DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 

Allowable Subject Matter
Claims 1-4, 7-12 and 14-20 are allowed. 
The following is an examiner’s statement of reasons for allowance: With respect to claims 1, 9 and 15, the prior art on record does not teach or fairly suggests the combination of the limitations: “dispensing a virtual machine instance within a hypervisor from a remote server acting as a management appliance such that the virtual machine instance is implemented by at least one of a plurality of interconnected physical computing devices in a distributed computing system; filtering a request for access to the virtual machine instance based on access privileges of a user among a plurality of users accessing the remote server comprising restricting the user’s access to the virtual machine instance based on credentials provided by the user upon accessing the remote server in response to a determination that the user has access to the remote server and not the virtual machine instance; and establishing a trusted relationship between the remote server and the virtual machine instance; wherein the trusted relationship is established through public-key cryptography, the method further comprising: associating a public key with the virtual machine instance; associating a private key with the remote server; and maintaining the private key in a secured storage location accessible to a processor of the remote server.” Claims 2-4, 7-8, 10-12, 14 and 16-20 depend on claims 1, 9 and 15 respectively and are allowed with the same rationale thereto. 
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

EXAMINER’S AMENDMENT
Authorization for this examiner’s amendment was given in an interview with Steven L. Nichols, Reg. No. 40,326 on February 08, 2022.
	The application has been amended as follows:
	In the claims:

1.	(currently amended)	A method for providing secure access to a virtual machine instance comprising:
dispensing a virtual machine instance within a hypervisor from a remote server acting as a management appliance such that the virtual machine instance is implemented by at least one of a plurality of interconnected physical computing devices in a distributed computing system; [[and]]
filtering a request for access to the virtual machine instance based on access privileges of a user among a plurality of users accessing the remote server comprising restricting the user’s access to the virtual machine instance based on credentials provided by the user upon accessing the remote server in response to a determination that the user has access to the remote server and not the virtual machine instance; and
establishing a trusted relationship between the remote server and the virtual machine instance;
	wherein the trusted relationship is established through public-key cryptography, the method further comprising:
associating a public key with the virtual machine instance; 
associating a private key with the remote server; and
maintaining the private key in a secured storage location accessible to a processor of the remote server.


2.	(currently amended)	The method of claim 1, further comprising[[:]]

permitting user access to the virtual machine instance from the remote server based on the trusted relationship without further authentication credentials from the user.

3.	(original)	The method of claim 1, wherein the trusted relationship is established based on criteria selected from the group consisting of establishing the trusted relationship upon the dispensing virtual machine instance from the remote server to the distributed computing system or establishing the trusted relationship in response to the user attempting to access the virtual machine instance.

4.	(original)	The method of claim 1, further comprising setting the trusted relationship to expire after a predetermined amount of time.

5-6.	(cancelled) 

7.	(original)	The method of claim 1, further comprising assigning a different level of access to each of the plurality of users.

8.	(original)	The method of claim 1, wherein the filtering comprises catching the request before the requests are processed through a transfer protocol.


at least one processor; and
a memory communicatively coupled to the at least one processor, wherein the memory comprises executable code stored thereon such that the at least one processor, upon executing the executable code:
dispenses virtual machine instance via a hypervisor to a distributed computing system comprising a plurality of interconnected computing devices, such that at least one of the computing devices implements the virtual machine instance;
filters a request for access to the virtual machine instance based on access privileges of a user among a plurality of users accessing the remote server before the request is processed through a transfer protocol,
wherein the filtering comprises, in response to a determination that the user has access to the remote server and not the virtual machine instance, restricting the user’s access to the virtual machine instance based on credentials provided by the user upon accessing the remote server; and
establishes a trusted relationship with the virtual machine instance implemented on the at least one of the computing devices;
	wherein the at least one processor establishes the trusted relationship through public-key cryptography comprising:
associating a public key with the virtual machine instance,
associating a private key with the remote server; and
maintains the private key in a secured storage location.



provides a user with access to the virtual machine instance based on the trusted relationship without further authentication credentials from the user.

11.	(original)	The remote server of claim 9, wherein said computer readable program code, when executed by a processor, assigns a different level of access to each of a plurality of users.

12.	(original)	The remote server of claim 9, wherein the at least one processor establishes the trusted relationship upon dispensing the image corresponding to the virtual machine instance.

13.	(canceled)

14.	(original)	The remote server of claim 13, wherein the secure storage location is accessible by the remote server and the virtual machine instance.

15.	(currently amended)	A computer program product for providing secure access to a virtual machine instance on a distributed computing system, the computer program product comprising:
a computer readable storage medium having computer readable code embodied therewith, the computer readable program code to, when executed by a processor:
dispense a virtual machine instance within a hypervisor from a remote server to a computing device;

provide a user with access to the virtual machine instance from remote server based on the trusted relationship without further authentication credentials from the user, wherein the trusted relationship is established with public-key cryptography, the computer readable program code further to, when executed by the processor:
associate a public key with the virtual machine instance;
associate a private key with the remote server; and
maintain the private key in a secured storage location; and
filter a request for access to the virtual machine instance based on access privileges of a user among a plurality of users accessing the remote server comprising restricting the user’s access to the virtual machine instance based on credentials provided by the user upon accessing the remote server in response to a determination that the user has access to the remote server and not the virtual machine instance.

16.	(original)	The computer program product of claim 15, wherein the computer readable program code, when executed by the processor, further:
filters a request for access to the virtual machine instance based on the access privileges of the current user among a plurality of users accessing the remote server, wherein the filtering comprises, in response to a determination that the user among a plurality of users accessing the remote server has access to the remote server and not the virtual machine instance, restricting the user’s access to the virtual machine instance based on credentials provided by the user upon accessing the remote server.



18.	(original)	The computer program product of claim 16, wherein the filtering comprises catching the request before the requests are processed through a transfer protocol.

19.	(original)	The computer program product of claim 15, wherein the computer readable program code, when executed by the processor, establishes the trusted relationship through public-key cryptography comprising:
associating a public key with the virtual machine instance,
associating a private key with the remote server; and
maintains the private key in a secured storage location.

20.	(original)	The computer program product of claim 19, wherein the computer readable program code, when executed by the processor, maintains the private key in a secured storage location.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BEEMNET W DADA whose telephone number is (571)272-3847. The examiner can normally be reached Monday-Friday, 9am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

BEEMNET W. DADA
Primary Examiner
Art Unit 2435



/BEEMNET W DADA/Primary Examiner, Art Unit 2435