Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
Applicant’s amendment filed on 11/8/2021 has been entered. Applicant has amended claims 1, 2, 4, 9-12, 14, 15 and 21. Currently claims 1-15 and 21 are pending in this application.

 Response to Arguments
Examiner acknowledges clarification of claim language of 1-15 to overcome 35 U.S.C. 112(b) rejection. As a result, all rejection under 35 U.S.C. 112(b) rejections previously present are withdrawn. Note: Please note that change in claim language has now triggered a rejection under 35 U.S.C. 101. 

Applicant's arguments with respect 35 U.S.C. 103 rejection of claims 1 and 21 have been considered but are moot in view of the new ground(s) of rejection. 

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows: 
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claim(s) 1-15 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  
A secure multi-cloud integration system, said system comprising: a software platform…the software platform comprises: a first software module…a second software module…". The claimed system direct to software per se, which do not show the physical transformation. Therefore, the claimed “system” would amount to computer programs, a type of functional descriptive material, per se. As such, the claimed system/apparatus must include the hardware necessary to realize any of the functionality of the claimed modules and produce a useful, concrete and tangible result. In absence of recitation of such hardware as part of the claimed apparatus, it is considered non-statutory.
Claims 2-15 depend on claim 1, and also do not incorporate any hardware into independent claim, therefore they are rejected with the same rationale applied against claim 1 above.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person 


Claims 1, 6 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Puttaswamy Naga et al. (US 2014/0067994 A1), hereinafter, “Naga” in view of Cornelius et al. (US 2004/0015857 A1), hereinafter, “Cornelius”.
Regarding Claim 1, Naga discloses a secure multi-cloud integration system, said system comprising: 
a software platform stored on a network (See, Fig. 1, Numeral 130), said network that is independent of a first cloud and a second cloud (See, Fig. 1, Numerals 1101 and 1102); 
wherein: 
the software platform comprises: 
a first software module 
a second software module 
in response to the data integration request, the second software module is configured to control the flow of data from a first database stored on the first cloud to a second database stored on the second cloud (See, Paragraph 0094, “At step 830, a determination is made as to whether or not to transfer data specified by the data request from the first cloud toward the second cloud. This is a cost-based determination that may be directly or indirectly based on one or more costs associated with the first cloud or one or more costs associated with the second cloud).
Naga does not explicitly disclose a first software module that is located in an outer section of the network, said outer section of the network that is accessible from outside the network and a second software module that is located in an inner section of 
Cornelius discloses a first software module that is located in an outer section of the network, said outer section of the network that is accessible from outside the network and a second software module that is located in an inner section of the network, said inner section that is separated from the outer section by at least one firewall (See, Fig. 13, Numerals 18, 68 and 72).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have, in the system of Naga, a first software module that is located in an outer section of the network, said outer section of the network that is accessible from outside the network and a second software module that is located in an inner section of the network, said inner section that is separated from the outer section by at least one firewall as taught by Cornelius so that the outer section software module could receive the request from outside the network and firewall would prevent any request trying to directly access data transfer functionality of the internal software module thereby increasing the overall security of the system.
Regarding Claim 6, the rejection of claim 1 is incorporated and the combination of Naga and Cornelius further discloses wherein each of the first and the second clouds hosts a plurality of tenants (See, Naga, Paragraph 0024).
Regarding Claim 14, the rejection of claim 1 is incorporated and the combination of Naga and Cornelius further discloses wherein the data integration platform also controls the flow of data from the second database to the first database (See, Naga, Paragraph 0026).

Claim 3 is rejected under 35 U.S.C. 103 as being unpatentable over Naga and Cornelius and further in view of Higginson et al. (US 2015/0019488 A1), hereinafter, “Higginson”.
Regarding Claim 3, the rejection of claim 1 is incorporated and the combination of Naga and Cornelius does not explicitly disclose wherein communication between the first and second databases is logged, and the log is sent to the network.
However, maintain a log of data transfer is well known in the art of computer networking. Higginson discloses a system wherein communication between the first and second databases is logged, and the log is sent to the network (See, Paragraphs 0014, 0058 and 0103).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to log, in the system of Naga and Cornelius, communication between the first and second databases is logged, and the log is sent to the network as taught by Higginson so that “after a database has been copied to the target server system, a customer may expect at least some level of verification to be performed on the database at the target server system to ensure the copy was performed correctly and/or fully” (See, Higginson, Paragraph 0058).
Claims 2 and 4 is rejected under 35 U.S.C. 103 as being unpatentable over Naga in view of Cornelius and further in view of Martinez et al. (US 2012/0185913 A1), hereinafter, “Martinez” and Fogel (US 2007/0209067 A1), hereinafter, “Fogel”.
Regarding Claim 2, the rejection of claim 1 is incorporated and the combination of Naga and Cornelius does not explicitly disclose wherein the outer section of the 
Martinez discloses cloud network wherein the outer section of the network is protected by a perimeter firewall (See, Martinez, Fig. 4, Numeral 312), said perimeter firewall that filters access from outside the network based at least in part on ACL lists (See, Martinez, Paragraph 0078).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention protect, in the system of Naga and Cornelius, the outer section of the network by a perimeter firewall, said perimeter firewall that filters access from outside the network based at least in part on ACL lists as taught by Martinez in order to “provide an alert when a software workload is planned to be deployed in a security zone in a manner that is inconsistent with at least one of a security zone policy applicable to the security zone and a security policy associated with the workload” (See, Martinez, Paragraph 0035).
While Martinez discloses using ACL by firewall to control and filter access, Martinez does not explicitly disclose an internet-protocol ("IP") address whitelist.
IP address whitelist are well known in the art of computer security. Fogel discloses a firewall implementing IP address whitelist (See, Paragraph 0040).
 Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to filter, in the system of Naga and Cornelius and Martinez, access to the network based on an IP address whitelist as taught by Fogel so that If a received message has a source address corresponding to 
Regarding Claim 4, the rejection of claim 1 is incorporated and the combination of Naga and Cornelius does not explicitly disclose wherein the first database is secured behind a first perimeter firewall on the first cloud, and the second database is secured behind a second perimeter firewall on the second cloud, each perimeter firewall on a cloud configured to filter access from outside the cloud based at least in part on internet-protocol address allow list.
Martinez discloses wherein the first database is secured behind a first perimeter firewall on the first cloud (See, Fig. 4, Numeral 318), and the second database is secured behind a second perimeter firewall on the second cloud (See, Fig. 4, Numeral 315), each perimeter firewall on a cloud configured to filter access from outside the cloud based at least in part on ACL lists (See, Paragraph 0078).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention protect, in the system of Naga and Cornelius, the first and second databases on first and second clouds behind perimeter firewall wherein each perimeter firewall on a cloud configured to filter access from outside the cloud based at least in part on ACL lists as taught by Martinez in order to “provide an alert when a software workload is planned to be deployed in a security zone in a manner that is inconsistent with at least one of a security zone policy applicable to the security zone and a security policy associated with the workload” (See, Martinez, Paragraph 0035).

IP address whitelist are well known in the art of computer security. Fogel discloses a firewall implementing IP address whitelist (See, Paragraph 0040).
 Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to filter, in the system of Naga and Cornelius and Martinez, access to the network based on an IP address whitelist as taught by Fogel so that If a received message has a source address corresponding to an entry on the Whitelist, it is deemed to be from a recognized entity and can be excluded from many, or all, of the remaining security processes thereby saving processing delays (See, Fogel, Paragraph 0040).
Claim 5 is rejected under 35 U.S.C. 103 as being unpatentable over Martinez in view of Naga, Cornelius, Martinez and Fogel and further in view of Hayner et al. (US 2004/0100507 A1), hereinafter, “Hayner”.
Regarding Claim 5, the rejection of claim 4 is incorporated and the combination of Naga, Cornelius, Martinez and Fogel does not explicitly disclose at least one inner firewall between the first database and the first perimeter firewall; and at least one inner firewall between the second database and the second perimeter firewall.
However, providing inner firewall is well known in the art of computer networking. Hayner discloses providing inner firewall between database and a perimeter firewall (See, Fig. 1, Numeral 24 and Paragraph 0049).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to provide, for both the first cloud system .
Claim 15 is rejected under 35 U.S.C. 103 as being unpatentable over Naga and Cornelius and further in view of Hayner.
Regarding Claim 15, the rejection of claim 1 is incorporated and the combination of Naga and Cornelius further does not explicitly discloses a third software module, said third software module that is: located in an intermediate section of the network, said intermediate section that is between, and separated by firewalls from, the inner section and the outer section of the network; and configured to mediate communication between the first software module and the second software module.
Hayner discloses a reverse proxy module, said reverse proxy module that is: located in an intermediate section of the network, said intermediate section that is between, and separated by firewalls from, the inner section and the outer section of the network and configured to mediate communication between the first software module and the second software module. (See, Paragraphs 0009 and 0027).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to provide, in the system of Naga and Cornelius, a reverse proxy module, said reverse proxy module that is: located in an intermediate section of the network, said intermediate section that is between, and separated by firewalls from, the inner section and the outer section of the network as taught by Hayner so that “the client cannot directly access a computational device .
Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over Naga and Cornelius and further in view of Bookman et al. (US 2014/0040888 A1), hereinafter, “Bookman”.
Regarding Claim 7, the rejection of claim 1 is incorporated and the combination of Naga and Cornelius does not explicitly disclose wherein at least one of the clouds hosts more than 50,000 tenants.
Bookman discloses cloud-computing environment that host more than 50,000 tenants (See, Paragraph 0037).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have, the cloud in the system of Naga and Cornelius, host more than 50,000 tenants as taught by Bookman because constructing a cloud to support a given number of tenants is a matter of a design choice between a predictable, finite number of possibilities.

Claims 8 and 9 are rejected under 35 U.S.C. 103 as being unpatentable over Naga and Cornelius and further in view of Butcher et al. (US 2011/0035589 A1), hereinafter, “Butcher”.
Claim 8, the rejection of claim 1 is incorporated and the combination of Naga and Cornelius does not explicitly discloses wherein all communications in the system adhere to a predetermined cryptographic protocol.
Butcher discloses communication system wherein all communications in the system adhere to a predetermined cryptographic protocol (See, Paragraph 0041).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement, in the system of Naga and Cornelius, a predetermined cryptographic protocol as taught by Butcher in order to provide security to the commination system.
Regarding Claim 9, the rejection of claim 8 is incorporated and the combination of Naga, Cornelius and Butcher further discloses wherein the predetermined cryptographic protocol is transport layer security ("TLS") version 1.2 or later (See, Paragraph 0041).
Claims 10 and 11 are rejected under 35 U.S.C. 103 as being unpatentable over Naga and Cornelius and further in view of Martinez.
Regarding Claim 10, the rejection of claim 1 is incorporated and the combination of Naga and Cornelius does not explicitly disclose a cryptographic software module, said cryptographic software module that is configured to create, store, manage, and/or control access to cryptographic keys.
Martinez discloses a cryptographic software module, said cryptographic software module that is configured to create, store, manage, and/or control access to cryptographic keys (See, Martinez, Fig. 4 and Paragraphs 0092 and 0116).

Regarding Claim 11, the rejection of claim 10 is incorporated and the combination of Naga, Cornelius and Martinez further discloses wherein the key vault module is hosted on the second cloud (See, Martinez, Fig. 4 and Paragraphs 0092, 0093 and 0116).
Claim 12 is rejected under 35 U.S.C. 103 as being unpatentable over Naga in view of Cornelius and Martinez and further in view of Barton et al. (US 2014/0033271 A1), hereinafter, “Barton”.
Regarding Claim 12, the rejection of claim 10 is incorporated and the combination of Naga, Cornelius and Martinez further discloses wherein the key vault module adheres to at least the Federal Information Processing Standard ("FIPS") (See, Martinez, Paragraph 0092).
While Martinez discloses using Federal Information Processing Standard for key vault, Martinez does not explicitly disclose FIPS Publication 140-2 Level 2 standard.
Barton discloses key vault module adhering to the FIPS 140-2 level 2 standard (See, Paragraph 0362).
.
Claim 13 is rejected under 35 U.S.C. 103 as being unpatentable over Naga in view of Cornelius and further in view of Sharif et al. (US 2010/0037303 A1), hereinafter, “Sharif”.
Regarding Claim 13, the rejection of claim 1 is incorporated and the combination of Naga and Cornelius does not explicitly disclose wherein communication in the system adheres to a predetermined tokening protocol.
Sharif discloses data transfer system wherein communication in the system adheres to a predetermined tokening protocol (See, Paragraph 0049).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement, in the system of Naga and Cornelius, communication in the system adheres to a predetermined tokening protocol as taught by Sharif because choosing a tokening protocol from various well-known protocol is a matter of a design choice between a predictable, finite number of possibilities.

Claim 21 is rejected under 35 U.S.C. 103 as being unpatentable over Naga in view of Cornelius and Higginson.
Regarding Claim 21, Naga discloses a method for secure multi-cloud integration, said method comprising: 
sending, from a first database hosted on a first cloud (See, Fig. 1, Numeral 1101) to a software platform stored on a network (See, Fig. 1, Numeral 130), a request to transfer data from the first database to a second database hosted on a second cloud (See, Fig. 8, Numeral 820 and Paragraph 0094, “At step 820, a data request is received. The data request is associated with an environment including a first cloud and a second cloud. In some embodiments, the data request may be a read request for data maintained at the first cloud, where the read request may be served directly from the first cloud or indirectly via the second cloud (e.g., such as where the first cloud hosts an application and application data is to be provided from the application in the first cloud to an end user device). In some embodiments, the data request may be a write request for data intended for the second cloud, where the write request may be provided directly to the second cloud or may be provided to the second cloud indirectly via the first cloud (e.g., such as where the second cloud hosts an application and application data is to be provided from an end user device to the application in the second cloud). In some embodiments, the data request may be a read request for data maintained at the first cloud where the first cloud supports a write cache and the second cloud supports a read cache. At step 830, a determination is made as to whether or not to transfer data specified by the data request from the first cloud toward the second cloud.”); 

routing the data from the first database to the second database through the software platform (See, Paragraph 0049, “At step 240, a control action is initiated based on the determination as to whether to transfer application data between the first cloud and the end user device directly without using the second cloud or indirectly via the second cloud. The control action may include initiating one or more actions in support of the data transfer, initiating control messages to one or more elements to be involved in the data transfer, or the like, as well as various combinations thereof” and Paragraph 0029, “In some embodiments, the application data transfer control system 130 may be implemented within the first cloud 1101 (e.g., for intercepting application data requests provided from user device 120 to application 112 such that a determination may be made regarding routing of the application data to the end user device 120 or from the end user device 120).”).
wherein the software platform comprises:
a first software module 

Naga does not explicitly disclose a first software module that is located in an outer section of the network, said outer section of the network that is accessible from outside the network and a second software module that is located in an inner section of the network, said inner section that is separated from the outer section by at least one firewall.
Cornelius discloses a first software module that is located in an outer section of the network, said outer section of the network that is accessible from outside the network and a second software module that is located in an inner section of the network, said inner section that is separated from the outer section by at least one firewall (See, Fig. 13, Numerals 18, 68 and 72).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have, in the system of Naga, a first software module that is located in an outer section of the network, said outer section of the network that is accessible from outside the network and a second software module that is located in an inner section of the network, said inner section that is separated from the outer section by at least one firewall as taught by Cornelius so that the outer section software module could receive the request from outside the network and firewall 
Naga does not explicitly disclose logging, via the data integration platform, the transfer and the content of the data; and transmitting the log to the network. 
However, maintain a log of data transfer is well known in the art of computer networking. Higginson discloses logging, via a data integration platform, a transfer and content of the data; and transmitting the log to a network (See, Paragraphs 0014, 0058 and 0103).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to log, in the system of Naga, a transfer and content of the data; and transmitting the log to a network as taught by Higginson so that “after a database has been copied to the target server system, a customer may expect at least some level of verification to be performed on the database at the target server system to ensure the copy was performed correctly and/or fully” (See, Higginson, Paragraph 0058).

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to YOGESH PALIWAL whose telephone number is (571)270-1807. The examiner can normally be reached M-F 9:00AM-5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph P Hirl can be reached on 5712723685. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 





/YOGESH PALIWAL/Primary Examiner, Art Unit 2435