DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . This office action is in response to the application filed on 07/25/2022. Claims 21, 24, 32, 35-36, 43, and 46 are amended. Claims 1-20, 22-23, 26-28, 34, 38-39, 45, 49-50, and 53 are cancelled. Claims 21, 24-25, 29-33, 35-37, 40-44, 46-48, and 51-52 are pending.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Terminal Disclaimer

The terminal disclaimer filed on 08/10/2022 disclaiming the terminal portion of any patent granted on this application which would extend beyond the expiration date of U.S. Patent application No. 9560078, 10397280 has been reviewed and is accepted.  The terminal disclaimer has been recorded.
                                       EXAMINER’S AMENDMENT
An examiner's amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner's amendment was given via email with Glen Choi (Reg. No. 43546) on 08/10/2022. 
 The application has been amended as follows:
Please replace claim 1 with:
21.	(Currently Amended) A non-transitory computer-readable storage medium comprising instructions stored thereon, that if executed by at least one processor, cause the at least one processor to perform a network functions virtualization Security Services Agent (NFV SSA) that is to:
execute a bootstrap to deploy the NFV SSA;
receive a security monitoring policy;
configure the NFV SSA with set name, security policy groups, and per-tenant policies;
monitor telemetry data of a platform and telemetry data of a virtualized network function (VNF) executed on the platform based on the security monitoring policy, wherein the security monitoring policy comprises monitoring rules used by the NFV SSA to monitor telemetry data of the platform and the telemetry data of the VNF;
form a part of secure channel using a configuration from a Security Controller; and
provide at least a portion of the monitored telemetry data based on the security monitoring policy and a unique identifier to a Security Monitoring Analytics System via communications in the secure channel for analysis for threats and/or anomalies, wherein: 
the communications in the secure channel are protected using a unique pairwise random key[[s]] session for a finite key lifetime,
the NFV SSA is to execute in an independent security engine,
the telemetry data of the platform comprises telemetry data of an I/O subsystem, network interface card (NIC), and switch, 
the telemetry data of a VNF comprises information related to a virtual router and virtual switch, and
the VNF comprises a service function chain.

Please replace claim 24 with:
24.	(Currently Amended) The computer-readable storage medium of claim 21, wherein the telemetry data of a VNF comprises one or more of: (EPC), a mobility management entity (MME), a packet data network gateway (PGW), a serving gateway (SGW), or a billing function.

Please replace claim 32 with:
32.	(Currently Amended) A computing-platform comprising:
	a network interface controller;
a memory device; and
	at least one processor coupled to the network interface controller and the memory device, the at least one processor to perform a network functions virtualization Security Services Agent (NFV SSA) that is to:
execute a bootstrap to deploy the NFV SSA;
receive a security monitoring policy;
configure the NFV SSA with set name, security policy groups, and per-tenant policies;
monitor telemetry data of the platform and telemetry data of a virtualized network function (VNF) executed on the platform based on the security monitoring policy, wherein the security monitoring policy comprises monitoring rules used to monitor telemetry data of the platform and the telemetry data of the VNF;
form a part of secure channel using a configuration from a Security Controller; and
provide at least a portion of the monitored telemetry data based on the security monitoring policy and a unique identifier to a Security Monitoring Analytics System via communications in the secure channel for analysis for threats and/or anomalies, wherein: 
the communications in the secure channel are protected using a unique pairwise random key[[s]] session for a finite key lifetime,
the NFV SSA is to execute in an independent security engine,
the telemetry data of the platform comprises telemetry data of an I/O subsystem, network interface card (NIC), and switch, 
the telemetry data of a VNF comprises information related to a virtual router and virtual switch, and
the VNF comprises a service function chain.

Please replace claim 35 with:
35.	(Currently Amended) The computing-platform of claim 32, comprising one or more of [[an]]the I/O subsystem coupled to the at least one processor, [[a]]the the switch coupled to the at least one processor

Please replace claim 36 with:
36.	(Currently Amended) The computing-platform of claim 32, wherein the telemetry data of a VNF comprises one or more of: 

Please replace claim 43 with:
43.	(Currently Amended) A method for executing a network functions virtualization Security Services Agent (NFV SSA), the method comprising:
executing a bootstrap to deploy the NFV SSA by loading the NFV SSA on a computing node;
receiving a security monitoring policy;
configuring the NFV SSA with set name, security policy groups, and per-tenant policies;
monitoring telemetry data of a platform and telemetry data of a virtualized network function (VNF) executed on the platform based on the security monitoring policy, wherein the security monitoring policy comprises monitoring rules used by the NFV SSA to monitor telemetry data of the platform and the telemetry data of the VNF;
setting-up a part of secure channel using a configuration from a Security Controller; and
causing transmission of at least a portion of the monitored telemetry data based on the security monitoring policy and a unique identifier to a Security Monitoring Analytics System via communications in the secure channel for analysis for threats and/or anomalies, wherein: 
the communications in the secure channel are protected using a unique pairwise random key[[s]] session for a finite key lifetime,
the NFV SSA is to execute in an independent security engine,
the telemetry data of the platform comprises telemetry data of an I/O subsystem, network interface card (NIC), and switch,
the telemetry data of a VNF comprises information related to a virtual router and virtual switch, and
the VNF comprises a service function chain.

Please replace claim 46 with:
46.	(Currently Amended) The method of claim 43, wherein the telemetry data of a VNF comprises one or more of: 

Allowable Subject Matter
Claims 21, 24-25, 29-33, 35-37, 40-44, 46-48, and 51-52 are allowed.
The following is an examiner’s statement of reasons for allowance:
The present invention relates to technologies for performing security monitoring services of a network functions virtualization (NFV) security architecture that includes an NVF security services controller and one or more NFV security services agents. The NFV security services controller is configured to transmit a security monitoring policy to the NFV security services agents and enforce the security monitoring policy at the NFV security services agents. The NFV security services agents are configured to monitor telemetry data and package at least a portion of the telemetry for transmission to an NFV security monitoring analytics system of the NFV security architecture for security threat analysis. Other embodiments are described and claimed.
Regarding claim 21, although the prior art of record teaches execute a bootstrap to deploy the NFV SSA; receive a security monitoring policy; configure the NFV SSA with set name, security policy groups, and per-tenant policies; monitor telemetry data of a platform and telemetry data of a virtualized network function (VNF) executed on the platform based on the security monitoring policy, wherein the security monitoring policy comprises monitoring rules used by the NFV SSA to monitor telemetry data of the platform and the telemetry data of the VNF; form a part of secure channel using a configuration from a Security Controller; and  the NFV SSA is to execute in an independent security engine, the telemetry data of the platform comprises telemetry data of an I/O subsystem, network interface card (NIC), and switch, the telemetry data of a VNF comprises information related to a virtual router and virtual switch, and the VNF comprises a service function chain.
None of the prior art, alone or in combination teaches provide at least a portion of the monitored telemetry data based on the security monitoring policy and a unique identifier to a Security Monitoring Analytics System via communications in the secure channel for analysis for threats and/or anomalies, wherein: the communications in the secure channel are protected using a unique pairwise random key session for a finite key lifetime  in view of the other limitations of claim 21.
Regarding claim 32, although the prior art of record teaches execute a bootstrap to deploy the NFV SSA; receive a security monitoring policy; configure the NFV SSA with set name, security policy groups, and per-tenant policies; monitor telemetry data of the platform and telemetry data of a virtualized network function (VNF) executed on the platform based on the security monitoring policy, wherein the security monitoring policy comprises monitoring rules used to monitor telemetry data of the platform and the telemetry data of the VNF; form a part of secure channel using a configuration from a Security Controller; the NFV SSA is to execute in an independent security engine, the telemetry data of the platform comprises telemetry data of an I/O subsystem, network interface card (NIC), and switch, the telemetry data of a VNF comprises information related to a virtual router and virtual switch, and the VNF comprises a service function chain.
None of the prior art, alone or in combination teaches provide at least a portion of the monitored telemetry data based on the security monitoring policy and a unique identifier to a Security Monitoring Analytics System via communications in the secure channel for analysis for threats and/or anomalies, wherein: the communications in the secure channel are protected using a unique pairwise random key session for a finite key lifetime  in view of the other limitations of claim 32.
Regarding claim 43, although the prior art of record teaches receiving a security monitoring policy; configuring the NFV SSA with set name, security policy groups, and per-tenant policies; monitoring telemetry data of a platform and telemetry data of a virtualized network function (VNF) executed on the platform based on the security monitoring policy, wherein the security monitoring policy comprises monitoring rules used by the NFV SSA to monitor telemetry data of the platform and the telemetry data of the VNF; setting-up a part of secure channel using a configuration from a Security Controller; the NFV SSA is to execute in an independent security engine, the telemetry data of the platform comprises telemetry data of an I/O subsystem, network interface card (NIC), and switch, the telemetry data of a VNF comprises information related to a virtual router and virtual switch, and the VNF comprises a service function chain.
None of the prior art, alone or in combination teaches causing transmission of at least a portion of the monitored telemetry data based on the security monitoring policy and a unique identifier to a Security Monitoring Analytics System via communications in the secure channel for analysis for threats and/or anomalies, wherein: the communications in the secure channel are protected using a unique pairwise random key session for a finite key lifetime  in view of the other limitations of claim 43.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHAHRIAR ZARRINEH whose telephone number is (571)272-1207. The examiner can normally be reached Monday-Friday, 8:30am-5:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge Ortiz-Criado can be reached on 571-272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SHAHRIAR ZARRINEH/Examiner, Art Unit 2496