Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
	This communication is in response to the RCE filed on 04/21/2022.
Claims 1-20 are pending.
Claims 1, 8 and 15 are amended.	
A request for continued examination under 37 C.F.R. § 1.114, including the fee set forth in 37 C.F.R. § 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 C.F.R. 1.114, and the fee set forth in 37 C.F.R. § 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 C.F.R. § 1.114.  Applicant's submission filed on 04/07/2022 has been entered.
Response to Arguments
	Applicant’s arguments (“Remarks”) filed on 04/21/2022 have been considered.
Regarding the prior art
	Applicant argues that the prior art does not teach or suggest the analyzer virtual machine. Specifically, applicant argues that “the Office Action asserts that the claimed analyzer VM is collectively taught by the combination of Iwata's virtual switch and virtual servers (all of which are hosted on a physical server).” However, the previous Office action (“Oa”) mapped only the virtual switch to the analyzer virtual machine and therefore this argument is a mischaracterization of examiner’s Oa. “Iwata Fig. 1, virtual switch 22 is the analyzer virtual machine & ¶ [0045]”, reproduced from the previous Oa.
	With regarding to the Rong reference, Examiner merely brought this reference in to show that multiple virtual machines can be hosted on the same virtualization platform [singular virtual machine]. Applicant argues that Rong does not disclose that the virtualization platform is a virtual machine. However, the broadest reasonable interpretation of a virtual machine, in light of Applicant’s specification, includes a virtualized component that performs the functions of a hardware component and therefore the virtualization platform can be interpreted as a virtual machine. See Rong Fig. 4, virtualization platform is hosted on physical servers and further hosts VMs – see also ¶ [0059], virtualization platform has an IP address and therefore functions like a virtual machine that would communicate via that IP address. 
	With regard to the amended claim language, Iwata teaches wherein the analyzer virtual machine is one of a plurality of virtual machines hosted on the computing device (Iwata Fig. 1 & ¶ [0045] teach a plurality of virtual machines (including the virtual switch) hosted on the same computing device/physical server).
	Examiner finally notes that even absent the cited prior art, and especially in light of it, it would have been obvious to one of ordinary skill in the art that the functions of a plurality of VMs and even the VMs themselves can be combined into one VM, and further that a computing device can host a plurality of VMs. 
Positive Statement
	Claims 15-20 are not directed towards transitory signals because, as recited in Applicant’s Specification (“Spec.”) ¶ [0036], “[a] computer readable storage medium, as used herein, is not to be construed as being transitory signals per se, such as radio waves or other freely propagating electromagnetic waves, electromagnetic waves propagating through a waveguide or other transmission media (e.g., light pulses passing through a fiber-optic cable), or electrical signals transmitted through a wire.”
Claim Rejections - 35 U.S.C. § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. §§ 102 and 103 (or as subject to pre-AIA  35 U.S.C. §§ 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. § 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. § 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1, 3-8, 10-14 and 17-20 are rejected under 35 U.S.C. § 103 as being unpatentable over Iwata (Pub. No. US 2012/0275328 A1) in view of Rong (Pub. No. 2016/0314012 A1).

Regarding claim 1, Iwata teaches an apparatus comprising a computing device, a computer processor, and a computer memory operatively coupled to the computer processor, the computer memory having disposed within it computer program instructions that, when executed by the computer processor, cause the apparatus to carry out the steps of: receiving, at an analyzer virtual machine (Iwata Fig. 1, virtual switch 22 is the analyzer virtual machine & ¶ [0045]; see also ¶ [0061], the communications and flow monitoring section 24 is contained in the virtual switch), an encapsulated packet for analysis (Iwata ¶ [0057], communication flow monitoring section receives a packet; see also ¶ [0021] about transmitting and receiving packets for analysis of network condition; see also ¶ [0061], the communications and flow monitoring section 24 is contained in the virtual switch), wherein the encapsulated packet comprises a monitoring metadata header (Iwata Fig. 8, VLAN Tab is the monitoring metadata header; see also ¶ [0138], the VLAN tag field is assigned a virtual machine ID and therefore this field is monitored) and a data packet with a data packet header (Iwata Fig. 8 & ¶ [0138], the IP packet headers are the data packet header, which combined the user data form the data packet) and wherein the analyzer virtual machine is one of a plurality of virtual machines hosted on the computing device (Iwata Fig. 1 & ¶ [0045] teach a plurality of virtual machines (including the virtual switch) hosted on the same computing device/physical server); stripping, by the analyzer virtual machine, the monitoring metadata header from the encapsulated packet to obtain a de-encapsulated packet comprising the data packet with the data packet header (Iwata ¶¶ [0057]-[0059], VLAN tag is removed upon reception of a packet; see also ¶ [0221], VLAN tag field is removed and the packet is transmitted to the virtual server) and directing, by the analyzer virtual machine and based on the data packet header, the de-encapsulated packet to a virtual network interface associated with a packet capture application within the analyzer virtual machine (Iwata Fig. 8 & ¶ [0087] and claims 9-10, the virtual machine ID and the IP destination field that is incorporated into the IP header in Fig. 8 are used to route the packet to a virtual network interface of virtual server D in Fig. 1, this interface is identified via a MAC and IP address; see also ¶ [0221]; see also Abstract, the VLAN tag which identifies the virtual machines allows for communications to be carried out even when IP addresses overlap; see also ¶ [0108], an IP header is converted to the virtual machine ID).
Although, Iwata teaches virtual machines in the form of virtual servers and a virtual switch, Iwata does not explicitly teach these virtual machines hosted together on a single virtual machine (the claimed analyzer virtual machine). However, Rong teaches hosting virtual machines and a switch on a single virtualization platform (Rong Fig. 4 & ¶ [0045], VMs 408 & 410 is hosted on the virtualization platform along with the virtual switch; see also ¶ [0059], which discloses “virtualization platform IP address and VM name”, which indicates that this platform is a VM).
It would have been obvious to a person of ordinary skill in the art to combine the teachings of Iwata and Rong to teach hosting virtual components on a virtual platform because this virtualization further enhances computing flexibility. Furthermore, this is merely combining prior art elements (VMs and virtual switches) according to known methods (hosting virtual components on a Virtual Machine) to yield predictable results (enhance flexibility). MPEP 2143(I). See also Rong ¶ [0002], “Network virtualization is implemented by many vendors using overlay technologies… These technologies enable multiple virtual networks to be utilized over the same physical network. Usually, a virtual switch component in a host or a virtualization layer (e.g., a hypervisor) provides the virtual ports which may be used to associate VMs to the various virtual networks.”

Regarding claim 3, Iwata and Rong teach the method of claim 1. Iwata furthermore teaches wherein the virtual network interface is one of a plurality of virtual network interfaces on the virtual servers (Iwata Fig. 1, virtual servers 21 includes a plurality of network interfaces with different MAC and IP addresses; see also ¶ [0051], “Each of the IP address assigning section 123 and the IP address assigning section 223 assigns an IP address to a corresponding one of the virtual servers”). 
Although, Iwata teaches virtual machines in the form of virtual servers, Iwata does not explicitly teach these virtual machines hosted together on a single virtual machine (the claimed analyzer virtual machine). However, Rong teaches hosting virtual machines and a switch on a single virtualization platform (Rong Fig. 4 & ¶ [0045], VMs 408 & 410 is hosted on the virtualization platform along with the virtual switch; see also ¶ [0059], which discloses “virtualization platform IP address and VM name”, which indicates that this platform is a VM).
It would have been obvious to a person of ordinary skill in the art to combine the teachings of Iwata and Rong to teach hosting virtual components on a virtual platform because this virtualization further enhances computing flexibility. Furthermore, this is merely combining prior art elements (VMs and virtual switches) according to known methods (hosting virtual components on a Virtual Machine) to yield predictable results (enhance flexibility). MPEP 2143(I). See also Rong ¶ [0002], “Network virtualization is implemented by many vendors using overlay technologies… These technologies enable multiple virtual networks to be utilized over the same physical network. Usually, a virtual switch component in a host or a virtualization layer (e.g., a hypervisor) provides the virtual ports which may be used to associate VMs to the various virtual networks.”

Regarding claim 4, Iwata and Rong teach the method of claim 3. Iwata furthermore teaches wherein each of the plurality of virtual network interfaces is associated with a different packet capture application within the analyzer virtual machine (Iwata Fig. 1, virtual servers 21 [packet capture application] includes a plurality of network interfaces with different MAC and IP addresses; see also ¶ [0051], “Each of the IP address assigning section 123 and the IP address assigning section 223 assigns an IP address to a corresponding one of the virtual servers”). 
Although, Iwata teaches virtual machines in the form of virtual servers, Iwata does not explicitly teach these virtual machines hosted together on a single virtual machine (the claimed analyzer virtual machine). However, Rong teaches hosting virtual machines and a switch on a single virtualization platform (Rong Fig. 4 & ¶ [0045], VMs 408 & 410 is hosted on the virtualization platform along with the virtual switch; see also ¶ [0059], which discloses “virtualization platform IP address and VM name”, which indicates that this platform is a VM).
It would have been obvious to a person of ordinary skill in the art to combine the teachings of Iwata and Rong to teach hosting virtual components on a virtual platform because this virtualization further enhances computing flexibility. Furthermore, this is merely combining prior art elements (VMs and virtual switches) according to known methods (hosting virtual components on a Virtual Machine) to yield predictable results (enhance flexibility). MPEP 2143(I). See also Rong ¶ [0002], “Network virtualization is implemented by many vendors using overlay technologies… These technologies enable multiple virtual networks to be utilized over the same physical network. Usually, a virtual switch component in a host or a virtualization layer (e.g., a hypervisor) provides the virtual ports which may be used to associate VMs to the various virtual networks.”

Regarding claim 5, Iwata and Rong teach the method of claim 1. Iwata furthermore teaches wherein the de-encapsulated packet is directed to the virtual network interface based on a port identified in the data packet header (Iwata ¶ [0193], on the reception side, the virtual switch sends the packet to the virtual server based on a port number).

Regarding claim 6, Iwata and Rong teach the method of claim 1. Iwata furthermore teaches wherein the monitoring metadata header is used by the host of the analyzer virtual machine to direct the encapsulated packet to the analyzer virtual machine (Iwata Fig. 8 & ¶¶ [0086]-[0087] and claims 9-10, the physical server routes the packet to the communication flow monitoring section).

Regarding claim 7, Iwata and Rong teach the method of claim 1. Iwata furthermore teaches wherein the analyzer virtual machine receives the encapsulated packet via a virtual network (Iwata Fig. 10, virtual network 40 & ¶ [0163]; see also ¶ [0178], packet is received via the virtual network).

Regarding claim 8, Iwata teaches an apparatus comprising a computing device, a computer processor, and a computer memory operatively coupled to the computer processor, the computer memory having disposed within it computer program instructions that, when executed by the computer processor, cause the apparatus to carry out the steps of: receiving, at an analyzer virtual machine (Iwata Fig. 1, virtual switch 22 is the analyzer virtual machine & ¶ [0045]; see also ¶ [0061], the communications and flow monitoring section 24 is contained in the virtual switch), an encapsulated packet for analysis (Iwata ¶ [0057], communication flow monitoring section receives a packet; see also ¶ [0021] about transmitting and receiving packets for analysis of network condition; see also ¶ [0061], the communications and flow monitoring section 24 is contained in the virtual switch), wherein the encapsulated packet comprises a monitoring metadata header (Iwata Fig. 8, VLAN Tab is the monitoring metadata header; see also ¶ [0138], the VLAN tag field is assigned a virtual machine ID and therefore this field is monitored) and a data packet with a data packet header (Iwata Fig. 8 & ¶ [0138], the IP packet headers are the data packet header, which combined the user data form the data packet) and wherein the analyzer virtual machine is one of a plurality of virtual machines hosted on the computing device (Iwata Fig. 1 & ¶ [0045] teach a plurality of virtual machines (including the virtual switch) hosted on the same computing device/physical server); stripping, by the analyzer virtual machine, the monitoring metadata header from the encapsulated packet to obtain a de-encapsulated packet comprising the data packet with the data packet header (Iwata ¶¶ [0057]-[0058], VLAN tag is removed upon reception of a packet; see also ¶ [0221], VLAN tag field is removed and the packet is transmitted to the virtual server); and directing, by the analyzer virtual machine, based on the data packet header, the de-encapsulated packet to a virtual network interface associated with a packet capture application within the analyzer virtual machine (Iwata Fig. 8 & ¶ [0087] and claims 9-10, the virtual machine ID and the IP destination field that is incorporated into the IP header in Fig. 8 are used to route the packet to a virtual network interface of virtual server D in Fig. 1, this interface is identified via a MAC and IP address; see also ¶ [0221]; see also Abstract, the VLAN tag which identifies the virtual machines allows for communications to be carried out even when IP addresses overlap).
Although, Iwata teaches virtual machines in the form of virtual servers and a virtual switch, Iwata does not explicitly teach these virtual machines hosted together on a single virtual machine (the claimed analyzer virtual machine). However, Rong teaches hosting virtual machines and a switch on a single virtualization platform (Rong Fig. 4 & ¶ [0045], VMs 408 & 410 is hosted on the virtualization platform along with the virtual switch; see also ¶ [0059], which discloses “virtualization platform IP address and VM name”, which indicates that this platform is a VM).
It would have been obvious to a person of ordinary skill in the art to combine the teachings of Iwata and Rong to teach hosting virtual components on a virtual platform because this virtualization further enhances computing flexibility. Furthermore, this is merely combining prior art elements (VMs and virtual switches) according to known methods (hosting virtual components on a Virtual Machine) to yield predictable results (enhance flexibility). MPEP 2143(I). See also Rong ¶ [0002], “Network virtualization is implemented by many vendors using overlay technologies… These technologies enable multiple virtual networks to be utilized over the same physical network. Usually, a virtual switch component in a host or a virtualization layer (e.g., a hypervisor) provides the virtual ports which may be used to associate VMs to the various virtual networks.”

Iwata and Rong teach all the limitations of claims 10-14 as asserted above with regard to claims 3-7, respectively.

Regarding claim 15, Iwata teaches a computer program product including a computer readable medium, the computer program product comprising computer program instructions that, when executed, cause a computer to carry out the steps of: receiving, at an analyzer virtual machine (Iwata Fig. 1, virtual switch 22 is the analyzer virtual machine & ¶ [0045]; see also ¶ [0061], the communications and flow monitoring section 24 is contained in the virtual switch), an encapsulated packet for analysis (Iwata ¶ [0057], communication flow monitoring section receives a packet; see also ¶ [0021] about transmitting and receiving packets for analysis of network condition; see also ¶ [0061], the communications and flow monitoring section 24 is contained in the virtual switch), wherein the encapsulated packet comprises a monitoring metadata header (Iwata Fig. 8, VLAN Tab is the monitoring metadata header; see also ¶ [0138], the VLAN tag field is assigned a virtual machine ID and therefore this field is monitored) and a data packet with a data packet header (Iwata Fig. 8 & ¶ [0138], the IP packet headers are the data packet header, which combined the user data form the data packet) and wherein the analyzer virtual machine is one of a plurality of virtual machines hosted on the computing device (Iwata Fig. 1 & ¶ [0045] teach a plurality of virtual machines (including the virtual switch) hosted on the same computing device/physical server); stripping, by the analyzer virtual machine, the monitoring metadata header from the encapsulated packet to obtain a de-encapsulated packet comprising the data packet with the data packet header (Iwata ¶¶ [0057]-[0058], VLAN tag is removed upon reception of a packet; see also ¶ [0221], VLAN tag field is removed and the packet is transmitted to the virtual server); and directing, by the analyzer virtual machine, based on the data packet header, the de-encapsulated packet to a virtual network interface associated with a packet capture application within the analyzer virtual machine (Iwata Fig. 8 & ¶ [0087] and claims 9-10, the virtual machine ID and the IP destination field that is incorporated into the IP header in Fig. 8 are used to route the packet to a virtual network interface of virtual server D in Fig. 1, this interface is identified via a MAC and IP address; see also ¶ [0221]; see also Abstract, the VLAN tag which identifies the virtual machines allows for communications to be carried out even when IP addresses overlap).
Although, Iwata teaches virtual machines in the form of virtual servers and a virtual switch, Iwata does not explicitly teach these virtual machines hosted together on a single virtual machine (the claimed analyzer virtual machine). However, Rong teaches hosting virtual machines and a switch on a single virtualization platform (Rong Fig. 4 & ¶ [0045], VMs 408 & 410 is hosted on the virtualization platform along with the virtual switch; see also ¶ [0059], which discloses “virtualization platform IP address and VM name”, which indicates that this platform is a VM).
It would have been obvious to a person of ordinary skill in the art to combine the teachings of Iwata and Rong to teach hosting virtual components on a virtual platform because this virtualization further enhances computing flexibility. Furthermore, this is merely combining prior art elements (VMs and virtual switches) according to known methods (hosting virtual components on a Virtual Machine) to yield predictable results (enhance flexibility). MPEP 2143(I). See also Rong ¶ [0002], “Network virtualization is implemented by many vendors using overlay technologies… These technologies enable multiple virtual networks to be utilized over the same physical network. Usually, a virtual switch component in a host or a virtualization layer (e.g., a hypervisor) provides the virtual ports which may be used to associate VMs to the various virtual networks.”

Iwata and Rong teach all the limitations of claims 17-20 as asserted above with regard to claims 3-6, respectively.

Claims 2, 9 and 16 are rejected under 35 U.S.C. § 103 as being unpatentable over Iwata (Pub. No. US 2012/0275328 A1) in view of Rong (Pub. No. 2016/0314012 A1) and further in view of Martinez De La Cruz (Pub. No. US 2020/0336511 A1).

Regarding claim 2, Iwata and Rong teaches the method of claim 1. Iwata furthermore teaches directing, based on the data packet header, the de-encapsulated packet to a virtual network interface associated with a packet capture application within the analyzer virtual machine (Iwata Fig. 8 & ¶ [0087] and claims 9-10, the virtual machine ID and the IP destination field that is incorporated into the IP header in Fig. 8 are used to route the packet to a virtual network interface of virtual server D in Fig. 1, this interface is identified via a MAC and IP address; see also ¶ [0221]; see also Abstract, the VLAN tag which identifies the virtual machines allows for communications to be carried out even when IP addresses overlap).
Iwata and Rong do not explicitly teach filtering the packet based on the data packet header; and sending, based on the filtering, the packet to the virtual network interface.
However, Martinez De La Cruz teaches wherein directing the de-encapsulated packet to the virtual network interface associated with the packet capture application within the analyzer virtual machine comprises: filtering the de-encapsulated packet based on the data packet header (Martinez De La Cruz ¶¶ [0039] & [0043], received packets are filtered and transmitted to the VM virtual network interfaces based on the destination IP address); and sending, based on the filtering, the de-encapsulated packet to the virtual network interface (Martinez De La Cruz ¶¶ [0039] & [0043], received packets are filtered and transmitted to the VM virtual network interfaces based on the destination IP address).
It would have been obvious to a person of ordinary skill in the art to combine the teachings of Iwata, Rong and Martinez De La Cruz to teach filtering traffic based on an IP address “to increase the virtualized networking security by: avoiding anti-spoofing, that is to prevent a potential attacker VM to inject traffic in the virtualized network impersonating other VM. avoiding traffic sniffing/eavesdropping by potentially malicious VMs, using promiscuous mode settings in the virtual interface to capture all traffic in the network, including the one not intended to the VM itself.” Martinez De La Cruz ¶¶ [0040]-[0042].

Iwata, Rong and Martinez De La Cruz teach all the limitations of claims 9 and 16 as asserted above with regard to claim 2.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to GREGORY P TOLCHINSKY whose telephone number is (571)270-0599. The examiner can normally be reached m-f (9:30-6:30PM).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Umar Cheema can be reached on 571-270-3037. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/G.P.T./Examiner, Art Unit 2456


/UMAR CHEEMA/Supervisory Patent Examiner, Art Unit 2456