DETAILED ACTION

Status of Claims

This action is in reply to the communication filed on 05/24/2022.
Claims 1-20 have been amended.
Claims 1-20 are currently pending and have been examined.

	Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
Applicant's arguments filed 05/24/2022 have been fully considered but they are moot in view of the new grounds of rejection.

Claim Interpretations
 The following is a quotation of 35 U.S.C. 112(f): 
(f) ELEMENT IN CLAIM FOR A COMBINATION.—An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims include one or more elements which are being interpreted as invoking 35 U.S.C. 112(f).
The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art. The broadest reasonable interpretation of a claim element is limited by the description in the specification when 35 U.S.C. 112(f), is invoked. As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f):
(A) the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function;
(B) the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as "configured to" or "so that"; and
(C) the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function.
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f). The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f), is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier. Such claim limitations are: 
“cloud resource management controller” in claims 1-8 and 15-20; and “audit engine” in claims 1, 8, and 15.
Because these claim limitations are being interpreted under 35 U.S.C. 112(f) they are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.

If applicant does not intend to have the limitation(s) above interpreted under 35 U.S.C. 112(f), applicant may: (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f).

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

Claims 1-20 are rejected under 35 U.S.C. 112(b) as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor regards as the invention.
Claims 1, 8, and 15 recite an auditor that is independent from the infrastructure owner and the user, it is unclear what associations between the auditor, owner, and user are being excluded, and what degree of interaction is permissible, in order for the auditor to qualify as being “independent”. In context, the limitation is presumably intended to describe that the auditor is a commercial “third party” with respect to the owner and user, in which case Examiner notes that interpersonal social and/or contractual relationships are not generally entitled to patentable weight. For example, in the instant claims whether or not the auditor is a third-party or independent from the owner and/or user has no effect on the structure of the cloud resource audit system to which claim 1 is directed, nor the IHS of claim 8, nor does the “independent” qualifier add or alter the steps of the method of claim 15 and is accordingly non-limiting1.
Claims 1, 8, and 15 recite an auditor identifier controlled by the infrastructure owner and a user identifier controlled by the user, it is unclear what is required for an ID to constitute as being “controlled” by person; but similarly to the above, there is no positive recitation of a system function or method step to implement said identifier control, and the claim language is accordingly interpreted as non-limiting intended use.  
Claims 1, 8, and 15 recite identify, via the audit terminal device in response to a first communication from the auditor, a first set of audit instructions, the meets and bounds of which are unclear. It is unclear what the limitation requires overall as the operation/act of “identifying” does not appear to produce any observable, tangible result; it is ambiguous as to how the terminal device facilitates the act of identifying (possibly intended to describe that the communication is received via the audit terminal? ); the additional recitation that it occurs ‘in response’ to a generic “communication” offers no guidance. AppSpec offers no guidance as neither the verb ‘identify’ nor the word ‘communication’ appears in the same paragraph as any of the audit terminal, auditor, and/or audit instructions.  Claims 2, 9, and 16 further compound the ambiguity by inconsistently reciting wherein the first set of audit instructions are identified via the first communication from the auditor, rather than via the audit terminal device in response to a first communication as recited in claims 1, 8, and 15, with still no indication as to what the operation/act of “identifying” entails.  
In order to advance prosecution, the limitations of claims 1, 8, and 15 have been interpreted as essentially describing that the particular audit instructions that are executed are generally based on communication(s) received from the auditor via the terminal.
Claims 4, 11, and 18 recite identify, via the audit terminal device in response to a second communication from the auditor, a second set of audit instructions which is ambiguous for the same reasons as described above.

Claim 8 recites “the cloud resource management controller” which lacks antecedent basis.
Claim limitation “audit engine” invokes 35 U.S.C. 112(f). However, Applicant’s as-filed Specification (AppSpec) fails to clearly link any structure disclosed therein to the recited function(s) of “execute a first set of audit instructions to perform a first audit action on the hardware resources generate a first set of audit results”; no description in AppSpec could be identified concerning the “audit engine’s” structure, implementation, and/or technical nature could be identified in AppSpec beyond that it is “in the cloud resource management controller” (AppSpec ¶0034).  None of these listed possibilities are clearly linked and the claims are accordingly rejected under 35 U.S.C. 112(b).
Applicant may:
(a)    	Amend the claim so that the claim limitation will no longer be interpreted as a limitation under 35 U.S.C. 112(f); 
 (b)  Amending the written description of the specification such that it expressly recites the corresponding structure, material, or acts for performing the claimed function and clearly links or associates the structure, material, or acts to the claimed function, without introducing any new matter (35 U.S.C. 132(a)); or 
(c)   If applicant is of the opinion that the written description of the specification already implicitly or inherently discloses the corresponding structure and clearly links the structure to the function so that one of ordinary skill in the art would recognize it as such, applicant should clarify the record by stating on the record what the corresponding structure, material, or acts, which are implicitly or inherently set forth in the written description of the specification, perform the claimed function. For more information, see 37 CFR 1.75(d) and MPEP §§ 608.01(o) and 2181.

Any claim listed in the rejection heading not explicitly listed in the body is rejected for being dependent upon a rejected claim.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 3-6, 8, 10-13, 15, and 17-19 are rejected under 35 U.S.C. 103 as being unpatentable over Reich et al. (Cloud Accountability Project - Automation Service for the Framework of Evidence) in view of Shen et al. (Access-Authorizing and Privacy-Preserving Auditing with Group Dynamic for Shared Cloud Data) in further view of Rubsamen et al. (Cloud Audits and Privacy Risks).

Claims 1, 4, 8, 11, 15 and 18:
Reich discloses the limitations as shown in the following rejections:
A cloud resource audit system, comprising: a plurality of hardware resources provided by an infrastructure owner (Cloud Service Provider (CSP) generally, e.g. “CardioMon”, “DataSpacer”); and a cloud resource management controller that is coupled to the plurality of datacenter hardware resources and that is configured to: allocate hardware resources to a user (Cloud Customer/Tenant generally, “Map-On-Web” in specific example); run one or more workloads for the user on the hardware resources (see at least pg. 18-20: “CardioMon and Map-On-Web…don’t have their own IT infrastructure but use resources provided by DataSpacer...SaaS provider Map-On-Web runs AAS in addition to its own service on the virtualized resources provided by DataSpacer…This infrastructure provider provides both CardioMon and Map-on-Web with resources required to run their services (virtual machines, storage and networking).” See additionally pg. 12, 39, and 43-45 describing generally that “In a cloud ecosystem there are typically a lot of different tenants sharing the same resources” (pg. 43). 
receive, via an audit terminal device (web-based dashboard) from an auditor (Cloud auditor) that is independent (“third-party auditor (TPA)”) from the infrastructure owner and the user, a request to audit the hardware resources (see at least pg. 17, para. 4; pg. 18, last para.; pg. 39, last para. and Fig. 12; pg. 40, § 7.2.2; pg. 26; pg. 31, Fig. 7; pg. 36, Fig. 10; pg. 28, § 5.2) describing the interface for the cloud “Audit Agent System (AAS)” for use by auditors including “trusted third-party auditor (TPA), who is independent from the customer and provider, but acting on behalf of any of those” (pg. 18). 
determine that the request includes an auditor identifier (auditor credentials, password) controlled by the infrastructure owner(AAS, particularly Audit Policy Module (APM) and Audit Agent Controller) for the hardware resources that is included in the cloud resource management controller(see at least pg. 46-47, § 9; pg. 40, § 7.2.2; pg. 24, § 5.1.1; pg. 17, para. 3) disclosing accessing AAS requires authenticated auditor credentials: “all the communication links over the network should be protected by TLS with mutual authentication. Specially, to authenticate the auditors, multi-factor authentication using TLS client certificates together with a password for each auditor is recommended alongside a good support for key management” (pg. 47, para. 1). And that the request interfaces AAS auditing functions are only exposed to auditors (pg. 40).
identify, via the audit terminal device in response to a first communication from the auditor, a first set of audit instructions; execute, using the audit engine, the first set of audit instructions to perform a first audit action on the hardware resource generate a first set of audit results; and provide the first set of audit results to the audit terminal device (see at least pg. 25-26, pg. 32).
As noted above, Reich discloses (pg. 46-47) that privacy requirements for the system include “requiring strong authentication for defining audit tasks and for where they can execute…Only enable access to data in the evidence store that is strictly needed” (pg. 46, sect. 9) and “to authenticate the auditors, multi-factor authentication using TLS client certificates together with a password for each auditor is recommended alongside a good support for key management” (pg. 47, para. 1); and discloses (pg. 42; pg. 25, sect. 5.1.3) audit policies are defined and evidence is collected on a per-tenant basis, but does not specifically disclose request includes a user identifier controlled by the user.
Shen however, discloses a cloud system which supports auditing by a third-party auditor (TPA) wherein “the cloud needs to verify whether this TPA is indeed authorized by group manager” (pg. 3323, para. 2). Shen further discloses (pg. 3326-3327, “(6) Algorithm ProofGen” description; pg. 3328, para. 1; pg. 3329, “(3) Algorithm ProofGen” description) the TPA sends an auditing to challenge to request the cloud perform an auditing task, wherein the request (auditing challenge chal) includes an auditor identifier ({VID}pkcloud) controlled by the infrastructure owner and a user identifier (sigAUTH) controlled by the user (group manager) to allow the cloud “to verify whether this TPA is indeed authorized by group manager” (pg. 3327).
It would have been obvious to one of ordinary skill in the art at the time of the invention to modify Reich to employ the access authorization credential of Shen because “auditing authorization of TPA avoids the cloud responding to the unauthorized auditing challenges from malicious TPA” (pg. 3335 sect. 8; pg. 3321, para. 4; pg. 3322, para. 2).
Regarding the recitation to allow the auditor to access an audit engine…that is not accessible to the user, in at least pg. 18, last para. Reich describes (emphasis added):
“In this scenario, each cloud service provider is running its own instance of the Audit Agent System for evidence collection and auditing purposes. The intended user of the system is an auditor. The auditor may act on behalf of the cloud customer (external view) or cloud provider (internal view) to perform continuous, periodic and one-time audits. The goals and nature of policies which are audited may differ depending on the view. The view may also differ in case a trusted third-party auditor (TPA), who is independent from the customer and provider, but acting on behalf of any of those. However, we assume a reasonable degree of technical understanding from the auditor. Therefore, we focus on the internal auditor (e.g., a data protection officer at each provider) and third-party auditor.”

Although implied, Reich does not explicitly state that the auditors are granted special privileges and/or that the different auditing “views” have access control enforcement.
Rubsamen, however, elaborates on such security concerns and specifies “TPAs auditing cloud performance might need elevated privileges on the examined services (e.g., for measuring loading and saving times in a SaaS scenario). A TPA also has to assess the accounting system of cloud providers” (pg. 408, last para.) and provides an access management layer where: “different views on audit reports must be provided to different stakeholders. This is done using the access management layer, which, depending on the actor requesting the audit report, provides reports with different levels of detail.”
It would have been obvious to one of ordinary skill in the art at the time of the invention to modify Reich to restrict access to auditing functionalities as taught by Rubsamen to prevent the leakage of private customer data and security sensitive data (Rubsamen pg. 409; pg. 412, sect. 6). 

Claims 3, 5, 6, 9-13, and 16-19:
The combination of Reich/Shen/Rubsamen discloses the limitations as shown in the rejections above. Reich further discloses the limitations as shown in the following rejections:
 [claim 3, 10, 17] the first set of audit instructions to perform the first audit action on the hardware resources to generate the first set of audit results during the running of the one or more workloads on the hardware resources (see at least pg. 25-27).
[claim 5 and 12] controller is configured to: receive a second set of audit instructions from the audit terminal device; and store the second set of audit instructions…receive an update for the first set of audit instructions from the audit terminal device; and update the first set of audit instructions to provide an updated first set of audit instructions (see at least pg. 32-34) disclosing receiving inputs from the Auditor interface to configure and extend audit tasks defined in auditing policies.
[claim 6, 13, 19] controller is configured to: monitor for a first condition (e.g. triggers, “TriggerAtTime”; “TriggerPORRequestReceived”) included in a first audit policy that is associated with the first set of audit instructions, wherein the first set of audit instructions are executed in response to the first condition being satisfied (pg. 26, para. 4-6; pg. 34-35; pg. 29, § 5.2.2).

Claims 2, 9, and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Reich et al. (Cloud Accountability Project - Automation Service for the Framework of Evidence) in view of Shen et al. (Access-Authorizing and Privacy-Preserving Auditing with Group Dynamic for Shared Cloud Data) in further view of Rubsamen et al. (Cloud Audits and Privacy Risks) in further view of Onen et al. (Privacy Design Guidelines for Accountability Tools).

Claims 2, 9, 16:
The combination of Reich/Shen/Rubsamen discloses the limitations as shown in the rejections above. Although implied (e.g. “requiring strong authentication for defining audit tasks and for where they can execute” (pg. 46)) Reich does not explicitly disclose the Audit Policy Module (APM) (audit policy repository) requires authenticated access and does not clearly anticipate allow, in response to determining that the request includes the auditor identifier controlled by the infrastructure owner and the user identifier controlled by the user, the auditor to access an audit policy repository that is not accessible to the user, wherein the first set of audit instructions are identified via the first communication from the auditor that is directed to the audit policy repository.
Onen, however, elaborates on the AAS security requirements and explicitly specifies that the APM requires strong access control in at least pg. 72, sect. D.1:
D.1. Audit Agent System
In terms of general PETs, communication between components over any network should be protected by TLS with mutual authentication. For authenticating auditors, strong multi-factor authentication should be enforced. For example, this could be done with client certificate authentication in TLS together with a password for each auditor. Passwords could be protected using scrypt, with a strict policy in place of locking accounts after failed authentications.
Figure 6 shows the high-level architecture of the Audit Agent System, as envisioned in the end of 2013 by the developers. For each component:
APM Beyond strong access control, as described earlier for general considerations in terms of authentication, all audit tasks should be logged in a secure and irrefutable way. As part of the Accountability and Privacy Enforcement Tool described in Section B.1, there will be secure logging mechanisms in place, which may be used. Another option is using the Transparency Log described in Section 2.3. Another avenue for access control is to use the policy engine as part of the Accountability and Privacy Enforcement Tool.
AAC As for the APM, strong access control is needed together with all actions being logged.

It would have been obvious to one of ordinary skill in the art at the time of the invention to modify Reich to require authenticated access to the APM as taught by Onen to prevent the leakage of customer’s private data (Onen pg. 40-41; pg. 72-73).

Claims 7, 14, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Reich et al. (Cloud Accountability Project - Automation Service for the Framework of Evidence) in view of Shen et al. (Access-Authorizing and Privacy-Preserving Auditing with Group Dynamic for Shared Cloud Data) in further view of Rubsamen et al. (Cloud Audits and Privacy Risks) in further view of Lukacs (US 2017/0192810 A1).

Claims 7, 14, and 20:
The combination of Reich/Shen/Rubsamen discloses the limitations as shown in the rejections above. Reich discloses (pg. 26) that the Audit Agents software shares HW node with concurrently executing Tenant VMs/applications (workloads) but does not describe the agents preempting or otherwise utilizing resources allocated to the Tenant’s VMs and does not disclose the limitations of claims 7, 14, and 20.
Lukacs, however, discloses (¶0036, 0040-0041) analogous methods for auditing guest VMs (workloads) at a farm of client systems (datacenter hardware resources) including employing an “audit server to send instructions directly to an audited client system…to instruct VM audit engine 40 to perform a particular kind of audit, to inspect guest VM (¶0041)…engine 40 may select a target VM for auditing according to audit request” (¶0046). Lukacs further discloses (¶0049-0053, 0057-0061; FIG. 6 and 7) in response to executing the audit instructions/ request (audit instructions) the engine reallocates a portion of hardware resources from running the one or more workloads (guest OS/applications) by injecting/”dropping” an audit agent driver into the VM to carry out audit operations (audit actions) within guest VM where “driver 48 executes within guest VM 32 having its own memory space and execution thread, driver 48 may use all resources available to guest OS 34 to perform an audit of guest VM” (¶0060) and subsequently “remove[s] audit driver 48 from guest VM 32 when audit driver 48 finishes execution, for instance, when the current audit operation is complete” (¶0059) (allocate the first sub-portion to the first audit action; and reallocate the first sub-portion back to the one or more workloads when the first audit action has completed).
It would have been obvious to one of ordinary skill in the art at the time of the invention to modify Reich to employ Lukacs’s audit agent injection “to increase the safety and reliability of the software audits. To avoid exposing auditing software to malicious human intervention and/or to malware infecting the audited client” (¶0064) and to increase the accuracy and efficiency of the auditing process (Lukacs ¶0061-0067).
                                                                                                                                                                                                   Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure:
US 20200234817 A1 and US 20180285887 A1 each describe compliance auditing frameworks.
US 20210034496 A1 discloses a system for auditing as a service.
“Designing Monitoring Systems for Continuous Certification of Cloud Services: Deriving Meta-requirements and Design Guidelines” outlines design requirements for cloud audit/certification monitoring systems.
	
	Any inquiry of a general nature or relating to the status of this application or concerning this communication or earlier communications from the Examiner should be directed to Paul Mills whose telephone number is 571-270-5482.  The Examiner can normally be reached on Monday-Friday 11:00am-8:00pm.  If attempts to reach the examiner by telephone are unsuccessful, the Examiner’s supervisor, Emerson Puente can be reached at 571-272-3652.
	Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see  http://portal.uspto.gov/external/portal/pair .  Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866.217.9197 (toll-free). Any response to this action should be mailed to:
Commissioner of Patents and Trademarks
Washington, D.C.  20231
or faxed to 571-273-8300.
Hand delivered responses should be brought to the United States Patent and Trademark Office Customer Service Window:
Randolph Building
401 Dulany Street
Alexandria, VA 22314.

/P. M./
Paul Mills
09/04/2022

/EMERSON C PUENTE/Supervisory Patent Examiner, Art Unit 2196                                                                                                                                                                                                        


    
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
    

    
        1 “Claim scope is not limited by claim language that suggests or makes optional but does not require steps to be performed, or by claim language that does not limit a claim to a particular structure” (MPEP 2111.04).