Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Detailed action 
Claims 1, 4-8, 11-15 and 18-21 are pending and are being considered.
Claims 1, 4, 8, 11, 15 and 18 have been amended.
Claims 2-3, 9-10 and 16-17 have been canceled.

Examiner's Amendments
An examiner's amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee. Authorization for this examiner's amendment was given in a telephone interview from Gene Su Reg. No. 45140 on 08/11/2022.
AMEND THE CLAIMS AS FOLLOWS:
(Currently Amended): A method for a host including virtualization software to perform authentication offload in a virtualized computing environment that includes the host and a destination server, wherein the method comprises:
	detecting, by the virtualization softwarefrom a virtualized computing instance and destined for the destination server at a virtual network interface controller (VNIC) associated with the virtualized computing instance, wherein the virtualized computing instance is one of multiple virtualized computing instances supported by the host, and the virtualization software maintains a mapping between underlying hardware resources of the host and virtual resources allocated to the virtualized computing instance;
	in response to determination that the detected packet is an authentication request generated by a client application supported by the virtualized computing instance,
	obtaining, by the virtualization software from the virtualized computing instance, metadata associated with the client application for which authentication is requested, wherein the obtaining comprises
	based on header data of the authentication request, requesting the metadata from a guest operating system (OS) associated with the virtualized computing instance, and
	invoking a call supported by a guest enhancement toolkit installed on the guest OS, wherein the call identifies a source port number included in the authentication request, and the guest enhancement toolkit uses the source port number to identify the client application; and
	sending, by the virtualization software the authentication request and the metadata to the destination server to cause the destination server to authenticate the client application based on the metadata; and
in response to determination that the detected packet is not an authentication request, sending the detected packet to the destination server. 

(Cancelled) 

(Cancelled)

(Currently Amended): The method of claim [[3]]1, wherein obtaining the metadata comprises:
	receiving, from the guest enhancement toolkit, the metadata that includes one or more of the following: a hash value associated with the client application and a digital signature associated with the client application.


8.	(Currently Amended): A non-transitory computer-readable storage medium that includes a set of instructions which, in response to execution by a processor of a host, cause the host including virtualization software to perform an authentication offload in a virtualized computing environment that includes the host and a destination server, comprising:
	detecting, by the virtualization softwarefrom a virtualized computing instance and destined for the destination server at a virtual network interface controller (VNIC) associated with the virtualized computing instance, wherein the virtualized computing instance is one of multiple virtualized computing instances supported by the host, and the virtualization software maintains a mapping between underlying hardware resources of the host and virtual resources allocated to the virtualized computing instance;
	in response to determination that the detected packet is an authentication request generated by a client application supported by the virtualized computing instance,
	obtaining, by the virtualization software from the virtualized computing instance, metadata associated with the client application for which authentication is requested, wherein the obtaining comprises
	based on header data of the authentication request, requesting the metadata from a guest operating system (OS) associated with the virtualized computing instance, and
	invoking a call supported by a guest enhancement toolkit installed on the guest OS, wherein the call identifies a source port number included in the authentication request, and the guest enhancement toolkit uses the source port number to identify the client application; and
	sending, by the virtualization software, the authentication request and the metadata to the destination server to cause the destination server to authenticate the client application based on the metadata; and
	in response to determination that the detected packet is not an authentication request, sending the detected packet to the destination server.

9.	(Cancelled) 

10.	(Cancelled)

11.	(Currently Amended): The non-transitory computer-readable storage medium of claim [[10]]8, wherein obtaining the metadata comprises:
	receiving, from the guest enhancement toolkit, the metadata that includes one or more of the following: a hash value associated with the client application and a digital signature associated with the client application.

15.	(Currently Amended): A host including virtualization software configured to perform authentication offload in a virtualized computing environment that includes the host and a destination server, wherein the host comprises:
	a processor; and
	a non-transitory computer-readable medium having stored thereon instructions that, when executed by the processor, cause the processor to:
	detect, by the virtualization softwarefrom a virtualized computing instance and destined for the destination server at a virtual network interface controller (VNIC) associated with the virtualized computing instance, wherein the virtualized computing instance is one of multiple virtualized computing instances supported by the host, and the virtualization software maintains a mapping between underlying hardware resources of the host and virtual resources allocated to the virtualized computing instance;
	in response to determination that the detected packet is an authentication request generated by a client application supported by the virtualized computing instance,
	obtain, by the virtualization software from the virtualized computing instance, metadata associated with the client application for which authentication is requested, wherein the instructions for obtaining the metadata cause the processor to
	based on header data of the authentication request, request the metadata from a guest operating system (OS) associated with the virtualized computing instance, and
	invoke a call supported by a guest enhancement toolkit installed on the guest OS, wherein the call identifies a source port number included in the authentication request, and the guest enhancement toolkit uses the source port number to identify the client application; and
	send, by the virtualization software the authentication request and the metadata to the destination server to cause the destination server to authenticate the client application based on the metadata; and
	in response to determination that the detected packet is not an authentication request, sending the detected packet to the destination server.

16.	(Cancelled) 

17.	(Cancelled)

18.	(Currently Amended): The host of claim [[17]]15, wherein the instructions for obtaining the metadata cause the processor to:
	receive, from the guest enhancement toolkit, the metadata that includes one or more of the following: a hash value associated with the client application and a digital signature associated with the client application.

Response to arguments
Applicants arguments filled on 06/30/2022 have been fully considered and are persuasive.
Allowable Subject matter
Claims 1, 4-8, 11-15 and 18-21 are allowed.
Examiner’s Statement of Reason for Allowance
According to 37 C.F.R. 1.104(e), it is the examiner's discretion to evaluate at the time of
allowance whether the record of the prosecution as a whole does not make clear his or her reasons for
allowing a claim or claims and set forth such a reasoning. At this time, the examiner believes that the
claims allowed above require a separate reasoning to make the record clearer. The applicant or patent
owner may file a statement commenting on the reasons for allowance within such time as may be
specified by the examiner.
The following is an examiner’s statement of reasons for allowance:
In interpreting the currently amended claims in light of the specification, the Examiner finds the
claimed invention to be patentably distinct from the prior art of record.
The present invention is directed towards system and method for a host to perform authentication offload in a virtualized computing environment that includes the host and a destination server. The method may comprise detecting, from a virtualized computing instance, a packet destined for the destination server. The method may also comprise: in response to determination that the detected packet is an authentication request, obtaining, from the virtualized computing instance, metadata associated with a client application for which authentication is requested; and sending the authentication request and the metadata to the destination server to cause the destination server to authenticate the client application based on the metadata.
	Claims 1, 8 and 15 identifies a unique and distinct feature of “…..in response to determination that the detected packet is an authentication request generated by a client application supported by the virtualized computing instance…. obtaining, by the virtualization software from the virtualized computing instance, metadata associated with the client application for which authentication is requested, wherein the obtaining comprises based on header data of the authentication request, requesting the metadata from a guest operating system (OS) associated with the virtualized computing instance, and invoking a call supported by a guest enhancement toolkit installed on the guest OS…. sending, by the virtualization software the authentication request and the metadata to the destination server to cause the destination server to authenticate the client application based on the metadata….” including other limitations in the claims.
	The closest prior art Petrov et al (US20160285832) is directed towards A proxy server is instantiated on an application virtual machine of a cloud platform. The application virtual machine hosts an application that consumes services. The proxy server manages requests by the application for secure consumption of the services. The proxy server receives first requests from the application for consumption of a service. The application refers to the service by an identification. The proxy server determines a real network address for accessing the service by searching in a service catalog storing a mapping between the identification and the real network address.
	Petrov teaches authentication offloading in virtualization computing environment and detecting a packet destined for server and wherein detected packet is an authentication request. However, Petrov fails to teach “…..in response to determination that the detected packet is an authentication request generated by a client application supported by the virtualized computing instance…. obtaining, by the virtualization software from the virtualized computing instance, metadata associated with the client application for which authentication is requested, wherein the obtaining comprises based on header data of the authentication request, requesting the metadata from a guest operating system (OS) associated with the virtualized computing instance, and invoking a call supported by a guest enhancement toolkit installed on the guest OS…. sending, by the virtualization software the authentication request and the metadata to the destination server to cause the destination server to authenticate the client application based on the metadata….”
	The closest prior art Rodgers et al (US 10803027) is directed towards managing the interaction of applications with one or more file systems and/or data managed by the file systems. More specifically, embodiments of the invention relate to providing applications with access to an overlay file system (OFS) and then servicing OFS operations using a file system module and one or more underlay file systems (UFSes) that are not directly accessible to the applications.
	Rodgers teaches obtaining packet from virtual computing environment and sending the packet to the destination server. However, just like Petrov, Rodgers also fails to explicitly teach “…..in response to determination that the detected packet is an authentication request generated by a client application supported by the virtualized computing instance…. obtaining, by the virtualization software from the virtualized computing instance, metadata associated with the client application for which authentication is requested, wherein the obtaining comprises based on header data of the authentication request, requesting the metadata from a guest operating system (OS) associated with the virtualized computing instance, and invoking a call supported by a guest enhancement toolkit installed on the guest OS…. sending, by the virtualization software the authentication request and the metadata to the destination server to cause the destination server to authenticate the client application based on the metadata….”
	Therefore, the prior art of record does not teach or suggest individually or in combination the
particular limitation listed below as recited in the claims.
	“…..in response to determination that the detected packet is an authentication request generated by a client application supported by the virtualized computing instance…. obtaining, by the virtualization software from the virtualized computing instance, metadata associated with the client application for which authentication is requested, wherein the obtaining comprises based on header data of the authentication request, requesting the metadata from a guest operating system (OS) associated with the virtualized computing instance, and invoking a call supported by a guest enhancement toolkit installed on the guest OS…. sending, by the virtualization software the authentication request and the metadata to the destination server to cause the destination server to authenticate the client application based on the metadata….”

	None of the prior art of record, either taken individually or in any combination, would have anticipated or made obvious the invention of the instant application at or before the time it was filled.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOEEN KHAN whose telephone number is (571)272-3522. The examiner can normally be reached 7AM-5PM EST M-TH Alternate Fridays.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571)272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MOEEN KHAN/Examiner, Art Unit 2436                                                                                                                                                                                                        /SHEWAYE GELAGAY/Supervisory Patent Examiner, Art Unit 2436