DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-20 are presented for examination.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1-20 are rejected under 35 U.S.C. 102(a)(1)/(a)(2) as being anticipated by Sood et al, US 2019/0220601.

Regarding claim 1, Sood discloses an apparatus comprising: 
one or more processors to process data (fig. 6, computing architecture 600); 
an orchestration element to receive a request for support of a workload of a tenant according to a selected membership policy, the orchestration element to select one or more compute nodes to provide computation for the workload (0081: the call flow for deploying a tenant workload on computing architecture 600. The call flow begins with the tenant issuing a workload provisioning request through the operations support system/business support system (OSS/BSS) of the operator (reference numeral 601). The workload provisioning request may include a manifest with a trusted execution policy for the workload ); and 
a security manager to receive the membership policy and to receive attestations from the one or more selected compute nodes and, upon determining that the attestations meet the requirements of the membership policy, to add the one or more compute nodes to a group of compute nodes to provide computation for the workload (0083: The orchestrator, security controller, and/or virtualized infrastructure manager (VIM) may then collectively provision the various components and interconnects on the underlying infrastructure to build a CTEE for the workload, as well as procure root-of-trust (RoT) signatures and attestation from those components in order to build a complete CTEE attestation that can be submitted to the tenant for approval.).Regarding claim 2, Sood further discloses the apparatus of claim 1, wherein the security manager is further to provide the membership policy and an attestation for the security manager to the tenant for verification of the group of compute nodes (0086: Once the tenant verifies and approves the CTEE, the VIM then deploys the tenant workload for execution in the CTEE (reference numeral 608).).Regarding claim 3, Sood further discloses the apparatus of claim 1, wherein the orchestration element and the security manager are both parts of a same entity (fig. 6, computing architecture 600: tenant orchestrator, security controller).Regarding claim 4, Sood further discloses the apparatus of claim 1, wherein the group of compute nodes includes one or more processing units, one or more hardware accelerators, or both (See Fig 6, hardware resources. See abstract, set of processing resources)).Regarding claim 5, Sood further discloses the apparatus of claim 1, wherein the orchestration element is to provide an instruction to the security manager regarding the one or more selected compute nodes, or the orchestration element is to provide an instruction to each of the one or more selected compute nodes to contact the security manager (0065: to execute certain workloads of the tenants 410, 420 on the infrastructure of the 3.sup.rd party service provider 430, the service provider (SP) infrastructure 430 includes a workload orchestrator 432, security controller 433, infrastructure orchestrator 434, secure encrypted tenant workload repository 436, and one or more computing platforms 440a-b.).Regarding claim 6, Sood further discloses the apparatus of claim 1, wherein, upon additional computation support being needed for the workload, the orchestration element is to select one or more additional compute nodes for the group of compute nodes (0070: as the tenant workloads scale out, the SP orchestrator 432 interoperates with the SP security controller 433 to create additional CTEE resources on the appropriate components of the computing platforms 440a-b (e.g., CPUs, GPUs, accelerators) that are being scaled and managed by the tenant.).Regarding claim 7, Sood further discloses the apparatus of claim 6, wherein the security manager to obtain attestations for the one or more additional compute nodes, and, upon determining that the attestations meet the requirements of the membership policy, to add the one or more additional compute nodes to the group of compute nodes (0077: the mapping 500 will be updated as individual resources scale in/out or up/down per the requirements of the respective workloads, and each update will be signed and attested to for the purpose of establishing an audit trail.).Regarding claim 8. The apparatus of claim 7, wherein the security manager is to add the one or more additional compute nodes to the group of compute nodes without requiring interaction or evaluation by the tenant (0070: as the tenant workloads scale out, the SP orchestrator 432 interoperates with the SP security controller 433 to create additional CTEE resources on the appropriate components of the computing platforms 440a-b (e.g., CPUs, GPUs, accelerators) that are being scaled and managed by the tenant.).Regarding claim 9, Sood further discloses the apparatus of claim 1, wherein the security manager is one of a plurality of security managers (0036:  each component in a CTEE has the ability to test the security of the CTEE, so as to provide a means for an individual workload to establish appropriate security policies for “self-defense” against other potentially hostile workloads and/or against the underlying management infrastructure itself.).Regarding claim 15, Sood further discloses the one or more storage mediums of claim 14, further comprising executable computer program instructions that, when executed by one or more processors, cause the one or more processors to perform operations comprising: providing a security key to the one or more additional compute nodes (0088: a switch may be configured to decrypt each input data stream using a stream-specific cryptographic key, route the data stream according to the routing rules, and re-encrypt the output data stream using the output stream-specific cryptographic key. ).

As per claims 10-15 and 16-20, this is a non-transitory computer readable medium and system version of the claimed apparatus discussed above in claims 1-9 wherein all claimed limitations have also been addressed and/or cited as set forth above.

	Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
US  2019/0042339 to Doshi et al, teaches System 200 may be controlled or managed by an orchestrator 260. Orchestrator 260 may manage or control, for example, software-defined networking (SDN), network function virtualization (NFV), virtual machine management, microservice orchestration, and similar services to elements of system 200. In some examples, Orchestrator 260 may be a standalone appliance with its own dedicated processor or processors, memory, storage, and fabric interface. In other examples, orchestrator 260 may itself be a virtual machine, container, microservice or function. Orchestrator 260 may have a global view of elements of system 200 and may have the ability to manage and configure multiple services or functions, such as dynamically allocating tenants, domains, services, service chains, virtual machines, virtual switches, and workload servers as necessary to meet current or anticipated workload demands associated with providing services or functions.
US 2015/0103692 to Jain et al teaches an important aspect of network orchestration is to instantiate network elements for a tenant network on-demand and to reclaim them after their use is completed.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to AUBREY H WYSZYNSKI whose telephone number is (571)272-8155. The examiner can normally be reached M-F 9-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, KAMBIZ ZAND can be reached on 571-272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/AUBREY H WYSZYNSKI/Examiner, Art Unit 2434                                                                                                                                                                                                        
/TESHOME HAILU/Primary Examiner, Art Unit 2434