Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION

This office action is in response to the application filed on or reply to the remarks of  2/25/2021. The instant application has claims 1-22 pending. The method and medium for authentication of virtual private cloud for accessing resource based on cloud identifier. There a total of 22 claims.

Drawings
The drawing filed on 2/25/2021 has been accepted and in compliance of 37 CFR 1.83 & 37 CFR 1.84.
Specification
The disclosure filed on 2/25/2021 is accepted.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 11 and 21 are  rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.

The claim mentions a provider of the virtual private cloud being different than provider of machine. The language is confusing as the virtual private cloud is usually an external provider, e.g Amazon AWS, Microsoft Azure. And it would always being external and different from provider of particular machine, what is being claimed or mentioned is not clear.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under pre-AIA  35 U.S.C. 103(a) are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1-23 is/are rejected under 35 U.S.C. 103 as being unpatentable over US Patent Pub 2013/025124 to Kempf in view of US Patent Pub 2016/0323183 to Jeuk.

Regarding claim 1,  15,  Kempf discloses A method for providing a resource to a particular virtual private cloud that is deployed in a set of datacenters that host a plurality of virtual private clouds, the method comprising: at a resource issuer, receiving a resource request from a particular machine deployed in the particular virtual private cloud, the resource request comprising a first set of cloud-specific data(Fig. 3 item 300-320, the virtual machine being associated with MAC address and being recorded in table); obtaining a cloud identifier for the particular machine from a registry service of the particular virtual private cloud that interacts with a datacenter-set cloud service that deploys machines in the datacenter set for different virtual private clouds(Par. 0021, the association from the table of MAC address and virtual machine); and upon determining that the first and second sets of cloud-specific data match, authenticating the particular machine and issuing the resource for the particular machine(Fig. 7 item 710 the destination MAC and IP address from table).  

But Kempf does not cloud identifier being associated with particular machine. However, Jeuk discloses the using the obtained cloud identifier to obtain a second set of cloud-specific data for the particular machine from the datacenter-set cloud service(Fig. 2 & Par. 0027 & Par. 0039-0041, the cloud ID being associated with machine and being stored with management system for authentication).

It would have been obvious to one of ordinary skill in the art before the effective filing date of claimed invention to modify  Kempf invention to incorporate having an cloud identifier for authentication and association with machine for the advantage of  extracting from the IP packets easily as taught in Jeuk see 0041.


Regarding claim 2, 16, The combined method/system/medium of Kempf and Jeuk, Kempf discloses the method of 1, wherein the first set of cloud-specific data comprises at least a network address of the particular machine, and the second set of cloud-specific data comprises at least a network address currently associated with the cloud identifier(Fig.16 Mapping Table).  

Regarding claim 3, 17, The combined method/system/medium of Kempf and Jeuk, Kempf discloses the method of 2, wherein obtaining the cloud identifier from the registry service comprises verifying that the particular machine is one of the machines deployed by the datacenter- set cloud service(Fig. 16 item Mapping Table).  

Regarding claim 4, 18, The combined method/system/medium of Kempf and Jeuk, Kempf discloses the method of 3, wherein determining that the first and second sets of cloud-specific data match further comprises determining that the network address of the particular machine from the resource request matches the network address currently associated with the cloud identifier for the particular machine(Fig. 16 Mapping Table & Par.0023).  

Regarding claim 5, 19,  The combined method/system/medium of Kempf and Jeuk, Kempf discloses the method of 1, wherein the resource request is a first resource request, the particular machine is a first machine, and the particular virtual private cloud is a first virtual private cloud, the method further comprising: at the resource issuer, receiving a second resource request from a second machine deployed in a second virtual private cloud, the second resource request comprising a third set of cloud-specific data (Fig. 12, the plurality of tables and tenant identifier being associated with virtual machines & Fig. 13 item 1320-1330, the lookup and association with IP address and tenant ID); obtaining a cloud identifier for the second machine from a registry service of the second virtual private cloud that interacts with the datacenter-set cloud service(Fig. 12, the plurality of tables and tenant identifier being associated with virtual machines & Fig. 13 item 1320-1330, the lookup and association with IP address and tenant ID); G49417using the obtained cloud identifier to obtain a fourth set of cloud-specific data for the second machine from the datacenter-set cloud service(Fig. 12, the plurality of tables and tenant identifier being associated with virtual machines & Fig. 13 item 1320-1330, the lookup and association with IP address and tenant ID); and upon determining that the third and fourth sets of cloud-specific data do not match, denying the resource request from the second machine(Fig. 12, the plurality of tables and tenant identifier being associated with virtual machines & Fig. 13 item 1320-1330, the lookup and association with IP address and tenant ID).  

Regarding claim 6, 20,  The combined method/system/medium of Kempf and Jeuk, Kempf discloses the method of 1, wherein the resource request is a first resource request, the particular machine is a first machine, and the particular virtual private cloud is a first virtual private cloud, the method further comprising: at the resource issuer, receiving a second resource request from a second machine deployed in a second virtual private cloud, the second resource request comprising a third set of cloud-specific data(Fig. 12, the plurality of tables and tenant identifier being associated with virtual machines & Fig. 13 item 1320-1330, the lookup and association with IP address and tenant ID); determining that the second machine is not registered with the registry service; and denying the resource request from the second machine(Par. 0148-0150, the entry is matched and forwarded).  

Regarding claim 7. The combined method/system/medium of Kempf and Jeuk, Kempf discloses the method of 1, wherein the resource issuer comprises a public key infrastructure(Par. 0026, the PKI infrastruture).  

Regarding claim 8. The combined method/system/medium of Kempf and Jeuk, Kempf discloses the method of 1, wherein the registry service comprises a controller that communicates with the datacenter-set cloud service to instruct the datacenter-set cloud service to create machines to be deployed in the datacenter set.  

Regarding claim 9. The combined method/system/medium of Kempf and Jeuk, Kempf discloses the method of 1, wherein the particular machine comprises a forwarding element(Par. 0151, the forwarding instructions).  

Regarding claim 10. The combined method/system/medium of Kempf and Jeuk, Kempf discloses the method of 1, wherein the particular machine comprises one of a virtual machine (VM) and a container(Par. 0120, the isolate the tenant-specific traffic).  

Regarding claim 11, 21,  The combined method/system/medium of Kempf and Jeuk, Kempf discloses the method of 1, wherein a provider of the virtual private cloud is different from a provider of the particular machine(Par. 00118-0120, the specific traffic to resource).  

Regarding claim 12. The combined method/system/medium of Kempf and Jeuk, Kempf discloses the method of 1, wherein the resource issued to the particular machine is a unique resource(Par. 00118-0120, the specific traffic to resource).  

Regarding claim 13, 22,  The combined method/system/medium of Kempf and Jeuk, Kempf discloses the method of 12, wherein the unique resource comprises one of a unique certificate and a unique Java token(Par. 00118-0120, the specific traffic to resource).  

Regarding claim 14. The combined method/system/medium of Kempf and Jeuk, Kempf discloses the method of 12, wherein the unique resource is used by the particular machine to indicate that the particular machine is a trusted machine(Par. 00118-0120, the specific traffic to resource).

	Conclusion	

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 

US Patent Pub 2014/0115584 to Mundigonda which discloses the interfaces for VM and tenants.

US Patent Pub 2015/0134777 to Onoue which discloses the identification of user and allowing traffic.

US Patent Pub 2015/0301814 to Chen which discloses sending query message for capability.


Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool, i.e. Microsoft Teams. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at https://www.uspto.gov/interviewpractice.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Venkat Perungavoor whose telephone number is (571)272-7213.  The examiner can normally be reached on Monday-Friday, 9:00 AM- 5:00 PM. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on 571-272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/VENKAT PERUNGAVOOR/Primary Examiner, Art Unit 2492                                                                                                                                                                                                        Email: venkatanarayan.perungavoor@uspto.gov