DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
The Amendment filed on June 30, 2022 has been entered. Claims 1, 3, 6-9, 11, 14, 16-17, and 19 were amended. No claims were added. As a result, claims 1-20 are pending, of which claims 1, 9 and 17 are in independent form.

Applicant’s amendment regarding the paragraphs 0032, and 0036 obviates the Specification objection, therefore the Specification objection is withdrawn.

Applicant’s amendment regarding claim 7 obviates the claim rejection, therefore the claim rejection under 35 USC § 112 is withdrawn.

                                                    Response to Arguments
On Pages 11-16 of remarks by applicant, the applicant argues that the cited references do not appear to teach or suggest the claim element “whether to alter security rules for the first application of the plurality of applications, the security rules for the first application controlling traffic flow or execution of commands between or within respective applications of the plurality of applications", as amended in claims 1, 9, and 17, and the claims that depend thereon.
Applicant’s arguments with respect to claim(s) 1, 9, and 17 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-2, 4, 7-10, 12, 15, 16-18, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Wang et al. (US 2020/0304381 A1) in view of Papaxenopoulos et al. (US 2018/ 0336356 Al), and further in view of Shenoy, JR. et al. (US 2019/0098037 A1).

In regards to claim 1, Wang discloses a method comprising: 
obtaining a machine learning model (Wang, Fig. 7 and Para. 0049, Training module 335 may run supervised learning 405 to obtain a benchmark pattern model (e.g., trained model 410), note the benchmark pattern model which can interpret as obtaining a machine learning model from supervised learning 405);
obtaining a log of data traffic in a network, wherein the network communicates data among a plurality of applications (Wang, Fig. 7 and Para. 0059, collecting live network traffic data from a local network (block 715)), 
wherein the log of data traffic comprises information associated with a first application of the plurality of applications (Wang, Para. 0040, Traffic pattern recognition function 320 may apply pattern recognition to identify a pattern (e.g. a particular combination of data speed, latency, and jitter for each direction) in the filtered data that may be attributed, for example, to a particular application);
analyzing the log of data traffic using the machine learning model (Wang, Para. 0061, traffic evaluation function 322 may compare a relevant benchmark from trained model 410 to the actual network data to determine how much the live network traffic for the application has been impacted by the network); and
Wang fails to disclose based on the determination to alter the security rules for the first application, sending instructions to alter the security rules for the first application. However, Papaxenopoulos teaches based on the determination to alter the security rules for the first application (Papaxenopoulos, Fig. 4, Para. 0048, the security generator can generate security path rules 416 utilizing a rules repository (e.g., 215B) provided by the static analysis application), sending instructions to alter the security rules for the first application (Papaxenopoulos, Para. 0048, Fig. 4, Item 426, Those security patch rules that are verified 422 can then be provided for further processing 426 along with source code changes, descriptions of the security patches).
Wang and Papaxenopoulos are both considered to be analogous to the claimed invention because they are in the same field of analyzing the log of data traffic of an application in the cloud network. Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filling date of the claimed invention to have modified Wang to incorporate the teachings of Papaxenopoulos to include based on the determination to alter the security rules for the first application (Papaxenopoulos, Fig. 4, Para. 0048), sending instructions to alter the security rules for the first application (Papaxenopoulos, Para. 0048, Fig. 4). Doing so would aid to auto-remediating security vulnerabilities in source code, and more specifically pertains to utilizing pre-existing security controls for auto-remediating security vulnerabilities in source code (Papaxenopoulos, Para. 0002).
Wang and Papaxenopoulos fail to teach determining, based on the analysis using the machine learning model, whether to alter security rules for the first application of the plurality of applications, the security rules for the first application controlling traffic flow or execution of commands between or within respective applications of the plurality of applications.
However, Shenoy teaches determining, based on the analysis using the machine learning model, whether to alter security rules for the first application of the plurality of applications, the security rules for the first application controlling traffic flow or execution of commands between or within respective applications of the plurality of applications (Shenoy, Para. 0192, by having context categories and contexts be universal across services and service providers, the security system 450 may more apt to normalizing multiple actions across different platforms in order to “learn” (via one or more machine learning algorithms) and modify various security rules and Para. 189, the security system 450 may store a statistical normality for the user account indicating the user account uses the first cloud-based application for sending document);
Wang, Papaxenopoulos and Shenoy are all considered to be analogous to the claimed invention because they are in the same field of analyzing the log of data traffic of an application in the cloud network. Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filling date of the claimed invention to have modified Wang and Papaxenopoulos to incorporate the teachings of Shenoy to include determining, based on the analysis using the machine learning model, whether to alter security rules for the first application of the plurality of applications, the security rules for the first application controlling traffic flow or execution of commands between or within respective applications of the plurality of applications (Shenoy, Para. 0192 and Para. 0189). Doing so would aid to perform a remediation action including sending instructions to the service provider 110 to modify access to the services 112 a-112 b. In these examples, the remediation action can include determining instructions to send. For example, the control manager 172 can examine an API of the service provider 110 and/or of a service to identify instructions that can be performed to cause a desired change to the service (Shenoy, Para. 0076).

In regards to claim 2, the combination of Wang and Papaxenopoulos further in view of Shenoy teaches the method of claim 1, wherein the log of data traffic comprises error information or throughput information associated with the first application (Wang, Para. 0039, Coarse filter 314 may filter out unnecessary raw data, such as data unrelated to data speeds, throughput, frame size, packet size, latency, jitter, etc. Coarse filter 314 may pass the remaining).

In regards to claim 4, the combination of Wang and Papaxenopoulos further in view of Shenoy teaches the method of claim 1, wherein the security rules are altered in an application programming interface of the first application (Papaxenopoulos, Para. 0014, The remediation process can include security rules created from one or more application programming interfaces (API) accessible by the security application). Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filling date of the claimed invention to have modified Wang to incorporate the teachings of Papaxenopoulos to include wherein the security rules are altered in an application programming interface of the first application (Papaxenopoulos, Para. 0014). Doing so would aid to auto-remediating security vulnerabilities in source code, and more specifically pertains to utilizing pre-existing security controls for auto-remediating security vulnerabilities in source code (Papaxenopoulos, Para. 0002).

In regards to claim 7, the combination of Wang and Papaxenopoulos further in view of Shenoy teaches the method of claim 1, further comprising: analyzing historical data of logs for the first application
 (Wang, Para, 0043 Artificial intelligence (AI) prediction function 328 may use output from intelligent analysis function 318 as well as historical data from benchmark performance database 330); and based on the analyzing, updating the machine learning model to a new machine learning model (Wang, Para.0058, process 700 may include training a benchmark pattern model from historical training data (block 705), and storing a local copy of the benchmark pattern model).

In regards to claim 8, the combination of Wang and Papaxenopoulos further in view of Shenoy teaches the method of claim 1, wherein the sending instruction to alter the security rules comprises; sending instructions denying routing of traffic to the first application of the plurality of applications from a second application of the plurality of applications (Shenoy, Para. 0185, the security system 450 may modify a configuration file associated with the service provider 110, such that when executed, the service provider 110 may deny access to a cloud-based service to one or more user accounts). Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filling date of the claimed invention to have modified Wang and Papaxenopoulos to incorporate the teachings of Shenoy to include wherein the sending instruction to alter the security rules comprises; sending instructions denying routing of traffic to the first application of the plurality of applications from a second application of the plurality of applications (Shenoy, Para. 0185). Doing so would aid to perform a remediation action including sending instructions to the service provider 110 to modify access to the services 112 a-112 b. In these examples, the remediation action can include determining instructions to send. For example, the control manager 172 can examine an API of the service provider 110 and/or of a service to identify instructions that can be performed to cause a desired change to the service (Shenoy, Para. 0076).

In regards to claim 9, Wang discloses an apparatus comprising:
a processor (Wang, Fig. 2, Item 210); and
a memory coupled with the processor, the memory storing executable instructions that when executed by the processor cause the processor to effectuate operations comprising (Wang, Fig. 2, Item 215):
obtaining a machine learning model (Wang, Fig. 7 and Para. 0049, Training module 335 may run supervised learning 405 to obtain a benchmark pattern model (e.g., trained model 410), note the benchmark pattern model which can interpret as obtaining a machine learning model from supervised learning 405);
obtaining a log of data traffic in a network, wherein the network communicates data among a plurality of applications (Wang, Fig. 7 and Para. 0059, collecting live network traffic data from a local network (block 715)), wherein the log of data traffic comprises information associated with a first application of the plurality of the applications; (Wang, Para. 0040, Traffic pattern recognition function 320 may apply pattern recognition to identify a pattern (e.g. a particular combination of data speed, latency, and jitter for each direction) in the filtered data that may be attributed, for example, to a particular application);
analyzing the log of data traffic using the machine learning model (Wang, Para. 0061, traffic evaluation function 322 may compare a relevant benchmark from trained model 410 to the actual network data to determine how much the live network traffic for the application has been impacted by the network);
determining, based on the analysis using the machine learning model (Wang, Para. 0062, If there is not a match in the benchmark pattern model (block 730—No), process 700 may include analyzing the network data with a learning function (block 745)), 
whether to alter security rules for the first application of the plurality of applications, the security rules controlling traffic flow or execution of commands between or within respective applications of the plurality of the applications (Wang, Para. 0065, PCF 814 may support policies to control network behavior, provide policy rules to control plane functions (not shown), access subscription information relevant to policy decisions, perform policy decisions, and/or perform other types of processes associated with policy enforcement); and
Wang fails to disclose based on the determination to alter the security rules for the first application, sending instructions to alter the security rules for the first application. However, Papaxenopoulos teaches based on the determination to alter the security rules for the first application (Papaxenopoulos, Fig. 4, Para. 0048, the security generator can generate security path rules 416 utilizing a rules repository (e.g., 215B) provided by the static analysis application), sending instructions to alter the security rules for the first application (Papaxenopoulos, Para. 0048, Fig. 4, Item 426, Those security patch rules that are verified 422 can then be provided for further processing 426 along with source code changes, descriptions of the security patches).
Wang and Papaxenopoulos are both considered to be analogous to the claimed invention because they are in the same field of analyzing the log of data traffic of an application in the cloud network. Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filling date of the claimed invention to have modified Wang to incorporate the teachings of Papaxenopoulos to include based on the determination to alter the security rules for the first application (Papaxenopoulos, Fig. 4, Para. 0048), sending instructions to alter the security rules for the first application (Papaxenopoulos, Para. 0048, Fig. 4, Item 426). Doing so would aid to auto-remediating security vulnerabilities in source code, and more specifically pertains to utilizing pre-existing security controls for auto-remediating security vulnerabilities in source code (Papaxenopoulos, Para. 0002).
Wang and Papaxenopoulos fail to teach determining, based on the analysis using the machine learning model, whether to alter security rules for the first application of the plurality of applications, the security rules controlling traffic flow or execution of commands between or within respective applications of the plurality of the applications;
However, Shenoy teaches determining, based on the analysis using the machine learning model, whether to alter security rules for the first application of the plurality of applications, the security rules controlling traffic flow or execution of commands between or within respective applications of the plurality of the applications (Shenoy, Para. 0192, by having context categories and contexts be universal across services and service providers, the security system 450 may more apt to normalizing multiple actions across different platforms in order to “learn” (via one or more machine learning algorithms) and modify various security rules and Para. 0189, the security system 450 may store a statistical normality for the user account indicating the user account uses the first cloud-based application for sending document);
Wang, Papaxenopoulos and Shenoy are all considered to be analogous to the claimed invention because they are in the same field of analyzing the log of data traffic of an application in the cloud network. Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filling date of the claimed invention to have modified Wang and Papaxenopoulos to incorporate the teachings of Shenoy to include determining, based on the analysis using the machine learning model, whether to alter security rules for the first application of the plurality of applications, the security rules controlling traffic flow or execution of commands between or within respective applications of the plurality of the applications (Shenoy, Para. 0192 and Para. 0189). Doing so would aid to perform a remediation action including sending instructions to the service provider 110 to modify access to the services 112 a-112 b. In these examples, the remediation action can include determining instructions to send. For example, the control manager 172 can examine an API of the service provider 110 and/or of a service to identify instructions that can be performed to cause a desired change to the service (Shenoy, Para. 0076).

In regards to claim 10, the combination of Wang and Papaxenopoulos further in view of Shenoy teaches the apparatus of claim 9, wherein the log of data traffic comprises error information or throughput information associated with the first application (Wang, Para. 0039, Coarse filter 314 may filter out
unnecessary raw data, such as data unrelated to data speeds, throughput, frame size, packet size, latency, jitter, etc. Coarse filter 314 may pass the remaining).

In regards to claim 12, the combination of Wang and Papaxenopoulos further in view of Shenoy teaches the apparatus of claim 9, wherein the security rules are altered in an application programming interface of the first application Papaxenopoulos, Para. 0014, The remediation process can include security rules created from one or more application programming interfaces (API) accessible by the security application). Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filling date of the claimed invention to have modified Wang to incorporate the teachings of Papaxenopoulos to include wherein the security rules are altered in an application programming interface of the first application (Papaxenopoulos, Para. 0014). Doing so would aid to auto-remediating security vulnerabilities in source code, and more specifically pertains to utilizing pre-existing security controls for auto-remediating security vulnerabilities in source code (Papaxenopoulos, Para. 0002).

In regards to claim 15, the combination of Wang and Papaxenopoulos further in view of Shenoy teaches the apparatus of claim 9, the operations further comprising: analyzing historical data of logs for the first application(Wang, Para, 0043 Artificial intelligence (AD prediction function 328 may use output from intelligent analysis function 318 as well as historical data from benchmark performance database 330); and based on the analyzing, updating the machine learning model to a new machine learning model (Wang, Para.0058, process 700 may include training a benchmark pattern model from historical training data (block 705), and storing a local copy of the benchmark pattern model).

In regards to claim 16, the combination of Wang and Papaxenopoulos further in view of Shenoy the apparatus of claim 9, wherein the sending instructions to alter the security rules comprises; sending instructions denying routing of traffic to the first application of the plurality of applications from a second application of the plurality of the applications (Shenoy, Para. 0185, the security system 450 may modify a configuration file associated with the service provider 110, such that when executed, the service provider 110 may deny access to a cloud-based service to one or more user accounts). Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filling date of the claimed invention to have modified Wang and Papaxenopoulos to incorporate the teachings of Shenoy to include wherein the sending instructions to alter the security rules comprises; sending instructions denying routing of traffic to the first application of the plurality of applications from a second application of the plurality of the applications (Shenoy, Para. 0185). Doing so would aid to perform a remediation action including sending instructions to the service provider 110 to modify access to the services 112 a-112 b. In these examples, the remediation action can include determining instructions to send. For example, the control manager 172 can examine an API of the service provider 110 and/or of a service to identify instructions that can be performed to cause a desired change to the service (Shenoy, Para. 0076).

In regards to claim 17, Wang discloses a non-transitory, computer readable storage medium storing computer executable instructions that when executed by a computing device cause said computing device to effectuate operations comprising:
obtaining a machine learning model (Wang, Fig. 7 and Para. 0049, Training module 335 may run supervised learning 405 to obtain a benchmark pattern model (e.g., trained model 410), note the benchmark pattern model which can interpret as obtaining a machine learning model from supervised learning 405);
obtaining a log of data traffic in a network, wherein the network communicates data among a plurality of applications (Wang, Fig. 7 and Para. 0059, collecting live network traffic data from a local network (block 715)), wherein the log of data traffic comprises information associated with a first application (Wang, Para. 0040, Traffic pattern recognition function 320 may apply pattern recognition to identify a pattern (e.g. a particular combination of data speed, latency, and jitter for each direction) in the filtered data that may be attributed, for example, to a particular application);
analyzing the log of data traffic using the machine learning model (Wang, Para. 0061, traffic evaluation function 322 may compare a relevant benchmark from trained model 410 to the actual network data to determine how much the live network traffic for the application has been impacted by the network); and
Wang fails to disclose based on the determination to alter the security rules for the first application, sending instructions to alter the security rules for the first application of the plurality of the applications. However, Papaxenopoulos teaches based on the determination to alter the security rules for the first application (Papaxenopoulos, Fig. 4, Para. 0048, the security generator can generate security path rules 416 utilizing a rules repository (e.g., 215B) provided by the static analysis application), sending instructions to alter the security rules for the first application of the plurality of the applications (Papaxenopoulos, Para. 0048, Fig. 4, Item 426, Those security patch rules that are verified 422 can then be provided for further processing 426 along with source code changes, descriptions of the security patches).
Wang and Papaxenopoulos are both considered to be analogous to the claimed invention because they are in the same field of analyzing the log of data traffic of an application in the cloud network. Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filling date of the claimed invention to have modified Wang to incorporate the teachings of Papaxenopoulos to include based on the determination to alter the security rules for the first application (Papaxenopoulos, Fig. 4, Para. 0048), sending instructions to alter the security rules for the first application of the plurality of the applications (Papaxenopoulos, Para. 0048, Fig. 4). Doing so would aid to auto-remediating security vulnerabilities in source code, and more specifically pertains to utilizing pre-existing security controls for auto-remediating security vulnerabilities in source code (Papaxenopoulos, Para. 0002).
Wang and Papaxenopoulos fail to teach determining, based on the analysis using the machine learning model (Wang, Para. 0062, If there is not a match in the benchmark pattern model, whether to alter security rules for the first application of the plurality of applications, the security rules controlling traffic flow or execution of commands between or within respective applications of the plurality of applications.
However, Shenoy teaches determining, based on the analysis using the machine learning model (Wang, Para. 0062, If there is not a match in the benchmark pattern model, whether to alter security rules for the first application of the plurality of applications, the security rules controlling traffic flow or execution of commands between or within respective applications of the plurality of applications (Shenoy, Para. 0192, by having context categories and contexts be universal across services and service providers, the security system 450 may more apt to normalizing multiple actions across different platforms in order to “learn” (via one or more machine learning algorithms) and modify various security rules and Para. 189, the security system 450 may store a statistical normality for the user account indicating the user account uses the first cloud-based application for sending document);
Wang, Papaxenopoulos and Shenoy are all considered to be analogous to the claimed invention because they are in the same field of analyzing the log of data traffic of an application in the cloud network. Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filling date of the claimed invention to have modified Wang and Papaxenopoulos to incorporate the teachings of Shenoy to include determining, based on the analysis using the machine learning model (Wang, Para. 0062, If there is not a match in the benchmark pattern model, whether to alter security rules for the first application of the plurality of applications, the security rules controlling traffic flow or execution of commands between or within respective applications of the plurality of applications (Shenoy, Para. 0192 and Para. 0189). Doing so would aid to perform a remediation action including sending instructions to the service provider 110 to modify access to the services 112 a-112 b. In these examples, the remediation action can include determining instructions to send. For example, the control manager 172 can examine an API of the service provider 110 and/or of a service to identify instructions that can be performed to cause a desired change to the service (Shenoy, Para. 0076).

In regards to claim 18, the combination of Wang and Papaxenopoulos further in view of Shenoy teaches non- transitory the combination of Wang in view of Papaxenopoulos teaches the computer readable storage medium of claim 17, wherein the log of data traffic comprises error information or throughput information associated with the first application (Wang, Para. 0039, Coarse filter 314 may filter out unnecessary raw data, such as data unrelated to data speeds, throughput, frame size, packet size, latency, jitter, etc. Coarse filter 314 may pass the remaining).

In regards to claim 20, the combination of Wang and Papaxenopoulos further in view of Shenoy teaches the non- transitory, combination of Wang in view of Papaxenopoulos teaches the computer readable storage medium of claim 17, wherein the security rules are altered in an application programming interface of the first application (Papaxenopoulos, Para. 0014, The remediation process can include security rules created from one or more application programming interfaces (APD accessible by the security application). Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filling date of the claimed invention to have modified Wang to incorporate the teachings of Papaxenopoulos to include wherein the security rules are altered in an application programming interface of the first application (Papaxenopoulos, Para. 0014). Doing so would aid to auto- remediating security vulnerabilities in source code, and more specifically pertains to utilizing pre-existing security controls for auto-remediating security vulnerabilities in source code (Papaxenopoulos, Para. 0002).

Claims 3, 5-6, 11, 13-14 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Wang et al. (US 2020/0304381 A1) in view of Papaxenopoulos et al. (US 2018 / 0336356 A1) in view of Shenoy, JR. et al. (US 2019 / 0098037 A1), and further in view of Cooper et al. (US 2014/0115578 A1).

In regards to claim 3, Wang, and Papaxenopoulos in view of Shenoy fails to teach the method of claim 1, wherein the log of data traffic comprises type of data traffic during a period that flows to the first application from a second application of the plurality of applications.
 However, Cooper teaches wherein the log of data traffic comprises type of data traffic during a period that flows to the first application from a second application of the plurality of applications (Cooper, Fig. 0013 and Para. 0127, A packet of a network flow is sent at 1301 to guest VM 1330-2, but is intercepted by intercept code module 1390 in vSwitch 1322). Wang, Papaxenopoulos, Shenoy, and Cooper are all considered to be analogous to the claimed invention because they are in the same field of analyzing the log of data traffic of an application in the cloud network. Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filling date of the claimed invention to have modified Wang and Papaxenopoulos in view of Shenoy to incorporate the teaching of Cooper to include wherein the log of data traffic comprises type of data traffic during a period that flows to the first application from a second application of the plurality of applications (Cooper, Fig. 0013 and Para. 0127). Doing so would aid to enable customers to buy only the resources it uses or wants, and can provide flexibility and speed in responding to changes in a customer's network resource requirements. Virtual machines, however, are likely to become more popular targets for malicious attacks, as the use of virtualized cloud infrastructures continues to grow. While cloud virtualization provides many advantages, it can also present unique security challenges, as the nature of the virtualized infrastructure is to enable quick deployment of new resources (Cooper, Para.0004).

In regards to claim 5, the combination of Wang, Papaxenopoulos, and Shenoy further in view of Cooper teaches the method of claim 1, wherein the security rules are altered in a virtual machine associated with the first application (Cooper, Para. 0063, policy module 374 can use VMM security policies database 376 to update VM security policies database 386 with security policies for guest VMs 330). Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filling date of the claimed invention to have modified Wang, and Papaxenopoulos in view of Shenoy to incorporate the teaching of Cooper to include wherein the security rules are altered in a virtual machine associated with the first application (Cooper, Para. 0063). Doing so would aid to provide security in a virtual cloud infrastructure. More specifically, virtual security system 160 of communication system 100 includes a distribution layer at a front-end, network stream level, that routes packets of network traffic to back-end security processes (Cooper, Para.00034).

In regards to claim 6, the combination of Wang, Papaxenopoulos, and Shenoy further in view of Cooper teaches the method of claim 1, wherein the security rules are altered in a firewall located between the first application and a second application of the plurality of the applications (Cooper, 0073, VSA 440-1 may forward the packet to VSA 440-3 using the same source route mechanism 495. VSA 440-3 is a firewall that applies firewall policy to the packet). Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filling date of the claimed invention to have modified Wang, and Papaxenopoulos in view of Shenoy to incorporate the teaching of Cooper to include wherein the security rules are altered in a firewall located between the first application and a second application (Cooper, 0073). Doing so would aid to any number and type of VSAs could be configured in a virtual server to provide various security inspections on network traffic from virtual machines (Cooper, Para.0097).

In regards to claim 11, the combination of Wang, Papaxenopoulos, and Shenoy further in view of Cooper teaches the apparatus of claim 9, wherein the log of data traffic comprises type of data traffic during a period that flows to the first application of the plurality of applications from a second application of the plurality of the applications (Cooper, Fig. 0013 and Para. 0127, A packet of a network flow is sent at 1301 to guest VM 1330-2, but is intercepted by intercept code module 1390 in vSwitch 1322). Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filling date of the claimed invention to have modified Wang, and Papaxenopoulos in view of Shenoy to incorporate the teaching of Cooper to include wherein the log of data traffic comprises type of data traffic during a period that flows to the first application of the plurality of applications from a second application of the plurality of the applications (Cooper, Fig. 0013 and Para. 0127). Doing so would aid to enable customers to buy only the resources it uses or wants, and can provide flexibility and speed in responding to changes in a customer's network resource requirements. Virtual machines, however, are likely to become more popular targets for malicious attacks, as the use of virtualized cloud infrastructures continues to grow. While cloud virtualization provides many advantages, it can also present unique security challenges, as the nature of the virtualized infrastructure is to enable quick deployment of new resources (Cooper, Para.0004).

In regards to claim 13, the combination of Wang, Papaxenopoulos, and Shenoy further in view of Cooper teaches the apparatus of claim 9, wherein the security rules are altered in a virtual machine associated with the first application (Cooper, Para. 0063, policy module 374 can use VMM security policies database 376 to update VM security policies database 386 with security policies for guest VMs 330). Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filling date of the claimed invention to have modified Wang, and Papaxenopoulos in view of Shenoy to incorporate the teaching of Cooper to include wherein the security rules are altered in a virtual machine associated with the first application (Cooper, Para. 0063). Doing so would aid to provide security in a virtual cloud infrastructure. More specifically, virtual security system 160 of communication system 100 includes a distribution layer at a front-end, network stream level, that routes packets of network traffic to back-end security processes (Cooper, Para.00034).

In regards to claim 14, the combination of Wang, Papaxenopoulos, and Shenoy further in view of Cooper teaches the apparatus of claim 9, wherein the security rules are altered in a firewall located between the first application of the plurality of the applications and a second application of the plurality of applications (Cooper, 0073, VSA 440-1 may forward the packet to VSA 440-3 using the same source route mechanism 495. VSA 440-3 is a firewall that applies firewall policy to the packet). 
Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filling date of the claimed invention to have modified Wang, and Papaxenopoulos in view of Shenoy to incorporate the teaching of Cooper to include wherein the security rules are altered in a firewall located between the first application of the plurality of the applications and a second application of the plurality of applications (Cooper, 0073). Doing so would aid to any number and type of VSAs could be configured in a virtual server to provide various security inspections on network traffic from virtual machines (Cooper, Para.0097).

In regards to claim 19, the combination of Wang, Papaxenopoulos, and Shenoy further in view of Cooper teaches the non- transitory the computer readable storage medium of claim 17, wherein the log of data traffic comprises type of data traffic during a period that flows to the first application of the plurality of applications from a second application of the plurality of applications (Cooper, Fig. 0013 and Para. 0127, A packet of a network flow is sent at 1301 to guest VM 1330-2, but is intercepted by intercept code module 1390 in vSwitch 1322). Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filling date of the claimed invention to have modified Wang, and Papaxenopoulos in view of Shenoy to incorporate the teaching of Cooper to include wherein the log of data traffic comprises type of data traffic during a period that flows to the first application of the plurality of applications from a second application of the plurality of applications (Cooper, Fig. 0013 and Para. 0127). Doing so would aid to enable customers to buy only the resources it uses or wants, and can provide flexibility and speed in responding to changes in a customer's network resource requirements. Virtual machines, however, are likely to become more popular targets for malicious attacks, as the use of virtualized cloud infrastructures continues to grow. While cloud virtualization provides many advantages, it can also present unique security challenges, as the nature of the virtualized infrastructure is to enable quick deployment of new resources (Cooper, Para.0004).

                                                              Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to GITA FARAMARZI whose telephone number is (571) 272-0248. The examiner can normally be reached 9:30 AM- 6:30 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge L. Ortiz-Criado can be reached on (571) 272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from
Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/G.F./
Examiner, Art Unit 2496

/JORGE L ORTIZ CRIADO/Supervisory Patent Examiner, Art Unit 2496