DETAILED ACTION

Response to Amendment

1. This written action is responding to the amendment dated on 04/29/2022.
2. The present application, filed on or after March 16, 2013, is being examined under 
    the first inventor to file provisions of the AIA .  
3.  Claims 21, and 28-29 are amended.
4.  Claims 39-41 are new.
5.  Claims 21-41 are submitted for examination.
6. Claims 21-41 have been examined and rejected.
7. The Examiner would like to point out that this action is made final (See MPEP 
    706.07a).

8.
Applicant’s Argument:
On pages 6-8 of the Remarks/Arguments, Applicant argues 
Ferris and Shieh do not disclose the following limitations: “receiving an application programing interface (API) call from a customer platform device external to the virtualized network”, and “in response to receiving the API call, executing the network security software by the computing resource deployed with the virtualized network to provide the security service on the virtualized network”.

Response to Argument: Examiner respectfully disagrees with Applicant’s arguments because: Ferris substantially teaches a plurality of different type of users may instantiate request, accessing, or utilizing a cloud network, wherein the plurality of users may use a plurality of virtual machines [0038], fig. 3 (i.e. receiving a request from a customer platform device external to the virtualized network), further Buer teaches a USH processor may include an API to expose the security services to application executing on the host processor and/or the low power host processor (col. 6, lin. 16-57) (i.e. entities communicating with each other utilizing an API), and furthermore Shieh teaches a software agent installed in each physical and virtual network device communicates with security gateway 150 to provide network security according to an integrated security ([0024] and Fig, 2), wherein the software agent running on the virtual machine to determine that access to the virtual machine at the first physical location was permitted by the security gateway [0037] (i.e. a software running in a virtual environment to apply a network security in the virtual environment). Thus the combination of Ferris, Shieh and Buer teaches the above limitations.

9.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 21-41 provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claim 1-8 and 11-17 of copending Application No. 17/158,968 in view of Ferris, Buer, Shieh and Abels.
This is a provisional nonstatutory double patenting rejection.

10.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

	Claims 21-23, 25-41 are rejected under 35U.S.C 103 as being unpatentable over Ferris et al., US 2012/0137001 (hereinafter Ferris), in view of Buer et al., US 8,996,885 (hereinafter Buer), and further in view of Shieh et al., US 2013/0117801 (hereinafter Shieh).

Regarding claim 21 Ferris teaches a cloud computing system comprising: at least one processor; and a memory coupled to the at least one processor, the at least one processor configured to perform operations comprising: deploying a network software within a virtualized network of the cloud computing system so that the network security software can be executed by a computing resource deployed within the virtualized network to provide a security service on the virtualized network; receiving a call from a customer platform device external to the virtualized network, the call requesting to provide service; in response provide the requested service (Ferris teaches a set of subscribed services' resource rules 334 can be configured to store rules or best practices for deploying subscribed services in computing cloud environment such as the clouds 304 and 306.  The set of subscribed services' resource rules 334 can be configured to include requirements for subscribed services provided by the owners and operators of the clouds 304 and 306. The set of subscribed services' rules 334 can also be configured to include resources available in the clouds 304 and 306 [0059]. A plurality of different type of users may instantiate request, accessing, or utilizing a cloud network, wherein the plurality of users may use a plurality of virtual machines [0038], and fig. 3 (i.e. receiving a request from a customer platform device external to the virtualized network). The cloud management system 104 can communicate with one or more set of resource servers 108 to locate resources to supply the required components, other software services that are provided outside of the cloud 102 and hosted by third parties can be invoked by in-cloud virtual machines [0025]). Ferris does not teach receiving an application programming interface (API) call for security service. Buer substantially teaches a USH processor may include an API to expose the security services to application executing on the host processor and/or the low power host processor (col. 6, lin. 16-57).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify Ferris such that the invention further includes receiving an application programming interface (API) call for security service. One would have been motivated to do so because using API is easy to integrate and provides a better integration comparing with other interfaces.
Ferris and Buer do not teach receiving a request to provide a service on a virtualized network; and in response to receiving the request, utilizing a software deployed on the virtualized network to provide the security service on the virtualized network. Shieh substantially teaches a software agent installed in each physical and virtual network device communicates with security gateway 150 to provide network security according to an integrated security ([0024] and Fig, 2), wherein the software agent running on the virtual machine to determine that access to the virtual machine at the first physical location was permitted by the security gateway [0037].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify Ferris and Buer such that the invention further includes receiving a request to provide a service on a virtualized network; and in response to receiving the request, utilizing a software deployed on the virtualized network to provide the security service on the virtualized network. One would have been motivated to do so to provide a security services such as firewall protection, intrusion detection, and/or authentication.

Regarding claim 22 Ferris as modified teaches the cloud computing system of claim 21, wherein the operations further comprise: exposing, to the customer platform device, an API to provide access to the security service provided by the network security software (Ferris teaches a plurality of different entities may request a plurality of services hosted in a could environment [0017-0020], and [0038], and further Buer teaches a USH processor may include an API to expose the security services to application executing on the host processor and/or the low power host processor (col. 6, lin. 16-57).

  	Regarding claim 23 Ferris as modified teaches the cloud computing system of claim 21, wherein the computing resource used to execute the network security software includes at least one virtual machine ([0041] from Ferris), and further Shieh teaches a software agent installed in each physical and virtual network device communicates with security gateway 150 to provide network security according to an integrated security ([0024] and Fig, 2), and further software agent running on the virtual machine itself to determine that access to the virtual machine at the first physical location was permitted by the security gateway [0037].  


Regarding claim 25 Ferris as modified teaches the cloud computing system of claim 21, wherein the API call includes a request for the security service (Ferris teaches a plurality of different entities may request a plurality of services hosted in a could environment [0017-0020] via a browser interface, or other interfaces or mechanism [0032-0033]), and further Buer teaches a USH processor may include an API to expose the security services to application executing on the host processor and/or the low power host processor (col. 6, lin. 16-57).

Regarding claim 26 Ferris as modified teaches the cloud computing system of claim 21, wherein in response to receiving the API call, the at least one processor provides the security service to a virtualized asset deployed within the virtualized network (Ferris teaches a plurality of resources may provide a plurality of services [0019-0020]), and further Buer teaches a USH processor may include an API to expose the security services to application executing on the host processor and/or the low power host processor (col. 6, lin. 16-57).

Regarding claim 27 Ferris as modified teaches the cloud computing system of claim 26, wherein the security service is a firewall that provides firewall protection to the virtualized asset (Ferris teaches the services may include an identity management services, firewall services, and security services [0019-0020]).  

In response to Claim 28: Rejected for the same reason as claim 21
In response to Claim 29: Rejected for the same reason as claim 23
In response to Claim 30: Rejected for the same reason as claim 22

Regarding claim 31 Ferris as modified teaches the system of claim 29, wherein the hardware computing resource is a part of a distributed computing environment comprising a plurality of hardware computing resources [0019], [0041].

In response to Claim 32: Rejected for the same reason as claim 26
In response to Claim 33: Rejected for the same reason as claim 27
In response to Claim 34: Rejected for the same reason as claim 26
In response to Claim 35: Rejected for the same reason as claim 26
In response to Claim 36: Rejected for the same reason as claim 26
In response to Claim 37: Rejected for the same reason as claim 27
In response to Claim 38: Rejected for the same reason as claim 26

Regarding claim 39 Ferris as modified teaches the cloud computing system of claim 21, wherein the receiving of the API call is at the at least one processor of the cloud computing system (Ferris teaches allow other systems to access the set of subscribed services resource rules 334, for example, by providing an API to the set of subscribed services resource rules 334, wherein the rules 334 is implemented by a cloud system [0059-0061], and further Buer teaches a USH processor may include an API to expose the security services to application executing on the host processor and/or the low power host processor (col. 6, lin. 16-57).).

In response to Claim 40: Rejected for the same reason as claim 39
In response to Claim 41: Rejected for the same reason as claim 39

11.	
Claim 24 is rejected under 35U.S.C 103 as being unpatentable over Ferris, Buer, and Shieh as mentioned above, and further in view of Abels et al., US 2006/0184935 (hereinafter Abels).

Regarding claim 24 Ferris as modified teaches the cloud computing system of claim 21. Ferris, Buer, and Shieh do not teach a security software has been decoupled from a hardware of a network security device. Abels substantially teaches resource virtualization decouples software applications from hardware information handling systems by placing the software applications in “virtual machine” containers. A virtual machine is a software abstraction of the hardware layer that provides all of functionalities of a physical hardware system having operating systems and applications installed just like a physical information handling system [0007]). 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify Ferris such that the invention further includes a security software has been decoupled from a hardware of a network security device. One would have been motivated to do so to reduced energy and hardware costs, as well as increasing the flexibility they have in the deployment of their mission-critical applications.
Conclusion

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Ayoub Alata whose telephone number is (313) 446-6541. The examiner can normally be reached on M-F: 8:00am-4:30pm.
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Jay Kim can be reached at (571) 272-3804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.

/AYOUB ALATA/Primary Examiner, Art Unit 2494