or after July 18, 2017, is being examined under the first inventor to file provisions of the AIA .
Detail action 
Claims 1-21 are pending and are being considered.
Claims 1, 8 and 15 have been amended.
Response to 103
	Applicants argument filled on 10/22/2021 have been fully considered and are persuasive, but are moot in view of new grounds of rejection. The argument do not apply to the current art being used. 

                                               Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-21 are rejected under 35 U.S.C. 103 as being unpatentable over Petrovet al (hereinafter Petrov) (US 20160285832) in view of Rodgers et al (hereinafter Rodgers) (US 10803027) and further in view of Hsueh (hereinafter Hsueh) (US 20140229615).
Regarding claim 1 Petrov teaches a method for a host including virtualization software to perform authentication offload in a virtualized computing environment that includes the host and a destination server, wherein the method comprises: (Petrov on [0012] teaches method for performing mutual authentication in virtual computing environment having proxy server and client application);
Petrov on [0022] teaches The platform controller 310 may select a VM, such as application VM 315, from a pool with VMs to deploy and start an instance of the application 320 on the application VM 315 (i.e. multiple VMs). see also Fig 1 and text on [0013 and 0022] teaches application VM 110 and service VM 180  The application 120 is running on the application VM 110. In one embodiment, other instances of the application 120 may run on other application VMs. As a result a number of instances of the application 120 may exist and scale requests);
in response to determination that the detected packet is an authentication request generated by a client application supported by the virtualized computing instance (Petrov on [0013] teaches the application 120 is running on the application VM 110. see on [0018] teaches the proxy server securely manages requests received by the application for platform service consumption. see on [0023 and 0026] teaches the application 320 may communicate with the proxy server 325 using HTTP request. The proxy server 325 may be an HTTP proxy server that receives the HTTP request from the application providing details for consuming the platform service 345. The request sent by the application 320 may define an identification of the platform service 345 (i.e. authentication request));

Although Petrov teaches authenticating application based on metadata, but fails to explicitly teach the virtualization software maintains a mapping between underlying hardware resources of the host and virtual resources allocated to the virtualized computing instance, obtaining, by the virtualization software from the virtualized computing instance, metadata associated with the client application for which authentication is requested and sending, by the virtualization software the , however Rodgers from analogous art teaches the virtualization software maintains a mapping between underlying hardware resources of the host and virtual resources allocated to the virtualized computing instance (Rodgers on [Col 7 line 25-30] teaches the SVM may, based on one or more policies, permit the applications and/or processes within the AVM to access resources (software resources and/or hardware resources) in the server and/or the network adapter. In other embodiments of the invention, certain applications and/or processes in the AVM may (in certain scenarios) directly access resources in the server and/or network adapter. See also on [Col 7 line 63-66] teaches he hypervisor (180) provides the interface between the hardware resources on the server (see e.g., FIG. 1B) and the virtual machines (e.g., control domain, SVMs, AVMs, etc.) executing on the server (i.e. equivalent to mapping resource));
 obtaining, by the virtualization software from the virtualized computing instance, metadata associated with the client application for which authentication is requested (Rodgers on [Col 9 line 13-30] teaches the AVM authentication client (i.e. virtualization software) includes functionality to: (i) receive application authentication credentials (i.e. metadata) from OFS client (i.e. virtual computing instance) or from the application (i.e. for which authentication is requested). See on [Col 10 line 32-40] teaches the UFS operation may require a UFS session ticket. In such cases, the file system module provides UFS authentication credentials (UFS username and password) to the UFS client (426) or the authentication client (422). The authentication client (422) forwards a request (that includes the application authentication credentials) to the authentication server (424) (which is external to the computing device). See also on [Col 14 line 10-15] teaches the session ticket is used by the OFS server to authenticate the application (or the user of the application) that sent the OFS operation. If the authentication is successful, then OFS server forwards the request to the file system module; otherwise the process ends);
 (Rodgers on [Col 9 line 13-30] teaches the AVM authentication client (i.e. virtualization software) includes functionality to: (i) receive application authentication credentials (i.e. metadata) from OFS client (i.e. virtual computing instance) or from the application (i.e. for which authentication is requested). Further teaches provide the application authentication credentials for the AVM authentication server for verification and (iii) to receive an application session ticket, if the verification is successful, from the AVM authentication server. See on [Col 10 line 32-40] teaches the authentication client (422) forwards a request (that includes the application authentication  
Credentials) to the authentication server (424) (which is external to the computing device). The authentication server subsequently verifies the UFS authentication credentials and. See also on [Col 13 line 10-20] teaches providing, by the AVM authentication client, the application credentials to the AVM authentication server; (vi) generating, by the AVM authentication server, an application session ticket after verifying the application authentication credentials; (vii) sending, by the AVM authentication server, the application session ticket to the OFS server and the AVM authentication client. See also on [Col 14 line 10-15] teaches the session ticket is used by the OFS server to authenticate the application (or the user of the application) that sent the OFS operation. If the authentication is successful, then OFS server forwards the request to the file system module; otherwise the process ends).

Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Rodgers into the teaching of Petrov by authenticating the application making a request based on metadata associated with the application. One would be motivated to do so in order to verify the authenticity of application running on device (Rodgers on [Col 1 line 15-18]).

Although the combination teaches detecting, from a virtualized computing instance, a packet destined for the destination server at a platform controller (NIC) associated with the virtualized computing instance, but fails to explicitly teach detecting, from a virtualized computing instance, a packet destined for the destination server at a virtual network interface controller (VNIC) associated with the virtualized computing instance, however Hsueh from analogous art teaches detecting by the virtualization software, from a virtualized computing instance, a packet destined for the destination server at a virtual network interface controller (VNIC) associated with the virtualized computing instance (Hsueh on [0064] teaches a virtual network interface card 10 ( VNIC) is a software component that emulates a physical network interface card (NIC) driver and enables any Ethernet-based software application to receive feeds from a PacketPortal system via a NIC interface. The VNIC receives Packet Portal feeds, removes the transport headers and metadata to reveal the network traffic, and retransmits the original packets to the PC's network stack);
and in response to determination that the detected packet is not an authentication request, sending the detected packet to the destination server (Hsueh on [0070] teaches the test device 2 stores discovered network addresses and encapsulations in a buffer. In operational block 404, the test device 2 scans the captured packet's 103 payload searching for predefined authentication patterns. In operational block 404, the test device 2 determines whether any of the authentication patterns is found in the packet's payload. If none of the authentication patterns are found 405, operation advances and the packet 103 is passed through the test device 2 back onto network 100 to the destination address of the packet 103 without any changes made to the packet).

Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Hsueh into the combined teaching of Petrov and Rodgers by detecting (Hsueh on [0008-0009]).

Regarding claim 8 Petrov teaches a non-transitory computer-readable storage medium that includes a set of instructions which, in response to execution by a processor of a host (Petrov on [0036] teaches The computer system 600 includes a processor 605 that executes software instructions or code stored on a computer readable storage medium);
 cause the host including virtualization software to perform an authentication offload in a virtualized computing environment that includes the host and a destination server, comprising (Petrov on [0012] teaches method for performing mutual authentication in virtual computing environment having proxy server and client application);
Petrov on [0022] teaches The platform controller 310 may select a VM, such as application VM 315, from a pool with VMs to deploy and start an instance of the application 320 on the application VM 315 (i.e. multiple VMs). see also Fig 1 and text on [0013 and 0022] teaches application VM 110 and service VM 180  The application 120 is running on the application VM 110. In one embodiment, other instances of the application 120 may run on other application VMs. As a result a number of instances of the application 120 may exist and scale requests);
in response to determination that the detected packet is an authentication request generated by a client application supported by the virtualized computing instance (Petrov on [0013] teaches the application 120 is running on the application VM 110. see on [0018] teaches the proxy server securely manages requests received by the application for platform service consumption. see on [0023 and 0026] teaches the application 320 may communicate with the proxy server 325 using HTTP request. The proxy server 325 may be an HTTP proxy server that receives the HTTP request from the application providing details for consuming the platform service 345. The request sent by the application 320 may define an identification of the platform service 345 (i.e. authentication request));

Although Petrov teaches authenticating application based on metadata, but fails to explicitly teach the virtualization software maintains a mapping between underlying hardware resources of the host and virtual resources allocated to the virtualized computing instance, obtaining, by the virtualization software from the virtualized computing instance, metadata associated with the client application for which authentication is requested and sending, by the virtualization software the authentication request and the metadata to the destination server to cause the destination server to authenticate the client application based on the metadata, however Rodgers from analogous art teaches the virtualization software maintains a mapping between underlying hardware resources of the host and virtual resources allocated to the virtualized computing instance (Rodgers on [Col 7 line 25-30] teaches the SVM may, based on one or more policies, permit the applications and/or processes within the AVM to access resources (software resources and/or hardware resources) in the server and/or the network adapter. In other embodiments of the invention, certain applications and/or processes in the AVM may (in certain scenarios) directly access resources in the server and/or network adapter. See also on [Col 7 line 63-66] teaches he hypervisor (180) provides the interface between the hardware resources on the server (see e.g., FIG. 1B) and the virtual machines (e.g., control domain, SVMs, AVMs, etc.) executing on the server (i.e. equivalent to mapping resource));
 (Rodgers on [Col 9 line 13-30] teaches the AVM authentication client (i.e. virtualization software) includes functionality to: (i) receive application authentication credentials (i.e. metadata) from OFS client (i.e. virtual computing instance) or from the application (i.e. for which authentication is requested). See on [Col 10 line 32-40] teaches the UFS operation may require a UFS session ticket. In such cases, the file system module provides UFS authentication credentials (UFS username and password) to the UFS client (426) or the authentication client (422). The authentication client (422) forwards a request (that includes the application authentication credentials) to the authentication server (424) (which is external to the computing device). See also on [Col 14 line 10-15] teaches the session ticket is used by the OFS server to authenticate the application (or the user of the application) that sent the OFS operation. If the authentication is successful, then OFS server forwards the request to the file system module; otherwise the process ends);
and sending, by the virtualization software the authentication request and the metadata to the destination server to cause the destination server to authenticate the client application based on the metadata (Rodgers on [Col 9 line 13-30] teaches the AVM authentication client (i.e. virtualization software) includes functionality to: (i) receive application authentication credentials (i.e. metadata) from OFS client (i.e. virtual computing instance) or from the application (i.e. for which authentication is requested). Further teaches provide the application authentication credentials for the AVM authentication server for verification and (iii) to receive an application session ticket, if the verification is successful, from the AVM authentication server. See on [Col 10 line 32-40] teaches the authentication client (422) forwards a request (that includes the application authentication  
Credentials) to the authentication server (424) (which is external to the computing device). The authentication server subsequently verifies the UFS authentication credentials and. See also on [Col 13 line 10-20] teaches providing, by the AVM authentication client, the application credentials to the AVM authentication server; (vi) generating, by the AVM authentication server, an application session ticket after verifying the application authentication credentials; (vii) sending, by the AVM authentication server, the application session ticket to the OFS server and the AVM authentication client. See also on [Col 14 line 10-15] teaches the session ticket is used by the OFS server to authenticate the application (or the user of the application) that sent the OFS operation. If the authentication is successful, then OFS server forwards the request to the file system module; otherwise the process ends).

Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Rodgers into the teaching of Petrov by authenticating the application making a request based on metadata associated with the application. One would be motivated to do so in order to verify the authenticity of application running on device (Rodgers on [Col 1 line 15-18]).

Although the combination teaches detecting, from a virtualized computing instance, a packet destined for the destination server at a platform controller (NIC) associated with the virtualized computing instance, but fails to explicitly teach detecting, from a virtualized computing instance, a packet destined for the destination server at a virtual network interface controller (VNIC) associated with the virtualized computing instance, however Hsueh from analogous art teaches detecting by the virtualization software, from a virtualized computing instance, a packet destined for the destination server at a virtual network interface controller (VNIC) associated with the virtualized computing instance (Hsueh on [0064] teaches a virtual network interface card 10 ( VNIC) is a software component that emulates a physical network interface card (NIC) driver and enables any Ethernet-based software application to receive feeds from a PacketPortal system via a NIC interface. The VNIC receives Packet Portal feeds, removes the transport headers and metadata to reveal the network traffic, and retransmits the original packets to the PC's network stack);
and in response to determination that the detected packet is not an authentication request, sending the detected packet to the destination server (Hsueh on [0070] teaches the test device 2 stores discovered network addresses and encapsulations in a buffer. In operational block 404, the test device 2 scans the captured packet's 103 payload searching for predefined authentication patterns. In operational block 404, the test device 2 determines whether any of the authentication patterns is found in the packet's payload. If none of the authentication patterns are found 405, operation advances and the packet 103 is passed through the test device 2 back onto network 100 to the destination address of the packet 103 without any changes made to the packet).

Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Hsueh into the combined teaching of Petrov and Rodgers by detecting authentication packet at VNIC which is directed towards server. One would be motivated to do so in order to securely monitor network traffic and collecting network information for performing load balancing (Hsueh on [0008-0009]).

Regarding claim 15 Petrov teaches a host including virtualization software configured to perform authentication offload in a virtualized computing environment that includes the host and a destination server, wherein the host comprises (Petrov on [0012] teaches method for performing mutual authentication in virtual computing environment having proxy server and client application);
a processor (Petrov on [0036] teaches a processor);
and a non-transitory computer-readable medium having stored thereon instructions that, when executed by the processor, cause the processor to (Petrov on [0036] teaches The computer system 600 includes a processor 605 that executes software instructions or code stored on a computer readable storage medium);
Petrov on [0022] teaches The platform controller 310 may select a VM, such as application VM 315, from a pool with VMs to deploy and start an instance of the application 320 on the application VM 315 (i.e. multiple VMs). see also Fig 1 and text on [0013 and 0022] teaches application VM 110 and service VM 180  The application 120 is running on the application VM 110. In one embodiment, other instances of the application 120 may run on other application VMs. As a result a number of instances of the application 120 may exist and scale requests);
in response to determination that the detected packet is an authentication request generated by a client application supported by the virtualized computing instance (Petrov on [0013] teaches the application 120 is running on the application VM 110. see on [0018] teaches the proxy server securely manages requests received by the application for platform service consumption. see on [0023 and 0026] teaches the application 320 may communicate with the proxy server 325 using HTTP request. The proxy server 325 may be an HTTP proxy server that receives the HTTP request from the application providing details for consuming the platform service 345. The request sent by the application 320 may define an identification of the platform service 345 (i.e. authentication request));

Although Petrov teaches authenticating application based on metadata, but fails to explicitly teach the virtualization software maintains a mapping between underlying hardware resources of the host and virtual resources allocated to the virtualized computing instance, obtaining, by the , however Rodgers from analogous art teaches the virtualization software maintains a mapping between underlying hardware resources of the host and virtual resources allocated to the virtualized computing instance (Rodgers on [Col 7 line 25-30] teaches the SVM may, based on one or more policies, permit the applications and/or processes within the AVM to access resources (software resources and/or hardware resources) in the server and/or the network adapter. In other embodiments of the invention, certain applications and/or processes in the AVM may (in certain scenarios) directly access resources in the server and/or network adapter. See also on [Col 7 line 63-66] teaches he hypervisor (180) provides the interface between the hardware resources on the server (see e.g., FIG. 1B) and the virtual machines (e.g., control domain, SVMs, AVMs, etc.) executing on the server (i.e. equivalent to mapping resource));
 obtaining, by the virtualization software from the virtualized computing instance, metadata associated with the client application for which authentication is requested (Rodgers on [Col 9 line 13-30] teaches the AVM authentication client (i.e. virtualization software) includes functionality to: (i) receive application authentication credentials (i.e. metadata) from OFS client (i.e. virtual computing instance) or from the application (i.e. for which authentication is requested). See on [Col 10 line 32-40] teaches the UFS operation may require a UFS session ticket. In such cases, the file system module provides UFS authentication credentials (UFS username and password) to the UFS client (426) or the authentication client (422). The authentication client (422) forwards a request (that includes the application authentication credentials) to the authentication server (424) (which is external to the computing device). See also on [Col 14 line 10-15] teaches the session ticket is used by the OFS server to authenticate the application (or the user of the application) that sent the OFS operation. If the authentication is successful, then OFS server forwards the request to the file system module; otherwise the process ends);
and sending, by the virtualization software the authentication request and the metadata to the destination server to cause the destination server to authenticate the client application based on the metadata (Rodgers on [Col 9 line 13-30] teaches the AVM authentication client (i.e. virtualization software) includes functionality to: (i) receive application authentication credentials (i.e. metadata) from OFS client (i.e. virtual computing instance) or from the application (i.e. for which authentication is requested). Further teaches provide the application authentication credentials for the AVM authentication server for verification and (iii) to receive an application session ticket, if the verification is successful, from the AVM authentication server. See on [Col 10 line 32-40] teaches the authentication client (422) forwards a request (that includes the application authentication  
Credentials) to the authentication server (424) (which is external to the computing device). The authentication server subsequently verifies the UFS authentication credentials and. See also on [Col 13 line 10-20] teaches providing, by the AVM authentication client, the application credentials to the AVM authentication server; (vi) generating, by the AVM authentication server, an application session ticket after verifying the application authentication credentials; (vii) sending, by the AVM authentication server, the application session ticket to the OFS server and the AVM authentication client. See also on [Col 14 line 10-15] teaches the session ticket is used by the OFS server to authenticate the application (or the user of the application) that sent the OFS operation. If the authentication is successful, then OFS server forwards the request to the file system module; otherwise the process ends).

Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Rodgers into the teaching of Petrov by authenticating the application (Rodgers on [Col 1 line 15-18]).

Although the combination teaches detecting, from a virtualized computing instance, a packet destined for the destination server at a platform controller (NIC) associated with the virtualized computing instance, but fails to explicitly teach detecting, from a virtualized computing instance, a packet destined for the destination server at a virtual network interface controller (VNIC) associated with the virtualized computing instance, however Hsueh from analogous art teaches detecting by the virtualization software, from a virtualized computing instance, a packet destined for the destination server at a virtual network interface controller (VNIC) associated with the virtualized computing instance (Hsueh on [0064] teaches a virtual network interface card 10 ( VNIC) is a software component that emulates a physical network interface card (NIC) driver and enables any Ethernet-based software application to receive feeds from a PacketPortal system via a NIC interface. The VNIC receives Packet Portal feeds, removes the transport headers and metadata to reveal the network traffic, and retransmits the original packets to the PC's network stack);
and in response to determination that the detected packet is not an authentication request, sending the detected packet to the destination server (Hsueh on [0070] teaches the test device 2 stores discovered network addresses and encapsulations in a buffer. In operational block 404, the test device 2 scans the captured packet's 103 payload searching for predefined authentication patterns. In operational block 404, the test device 2 determines whether any of the authentication patterns is found in the packet's payload. If none of the authentication patterns are found 405, operation advances and the packet 103 is passed through the test device 2 back onto network 100 to the destination address of the packet 103 without any changes made to the packet).

 into the combined teaching of Petrov and Rodgers by detecting authentication packet at VNIC which is directed towards server. One would be motivated to do so in order to securely monitor network traffic and collecting network information for performing load balancing (Hsueh on [0008-0009]).

Regarding claim 2, 9 and 16 the combination of Petrov, Rodgers and Hsueh teaches all the limitations of claim 1, 8 and 15 respectively, Rodgers further teaches wherein obtaining the metadata comprises: based on header data of the authentication request, requesting the metadata from a guest operating system (OS) associated with the virtualized computing instance (Rodgers on [Col 12 line 1-11] teaches operating system associated with virtualized computing instance. See on [Col line 40-45] teaches the cryptex server could determine that the virtual machine metadata received from the cloud management system does not match the metadata of the requesting virtual machine instance and could avoid decrypting the security credential (i.e. indicating the server receives the metadata associated with the application for performing authentication) . See on [Col 7 line 50-55] teaches authenticating the deployed application using metadata).
Regarding claim 3, 10 and 17 the combination of Petrov, Rodgers and Hsueh teaches all the limitations of claim 2, 9 and 16 respectively, Petrov further teaches wherein obtaining the metadata comprises invoking a call supported by a guest enhancement toolkit installed on the guest OS, wherein the call identifies a source port number in the authentication request (Petrov Fig 4 and text on [0022-0024] teaches During instantiating the application 320 on the application VM 315, the platform controller 310 may provide port 427 as a communication endpoint for addressing calls from the application 320 to the proxy server 325. The application 320 may store the provided details for the port 427 in application's memory. The application 320 may be developed in such a manner that the application 320 consumes the platform service 345 that is available on the cloud platform 305).
Regarding claim 4, 11 and 18 the combination of Petrov, Rodgers and Hsueh teaches all the limitations of claim 3, 10 and 17 respectively, Petrov further teaches wherein obtaining the metadata comprises: receiving, from the guest enhancement toolkit, the metadata that includes one or more of the following: a hash value associated with the client application and a digital signature associated with the client application (Petrov on [0016] teaches Application key store 150 may be in connection with the proxy server 130 to store a certificate associated with the application 120 (i.e. metadata). During the secure communication between the proxy server 130 and the platform service 140 to provide consumption of the platform service 140 by the application 120, certificates are exchanged and verified by both parties in the communication. See also on [0020] teaches the proxy server and the platform service are mutually authenticated, for example, based on certificates. The proxy server and the platform service may further perform authorization steps for verification of rights of the application to consume the platform service. At 250, a result of the secure consumption of the platform service is provided to the application (i.e. proxy server obtains certificate associated with the application and performs mutual authentication). See also on [0029] teaches the HTTP proxy server 420 has access to application key store 430 that includes a certificate generated for the application 415. In one embodiment, these certificates may be generated by a cloud controller, such as the platform controller 310, FIG. 3. The certificate of the application 415 stored in the application key store 430 is provided to the document service 445 by the proxy server 420 during the authentication).

Regarding claim 5, 12 and 19 the combination of Petrov, Rodgers and Hsueh teaches all the limitations of claim 1, 8 and 15 respectively, the combination of Petrov, Rodgers and the cited section Hsueh fails to teach performing packet snooping at the virtual network interface controller (VNIC)  on different portion teaches wherein detecting the packet comprises: performing packet snooping at the virtual network interface controller (VNIC) associated with the virtualized computing instance (Hsueh on [0027] teaches  the packet 103 travels from the source 101 to the destination 102 and is intercepted by the test device (or "probe") 2. The protocol-generic test device 2 may recognize packet 103 as a special test/configuration packet by scanning for and finding a predetermined pattern embedded in the packet's payload).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Hsueh into the combined teaching of Petrov and Rodgers by detecting authentication packet at VNIC which is directed towards server. One would be motivated to do so in order to securely monitor network traffic and collecting network information for performing load balancing (Hsueh on [0008-0009]).

Regarding claim 6, 13 and 20 the combination of Petrov, Rodgers and Hsueh teaches all the limitations of claim 1, 8 and 15 respectively, Petrov further teaches wherein the method further comprises: establishing a trust channel between an authentication agent supported by the host and the destination server, wherein the trust channel is subsequently used by the authentication agent to send the authentication request and the metadata to the destination server (Petrov on [0025 and 0029] teaches the certificates are verified based on verification of trust related to signatures of the exchanged certificates and based on verification of content part of the certificates. Further, authorization steps may be performed by the platform service 345 and the proxy server 325. The authorization between the platform service 345 and the proxy server 325 may be performed and access for consumption of the platform service 345 by the application 320 may be granted after successful authorization).
7, 14 and 21 the combination of Petrov, Rodgers and Hsueh teaches all the limitations of claim 1, 8 and 15 respectively, Rodgers further  teaches wherein the method further comprises: in response to receiving, from the destination server, an authentication token indicating that the authentication request is successful sending the authentication token to the virtualized computing instance for subsequent communication between the client application and a server application supported by the destination server (Rodgers on [Col 9 line 10-35] teaches the metadata could specify an IP address assigned to the virtual machine associated with the unique virtual machine identifier, and the cryptex server 134 could compare the assigned IP address with the IP address from which the request for the decrypted token was received (i.e., the IP address of the virtual machine 245). If the two IP addresses match, the cryptex server 134 could determine that the authentication operation was successful, the cryptex server 134 may then determine whether the decrypted token should be provided to the virtual machine 245.).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Rodgers into the teaching of Petrov by authenticating the application making a request based on metadata associated with the application and providing token once authentication is successful. One would be motivated to do so in order to provide a secure and efficient technique for deploying a security credential to an application executing in a cloud computing environment (Rodgers on [Col 13 line 34-46]).

 
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  


Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOEEN KHAN whose telephone number is (571)272-3522.  The examiner can normally be reached on 7AM-5PM EST M-TH Alternate Fridays.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571)272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 






/MOEEN KHAN/Examiner, Art Unit 2436                                                                                                                                                                                                        

/SHEWAYE GELAGAY/Supervisory Patent Examiner, Art Unit 2436