DETAILED ACTION
The present application is being examined under the pre-AIA  first to invent provisions. 
This is in response to the correspondence filed on 01/07/21.  Claims 7-27 are still pending and have been considered below.

Claim Objections
Claims 8, 15 and 22 are objected to because of the following informalities:  the instant claims should be amended to recite “…by the corresponding rules engine…”, in order to maintain consistency with the preceding claim language.  Appropriate correction is required.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.

Claim(s) 7, 9-14, 16-21 and 23-27 is/are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over McCrory et al. (2003/0105810) in view of Budko et al. (2010/0071035).
Claim 7:  McCrory et al. discloses a system comprising one or more computers and one or more storage devices storing instructions that are operable, when executed by the one or more computers, to cause the one or more computers to implement components comprising:
an application platform configured to execute on a plurality of first computers in a cloud computing environment [page 3, paragraph 0030], the application platform comprising a plurality of virtualized computing resources [page 3, paragraph 0029] that are configured to host deployed applications(user accesses virtualized resource/service via internet) [page 7, paragraph 0064 | page 8, paragraph 0070],
wherein the application platform comprises a cloud controller that is configured to receive a plurality of commands [page 4, paragraph 0039] to manage applications hosted on the application platform in the cloud computing environment(command/actions directed to a target resource) [page 9, paragraph 0075 | page 10, paragraph 0079];
but does not explicitly disclose a policy engine comprising a plurality of rules engines, each rules engine corresponding to a respective command of the plurality of commands for the cloud controller of the application platform, wherein the policy engine is configured to: intercept a command issued to the cloud controller, determine whether to permit or reject the intercepted command, according to one or more rules of the plurality of rules engines, and if determining to permit the intercepted command, forward the intercepted command to the cloud controller.
However, Budko et al. discloses a similar invention [page 1, paragraph 0008] and further discloses a policy engine comprising a plurality of rules engines(security appliance) [page 3, paragraph 0026], each rules engine corresponding to a respective command of the plurality of commands for the cloud controller of the application platform(access control rules/policy for management changes/operations on specific targets) [page 5, paragraph 0044], wherein the (all attempted management commands must pass through appliance) [page 2, paragraph 0022], determine whether to permit or reject the intercepted command(retrieve and apply relevant policy and/or privileges) [page 6, paragraphs 0047-0048], according to one or more rules of the plurality of rules engines(inspect asserted command from management client) [page 3, paragraph 0027], and if determining to permit the intercepted command, forward the intercepted command to the cloud controller(send valid command to target) [page 3, paragraph 0028 | page 5, paragraph 0040].
Therefore, it would have been obvious to one of ordinary skill in the art at the time of invention to further modify the disclosure of McCrory et al. with the additional features of Budko et al., in order to better manage potential security threats in a virtual environment, as suggested by Budko et al. [page 2, paragraph 0019].
Claim 9:  McCrory et al. and Budko et al. disclose the system of claim 7, and Budko et al. further discloses wherein the policy engine is further configured, if determining to reject the intercepted command, to send a notification of the rejection to an issuer of the intercepted command [page 3, paragraph 0028 | page 5, paragraph 0040].
Claim 10:  McCrory et al. and Budko et al. disclose the system of claim 7, and Budko et al. further discloses wherein the policy engine is further configured to access a networked service before forwarding the intercepted command to the cloud controller [page 6, paragraphs 0047-0048].
Claim 11:  McCrory et al. and Budko et al. disclose the system of claim 7, and Budko et al. further discloses wherein the intercepted command is a cloud controller command for creating or managing an application on the application platform [page 3, paragraph 0030].
Claim 12:  McCrory et al. and Budko et al. disclose the system of claim 7, and Budko et al. further discloses wherein the policy engine is installed on a same computer system that issues commands to the cloud controller [page 4, paragraph 0036].
Claim 13:  McCrory et al. and Budko et al. disclose the system of claim 7, and Budko et al. further discloses wherein the policy engine is installed on the cloud computing environment [page 1, paragraph 0008].
Claim 14:  McCrory et al. discloses a computer-implemented method comprising:
executing an application platform on a plurality of first computers in a cloud computing environment [page 3, paragraph 0030], the application platform comprising a plurality of virtualized computing resources [page 3, paragraph 0029] that are configured to host deployed applications [page 7, paragraph 0064 | page 8, paragraph 0070], 
wherein the application platform comprises a cloud controller that is configured to receive a plurality of commands [page 4, paragraph 0039] to manage applications hosted on the application platform in the cloud computing environment [page 9, paragraph 0075 | page 10, paragraph 0079];
but does not explicitly disclose intercepting, by a policy engine installed on one or more second computers, a command issued to the cloud controller, the policy engine comprising a plurality of rules engines, each rules engine corresponding to a respective command of the plurality of commands for the cloud controller of the application platform; determining, by the policy engine, whether to permit or reject the intercepted command, according to one or more rules of the plurality of rules engines; and if determining to permit the intercepted command, forwarding, by the policy engine, the intercepted command to the cloud controller.
Budko et al. discloses a similar invention [page 1, paragraph 0008] and further discloses intercepting, by a policy engine installed on one or more second computers [page 3, paragraph 0026], a command issued to the cloud controller [page 2, paragraph 0022], the policy engine comprising a plurality of rules engines, each rules engine corresponding to a respective command of the plurality of commands for the cloud controller of the application platform [page 5, paragraph 0044]; determining, by the policy engine, whether to permit or reject the intercepted command, according to one or more rules of the plurality of rules engines [page 6, paragraphs 0047-0048]; and if determining to permit the intercepted command, forwarding, by the policy engine, the intercepted command to the cloud controller [page 3, paragraph 0028 | page 5, paragraph 0040].
Therefore, it would have been obvious to one of ordinary skill in the art at the time of invention to further modify the disclosure of McCrory et al. with the additional features of Budko et al., in order to better manage potential security threats in a virtual environment, as suggested by Budko et al. [page 2, paragraph 0019].
Claim 16:  McCrory et al. and Budko et al. disclose the method of claim 14, and Budko et al. further discloses further comprising: if determining to reject the intercepted command, sending, by the policy engine, a notification of the rejection to an issuer of the intercepted command [page 3, paragraph 0028 | page 5, paragraph 0040].
Claim 17:  McCrory et al. and Budko et al. disclose the method of claim 14, and Budko et al. further discloses further comprising: accessing, by the policy engine, a networked service before forwarding the intercepted command to the cloud controller [page 6, paragraphs 0047-0048].
Claim 18:  McCrory et al. and Budko et al. disclose the method of claim 14, and Budko et al. further discloses wherein the intercepted command is a cloud controller command for creating or managing an application on the application platform [page 3, paragraph 0030].
Claim 19:  McCrory et al. and Budko et al. disclose the method of claim 14, and Budko et al. further discloses wherein the policy engine is installed on a same computer system that issues commands to the cloud controller [page 4, paragraph 0036].
Claim 20:  McCrory et al. and Budko et al. disclose the method of claim 14, and Budko et al. further discloses wherein the policy engine is installed on the cloud computing environment [page 1, paragraph 0008].
Claim 21:  McCrory et al. discloses one or more non-transitory computer storage media encoded with computer program instructions that when executed by a plurality of computers cause the plurality of computers to perform operations comprising:
executing an application platform on a plurality of first computers in a cloud computing environment [page 3, paragraph 0030], the application platform comprising a plurality of virtualized computing resources [page 3, paragraph 0029] that are configured to host deployed applications [page 7, paragraph 0064 | page 8, paragraph 0070],
wherein the application platform comprises a cloud controller that is configured to receive a plurality of commands [page 4, paragraph 0039] to manage applications hosted on the application platform in the cloud computing environment [page 9, paragraph 0075 | page 10, paragraph 0079];
but does not explicitly disclose intercepting, by a policy engine installed on one or more second computers, a command issued to the cloud controller, the policy engine comprising a plurality of rules engines, each rules engine corresponding to a respective command of the 
However, Budko et al. discloses a similar invention [page 1, paragraph 0008] and further discloses intercepting, by a policy engine installed on one or more second computers [page 3, paragraph 0026], a command issued to the cloud controller [page 2, paragraph 0022], the policy engine comprising a plurality of rules engines, each rules engine corresponding to a respective command of the plurality of commands for the cloud controller of the application platform [page 5, paragraph 0044]; determining, by the policy engine, whether to permit or reject the intercepted command, according to one or more rules of the plurality of rules engines [page 6, paragraphs 0047-0048]; and if determining to permit the intercepted command, forwarding, by the policy engine, the intercepted command to the cloud controller [page 3, paragraph 0028 | page 5, paragraph 0040].
Therefore, it would have been obvious to one of ordinary skill in the art at the time of invention to further modify the disclosure of McCrory et al. with the additional features of Budko et al., in order to better manage potential security threats in a virtual environment, as suggested by Budko et al. [page 2, paragraph 0019].
Claim 23:  McCrory et al. and Budko et al. disclose the non-transitory computer storage media of claim 21, and Budko et al. further discloses the operations further comprising: if determining to reject the intercepted command, sending, by the policy engine, a notification of the rejection to an issuer of the intercepted command [page 3, paragraph 0028 | page 5, paragraph 0040].
Claim 24:  McCrory et al. and Budko et al. disclose the non-transitory computer storage media of claim 21, and Budko et al. further discloses the operations further comprising: accessing, by the policy engine, a networked service before forwarding the intercepted command to the cloud controller [page 6, paragraphs 0047-0048].
Claim 25:  McCrory et al. and Budko et al. disclose the non-transitory computer storage media of claim 21, and Budko et al. further discloses wherein the intercepted command is a cloud controller command for creating or managing an application on the application platform [page 3, paragraph 0030].
Claim 26:  McCrory et al. and Budko et al. disclose the non-transitory computer storage media of claim 21, and Budko et al. further discloses wherein the policy engine is installed on a same computer system that issues commands to the cloud controller [page 4, paragraph 0036].
Claim 27:  McCrory et al. and Budko et al. disclose the non-transitory computer storage media of claim 21, and Budko et al. further discloses wherein the policy engine is installed on the cloud computing environment [page 1, paragraph 0008].

Allowable Subject Matter
Claims 8, 15 and 22 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims; and if a properly executed terminal disclaimer is submitted to obviate the nonstatutory double patenting claim rejections set forth in this Office action.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely 
Claims 7-27 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-18 of U.S. Patent No. 8,572,706.
Although the claims at issue are not identical, they are not patentably distinct from each other because both inventions are directed to a substantially similar technique for supervising management commands sent to a cloud controller to manage web applications hosted on a web application platform in a cloud computing environment, which specifically relies upon a policy engine to intercept the commands and apply/execute one or more rules on the commands before forwarding the commands and/or forwarding the responses to the commands.
Furthermore, Examiner notes that each and every limitation of the instant claims appear to be substantially anticipated by the corresponding patented claims.
Therefore, Examiner respectfully submits that the instant claims and the patented claims are not directed to patentably distinct inventions; thus, properly rejected on the grounds of nonstatutory double patenting, as further outlined below.
U.S. Application No. 17/067,639
U.S. Patent No. 8,572,706
Claim 7, Claim 13, Claim 17, Claim 23, Claim 27
Claim 1, Claim 8, Claim 14
Claim 8, Claim 9, Claim 10, Claim 11, Claim 12, Claim 18, Claim 19, Claim 20, Claim 21, Claim 22
Claim 2, Claim 3, Claim 4, Claim 7, Claim 9, Claim 10, Claim 11, Claim 13, Claim 15, Claim 16, Claim 17
Claim 14, Claim 24
Claim 5, Claim 12, Claim 18
Claim 15, Claim 16, Claim 25, Claim 26
Claim 6

Claims 7-27 rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-17 of U.S. Patent No. 9,071,522.

Furthermore, Examiner notes that each and every limitation of the instant claims appear to be substantially anticipated by the corresponding patented claims.
Therefore, Examiner respectfully submits that the instant claims and the patented claims are not directed to patentably distinct inventions; thus, properly rejected on the grounds of nonstatutory double patenting, as further outlined below.
U.S. Application No. 17/067,639
U.S. Patent No. 9,071,522
Claim 7, Claim 13, Claim 17, Claim 23, Claim 27
Claim 1, Claim 6, Claim 8, Claim 12, Claim 14
Claim 8, Claim 9, Claim 10, Claim 11, Claim 12, Claim 18, Claim 19, Claim 20, Claim 21, Claim 22
Claim 2, Claim 3, Claim 7, Claim 9, Claim 10, Claim 13, Claim 15, Claim 16
Claim 14, Claim 24
Claim 4, Claim 11, Claim 17
Claim 15, Claim 16, Claim 25, Claim 26
Claim 5

Claims 7-27 rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-24 of U.S. Patent No. 9,560,079.
Although the claims at issue are not identical, they are not patentably distinct from each other because both inventions are directed to a substantially similar technique for supervising management commands sent to a cloud controller to manage web applications hosted on a web application platform in a cloud computing environment, which specifically relies upon a policy 
Furthermore, Examiner notes that each and every limitation of the instant claims appear to be substantially anticipated by the corresponding patented claims.
Therefore, Examiner respectfully submits that the instant claims and the patented claims are not directed to patentably distinct inventions; thus, properly rejected on the grounds of nonstatutory double patenting, as further outlined below.
U.S. Application No. 17/067,639
U.S. Patent No. 9,560,079
Claim 7, Claim 13, Claim 17, Claim 23, Claim 27
Claim 1, Claim 5, Claim 6, Claim 9, Claim 13, Claim 14, Claim 17, Claim 21, Claim 22
Claim 8, Claim 9, Claim 10, Claim 11, Claim 12, Claim 18, Claim 19, Claim 20, Claim 21, Claim 22
Claim 2, Claim 7, Claim 8, Claim 10, Claim 15, Claim 16, Claim 18, Claim 23, Claim 24
Claim 14, Claim 24
Claim 3, Claim 11, Claim 19
Claim 15, Claim 16, Claim 25, Claim 26
Claim 4, Claim 12, Claim 20

Claims 7-27 rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-15 of U.S. Patent No. 9,942,277.
Although the claims at issue are not identical, they are not patentably distinct from each other because both inventions are directed to a substantially similar technique for supervising management commands sent to a cloud controller to manage web applications hosted on a web application platform in a cloud computing environment, which specifically relies upon a policy engine to intercept the commands and apply/execute one or more rules on the commands before forwarding the commands and/or forwarding the responses to the commands.
Furthermore, Examiner notes that each and every limitation of the instant claims appear to be substantially anticipated by the corresponding patented claims.

U.S. Application No. 17/067,639
U.S. Patent No. 9,942,277
Claim 7, Claim 13, Claim 14, Claim 15, Claim 16, Claim 17, Claim 23, Claim 24, Claim 25, Claim 26, Claim 27
Claim 1, Claim 2, Claim 5, Claim 6, Claim 7, Claim 10, Claim 11, Claim 12, Claim 15
Claim 8, Claim 9, Claim 10, Claim 11, Claim 12, Claim 18, Claim 19, Claim 20, Claim 21, Claim 22
Claim 3, Claim 4, Claim 8, Claim 9, Claim 13, Claim 14

Claims 7-27 rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-32 of U.S. Patent No. 10,805,351.
Although the claims at issue are not identical, they are not patentably distinct from each other because both inventions are directed to a substantially similar technique for supervising management commands sent to a cloud controller to manage web applications hosted on a web application platform in a cloud computing environment, which specifically relies upon a policy engine to intercept the commands and apply/execute one or more rules on the commands before forwarding the commands and/or forwarding the responses to the commands.
Furthermore, Examiner notes that each and every limitation of the instant claims appear to be substantially anticipated by the corresponding patented claims.
Therefore, Examiner respectfully submits that the instant claims and the patented claims are not directed to patentably distinct inventions; thus, properly rejected on the grounds of nonstatutory double patenting, as further outlined below.
U.S. Application No. 17/067,639
U.S. Patent No. 10,805,351

Claim 1, Claim 5, Claim 9, Claim 13, Claim 17, Claim 21, Claim 25, Claim 29
Claim 9, Claim 10, Claim 11, Claim 12, Claim 13, Claim 16, Claim 17, Claim 18, Claim 19, Claim 20, Claim 23, Claim 24, Claim 25, Claim 26, Claim 27
Claim 2, Claim 3, Claim 4, Claim 6, Claim 7, Claim 8, Claim 10, Claim 11, Claim 12, Claim 14, Claim 15, Claim 16, Claim 18, Claim 19, Claim 20, Claim 22, Claim 23, Claim 24, Claim 26, Claim 27, Claim 28, Claim 30, Claim 31, Claim 32


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.  Lim (2007/0156659).
Any inquiry concerning this communication or earlier communications from the examiner should be directed to EDWARD ZEE whose telephone number is (571)270-1686. The examiner can normally be reached Monday-Friday 9AM-5PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on (571)272-3685. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more 



/EDWARD ZEE/Primary Examiner, Art Unit 2435