DETAILED ACTION
	This Office Action is in response to an RCE, filed 25 January 2022, wherein Claims 1-20 are pending and ready for examination.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 25 January 2022 has been entered.

REASONS FOR ALLOWANCE
The following is an examiner’s statement of reasons for allowance:
Claim 1 recites:
“A computer-implemented method for protecting credentials in a cloud environment, comprising: 
establishing a header policy that is to be applied at a metadata proxy, the header policy indicating that specified header information is to be included in each metadata service request sent to a metadata service; 
accessing the established header policy at the metadata proxy, the metadata proxy being configured to intercept metadata service requests and check the intercepted requests for the specified header information; 
generating a sub-policy that is to be applied in addition to the established header policy, wherein generating the sub-policy includes determining a physical location or a logical location from which metadata service credentials granted upon compliance with the established header policy are valid, and wherein the manner in which the specified physical or logical location is determined is variable based on where the metadata service request originated; 
injecting, by the metadata proxy, the generated sub-policy that is to be applied in addition to the established header policy; 
determining, at the metadata proxy, that the metadata service request does not include the specified header information; and 
in response to the determination, preventing the metadata service request from being passed to the metadata service.”

Independent Claims 13 and 20 recite similar subject matter to Independent Claim 1.

Grant (US 20190334869) discloses a gateway device that contains configured rules to utilize when receiving requests for client requests to access resources. The rules including header checks, ip address checks, and various other rules.
Parekh et al. (US 7219142) discloses a policy enforcement engine that compiles various non-scoping policy rules, scoping policy rules, and all the sub-rules within their scope to compile and generate a rules database for enforcing the policies.
Phillips (US 20180026944) provides a system wherein various firewall policies are applied that include restricting traffic based on devices, vms, networks, subnets, and other factors.
Cole (US 20180115551) discloses authentication of cloud service credentials in a cloud environment to access one or more cloud accounts.
Knjazihhin et al. (US 20170317999) discloses a cloud management proxy device that obtains its bootstrap credentials (upon bootup) to initialize itself with its role and instructions for operations.

What is not disclosed by the closest prior art is the generation of the sub-policy – the generating including determining a physical or logical location […] wherein the manner in which the specified physical or logical location is determined is variable based on where the metadata service request originated. The majority of the prior art discloses the use of policies and/or sub-policies for filtering/validating traffic. None of the closest prior art discloses the above-emphasized limitations (in conjunction with the claim as a whole), nor would it have been obvious to one of ordinary skill in the art to bridge any potential combination(s) with the closest prior arts, with any reasonable motivation(s), to arrive at the claimed invention without using .

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

 Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JONATHAN A SPARKS whose telephone number is (571)431-0735. The examiner can normally be reached IFP (Flex) Monday-Friday.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Tonia Dollinger can be reached on 571-272-4170. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: 

/JONATHAN A. SPARKS/
Examiner
Art Unit 2459

/TONIA L DOLLINGER/Supervisory Patent Examiner, Art Unit 2459