DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
Regarding claims rejected under 35 USC 103:
Applicant’s arguments, e.g., concerning the encrypted certificate, have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made in view of Ericksen (US 2020/0344607 A1).

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Roth (US 9,037,511 B2) in view of Chang (US 2017/0099188 A1) and Ericksen (US 2020/0344607 A1).

Regarding claim 1, Roth discloses: A method comprising: 
in response to receiving a first request from a first virtualized communication endpoint (VCE) (i.e., the guest operating system in Roth), allocating and assigning a first communication portal to the first VCE, generating an encryption key associated with the first communication portal, and returning the encryption key and an identification of the first communication portal to the first VCE; 
Refer to at least Col. 7, Ll. 29-35 ad Col. 8, Ll. 25-45, and FIG. 6 of Roth with respect to configuring an encryption key, certificate, and other secure information for the guest operating system.
Refer to at least FIG. 1 and Col. 5, Ll. 36-46 of Roth with respect to storing the information for guest operating systems to use for secure communication channels.   
in response to receiving a second request from a second [entity] (i.e., external computing system in Roth) to establish a communicative connection with the first communication portal, the second request being accompanied by [a] certificate, comparing, using the encryption key, the information included in the certificate with certificate input information; and 
Refer to at least Col. 4, Ll. 59-Col. 5, Ll. 12 and Col. 6, Ll. 16-34 of Roth with respect to receiving a request message from the external computing system, obtaining relevant encryption key, certificate, and other secure information for an identified guest operating system, and performing setup and verification for establishing secure communication with the guest operating system.
in response to determining that the information included in the certificate matches the certificate input information, establishing the communicative connection between the first VCE and the second [entity].
Refer to at least Col. 2, Ll. 53-58 and Col. 3, Ll. 1-47 of Roth with respect to the secure channel which is established between the requesting external computing system and the guest operating system.
Roth does not specify that the external computing system is virtualized. Accordingly, Roth does not disclose: wherein an entity is a second VCE. Roth further does not specify its certificate being an encrypted certificate. However, Roth in view of Chang discloses: wherein an entity is a second VCE.
Refer to at least FIG. 1, FIG. 3, and [0032]-[0036] of Chang with respect to establishing secure channels between virtual machines. 
Roth-Chang in view of Ericksen discloses: the certificate being an encrypted certificate.
Refer to at least [0043] of Ericksen with respect to using an encrypted certificate for authentication in establishing a secure TLS connection.
The teachings of both Roth and Chang concern hypervisors establishing secure channels to virtual machines, and are considered to be within the same field of endeavor and combinable as such. The teachings of Roth-Chang and Ericksen are considered to be combinable because Roth already concerns TLS (e.g., Col. 4, Ll. 20-25 of Roth). 
Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Roth to further include support for external virtual machines because obvious because design incentives or market forces provided a reason to make an adaptation, and the invention resulted from application of the prior knowledge in a predictable manner (in this case, integration with external cloud systems—or just external virtual machines; for increased compatibility with more systems). It further would have been obvious to one of ordinary skill in the art to implement an encrypted certificate for at least the purpose of increasing security by preventing plaintext access to setup information for secure communications. 

Regarding claim 2, Roth-Chang-Ericksen discloses: The method of claim 1, wherein the certificate input information includes: the identification of the second VCE; an identification of a second communication portal that is assigned to the second VCE; and the identification of the first communication portal.
Refer to at least [0039], [0041], [0043]-[0046], and [0048] of Chang with respect to establishing directly connected tunnels between 2 different virtual machines each securely connected to the hypervisor. Network address information and security information is mutually exchanged and verified. 
Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Roth to further include support for directly connected tunnels between virtual machines (e.g., 2 different guest operating systems or a guest operating system and an external virtual machine) for at least the reasons described in [0035] of Chang (i.e., improved efficiency by removing a potential bottleneck).

Regarding claim 3, it is rejected for substantially the same reasons as claim 2 above (i.e., establishing a DCT).

Regarding claim 4, Roth-Chang-Ericksen discloses: The method of claim 1, wherein comparing information included in the certificate includes decrypting the information included in the certificate using the encryption key.
Refer to at least Col. 8, Ll. 25-30 of Roth with respect to a public/private key pair associated with a certificate.
Refer to at least Col. 3, Ll. 19-29 of Roth with respect to verifying messages using the private key. 

Regarding claim 5, Roth-Chang-Ericksen discloses: The method of claim 1, wherein the encryption key is a symmetric encryption key.
Refer to at least [0043] of Chang with respect to various encryption algorithms which may be used, including symmetric encryption keys. 
The claim would have been obvious because the substitution of one known element for another would have yielded predictable results to one of ordinary skill in the art at the time (i.e., substitution according to at least [0043] of Chang—any one of a plurality of algorithms may be used interchangeably).

Regarding claim 6, Roth-Chang-Ericksen discloses: The method of claim 1, wherein: the first VCE is associated with a first virtual machine; the second VCE (either of the VMs in Chang) is associated with a second virtual machine; and the method is performed by a hypervisor that hosts the first and second virtual machines.
Refer to at least Col. 2, Ll. 53-67 of Roth with respect to the hypervisor.
This claim would have been obvious for substantially the same reasons as claim 1 above.

Regarding claim 7, it is rejected for substantially the same reasons as claim 1 above (i.e., the citations to Chang where 2 VMs are discussed).

Regarding claim 8, it is rejected for substantially the same reasons as claim 1 above (i.e., any subsequent communications after establishment).

Regarding independent claim 9, it is substantially similar to independent claim 1 above, and is therefore likewise rejected for substantially the same reasons (i.e., the citations and obviousness rationale).

Regarding claims 10-14, they are substantially similar to claims 2-6 above, and are therefore likewise rejected.

Regarding independent claim 15, it is substantially similar to independent claim 1 above, and is therefore likewise rejected for substantially the same reasons (i.e., the citations and obviousness rationale).

Regarding claims 16-20, they are substantially similar to claims 2-6 above, and are therefore likewise rejected.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.


Any inquiry concerning this communication or earlier communications from the examiner should be directed to VADIM SAVENKOV whose telephone number is (571)270-5751. The examiner can normally be reached 12PM-8PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey L Nickerson can be reached on (469) 295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/Jeffrey Nickerson/Supervisory Patent Examiner, Art Unit 2432                                                                                                                                                                                                        




/V.S/Examiner, Art Unit 2432