DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The 4/22/2021 and 7/26/2021 IDS documents have been considered by the examiner.

Drawings
New corrected drawings in compliance with 37 CFR 1.121(d) are required in this application because as per 37 CFR 1.84(o), suitable descriptive legends are required for understanding the drawing. Figure 9 is not labeled except for reference numbering, and currently requires extensive use of the specification for even a cursory understanding.. Applicant is advised to employ the services of a competent patent draftsperson outside the Office, as the U.S. Patent and Trademark Office no longer prepares new drawings. The corrected drawings are required in reply to the Office action to avoid abandonment of the application. The requirement for corrected drawings will not be held in abeyance.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1, 4, and 10-12 is/are rejected under 35 U.S.C. 103 as being unpatentable over Nikolov (EP 2,947,569 A1) in view of Chandrashekhar (US 2018/0063193 A1).

Regarding claim 1, Nikolov discloses: A method comprising:
receiving, by a communication delegate hosted on a cloud platform (i.e., connectivity agent 155) and mapped to a tenant of the cloud platform (e.g., hybrid applications running on the cloud platform), data traffic associated with the tenant and directed to an application hosted on an on-premise private network of the tenant (e.g., applications 134 and 138 in the on-premise platform), wherein the cloud platform is hosted outside of the on-premise private network;
Refer to at least FIG. 1, [0013], and [0017] of Nikolov with respect to a hybrid cloud/on-premises setup for applications; requests between cloud and on-premises applications. 
communicating, by the communication delegate, [encapsulatedl] data traffic to the application via a secure communication tunnel specific to the tenant between the communication delegate and the on-premise private network.
Refer to at least [0014]-[0015] and [0023]-[0024] of Nikolov with respect to the connectivity agent and a cloud connector providing communications between the cloud and on-premises platform via a secure tunnel. 
Nikolov does not specifically describe the form of the secure tunnel. Accordingly, Nikolov does not specify: encrypting, by the communication delegate, the data traffic to generate an encrypted data traffic using a unique certificate associated with the communication delegate; the encrypted data traffic. However, Nikolov in view of Chandrashekhar discloses: encrypting, by the communication delegate, the data traffic to generate an encrypted data traffic using a unique certificate associated with the communication delegate; the encrypted data traffic. 
Refer to at least [0025]-[0026] and [0246] of Chandrashekar with respect to encrypting traffic and the IPSec protocol, which is known to implement certificates.
Refer to at least FIG. 9-10 of Chandrashekhar with respect to use of certificates in setting up network connections.
The teachings of Nikolov and Chandrashekhar both concern on-premises-to-cloud communications and are considered to be within the same field of endeavor and combinable as such. Further, Nikolov already provides for a secure tunnel implemented at the cloud connector and connectivity agent.
Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Nikolov to further include a secure tunnel with encryption for at least the purpose of increasing the security of data transferred between the platforms. For instance, at least [0001] of Nikolov is concerned with data security, and it would be advantageous to keep the on-premises data secured outside of its platform via encryption.

Regarding claim 4, Nikolov-Chandrashekhar discloses: The method of claim 1, further comprising retrieving, by the communication delegate, the unique certificate associated with the communication delegate from a certificate store.
Refer to at least [0235]-[0237] of Chandrashekhar with respect to key/certificate management and storage. 
This claim would have been obvious for substantially the same reasons as claim 1 above (i.e., when implementing encryption/IPSec, it is necessary to hold encryption keys/certificates).

Regarding claim 10, Nikolov-Chandrashekhar discloses: The method of claim 1, further comprising linking a remote communication agent associated with the application and hosted at the on-premise private network with the application by allocating an IP address and a port associated with the application to the remote communication agent.
Refer to at least [0017] and [0028] of Nikolov with respect to connections via port and address.
Refer to at least [0015]-[0017] of Chandrashekhar with respect connections mapped to respective ports and IP addresses. 
Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Nikolov to further include allocating an IP address and a port because the substitution of one known element for another would have yielded predictable results to one of ordinary skill in the art at the time (setting up network connections as per the cited portions of Chandrashekhar).

Regarding claim 11, Nikolov-Chandrashekhar discloses: The method of claim 1, further comprising mapping the secure communication tunnel to a unique Uniform Resource Locator (URL) accessible by the tenant.
Refer to at least [0145] of Chandrashekhar with respect to a form of claimed tenant obtaining a gateway via URL. 
The gateway sets up tunnels as per at least [0008] of Chandrashekhar.
Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Nikolov to further include a URL for accessing the connectivity agent/cloud connector because the substitution of one known element for another would have yielded predictable results to one of ordinary skill in the art at the time (identifying the gateway).

Regarding claim 12, Nikolov-Chandrashekhar discloses: The method of claim 1, further comprising establishing a plurality of communication links within the secure communication tunnel between the communication delegate and a remote communication agent, wherein the encrypted data traffic is transported over one or more of the plurality of communication links.
Refer to at least [0027]-[0028] of Nikolov with respect to multiple communication links.
Refer to at least [0025]-[0026] and [0246] of Chandrashekar with respect to encrypting traffic and the IPSec protocol.
This claim would have been obvious for substantially the same reasons as claim 1 above (i.e., implementing an encrypted secure tunnel).

Claim(s) 2 is/are rejected under 35 U.S.C. 103 as being unpatentable over Nikolov-Chandrashekhar as applied to claims 1, 4, and 10-12 above, and further in view of Official Notice.

Regarding claim 2, Nikolov-Chandrashekhar does not specify: wherein the application is provided to the tenant on a pay-per-use basis. However, the examiner hereby takes official notice that it was well known in the art before the filing date of Applicant’s invention to provide cloud and hybrid cloud applications for a fee; that payment could be consumption-based/metered/pay-per-use. Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Nikolov-Chandrashekhar to include wherein the application is provided to the tenant on a pay-per-use basis because design incentives or market forces provided a reason to make an adaptation, and the invention resulted from application of the prior knowledge in a predictable manner (i.e., monetization of the service; monetization based on usage such that more frequent users pay more money).

Claim(s) 3 and 6-9 is/are rejected under 35 U.S.C. 103 as being unpatentable over Nikolov-Chandrashekhar as applied to claims 1, 4, and 10-12 above, and further in view of Mudigonda (US 2016/0087941 A1).

Regarding claim 3, Nikolov-Chandrashekhar does not fully disclose: further comprising: receiving, by a communication controller of the cloud platform, the data traffic prior to receiving the data traffic by the communication delegate; identifying, by the communication controller, the communication delegate mapped to the tenant from among a plurality of communication delegates based on a tenant identifier (ID) identified from the data traffic received by the communication controller, wherein each of the plurality of communication delegates is mapped respectively to a unique tenant of a plurality of tenants of the cloud platform; and forwarding, by the communication controller, the data traffic to the communication delegate. However, Nikolov-Chandrashekhar in view of Mudigonda discloses: further comprising: receiving, by a communication controller of the cloud platform, the data traffic prior to receiving the data traffic by the communication delegate; identifying, by the communication controller, the communication delegate mapped to the tenant from among a plurality of communication delegates based on a tenant identifier (ID) identified from the data traffic received by the communication controller, wherein each of the plurality of communication delegates is mapped respectively to a unique tenant of a plurality of tenants of the cloud platform; and forwarding, by the communication controller, the data traffic to the communication delegate.
Refer to at least the abstract, [0029], [0052], and [0056]-[0058] of Mudigonda with respect to identifying an associated gateway via tenant identifier, where gateways are mapped to respective tenants. The gateway handles tunnel traffic for the identified tenant. 
The teachings of Nikolov-Chandrashekhar and Mudigonda are concerned with secure tunnels to cloud networks, and are considered to be within the same field of endeavor and combinable as such.
	Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Nikolov-Chandrashekhar to further include mapping gateways/cloud connectors/connectivity agents to applications for at least the purpose of reducing a load on said gateways/cloud connectors/connectivity agents by distributing the computation, while allowing for pricing based on a number and/or quality. 

Regarding claim 6, Nikolov-Chandrashekhar-Mudigoda discloses: The method of claim 1, wherein the secure communication tunnel comprises a first communication tunnel between the communication delegate and a midway server, and wherein communicating the encrypted data traffic comprises sending the encrypted data traffic from the communication delegate to the midway server via the first communication tunnel.
Refer to at least FIG. 3 and [0078]-[0079] of Mudigoda with respect to proxy servers implemented in between the connection as part of the VPN. 
Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Nikolov-Chandrashekhar to further include a proxy server because the substitution of one known element for another would have yielded predictable results to one of ordinary skill in the art at the time (e.g., [0027] of Mudigoda with respect to an SSL proxy).

Regarding claim 7, Nikolov-Chandrashekhar-Mudigoda discloses: The method of claim 6, wherein the secure communication tunnel further comprises a second communication tunnel between the midway server and a remote communication agent hosted at the on-premise private network and linked to the application, 
Refer to at least FIG. 3 and [0078]-[0079] of Mudigoda with respect to proxy servers implemented in between the connection as part of the VPN. 
and wherein communicating the encrypted data traffic comprises: verifying a delegate ID and an IP address associated with the encrypted data traffic at the midway server against the unique certificate; 
and forwarding the encrypted data traffic from the midway server to the remote communication agent via the second communication tunnel upon successful verification of the delegate ID and the IP address associated with the encrypted data traffic. 
Refer to at least FIG. 9-10 and [0140]-[0146] of Chandrashekhar with respect to validating a gateway via certificate and identifier.
Refer to at least [0075]-[0078] of Mudigoda with respect to handshaking between the proxy server and gateway. 
This claim would have been obvious for substantially the same reasons as claim 6 above.

Regarding claims 8-9, they are rejected for substantially the same reasons as claims 6-7 above (i.e., the citations to the proxy server/handshaking and the obviousness rationale).

Claim(s) 5 is/are rejected under 35 U.S.C. 103 as being unpatentable over Nikolov-Chandrashekhar as applied to claims 1, 4, and 10-12 above, and further in view of Falk (US 2012/0102319 A1).

Regarding claim 5, although certificates are known in the art to have information such as identifiers and IP address/domain name, Nikolov-Chandrashekhar does not specify: wherein the unique certificate comprises an identifier of the communication delegate and an IP address associated with the communication delegate. However, Nikolov-Chandrashekhar in view of Falk discloses: wherein the unique certificate comprises an identifier of the communication delegate and an IP address associated with the communication delegate.
Refer to at least [0009] of Falk, wherein “[i]n addition to the server's public key, said certificate also contains information about the server, in particular its identifiers such as, for example, its name, DNS name, or IP address.”
The teachings of Falk are relied upon with respect to certificates such as those of Nikolov-Chandrashekhar, and are considered to be combinable as such.
Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Nikolov-Chandrashekhar to specifically include an identifier and IP address within the certificate because the substitution of one known element for another would have yielded predictable results to one of ordinary skill in the art at the time (i.e., certificate fields).

Claim(s) 13, 15-16, and 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Nikolov (EP 2,947,569 A1) in view of Chandrashekhar (US 2018/0063193 A1) and Falk (US 2012/0102319 A1).

Regarding claim 13, it is substantially similar to elements of claims 1, 4, and 5 above, and is therefore rejected for substantially the same reasons (i.e., the citations and obviousness rationales).

Regarding claim 15, Nikolov-Chandrashekhar-Falk discloses: The cloud platform system of claim 14, wherein the plurality of communication delegates are hosted as containerized applications on one or more clusters of computing nodes, 
Refer to at least [0273]-[0274] and [0276] of Chandrashekhar with respect to containers.
and wherein the IP address associated with the communication delegate comprises an IP address of a cluster of the one or more clusters of computing nodes that hosts the communication delegate.
Refer to at least [0021] and [0186] of Chandrashekhar with respect to an IP address associated with the gateway and cloud computing nodes. 
Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Nikolov-Chandrashekhar-Falk to further include support for containers and a gateway having an IP address for a set of computing nodes because all of the claimed elements were known in the prior art and one skilled in the art could have combined the elements as claimed by known methods with no change in their respective functions, and the combination would have yielded predictable results to one of ordinary skill in the art at the time (i.e., as per the cited portions of Chandrashekhar concerning modification).

Regarding claim 16, it is substantially similar to claim 4 above, and is therefore likewise rejected.

Regarding claim 19, it is substantially similar to elements of claims 1, 4, and 5 above, and is therefore rejected for substantially the same reasons (i.e., the citations and obviousness rationales).

Claim(s) 14, 17-18, and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Nikolov-Chandrashekhar-Falk as applied to claims 13, 15-16, and 19 above, and further in view of Mudigonda (US 2016/0087941 A1).

Regarding claim 14, it is substantially similar to claim 3 above, and is therefore likewise rejected for substantially the same reasons (i.e., the citations and obviousness rationale).

Regarding claims 17-18, they are substantially similar to elements of claims 6-7, and are therefore likewise rejected for substantially the same reasons (i.e., the citations and obviousness rationales).

Regarding claim 20, it is substantially similar to claim 3 above, and is therefore likewise rejected for substantially the same reasons (i.e., the citations and obviousness rationale).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to VADIM SAVENKOV whose telephone number is (571)270-5751. The examiner can normally be reached 12PM-8PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey L Nickerson can be reached on (469) 295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/Jeffrey Nickerson/Supervisory Patent Examiner, Art Unit 2432                                                                                                                                                                                                        




/V.S/Examiner, Art Unit 2432