DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The office action is in response to amendment filed on 6/10/2022.  Claims 1, 8, and 14-15 have been amended.  Claims 2, 9, and 16 have been canceled by the Applicant.  Claims 1, 3-8, 10-15, and 17-21 have been examined.  This office action is Final.

Response to Amendments
Applicant's arguments filed 6/10/2022 have been fully considered but they are not persuasive. 
Applicant’s argument: On pages 8-9 of the Applicant’s arguments the Applicant states that, “bypassing, by a particular host in the cluster, a management server of the virtualized computing environment to establish a secure communication connection between the particular host and the KMS using the KMS configuration information installed at the particular host, wherein an unsecure communication connection is present between the management server and the particular host”.
Examiner’s reply:  The Examiner disagrees with the Applicant’s argument.  Jowett discloses “bypassing, by a particular host in the cluster, a management server of the virtualized computing environment to establish a secure communication connection between the particular host and the KMS using the KMS configuration information installed at the particular host, wherein an unsecure communication connection is present between the management server and the particular host”, because Jowett discloses the host administrator (i.e. management server) may lack privilege to access the guardian service (i.e. KMS) and its encryption keys (i.e. KMS configuration information), the host obtains the key from the KMS, thus the host bypasses the host administrator to establish a secure communication between the host and guardian service, the communication connection is unsecure between the host administrator and the host, because the host administrator lacks privileges for a secure communication (Jowett: para. 0025).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.



Claims 1, 8, 11-15, and 18-21 is are rejected under 35 U.S.C. 103 as being unpatentable over Jowett et al. (2019/0007378) in view of Moyne et al (2016/0078065).
As per claim 1, Jowett discloses a method to distribute and use digital certificates for hosts in a virtualized computing environment (Jowett: See Fig. 1, para. 0032, distribute by the guardian service and use health certificates (i.e. digital certificates) for hosts (includes new host and host #102 in a virtualized computing environment #100), the method comprising: 
selecting a first host (Jowett: para. 0028, the first host #102 is selected by configuring itself for secure communication); 
obtaining, by the selected host, key management service (KMS) configuration information that is usable to establish a secure communication connection with a KMS, wherein the KMS configuration information includes a digital certificate (Jowett: para. 0028, 0032, obtaining, by the selected host (i.e. host #102), KMS configuration information (i.e. included health certificate) that is usable to establish a secure communication connection with a KMS (i.e. guardian service)); 
installing the obtained KMS configuration information in the selected host (Jowett: See Fig. 4, para. 0030, 0045, installing the obtained health certificate (i.e. KMS configuration information) in the selected host it is installed in the secure module #151); 
bypassing, by a particular host, a management server of the virtualized computing environment to establish a secure communication connection between the particular host and the KMS using the KMS configuration information installed at the particular host, wherein an unsecure communication connection is present between the management server and the particular host (Jowett: para. 0023-0025, the host administrator (i.e. management server #132) lacks privilege to access the KMS (i.e. guardian service/key management service) and its encryption keys, the secure module of the host (i.e. particular host) obtains the VM’s key from the guardian service, thus the Examiner asserts, the host bypasses the host administrator of the virtualized computing environment to establish secure communication connection between the host and the guardian service/KMS using the encryption keys, wherein an unsecure communication connection is present between the host administrator and the host) (Jowett: para. 0032-0034, establishing, by the host, a secure communication connection with the guardian service/key service using the health certificate installed at the host); and 
receiving, by the particular host from the KMS via the secure communication connection, an encryption key usable by the particular host to perform a cryptographic operation (Jowett: para. 0035, receiving by the host from the guardian service/key service via the secure communication connection a VM key (i.e. encryption key) that is usable the host to perform encrypting the VM’s network communications (i.e. cryptographic operation)). 
Jowett does not explicitly disclose replicating, by the selected host, the KMS configuration information into at least a second host in the cluster, wherein the KMS configuration information is replicated into each host in the cluster until the KMS configuration information is installed in all active hosts in the cluster.
However, analogous art of Moyne discloses replicating, by the selected host, the KMS configuration information into at least a second host in the cluster, wherein the KMS configuration information is replicated into each host in the cluster until the KMS configuration information is installed in all active hosts in the cluster (Moyne: para. 0072-0074, and 0077 replicating, by the seeder node/Node A (i.e. selected host), the KMS configuration information (i.e. key) into at least a second node in the cluster, wherein the key is replicated into each node in the cluster until the key is installed in all active nodes in the cluster).
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Moyne with the system/method of Jowett to include replicating, by the selected host, the KMS configuration information into at least a second host in the cluster, wherein the KMS configuration information is replicated into each host in the cluster until the KMS configuration information is installed in all active hosts in the cluster.
One would have been motivated to replicate the KMS configuration information into at least a second host in the cluster, because the risk of data loss is greatly reduced if a host fails (Moyne: para. 0068, 0075).

As per claim 4, Jowett and Moyne disclose the method of claim 1. Moyne further discloses wherein replicating the KMS configuration information into the at least the second host includes performing a sequential replication that comprises: sending, by the selected host, the KMS configuration information to the second host in the cluster (Moyne: para. 0072-0074, and 0077 replicating, by the seeder node/Node A (i.e. selected host), the KMS configuration information (i.e. key) into at least a second node in the cluster, wherein the key is replicated), along with an instruction for the second host to replicate in the KMS configuration information into a next host in the cluster; installing the KMS configuration information in the second host; sending, by the second host, the KMS configuration information to the next host along with an instruction for the next host to replicate in the KMS configuration information into a further host in the cluster; and repeating the sequential replication until the KMS configuration information is installed in all active hosts of the cluster (Moyne: para. 0072, a second host (i.e. second node) to replicate the key into a next node; and installing the key in the second node, and sending, by the second node, the key to the next host (i.e. third node) to replicate the key and sending to another node, and repeating the replication for the number of nodes in the cluster). 
Same motivation as claim 1 above.

As per claim 5, Jowett and Moyne disclose the method of claim 1.
Moyne further discloses wherein replicating the KMS configuration information into the at least the second host includes performing a concurrent replication that comprises: concurrently sending, by the selected host, the KMS configuration information to multiple active hosts in the cluster for installation therein (Moyne: para. 0075, replicating the key (i.e. KMS configuration information) into the at least the second node includes performing a concurrent replication (i.e. simultaneously sends replicated keys to a secondary node)). 
Same motivation as claim 1 above.

As per claim 6, Jowett and Moyne disclose the method of claim 1.
Jowett further discloses wherein obtaining the KMS configuration information includes one or more of: obtaining, by the selected host, at least some of the KMS information from a management server of the virtualized computing environment via a call, programming the selected host with at least some of the KMS configuration information (Jowett: para. 0032-0034, obtaining the health certificate (i.e. KMS configuration information) includes obtaining, by the host, the health certificate (i.e. KMS information) from a management server (i.e. guardian service)), obtaining, by the selected host, at least some of the KMS configuration information from a source outside of the virtualized computing environment, or self-generating, by the selected host, at least some of at least some of the KMS configuration information (Jowett: para. 0032-0034, 0037, discloses obtaining, by the selected host, at least some of the KMS configuration information from a source outside of the virtualized computing environment, because obtaining by the host the health certificate from a source outside (i.e. guardian service)). 
As per claim 7, Jowett and Moyne disclose the method of claim 1.
The combination of Jowett further discloses further comprising establishing, by multiple hosts in the cluster (Moyne: para. 0078, nodes (i.e. host) in the cluster), respective multiple independent secure communication connections with the KMS using KMS configuration information respectively installed at the multiple hosts (Jowett: See Fig. 7 and 8, host #102 and new host, KMS configuration information (i.e. health certificate) installed at the host and new host)).
Same motivation as claim 1 above.

As per claims 8, and 15 rejected under similar basis as claim 1 respectively.
As per claims 11-14, and 18-21, rejected under similar basis as claims 4-7 respectively.

Claims 3, 10, and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Jowett et al. (2019/0007378) in view of Moyne et al. (2016/0078065) as applied to claim 1 above, and further in view of Ylonen et al. (2013/0191631).

As per claim 3, Jowett and Moyne disclose the method of claim 1.
Jowett and Moyne do not explicitly disclose wherein the digital certificate includes a secure sockets layer (SSL) certificate, and wherein the secure communication connection includes a SSL communication connection. 
However, analogous art of Ylonen discloses wherein the digital certificate includes a secure sockets layer (SSL) certificate, and wherein the secure communication connection includes a SSL communication connection (Ylonen: para. 0120, 0166, SSL certificate).
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Ylonen with Jowett and Moyne system/method of Jowett to include the digital certificate includes a secure sockets layer (SSL) certificate, and wherein the secure communication connection includes a SSL communication connection.
One would have been motivated, because the benefit to using a SSL certificate provides security for online communications (Ylonen: para. 0166).

	As per claims 10 and 17, rejected under similar basis as claim 3.


Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JENISE E JACKSON whose telephone number is (571)272-3791. The examiner can normally be reached M-F 8:00am-4:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu T Pham can be reached on (571)270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




9/28/2022
/J.E.J/Examiner, Art Unit 2439    



/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439