DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 1, 3, 5, 7-8, 10, 12, 14-15, 17, 19 are rejected under 35 U.S.C. 103 as being unpatentable over Chan et al. (US 2016/0173573, hereinafter Chan) in view of Chaudhury et al. (Pub. No.: US 2012/0331563, hereinafter Chaudhury).
Regarding claim 1: Chan discloses A method for managing data, the method comprising:
obtaining a workload generation request, wherein the workload generation request specifies a security compliant rule (Chan - [0027]: The present disclosure enables a virtual fence or sandbox for a given set of VMs in an application workload. [0024]: With each barrier, a policy can be defined);
in response to the workload generation request:
selecting a first set of resource devices (Chan - [0026]: the application can have restricted network connectivity to local application VMs … and can have throttled physical resources (e.g., CPU, disk, memory, etc)) using a resource allocation master list (Chan - [0031]: a shared pool of configurable computing resources (e.g. networks, network bandwidth, servers, processing, memory, storage, applications, virtual machines, and services));
initiating a security compliance test on the first set of resource devices to obtain a security compliance result (Chan - [0026]: A set of security tests can be run which can validate that intrusion detection is functioning properly and that the application is safe for production);
making a first determination, based on the security compliance result, that the first set of resource devices meet a security compliance criterion (Chan - [0026]: A set of security tests can be run which can validate that intrusion detection is functioning properly and that the application is safe for production); and
in response to the first determination:
allocating the first set of resource devices to a workload based on the workload generation request (Chan - [0017]: The software application can be allowed access to the computing production environment based on a testing analysis 70 and use abstraction layers 74 to control allocation of resources in the production environment 80).
However Chan doesn’t explicitly teach, but Chaudhury discloses: storing a virtual certificate in a security compliance database based on the security compliance result (Chaudhury - [0042]: the certificate store 370 may be updated to modify the certificates which are permitted to access the system partition 222); and
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Chan with Chaudhury so that an certification for access permission is stored. The modification would have allowed the system to store the certification for secure permission. 
Regarding claim 3: Chan as modified discloses wherein the security compliance criterion is based on the security compliant rule (Chan - [0024]: With each barrier, a policy can be defined to verify the state of the deployment and verify the tasks the software application needs to complete to pass a test).
Regarding claim 5: Chan as modified discloses wherein the security compliance test comprises:
performing a penetration test on data stored in at least one resource device in the first set of resource devices (Chan - [0026]: A set of security tests can be run which can validate that intrusion detection is functioning properly and that the application is safe for production);
making a second determination, based on the penetration test, that the data is not accessible without authorization (Chan - [0025]: The access to resources can be based on meeting criteria of a stage of testing analysis); and
in response to the second determination, generating the security compliance result, wherein the security compliance result specifies the second determination (Chan - [0025]: place layers of logical barriers around the deployed application such that it cannot harm the production environment).
Regarding claim 7: Chan as modified discloses wherein a resource device in the first set of resource devices is a storage device (Chan - [0022]: a virtual fence can include a storage constraint).
Regarding claims 8, 10, 12 and 14: Claims are directed to computer readable medium claims and do not teach or further define over the limitations recited in claims 1, 3, 5 and 7. Therefore, claims 7, 10, 12 and 14 are also rejected for similar reasons set forth in claims 1, 3, 5 and 7. 
Regarding claims 15, 17 and 19: Claims are directed to method/computer readable medium claims and do not teach or further define over the limitations recited in claims 1, 3 and 5. Therefore, claims 15, 17 and 19 are also rejected for similar reasons set forth in claims 1, 3 and 5. 

Claims 4, 11 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Chan et al. (US 2016/0173573, hereinafter Chan) in view of Chaudhury et al. (Pub. No.: US 2012/0331563, hereinafter Chaudhury) and Banerjee (Patent No.: US 9,171,178).
Regarding claims 4, 11 and 18: Chan as modified doesn’t explicitly teach but Banerjee discloses wherein the security compliant rule specifies an encryption algorithm (Banerjee - [Col. 6, Line 18-19]: a security policy to encrypt sensitive data stored by the workload).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Chan and Chaudhury with Banerjee so that the .

Claims 6, 13 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Chan et al. (US 2016/0173573, hereinafter Chan) in view of Chaudhury et al. (Pub. No.: US 2012/0331563, hereinafter Chaudhury) and McCormick et al. (Patent No.: US 8,255,829, hereinafter McCormick).
Regarding claims 6, 13 and 20: Chan as modified doesn’t explicitly teach but McCormick discloses wherein initiating the security compliance test comprises prompting a third-party application to perform the security compliance test (McCormick - [Col. 5, Line 44-45]: The requirements component 112 outputs three prompts via the user interface 110. [Col. 7, Line 4-7]:  the requirements component 112 outputs the identification of the security test for the back end project application, which enables the project management 106 to execute the security test).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Chan and Chaudhury with McCormick so that an user interface prompted and output identification for security test. The modification would have allowed the system to prompt to enable security test.

Allowable Subject Matter
Claims 2, 9 and 16 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims. The reason for allowance will be furnished upon allowance of the application.


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Van Der Linden et al. (Pub. No.: US 2014/0052864) - Systems and methods for establishing a cloud bridge between virtual storage resources
Bade et al. (Pub. No.: US  2015/0067761) - Managing security and compliance of volatile systems

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s acting supervisor, Kristine Kincaid can be reached on (571) 272-4063.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8729.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MENG LI/
Primary Examiner, Art Unit 2437