DETAILED ACTION

This Office Action is in response to the original filing of November 17, 2020. Claim(s) 1-20 are pending and have been considered as follows.

Notice of Pre-AIA  or AIA  Status

The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Information Disclosure Statement

The information disclosure statement (IDS) submitted on 11/17/2020.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 102

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.


Claim(s) 1-4, 7-12, 14-18, and 20 is/are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Keller et al. (US 2019/0230189 A1, hereinafter Keller).

As to Claim 1, Keller discloses a method comprising:
receiving, by a first server at a first location within a cloud computing network, a request from a client device to access a cloud service ((Keller; [abs]), where Keller discloses receiving a service request from a user device at a first geographical location.);
receiving, by the first server, a data sovereignty requirement associated with the client device ((Keller; [0008, 0022]), where Keller discloses identifying data sovereignty requirements (i.e. laws) for the user and each geographical location.);
selecting, by the first server, a second server within the cloud computing network, based at least in part on a second location associated with the second server, and the data sovereignty requirement associated with the client device ((Keller; Figs. 9-10; [abs, 0022, 0089]), where Keller discloses based on the identify data sovereignty requirements additional servers can be selected to handle the service request.); and
transmitting, by the first server, a network address associated with the second server to the client device ((Keller; Figs. 9-10; [0094]), where Keller discloses providing network address of additional servers meeting the data sovereignty requirements.).

As to Claim 2, Keller discloses the method of claim 1, further comprising:
determining that the first location does not comply with the data sovereignty requirement ((Keller; [0008, 0022]), where Keller discloses identifying data sovereignty requirements (i.e. laws) for the user and each geographical location.); and 
determining that the second location complies with the data sovereignty requirement, wherein selecting the second server is based at least in part on determining that the second location complies with the data sovereignty requirement ((Keller; Figs. 9-10; [abs, 0022, 0089]), where Keller discloses based on the identify data sovereignty requirements additional servers can be selected to handle the service request.).

As to Claim 3, Keller discloses the method of claim 1, further comprising:
selecting a plurality of servers within the cloud computing network based at least in part on the data sovereignty requirement, wherein the plurality of servers includes the second server ((Keller; Figs. 9-10; [abs, 0022, 0089]), where Keller discloses based on the identify data sovereignty requirements additional servers can be selected to handle the service request.); and 
transmitting a plurality of network addresses to the client device, wherein the plurality of network addresses includes the network address associated with the second server ((Keller; Figs. 9-10; [0094]), where Keller discloses providing network address of additional servers meeting the data sovereignty requirements.).

As to Claim 4, Keller discloses the method of claim 3, wherein selecting the plurality of servers comprises:
determining a location associated with each of the plurality of servers; and determining that the location associated with each of the plurality of servers complies with the data sovereignty requirement ((Keller; Figs. 9-10; [0022, 0042, 0089]), where Keller discloses based on the identify data sovereignty requirements additional servers can be selected to handle the service request.).

As to Claim 7, Keller discloses the method of claim 1, further comprising:
determining, by the first server, a plurality of servers within the cloud computing network, wherein the plurality of servers includes the second server ((Keller; Figs. 9-10; [abs, 0022, 0089]), where Keller discloses based on the identify data sovereignty requirements additional servers can be selected to handle the service request.);
receiving, by the first server, location data associated with the plurality of servers ((Keller; [0022, 0042]), where Keller discloses determining location data (i.e. geographical regions) of the plurality of servers.);
determining, based at least in part on the location data, a first subset of the plurality of servers that complies with the data sovereignty requirement, and a second subset of the plurality of servers that does not comply with the data sovereignty requirement ((Keller; [0008, 0022]), where Keller discloses identifying data sovereignty requirements (i.e. laws) for the user and each geographical location.); and
transmitting, to the client device, network addresses associated with the first subset of the plurality of servers, wherein network addresses associated with the second subset of the plurality of servers are not transmitted to the client device ((Keller; Fig. 4; [0054-0060]), where Keller disclose the ability for the user to identify where servers the client is able to connect to base on the identified data sovereignty data.).

As to Claim 8, Keller discloses the method of claim 1, further comprising:
determining a client location associated with the client device, based on a source IP address within the request, wherein selecting the second server is further based at least in part on the client location ((Keller; Figs. 9-10; [abs, 0022, 0089]), where Keller discloses based on the identify data sovereignty requirements additional servers can be selected to handle the service request.)

As to Claim 9, Keller discloses the method of claim 1, wherein
the request from the client device includes a destination IP address that is shared by multiple servers within the cloud computing network, and the network address associated with the second server is not shared by multiple servers within the cloud computing network (Keller; [0028, 0045, 0060]).

As to Claim 10, Keller discloses the method of claim 1, wherein the cloud service is a cloud-based firewall service (Keller; [0044]).

As to Claim 11, Keller discloses a method comprising:
transmitting, by a client device, a request to access a cloud-based service, using a first network address that is shared by multiple servers within a cloud computing network; ((Keller; [abs]), where Keller discloses receiving a service request from a user device at a first geographical location.);
receiving, by the client device, a response from a first server executing a first instance of the cloud-based service, the response including a second network address associated with a second server and a third network address associated with a third server ((Keller; Figs. 9-10; [abs, 0022, 0089]), where Keller discloses based on the identify additional servers can be selected to handle the service request.);
transmitting, by the client device a first network probe to the second server using the second network address, and receiving a response to the first network probe ((Keller; [0042, 0062]), where Keller discloses sending and receiving server status of the additional servers.); 
transmitting, by the client device a second network probe to the third server using the third network address, and receiving a response to the second network probe ((Keller; [0042, 0062]), where Keller discloses sending and receiving server status of the additional servers.); 
selecting, by the client device, the second server based at least in part on the response to the first network probe and the response to the second network probe; transmitting, by the client device and to the first server, data identifying the second server; and receiving, by the client device, data from a second instance of the cloud-based service executing on the second server ((Keller; Figs. 9-10; [0094]), where Keller discloses providing network address of additional servers meeting the data sovereignty requirements.).

As to Claim 12, Keller discloses the method of claim 11, wherein 
the first server operates at a location that does not comply with a data sovereignty requirement of the client device ((Keller; [0008, 0022]), where Keller discloses identifying data sovereignty requirements (i.e. laws) for the user and each geographical location.), and
the second server operates at a location that complies with the data sovereignty requirement of the client device ((Keller; [0008, 0022]), where Keller discloses identifying data sovereignty requirements (i.e. laws) for the user and each geographical location.).

As to Claim 14, Keller discloses 
the method of claim 11, wherein selecting the second server comprises:
comparing a first round-trip time of the first network probe to a second round-trip time of the second network probe ((Keller; [0042, 0062]), where Keller discloses sending and receiving server status of the additional servers.)

As to Claim 15, Keller discloses a computer server comprising:
one or more processors (Keller; Fig. 1); and
one or more non-transitory computer-readable media storing instructions that, when executed by the one or more processors (Keller; Fig. 1), cause the one or more processors to perform operations comprising:
receiving a request from a client device to access a cloud service, wherein the computer server is a first server within a cloud computing network ((Keller; [abs]), where Keller discloses receiving a service request from a user device at a first geographical location.);
receiving a data sovereignty requirement associated with the client device ((Keller; [0008, 0022]), where Keller discloses identifying data sovereignty requirements (i.e. laws) for the user and each geographical location.);
selecting a second server within the cloud computing network, based at least in part on a location associated with the second server, and the data sovereignty requirement associated with the client device ((Keller; Figs. 9-10; [abs, 0022, 0089]), where Keller discloses based on the identify data sovereignty requirements additional servers can be selected to handle the service request.); and
transmitting a network address associated with the second server to the client device ((Keller; Figs. 9-10; [0094]), where Keller discloses providing network address of additional servers meeting the data sovereignty requirements.).

As to Claim 16, Keller discloses the computer server of claim 15, the operations further comprising:
determining that a location of the computer server does not comply with the data sovereignty requirement ((Keller; [0008, 0022]), where Keller discloses identifying data sovereignty requirements (i.e. laws) for the user and each geographical location.); and 
determining that the location associated with the second server complies with the data sovereignty requirement, wherein selecting the second server is based at least in part on determining that the location associated with the second server complies with the data sovereignty requirement ((Keller; Figs. 9-10; [abs, 0022, 0089]), where Keller discloses based on the identify data sovereignty requirements additional servers can be selected to handle the service request.).

As to Claim 17, Keller discloses the computer server of claim 15, the operations further comprising:
selecting a plurality of servers within the cloud computing network based at least in part on the data sovereignty requirement, wherein the plurality of servers includes the second server ((Keller; Figs. 9-10; [abs, 0022, 0089]), where Keller discloses based on the identify data sovereignty requirements additional servers can be selected to handle the service request.); and
transmitting a plurality of network addresses to the client device, wherein the plurality of network addresses includes the network address associated with the second server ((Keller; Figs. 9-10; [0094]), where Keller discloses providing network address of additional servers meeting the data sovereignty requirements.).

As to Claim 18, Keller discloses the computer server of claim 17, wherein selecting the plurality of servers comprises:
determining a location associated with each of the plurality of servers; and determining that the location associated with each of the plurality of servers complies with the data sovereignty requirement ((Keller; Figs. 9-10; [0022, 0042, 0089]), where Keller discloses based on the identify data sovereignty requirements additional servers can be selected to handle the service request.).

As to Claim 20, Keller discloses the computer server of claim 15, the operations further comprising:
determining a plurality of servers within the cloud computing network, wherein the plurality of servers includes the second server ((Keller; Figs. 9-10; [abs, 0022, 0089]), where Keller discloses based on the identify data sovereignty requirements additional servers can be selected to handle the service request.);
receiving location data associated with the plurality of servers ((Keller; [0022, 0042]), where Keller discloses determining location data (i.e. geographical regions) of the plurality of servers.);
determining, based at least in part on the location data, a first subset of the plurality of servers that complies with the data sovereignty requirement, and a second subset of the plurality of servers that does not comply with the data sovereignty requirement ((Keller; [0008, 0022]), where Keller discloses identifying data sovereignty requirements (i.e. laws) for the user and each geographical location.); and
transmitting, to the client device, network addresses associated with the first subset of the plurality of servers, wherein network addresses associated with the second subset of the plurality of servers are not transmitted to the client device ((Keller; Fig. 4; [0054-0060]), where Keller disclose the ability for the user to identify where servers the client is able to connect to base on the identified data sovereignty data.).

Claim Rejections - 35 USC § 103

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claim(s) 5, 13, and 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Keller et al. (US 2019/0230189 A1, hereinafter Keller), in view of Parulkar et al. (US 11,323,919 B1, hereinafter Parulkar).

As to Claim 5, Keller discloses the method of claim 3, further comprising:
establishing a connection with the client device using a first instance of the cloud service executing on the first server ((Keller; [0061]), where Keller discloses the ability to establish a connection with the client device to a server geographically closest.); 
receiving from the client device a server selection identifying the second server, wherein the server selection is received after transmitting the plurality of network addresses to the client device ((Keller; Figs. 9-10; [abs, 0022, 0089]), where Keller discloses based on the identify data sovereignty requirements additional servers can be selected to handle the service request.).
However, Keller does not disclose initiating, by the first server, a migration of the connection to a second instance of the cloud service executing on the second server, based at least in part on the server selection.
In an analogous art, Parulkar discloses initiating, by the first server, a migration of the connection to a second instance of the cloud service executing on the second server, based at least in part on the server selection ((Parulkar; [col. 4, lines 47-60; col. 13, lines 15-34]), where Parulkar discloses the ability to migrate connection between the first and second server (i.e. edge device)).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Keller to include initiating, by the first server, a migration of the connection to a second instance of the cloud service executing on the second server, based at least in part on the server selection as taught by Parulkar to maintain session continuity with applications executing on the devices due to the presence of the mobile user (Parulkar; [col. 2, lines 51-53]).

As to Claim 13, Keller discloses the method of claim 11, further comprising:
transmitting authentication data to the first server; establishing a connection between the client device and the first instance of the cloud-based service executing on the first server ((Keller; [0061]), where Keller discloses the ability to establish a connection with the client device to a server geographically closest.);
However, Keller does not disclose using the connection to transmit data from the client device to the second instance of the cloud-based service executing on the second server.
In an analogous art, Parulkar discloses using the connection to transmit data from the client device to the second instance of the cloud-based service executing on the second server n ((Parulkar; [col. 4, lines 47-60; col. 13, lines 15-34]), where Parulkar discloses the ability to migrate connection between the first and second server (i.e. edge device)).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Keller to include using the connection to transmit data from the client device to the second instance of the cloud-based service executing on the second server as taught by Parulkar to maintain session continuity with applications executing on the devices due to the presence of the mobile user (Parulkar; [col. 2, lines 51-53]).

As to Claim 19, Keller discloses the computer server of claim 17, the operations further comprising: 
establishing a connection with the client device using a first instance of the cloud service executing on the computer server ((Keller; [0061]), where Keller discloses the ability to establish a connection with the client device to a server geographically closest.);
receiving from the client device a server selection identifying the second server, wherein the server selection is received after transmitting the plurality of network addresses to the client device ((Keller; Figs. 9-10; [abs, 0022, 0089]), where Keller discloses based on the identify data sovereignty requirements additional servers can be selected to handle the service request.).
However, Keller does not disclose initiating a migration of the connection to a second instance of the cloud service executing on the second server, based at least in part on the server selection.
In an analogous art, Parulkar discloses initiating a migration of the connection to a second instance of the cloud service executing on the second server, based at least in part on the server selection ((Parulkar; [col. 4, lines 47-60; col. 13, lines 15-34]), where Parulkar discloses the ability to migrate connection between the first and second server (i.e. edge device)).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Keller to include initiating a migration of the connection to a second instance of the cloud service executing on the second server, based at least in part on the server selection as taught by Parulkar to maintain session continuity with applications executing on the devices due to the presence of the mobile user (Parulkar; [col. 2, lines 51-53]).

Allowable Subject Matter

Claim(s) 6 is/are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Conclusion

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See PTO-892.

The examiner also requests, in response to this Office action, support be shown for language added to any original claims on amendment and any new claims. That is, indicate support for newly added claim language by specifically pointing to page(s) and line no(s) in the specification and/or drawing figure(s). This will assist the examiner in prosecuting the application.

When responding to this office action, Applicant is advised to clearly point out the patentable novelty which he or she thinks the claims present, in view of the state of the art disclosed by the references cited or the objections made. He or she must also show how the amendments avoid such references or objections See 37 CFR 1.111(c). 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to BENJAMIN M THIEU whose telephone number is (571) 270-7475 and fax number is (571) 270-8475. The examiner can normally be reached Monday - Friday: 8:00 AM - 5:00 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Wing Chan can be reached on 571-272-7493. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/BENJAMIN M THIEU/Primary Examiner, Art Unit 2441                                                                                                                                                                                                        8.11.2022