DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-23 are presented for examination.
Responsive to communication filed on 10/22/2019.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claim(s) 1-3, 6-8, 10-11, 14-15, 17-18, and 21-22 is/are rejected under 35 U.S.C. 103 as being unpatentable over Estes et al. (US 2018/0324203).

Regarding claim 1, Estes et al. teaches: A computer system comprising: a memory; a network interface; and at least one processor coupled to the memory and the network interface and configured to 
receive, via the network interface, a request for a computing session (¶ 56, “A placement engine 102 receives a request from a user to place a new container on a node within a managed cloud platform (step 202)”); 
determine a security score for the computing session (¶ 58, “The placement engine 102 evaluates the new container for placement to determine ; 
identify a virtual resource designated to support computing sessions having the security score (¶ 60, “The placement engine 102 then searches for nodes of the cloud managed platform with resources available to accommodate the new container and for previously placed containers with a same vulnerability level or assessment as the new containers (step 206)”); and 
establish the computing session with the virtual resource (¶ 63, “If a node is available in the cloud managed platform which has containers which match the new containers to be deployed (step 208), the new containers are launched on nodes with the matching containers (step 212)”).
Estes et al. does not expressly disclose determining a security score; however, a person having ordinary skill would have found this obvious in view of Estes et al. determination of a vulnerability, because Estes et al. discloses the vulnerability as indicating a security concern (¶ 12). 

Regarding claim 2, Estes et al. teaches: The computer system of claim 1, wherein the request for the computing session comprises a request for either a virtual desktop or a virtual application (¶ 65, “While the method was above described in relation to docker containers and a cloud managed platform, using vulnerability assessment in regards to other image units, such as virtual images, to group like image units together can also be applied to decrease security risks of those image units”).

The computer system of claim 2, further comprising a computing device hosting a client application configured to provide access to one or more of the virtual desktop or the virtual application (¶ 26, “The applications are accessible from various client devices through a thin client interface such as a web browser (e.g., web-based e-mail)”).

Regarding claim 6, Estes et al. teaches: The computer system of claim 1, wherein to identify the virtual resource comprises to access a data structure that associates virtual resources with one or more reference values that indicate security scores of computing sessions that the virtual resources are designated to support (¶ 51, “The vulnerability advisor 113 analyzes static 114 and runtime 119 images of docker containers as present in the repository 109 to determine a vulnerability assessment of containers 123 present in nodes 126 of the cloud managed platform 118”, the vulnerability assessment corresponds to the data structure).

Regarding claim 7, Estes et al. teaches: The computer system of claim 6, wherein the one or more reference values comprise a plurality of security scores including the security score (¶ 12, “the term “vulnerable container” means a docker container containing content about which a vulnerability advisor or other process has issued a vulnerability warning indicating that the content has a security concern. The security concerns can be expressed in terms of security vulnerability violation levels.”).

The computer system of claim 7, wherein the request is a first request, the computing session is a first computing session, the security score is a first security score, and the at least one processor is further configured to: receive, via the network interface, a second request for a second computing session; determine a second security score for the second computing session; determine that the plurality of security scores includes the second security score; identify the virtual resource as being designated to support computing sessions having the second security score in response to determining that the plurality of security scores includes the second security score; and establish the second computing session with the virtual resource (¶¶ 56, 58, 60, and 63, it would have been obvious to repeat the method for a second request).

Claim(s) 10-11, 14-15, 17-18, and 21-22 correspond(s) to claim(s) 1-2, 6, and 8, and differ(s) only in statutory category. Therefore, it/they is/are rejected for the same reasons. 

Claim(s) 4, 12, and 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Estes et al., as applied above, and further in view of Thomas et al. (US 2017/0083354).

Regarding claim 4, Estes et al. does not teach, however, Thomas et al. teaches: establish a computing session involving the computing device, the client application, and the virtual resource (¶ 32, “The client computing device may then establish a remote computing session with the virtual machine, and the user interface of the operating system (e.g., the output of the operating system, such as a graphical user interface, sound, etc.) may be sent to the client computing device via a particular network interface of the virtual machine instance or virtual desktop instance and presented to the user (e.g., the graphical user interface may be rendered on a display of the client computing device)”).
It would have been obvious to a person having ordinary skill in the art, at the effective filing date of the invention, to have applied the known technique of establish the computing session comprises to establish a computing session involving the computing device, the client application, and the virtual resource, as taught by Thomas et al., in the same way to the establishing a computing session, as taught by Estes et al.. Both inventions are in the field of establishing computing sessions, and combining them would have predictably resulted in “managing large-scale computing resources for many clients with diverse needs, allowing various computing resources to be efficiently and securely shared by multiple clients”, as indicated by Thomas et al. (¶ 2).

Claim(s) 12 and 19 correspond(s) to claim(s) 4, and differ(s) only in statutory category. Therefore, it/they is/are rejected for the same reasons. 

Claim(s) 5, 13, and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Estes et al., as applied above, and further in view of Zhao (US 2017/0250870).

determine a security score for a user of the computing session (¶ 9, “the access role configured for the security isolation zones can be one of or a combination of the following virtual network elements: … the access user level includes one of or a combination of the following: a very important person (VIP) level, a common user level, or an operator level.”).
It would have been obvious to a person having ordinary skill in the art, at the effective filing date of the invention, to have applied the known technique of determine a security score for a user of the computing session, as taught by Zhao, in the same way to the determining a security score, as taught by Estes et al.. Both inventions are in the field of determining security scores, and combining them would have predictably resulted in a system configured to “quickly and effectively configure a policy to deploy a virtual network element”, as indicated by Zhao (¶ 5).

Claim(s) 13 and 20 correspond(s) to claim(s) 5, and differ(s) only in statutory category. Therefore, it/they is/are rejected for the same reasons. 

Allowable Subject Matter
Claims 9 objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Conclusion

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lewis Bullock can be reached on 5712723759. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/JACOB D DASCOMB/Primary Examiner, Art Unit 2199