Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
This office action is in response to the application 17/196,970 filed on 03/09/2021.
EXAMINER’S AMENDMENT
An Examiner’s Amendment to the record appears below.  Should the changes and/or additions be unacceptable to Applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this Examiner’s Amendment was given in a telephone interview with Applicant’s representative, Mrs. Agatha H. Liu (Reg. No. 65,323) on April 26th, 2022.  During the telephone conference, Mrs. Agatha has agreed and authorized the Examiner to amend claims 1, 6, 12-13 and 15 and to cancel claims 5, 14 and 18. 
The application has been amended as follows:
CLAIMS
Replacing claims 1, 5-6, 12-15 and 18 as follows:
1. (Currently Amended) One or more non-transitory computer-readable storage media storing sequences of instructions which when executed cause one or more hardware processors to perform a method of managing security services for a cloud computing platform, the method comprising: 
receiving, by a security gateway system, a digital communication related to one of one or more computing applications hosted by a virtual cluster for private use by a client device on a cloud computing platform,
the security gateway system residing within the cloud computing platform,
the security gateway system performing network security gateway functions for the one or more computing applications hosted by the virtual cluster;
storing the digital communication in association with a timestamp in a storage device,
wherein the timestamp indicates when the digital communication was received;
receiving one or more pieces of threat intelligence data indicating a security threat from a main controller residing outside the virtual cluster;
storing the one or more pieces of threat intelligence data in a database;
determining whether any of the one or more pieces of threat intelligence data in the database applies to any of , comprising:
determining whether the digital communication matches any of the one or more pieces of threat intelligence data in the database;
in response to determining that the digital communication matches a certain piece of threat intelligence data in the database, cleaning up or discarding the digital communication; 
in response to determining that the digital communication matches no piece of threat intelligence data in the database, sending application-level data of the digital communication to a destination of the digital communication; 
transmitting an estimate of an extent or timing of an impact of the security threat based on the determining, comprising sending information regarding a security harm associated with a specific piece of threat intelligence data and information including a date of receipt regarding digital communications matched to the specific piece of threat intelligence data to the client device.  

5. (Canceled) 

6. (Currently Amended) The one or more non-transitory computer-readable storage media of claim [[5]]1, the determining comprising:
identifying source information of the digital communication or a name of a document within the digital communication; 
comparing the source information or the name with the one or more pieces of threat intelligence data.  

12. (Currently Amended) The one or more non-transitory computer-readable storage media of claim 1, 

the method further comprising storing the digital communication in association with a second timestamp in the storage device indicating when processing of the digital communication began and a third timestamp in the storage device indicating when processing of the digital communication ended.  

13. (Currently Amended) The one or more non-transitory computer-readable storage media of claim 1, 
the determining comprising calculating a frequency of having false positives corresponding a number of digital communications matched to the one or more pieces of threat intelligence data but did not cause actual security harm; 
the transmitting comprising sending the frequency to the client device.  

14. (Canceled)   

15. (Currently Amended) A computer-implemented method of managing security services for a cloud computing platform, comprising: 
receiving, by a security gateway system having a processor, a digital communication related to one of one or more computing applications hosted by a virtual cluster for private use by a client device on a cloud computing platform,
the security gateway system residing within the cloud computing platform,
the security gateway system performing network security gateway functions for the one or more computing applications hosted by the virtual cluster;
storing the digital communication in association with a timestamp in a storage device,
wherein the timestamp indicates when the digital communication was received;
receiving one or more pieces of threat intelligence data indicating a security threat from a main controller residing outside the virtual cluster;
storing the one or more pieces of threat intelligence data in a database; 
determining whether any of the one or more pieces of threat intelligence data in the database applies to any of , comprising:
determining whether the digital communication matches any of the one or more pieces of threat intelligence data in the database;
in response to determining that the digital communication matches a certain piece of threat intelligence data in the database, cleaning up or discarding the digital communication; 
in response to determining that the digital communication matches no piece of threat intelligence data in the database, sending application-level data of the digital communication to a destination of the digital communication;
transmitting an estimate of an extent or timing of an impact of the security threat based on the determining, comprising sending information regarding a security harm associated with a specific piece of the one or more pieces of threat intelligence data and information including a date of receipt regarding digital communications matched to the specific piece of threat intelligence data to the client device.  

18. (Canceled)  
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 04/12/2021 is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.
Allowable Subject Matter
 Claims 1-4, 6-13, 15-17 and 19-20, are allowed in light of the Applicant’s arguments/amendments and in light of the prior art made of record.
 The following is an examiner’s statement of reasons for allowance: 
As to claims 1-4, 6-13, 15-17 and 19-20, the closest prior arts, Zhao (US 2017/0250870), in view of Janakiraman (US 2020/0059492), in view of Fadida (US 2014/0075494), in view of Chuang (US 2017/0093675), in view of Bingram (US 2015/0215334) and further in view of Li (US 2012/0304277), alone or in combination fails to anticipate or render obvious the claim invention.  
Zhoa (Prior art) discloses a virtual network policy configuration method and system, and a virtual network element and a network administration system thereof. The virtual network element includes: a receiving module, configured to receive policy configuration information; and a processing module, configured to perform service control according to the policy configuration information received by the receiving module.
Janakiraman (Prior art) discloses deploying a cluster of policy agents on a virtual private cloud that interconnects a plurality of virtual private clouds, the virtual private cloud and the plurality of virtual private clouds residing in a cloud associated with a multi-cloud fabric.
Fadida (Prior art) discloses maintaining the security of computing systems in virtual operating environments to increase security in a cloud computing environment. By grouping systems with similar security levels in a single cluster, the security of the virtual machines within the cluster may be managed more effectively and/or efficiently.
Chuang (Prior art) discloses a system that can fully manage individual virtual security appliance (such as IPS or IDS) components in a cloud environment while introducing minimal overheads and route flows first through a protocol identifier to determine the traffic type and then through an inspector to check for potential threats, with any events or incidents found passed to an event handler which can then be used in accordance with security policies to initiate actions in response to the possible threats.
Bingram (Prior art) discloses network security data collection, aggregation, and analysis, among other functions, and more particularly to the generation of network threat intelligence, including reputation scores and profiles, based on network security data.
Li (Prior art) discloses system, comprising a network security gateway appliance associated with an enterprise or other network and communicatively coupled to a cluster of security gateway appliances instantiated as a cloud-based service, wherein said cluster of security gateway appliances is configured to provide specified services to said enterprise or other network via said security gateway appliance, said services comprising some or all of data loss protection, anti-virus/anti-malware scanning and policy enforcement, dynamic real time rating of content sources, security services, network acceleration, and other policy based services.
However, none of Zhoa, Janakiraman, Fadida, Chuang, Bingram and Li, teaches or suggests, alone or in combination, the particular combination of steps or elements as recited in the independent claims, 1 and 15.  For example, none of the cited prior art teaches or suggest the steps of receiving, by a security gateway system, a digital communication related to one of one or more computing applications hosted by a virtual cluster for private use by a client device on a cloud computing platform; receiving one or more pieces of threat intelligence data indicating a security threat from a main controller residing outside the virtual cluster; determining whether the digital communication matches any of the one or more pieces of threat intelligence data in the database; in response to determining that the digital communication matches a certain piece of threat intelligence data in the database, cleaning up or discarding the digital communication; transmitting an estimate of an extent or timing of an impact of the security threat based on the determining, comprising sending information regarding a security harm associated with a specific piece of threat intelligence data and information including a date of receipt regarding digital communications matched to the specific piece of threat intelligence data to the client device.
These limitations, in conjunction with all other limitations, has not been disclosed, suggested or made obvious over the prior art of record either taken by itself or in any combination, would have anticipated or made obvious the invention of the present application at or before the time it was filed.  For these reasons, as well as the other limitations and in the light of amendments to the claims of the independent claims, puts these claims in condition for allowance.
Claims 2-4, 6-13, 16-17 and 19-20 are directly or indirectly dependent upon claims 1 and 15 therefore, they are also allowable over the prior arts of record.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SANCHIT K SARKER whose telephone number is (571)270-7907. The examiner can normally be reached M-F 8:30 AM-5:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, FARID HOMAYOUNMEHR can be reached on 571-272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SANCHIT K SARKER/Examiner, Art Unit 2495