Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-20 are presented for examination.


Claim Objections
Claims 8 and 18 are objected to because of the following informalities:  the claims recite “the security check” without proper prior reference to a security check.  Security check is first recited in claim 7  but claim 8  depends on claim 1.  Security check is first recited in claim 17 but claim 18 depends on claim 11.  For purposes of examination claims 8 and 18 are interpreted as “a security check”
Appropriate correction is required.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claim 1 is rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  The claim(s) does/do not fall within at least one of the four categories of patent eligible subject matter because the invention is directed to software per-se.  The claim recites “A first network device comprising: a processor”  In section [0037] of the specification a definition of a processor is given, which does not preclude a software only processor.  The claim can be remedied by including “a hardware processor”.



Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1, 4, 9-10, 11, 14 and 19-20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Thakkar (2016/0105321).

Regarding claim 1, Thakkar teaches
a first network device comprising:
a processor configured to: (Thakkar, [0012] Virtualized computing system 102 includes one or more host computer systems 104. [0015] In one embodiment, virtualization manager 130 includes a hybrid cloud management module (depicted as hybrid cloud manager 132) configured to manage and integrate virtual computing resources provided by cloud computing system 150 with virtual computing resources of computing system 102)
receive a notification over a network; 
in response to the notification, cause a virtualized operating system (OS) and a hypervisor to obtain state units from one or more of first hardware components and virtual components; (Thakkar, [0026] During operation, hybrid cloud manager 132 (e.g., in response to user input) may migrate one or more VMs 120 to virtual data center 220. In some embodiments, hybrid cloud 
create a context state transfer package (CSTP) based on the state units; (Thakkar, [0034] At step 308, hybrid cloud manager 132 generates a package associated with the migrated virtual machine. The package may include a metadata file indicating the configurations and corresponding match preferences. In one implementation, the package may be of a format configured for the packaging and distribution of virtual machines, such as the Open Virtualization Format (OVF)) [0035] It is understood that the migration package associated with the migrating VM may include as part of the package, or be accompanied by as a separate package, state data of the migrating VM representing the execution state of the migrating VM. [0020] A packaged virtual machine application is a logical container of pre-configured virtual machines having software components and parameters that define operational details of the packaged application.)
forward the CSTP to a second network device over the network, wherein the second network device is configured to:  (Thakkar, [0035] At step 310, hybrid cloud manager 132 transmits to public cloud computing system 250 the migration package associated with the migrating VM) 
receive the CSTP from the first network device over the network; (Thakkar, [0036] At step 312, hybridity director 174 receives at public cloud computing system 250 the migration package associated with a first virtual machine.)
unpack the CSTP to obtain the state units; and (Thakkar, [0037] If so, at step 318, hybridity director 174 instantiates a (second) VM 172 within virtual data center 220 based on the migration package)
put second hardware components and virtual components of the second network device in a same state as the first hardware components and virtual components when the state units were obtained at the first network device. (Thakkar, [0037] That is, hybridity director 174 sets up a configuration within public cloud computing system 250 similar to that found within private data center 202, thereby providing a seamless transition between private data center 202 and public cloud computing system 250)

Regarding claim 4, Thakkar teaches
the first network device of claim 1, wherein when the processor causes the virtualized OS and a hypervisor to obtain the state units, the virtualized OS and the hypervisor are configured to obtain one or more of:
Random Access Memory (RAM) state information, Central Processing Unit (CPU) state information, or file storage state information (Thakkar, [0035]  the migrating VM may include as part of the package, or be accompanied by as a separate package, state data of the migrating VM representing the execution state of the migrating VM.)

Regarding claim 9, Thakkar teaches
the first network device of claim 1, wherein the CSTP includes metadata (Thakkar, [0034] At step 308, hybrid cloud manager 132 generates a package associated with the migrated virtual machine. The package may include a metadata file indicating the configurations and corresponding match preferences.)

Regarding claim 10, Thakkar teaches
the first network device of claim 1, wherein the notification indicates that a server on the first network device has detected an event in which a client hosted by a User Equipment device serviced by the server has requested to the server to transfer state information, associated with the client, from the first network device to the second network device (Thakkar, [0026] During operation, hybrid cloud manager 132 (e.g., in response to user input) may migrate one or more VMs 120 to virtual data center 220. In some embodiments, hybrid cloud manager 132 may transfer one or more existing virtual computing resources (e.g., VM 208) from private data center 202 to virtual data center 220 (the operation being depicted by arrow 230 in FIG. 2) [0041] The various embodiments described herein may be practiced with other computer system configurations including hand-held devices,)

Claims 11, 14 and 19-20 are method claims for the device claims 1, 4 and 9-10 and are rejected for the same reasons as claims 1, 4 and 9-10.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim 2-3 and 12-13 are rejected under 35 U.S.C. 103 as being unpatentable over Thakkar (2016/0105321) in view of Parulkar (2021/0168203).

Regarding claim 2, Thakkar teaches 
the first network device of claim 1, wherein the first network device and the second network device (Thakkar [0041] The various embodiments described herein may be practiced with other computer system configurations including hand-held devices,)
Thakkar does not teach Multi-access Edge Computing.
However Parulkar teaches Multi-access Edge Computing (Parulkar [0041] Some outposts may be integrated into communications networks, for example as a multi-access edge computing (MEC) site having physical infrastructure spread across telecommunication data centers, telecommunication aggregation sites, and/or telecommunication base stations within the telecommunication network.  [0070] . In this exemplary system, a dynamic resource movement service 510of a cloud provider network 100 can dynamically control the ongoing placement and movement of computing resources across a variety of different remote (from the perspective of the cloud provider network 100) PSE locations and/or within the cloud provider network 100 itself via a monitoring system 515 using its own cloud provider resource movement policies 525, CSP resource movement policies 527, and/or customer-specified resource movement policies 530 to identify when one or more resources are to be moved, and a migration system 520 to perform the move.
[0071] In FIG. 5, a user 138 (or customer) of the cloud provider network 100 via an electronic device 134 may provide or otherwise configure, at circle (1), a set of customer resource movement policies 530 specifying requirements or preferences for their application resources)
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have combined Parulkar’s device movement in Multi-access Edge computing with Thakkar’s migration because doing so increases the operating environment by providing mobility for devices (Parulkar [0131] Various embodiments discussed or suggested herein can be implemented in a wide variety of operating environments, which in some cases can include one or more 


Regarding claim 3, Thakkar and Parulkar teach
the first network device of claim 2, wherein the notification indicates that a User Equipment device (Parulkar [0044] From left to right in FIG. 2, end user electronic devices 212 wirelessly connect to base stations (or radio base stations) 214 of a radio access network 202. Such electronic devices 212 are sometimes referred to as user equipment (UE) or customer premises equipment (CPE).) serviced by a server on the first network device is moving from a first coverage area associated with a first wireless station coupled to the first MEC cluster and into a second coverage area associated with a second wireless station coupled to the second MEC cluster (Parulkar, 0075] The described movement of the resources between hosts in different locations may take one of several forms of migration.  Migration refers to moving virtual machine instances (and/or other resources) between hosts in a cloud computing network and/or provider substrate extension, or between hosts outside of the cloud computing network and hosts within the cloud. [0071] In FIG. 5, a user 138 (or customer) of the cloud provider network 100 via an electronic device 134 may provide or otherwise configure, at circle (1), a set of customer resource movement policies 530 specifying requirements or preferences for their application resources via one or more electronic messages generated, for example, by a client application (e.g., a web browser, operating system component, console application, etc.) of the electronic device 134. The resource movement policies 530 may provide logical conditions indicating 
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have combined Parulkar’s device movement in Multi-access Edge computing with Thakkar’s migration because doing so increases the operating environment by providing mobility for devices (Parulkar [0131] Various embodiments discussed or suggested herein can be implemented in a wide variety of operating environments, which in some cases can include one or more user computers, computing devices, or processing devices which can be used to operate any of a number of applications. User or client devices can include any of a number of general-purpose personal computers, such as desktop or laptop computers running a standard operating system, as well as cellular, wireless, and handheld devices running mobile software.).

Claims 12 and 13 are method claims for the device claims 2 and 3 and are rejected for the same reasons as claims 2 and 3.


Claims 5 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Thakkar (2016/0105321) in view of Open Virtualization Format (DMTF, Open Virtualization Format White Paper, DSP2017), hereinafter referred to as OVF.

Regarding claim 5, Thakkar teaches
the first network device of claim 1, wherein when the processor creates the CSTP, the processor is configured to:
generate a … file that includes the state units (Thakkar [0035] It is understood that the migration package associated with the migrating VM may include as part of the package, or be accompanied by as a separate package, state data of the migrating VM representing the execution state of the migrating VM.)
Thakkar does not teach generate a compressed file.
However OVF teaches generate a compressed file (OVF, lines 1623-1625 (Page 44) This transforms the virtual machine from its current run-time state on a particular hypervisor into an OVF package.  During the process, the virtual machine’s disks can be compressed)
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have combined OVF with Thakkar’s migration package because Thakkar has disclosed the use of OVF (Thakkar [0034] At step 308, hybrid cloud manager 132 generates a package associated with the migrated virtual machine. The package may include a metadata file indicating the configurations and corresponding match preferences. In one implementation, the package may be of a format configured for the packaging and distribution of virtual machines, such as the Open Virtualization Format (OVF)))

Claim 15 is method claim for the device claim 5 and is rejected for the same reasons as claim 5.


Claims 6 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Thakkar (2016/0105321) in view of Open Virtualization Format (DMTF, Open Virtualization Format White Paper, DSP2017), hereinafter referred to as OVF, in view of Sethuraman (2019/0281132).


the first network device of claim 5, wherein when the processor creates the CSTP, the processor is further configured to add a digital signature (OVF, lines 264-265, Uses commercially accepted procedures for integrity checking of the OVF contents, through the use of signatures.  line 1618, iv) possibly including the attachment of a digital signature for the package) to the compressed file (OVF, lines 1623-1625 (Page 44), This transforms the virtual machine from its current run-time state on a particular hypervisor into an OVF package.  During the process, the virtual machine’s disks can be compressed).
OVF is combined with Thakkar for the same reasons as claim 5 (Thakkar’s teaching references OVF).
While it is well known that digital signatures use asymmetric cryptography and therefore private keys, in the interest of compact prosecution Sethuraman is cited.  Thakkar-OVF does not teach the processor uses a private key associated with the first network device.
However Sethuraman teaches 
wherein when the processor adds the digital signature, the processor uses a private key associated with the first network device (Sethuraman, [0062] In block 814, the edge gateway device 114 signs, using the private key associated with the resources, the telemetry data and a corresponding timestamp (e.g., indicative of when the telemetry data was obtained, when the telemetry data was signed, etc.). The edge gateway device 114 may do so using a variety of signing methods. For example, the edge gateway device 114 may generate a digital signature using the private key.)
Digital signatures can be used for verifying the authenticity of digital messages or documents.  A valid digital signature gives a recipient very strong reason to believe that the message was created by a known sender (authenticity), and that the message was not altered in transit (integrity).   It would have  to have combined Sethuraman’s private key signature with Thakkar’s migration because doing so improves the security and privacy of the user’s data by improving the authenticity and integrity of the data.  The protection is even more important when considering the VM maybe used by multiple users (multiple tenants) (Sethuraman [0030] Yet another concern related to collecting telemetry data relates to security and privacy associated with the telemetry data. As stated, edge resources 150, 152, 154 may be managed or otherwise owned by multiple tenants. It is desirable that telemetry data of edge resources registered to a particular tenant is accessible to only authorized entities, e.g., the owner of the edge resources, the tenant, etc.)

Claim 16 is method claim for the device claim 6 and is rejected for the same reasons as claim 6.

Claims 7 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Thakkar (2016/0105321) in view of Suryanarayana (2019/0026467).

Regarding claim 7, Thakkar teaches 
the first network device of claim 1, wherein the processor is further configured to:
perform a … check to determine if the first network is permitted (Thakkar, [0033] The match preference may be a “must match” indication that signifies a second configuration at the public cloud computing system must match the first configuration, or a “best match” indication that signifies a best match between the first configuration and a second configuration at the public cloud computing system is permitted.) (Examiner Note: permitting a transfer under match preferences)
Thakkar does not teach 
perform a security check to determine if the first network is permitted to transmit the CSTP to the second network device over the network.
However Suryanarayana teaches perform a security check to determine if the first network is permitted to transmit the CSTP to the second network device over the network (Suryanarayana, [0028] In an exemplary embodiment of VM migration in the context of FIG. 3, source VM(1) of server 301a identifies target VM(1) of server 301b and initiates live migration to target VM(1) at server 301b over connection 315  …  BIOS 331b stores the received SBKs so that the received SBKs can be used to securely boot or authorize target VM(1) of server 301b such that there is a secure migration of source to target VM(1).)
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have combined Suryanarayana’s security check with Thakkar’s migration because doing so improves security at the target destination (Suryanarayana, [0023] The corresponding BMC then provides SBK 212 to securely boot the migrated VM or otherwise secure or provide security to the migrated VM at the different physical server.)

Claim 17 is method claim for the device claim 7 and is rejected for the same reasons as claim 7.


Claims 8 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Thakkar (2016/0105321) in view of Suryanarayana (2019/0026467) in view of Day (2017/0295180).

Regarding claim 8, Thakkar and Suryanarayana teach
the first network device of claim 1, wherein when the processor performs the security check, the processor is further configured to: (Suryanarayana, [0028] In an exemplary embodiment of VM migration in the context of FIG. 3, source VM(1) of server 301a identifies target VM(1) of server 301b and initiates live migration to target VM(1) at server 301b over connection 315  …  BIOS 331b stores the received SBKs so that the received SBKs can be used to securely boot or authorize target VM(1) of server 301b such that there is a secure migration of source to target VM(1).)
Suryanarayana is combined with Thakkar for the same reasons as claim 7.
Thakkar does not teach insert a hash of the state units to a permissions ledger of a blockchain.
However Day teaches
insert a hash of the state units to a permissions ledger of a blockchain (Day [0019] The approved state S0 may be defined in any desired manner to include such input values/parameters as, for example, a digital representation (such as a hash) of what software is loaded and/or running in the device, along with any chosen metadata (such as version number), the state and contents of memory and/or storage devices, the type and status of I/O devices, identifiers of the hardware, indications of policy settings, and any other chosen information that is to be assumed as remaining invariant, at least for some authorization time. [0020] For example, rather than individually signing {input_data_set_1}, {input_data_set_2}, . . . , {input_data_set_n}, {parameter_1}, {parameter_2}, . . . , {parameter_m}, the system may instead, for example, concatenate these and compute a single hash value representing them all.  [0074] The chain can then be used to create a public ledger, which is typically an append-only database achieved by distributed consensus of multiple participants. Once data is entered into a block of the chain, the entry is essentially irrefutable, since any tampering with the data would be reflected in the chained hash calculations and is thus easily detected. Entering the various state values S0, Si, 
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have combined Day’s blockchain with Thakkar’s migration because doing so improves security by making the data irrefutable (Day [0074] Once data is entered into a block of the chain, the entry is essentially irrefutable, since any tampering with the data would be reflected in the chained hash calculations)

Claim 18 is method claim for the device claim 8 and is rejected for the same reasons as claim 8.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRUCE S ASHLEY whose telephone number is (571)270-0315. The examiner can normally be reached 9-5 PDT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jay Kim can be reached on 571-272-3804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit 





/BRUCE S ASHLEY/Examiner, Art Unit 2494