DETAILED ACTION

Currently pending claims are 1 – 25.

Response to Arguments
Applicant's arguments with respect to instant claims have been fully considered but are moot in view of the new ground(s) of rejection necessitated by Applicant's amendment – please see the following section for the detail of rationale to make the corresponding prior-art(s) rejections as set forth below.
As per claim 1, Applicant asserts prior-arts do not teach “(a) the encrypted credentials are stored in the user device, (b) the encryption keys are stored in the backplane server, and (c) the credentials are decrypted at the virtual machine” (Remarks: Page 8 /3rd Para).  Examiner respectfully disagrees with the following rationale.
Regrading (a), Huang teaches receiving an encrypted password (i.e. encrypted credentials) from a client computer (Huang: Col. 1 Line 39 – 42), which is encrypted with a symmetric key and the symmetric key is encrypted with a public key for initiating a user login session on a virtual machine operating system (e.g. a virtualized computer using a standard destop paradigm in a cloud computing environment) via a 1st communication channel (Huang: Figure 6 & 5, Abstract, Col. 1 Line 32 – 48, Col. 4 Line 7 – 23 and Col. 6 Line 51 – 54);
Regrading (b), Beloskur teaches receivng a private key from an entity of 3rd-party server through a separate (i.e. unique second) communication channel in a cloud networking environment that constitutes a backplane server using a supplemental / second communication channel – i.e. the encryption keys are stored in the backplane server (Beloskur: Para [0001] and Para [0053] Line 8 – 11); and
Regrading (c), Huang teaches providing a virtual destop agent (VDA) (i.e. a virtual amchine) (Huang: Col. 4 Line 46 – 47) that using a private key (corresponding to a PKI- public / private key-pair) to decrypt the encrypted symmetric key to obtain the symmetric key to further decrypt the encrypted password (Huang: Col. 6 Line 42 – 50), wherein the virtual destop agent (VDA) (i.e. a virtual amchine) is associated with (or coupled with) a hypervisor (i.e. a virtual machine monitor (VMM) software so as to create and run virtual machines (VMs) accordingly in a cloud network and the network access is limited based on the provided password (credentials) transmitted over the cloud network during the user authentication process) (Huang: Figure 6 & 5, Abstract, Col. 1 Line 32 – 48, Col. 4 Line 7 – 23 and Col. 6 Line 51 – 54).  As such Applicant's arguments are respectfully traversed.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 1, 2, 4, 6 – 9, 11, 13, 15, 16, 18, 20 and 24 – 25 are rejected under 35 U.S.C.103 as being unpatentable over Huang et al. (U.S. Patent 9,860,064), in view of Beloskur et al. (U.S. Patent 2021/0152345), and in view of cole et al. (U.S. Patent 2018/0115551).  

As per claims 1, 8 & 15, Huang teaches an apparatus comprising a processor with programmed instructions to: 
receive at a virtual machine hosted on a hardware device, from a user device and via a network, encrypted credentials for logging on a user associated with the user device to the virtual machine wherein the encrypted credentials are stored in the user device (Huang: see above & Col. 1 Line 39 – 42, Col. 4 Line 7 – 23 and Col. 6 Line 51 – 54:    
(a) Huang teaches receiving an encrypted password (i.e. encrypted credentials) from a client computer (Huang: Col. 1 Line 39 – 42), which is encrypted with a symmetric key and the symmetric key is encrypted with a public key to: 
(b) initiate a user login session on a virtual machine operating system (e.g. a virtualized computer using a standard destop paradigm in a cloud computing environment) via a 1st communication channel and also
(c) providing a virtual destop agent (VDA) (i.e. a virtual amchine) (Huang: Col. 4 Line 46 – 47) that using a private key (corresponding to a PKI- public / private key-pair) to decrypt the encrypted symmetric key to obtain the symmetric key to further decrypt the encrypted password (Huang: Col. 6 Line 42 – 50), wherein the virtual destop agent (VDA) (i.e. a virtual amchine) is associated with (or coupled with) a hypervisor (i.e. a virtual machine monitor (VMM) software so as to create and run virtual machines (VMs) accordingly in a cloud network and the network access is limited based on the provided password (credentials) transmitted over the cloud network during the user authentication process) (Huang: Figure 6 & 5, Abstract, Col. 1 Line 32 – 48, Col. 4 Line 7 – 23 and Col. 6 Line 51 – 54)).

Even though Huang teaches using a private key, at a virtual machine, to decrypt the encrypted symmetric key to obtain the symmetric key to further decrypt the encrypted password (Huang: Col. 6 Line 42 – 50) – However, Huang does not disclose expressly receivng a private key from a backplane server.  
Beloskur (& Huang) teaches receive, at the virtual machine, from a backplane server and via the network, encryption keys, wherein the encryption keys are stored in the backplane server (Huang: Col. 6 Line 42 – 50: using a private key, at a virtual machine, to decrypt the encrypted symmetric key to obtain the symmetric key to further decrypt the encrypted password) || (Beloskur: Para [0001] and Para [0053] Line 8 – 11: Beloskur teaches receivng a private key from an entity of 3rd-party server through a separate (i.e. unique second) communication channel in a cloud networking environment that constitutes a backplane server using a supplemental / second communication channel).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention was made to propose the modification of receivng a private key from a 3rd-party server entity through a separate (i.e. unique) communication channel in a cloud networking environment because Beloskur teaches to alternatively, effectively and securely transfer secure data w.r.t. an ownership of a device in a computing cloud from one entity to another entity and use a private key (corresponding to a PKI- public / private key-pair) received from a 3rd-party server entity through a separate (i.e. unique) communication channel in a cloud networking environment (see above) within the Huang’s system of encrypting a password by using a public key for initiating a user login session on a virtual machine operating system, which must be required to utilize a private key (corresponding to a PKI- public / private key-pair) to decrypt the encrypted symmetric ket to obtain the symmetric key). 
decrypt the credentials at the virtual machine (Huang: see abov & Col. 4 Line 46 – 47 and Col. 6 Line 42 – 50: providing a virtual destop agent (VDA) (i.e. a virtual amchine) (Huang: Col. 4 Line 46 – 47) that using a private key (corresponding to a PKI- public / private key-pair) to decrypt the encrypted symmetric key to obtain the symmetric key to further decrypt the encrypted password (Huang: Col. 6 Line 42 – 50).                  
However, Huang does not disclose expressly to logon to an operating system .   
Cole teaches to logon to an operating system of a virtual machine (Cole: Para [0070] and Para [0152]: providing a cloud credential data such as password / username to enable a user of a remote machine to logon to an operating system within a cloud environment).   
send, to an operating system (deleted at the claim file on 6/1/2020), the decrypted credentials (Cole: Para [0070] and Para [0152]: providing a cloud credential data such as password / username to enable a user of a remote machine to logon to an operating system within a cloud environment).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention was made to propose the modification of providing a cloud credential data such as password / username to enable a user of a remote machine to logon to an operating system in a cloud environment because Cole teaches to alternatively, effectively and securely provide a cloud credential data such as password / username to enable a user of a remote machine to logon to an operating system within a cloud environment (see above) within the Huang’s system of managing a remote desktop (R-D) computer interaction with the cloud network for a user to initiate a login section on a virtual machine (see above). 
cause the operating system to log the user on to the virtual machine (see above: logon to the authentocation engine – i.e. the cloud-service (C-S AGT) VM (workload) agent / proxy –  this consistent with the disclosure of the instant specification (SPEC [0018]).  

As per claim 2, 9 and 16, Huang as modified teaches wherein the encrypted credentials are received from a storage of the user device (Huang: see above & Col. 1 Line 39 – 44).  

As per claim 4, 11, 18 and 25, Huang as modified teaches logging the user on to the virtual machine enables network access limited to the virtual machine (Huang: see above & Col. 3 Line 25 – 29: the network access is limited dependeing on the provided password (credentials) transmitted over the cloud network during the authentication process).  
As per claim 6, 13 and 20, Huang as modified teaches to receive, from the user device, a key to decrypt the credentials (Huang: see above & Col. 6 Line 42 – 43: using a private key (corresponding to a PKI- public / private key-pair) to decrypt the encrypted symmetric key to obtain the symmetric key so as to further decrypt the encrypted password to obtain the password (i.e. credential) by using the decrypted symmetric key).  

As per claim(s) 7 and 14, the claims contain(s) similar limitations to claim(s) 1 and thus is/are rejected with the same rationale.

Claims 3, 10, 17 and 24 are rejected under 35 U.S.C.103 as being unpatentable over Huang et al. (U.S. Patent 9,860,064), in view of cole et al. (U.S. Patent 2018/0115551), and inview of Miller (U.S. Patent 9,654,473).  

As per claim 3, 10, 17 and 24, Miller (& Huang) teaches wherein the virtual machine deletes the credentials responsive to logging the user on (Huang: see above) & (Miller: Figure 1 & Col. 4 Line 62 – Col. 5 Line 5: (a) a virtual proxy agent (authentocation engine) deletes the credentials after authentication (logon) and (b) the proxy agent includes a virtual browser manager that manages a virtual browser pool to handle the high volume authentication requests).  
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention was made to propose the modification of deleting the credentials responsive to logging the user on because Miller teaches to alternatively, effectively and securely delete the credentials after authentication (logon) by a virtual proxy (authentication engine), wherein the proxy agent includes a virtual browser manager that manages a virtual browser pool to handle the high volume authentication requests (see above) within the Huang’s system of managing a remote desktop (R-D) computer interaction with the cloud network for a user to initiate a login section on a virtual machine (see above). 

Claims 21 & 23 (and 5, 12 & 19) are rejected under 35 U.S.C.103 as being unpatentable over Huang et al. (U.S. Patent 9,860,064), in view of cole et al. (U.S. Patent 2018/0115551), and in view of Beloskur et al. (U.S. Patent 2021/0152345).  

As per claim 21, the claim limitations are met as the same reasons as that set forth in the paragraph above regarding to claim 1 with the exception of the feature(s) of:
serving as a proxy for a user to logon to an interactive session on an operating system of a virtual machine (Huang: Figure 6 & 5, Col. 4 / Line 7 – 23 / Line 41 – 59 and Col. 6 Line 51 – 54: (a) providing a virtual destop agent (VDA) (i.e. a virtual amchine) (Huang: Col. 4 Line 46 – 47) – i.e. a cloud service agent (i.e. a cloud (VM) proxy) (Figure 6 / E-60), a remote desktop (R-D) computer interaction over the cloud network for a user to initiate a login section on a virtual machine (e.g. a virtualized computer using a standard desktop paradigm) and (b) the network access is limited based on the provided password (credentials) transmitted over the cloud network during the user authentication process).
Other claim elements – pls. referred to CLAIM 1 & Non-Final Office action submitted on 3/3/2022.
 decrypting the encrypted symmetric key with the private key (Huang: see above & Col. 6 Line 42 – 43: using a received private key (corresponding to a PKI- public / private key-pair) to decrypt the encrypted symmetric key to obtain the symmetric key); 
decrypting the encrypted credentials with the decrypted symmetric key (see above); 
sending, to the operating system, the decrypted credentials (Cole: see above & Para [0070] and Para [0152]: providing a cloud credential data such as password / username to enable a user of a remote machine to logon to an operating system within a cloud environment); and 
causing the operating system to log the user on to the virtual machine (see above: logon to the authentocation engine – i.e. the cloud-service (C-S AGT) VM (workload) agent / proxy –  this consistent with the disclosure of the instant specification (SPEC [0018]).  

As per claim(s) 5, 12 and 19, the claims contain(s) similar limitations to claim(s) 21 (i.e. from a 2nd communication channel) and thus is/are rejected with the same rationale.

As per claim(s) 22, the processor is coupled to the virtual machine via a hypervisor (Huang: see above & the cloud service agen (i.e. the proxy) is a cloud virtualized computer (i.e. a virtual machine in a cloud network) that must be associated with (or coupled with) a hypervisor (i.e. a virtual machine monitor (VMM) software so as to create and run virtual machines (VMs) accordingly in a cloud network).  

As per claim 23, Huang as modified teaches wherein the encrypted credentials are 
received from a storage of the user device (Huang: see above & Col. 1 Line 39 – 44).  

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to LONGBIT CHAI whose telephone number is (571)272-3788. The examiner can normally be reached Monday - Friday 9:00am-5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn D. Feild can be reached on 571-272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



---------------------------------------------------
                  /Longbit Chai/
           Longbit Chai E.E. Ph.D.
    Primary Examiner, Art Unit 2431
                   No. #2327 – 2022
---------------------------------------------------