DETAILED ACTION
This action is responsive to the pending claims, 1-16, received 10 August 2021. Accordingly, the detailed action of claims 1-16 is as follows:

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.



Claim(s) 1-2, 10-13, 15-16 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Amoudi et al (US 20210014198 A1, hereafter referred to as Amoudi).

Regarding claim 1, Amoudi teaches a computing platform, comprising: 
a controller (Amoudi [0060] discloses an OPES controller); and a first virtual private cloud network communicatively coupled to the controller (Amoudi [0060] discloses a OPES controller connected to a private network [0030] owned by an private organization or company), the first virtual private cloud network includes at least a first gateway including egress filtering logic (Amoudi [0049, 0073, 0079] discloses the OPES customizes and maintains filtering methodologies) configured to (i) filter messages routed from the first gateway in accordance with a first set of filtering rules maintained by the first gateway (Amoudi [0079, 0084-0085] discloses policy parameters to filter incoming or outgoing traffic) and (ii) bypass the filtering of messages directed to or originating from one or more subnetworks in accordance with the first set of filtering rules (Amoudi [0080, 0012, 0038, 0049] teaches accepting traffic based on a filtering policy [0049] wherein the filtering policy specifies whitelisted or blacklisted domains [0087] and source IP addresses [0048-0049]).  

Regarding claim 2, Amoudi teaches the limitations of claim 1, as rejected above.
Additionally, Amoudi teaches the computing platform wherein the one or more subnetworks comprise a first subnetwork (Amoudi [0030] teaches two or more computer clouds as well as a computer network belonging to a private organization or company [0034]) including one or more cloud software instances (Amoudi [0095] discloses computing resources in the computer network, wherein computing resources include computer programs, applications, APIs or other software and firmware).  

Regarding claim 10, Amoudi teaches 
a non-transitory storage medium configured to store at least a first gateway (Amoudi [0039-0040]) that provides communicative coupling between a source and a destination over one or more private cloud networks (Amoudi [0039-0040] discloses the gateway facilities communication between the CBES system and OPES system wherein the CBES is owned or operated by a provider and the computer network belongs to a private origination or company creating a hybrid cloud solution [0030]) , the gateway comprising: 
a first set of filtering rules included as part of a data store (Amoudi [0089] discloses log data used to modify or update filter policy data for the controllers [0073]. Additionally, [0075] discloses gathering data to update policies wherein the policy file includes policy parameters that define the handling of incoming and outgoing traffic); and 2740/101969-0041P 
16738627.1 a08/09/21-18-egress filtering logic (Amoudi [0049, 0073, 0079] discloses the OPES customizes and maintains filtering methodologies) configured to (i) filter a message transmitted from the first gateway in accordance with the first set of filtering rules maintained in the data store (Amoudi [0079, 0084-0085] discloses policy parameters to filter incoming or outgoing traffic) and (ii) bypass filtering of messages directed to or originating from a selected subnetwork in accordance with the first set of filtering rules (Amoudi [0080, 0012, 0038, 0049] teaches accepting traffic based on a filtering policy [0049] wherein the filtering policy specifies whitelisted or blacklisted domains [0087] and source IP addresses [0048-0049]).  

Regarding claim 11, Amoudi teaches the limitations of claim 10, as rejected above.
Additionally, Amoudi teaches the non-transitory storage medium wherein the selected subnetwork corresponds to a first subnetwork (Amoudi [0030] teaches two or more computer clouds as well as a computer network belonging to a private organization or company [0034]) including one or more cloud software instances (Amoudi [0095] discloses computing resources in the computer network, wherein computing resources include computer programs, applications, APIs or other software and firmware).  

Regarding claim 12, Amoudi teaches the limitations of claim 10, as rejected above.
Additionally, Amoudi teaches the non-transitory storage medium wherein the egress filtering logic is further configured to determine whether the message is directed to or originated from the first subnetwork (Amoudi [0073, 0079] discloses the policy includes a variety of parameters for handling incoming and outgoing traffic, which differ), and upon determining that the message is directed to or originated from the first subnetwork, bypassing the filtering of the message (Amoudi [0087-0088] discloses permitting a message to pass [0080] based on receipt from a whitelisted domain[0087]).  

Regarding claim 13, Amoudi teaches the limitations of claim 10, as rejected above.
Additionally, Amoudi teaches the non-transitory storage medium wherein the gateway is software (Amoudi [0035] discloses the OPES system includes software that provides analysis) communicatively coupled to a controller configured with access to modify the first set of filtering rules being used by the egress filtering logic (Amoudi [0075] teaches a gateway controller and controller [0089] that gathers data, correlates the data and updates traffic security policies).  

Regarding claim 15, Amoudi teaches a computerized method for filtering network traffic within a multi-cloud network, comprising: 
determining whether an incoming message is sourced by a software instance located within a first subnetwork (Amoudi [0083-0084] teaches determining whether an incoming message is received from a particular node associated with a specific system. Additionally, [0087] teaches determining whether the message is associated with a whitelisted or blacklisted domain such that the sender or source address is checked [0084]), responsive to determining that the incoming message is sourced by a software instance outside of the first subnetwork, filtering the incoming message routed from a first gateway in accordance with a first set of filtering rules maintained by the first gateway (Amoudi [0084] discloses rejecting traffic based on a determination the traffic is not from a particular domain); and 2740/101969-0041P 16738627.1 a08/09/21-19-responsive to determining that the incoming message is sourced by the software instance located within the first subnetwork, bypassing the filtering of the incoming message (Amoudi [0080, 0012, 0038, 0049] teaches accepting traffic based on a filtering policy [0049] wherein the filtering policy specifies whitelisted or blacklisted domains [0087] and source IP addresses [0048-0049]).  

Regarding claim 16, Amoudi teaches the limitations of claim 15, as rejected above.
Additionally, Amoudi teaches the computerized method wherein the software instance comprises a cloud software instance (Amoudi [0048] teaches computing resources in the CBES system, wherein computing resources include computer programs, applications, APIs or other software and firmware [0095]).

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

Claim 3-6 rejected under 35 U.S.C. 103 as being unpatentable over Amoudi et al (US 20210014198 A1, hereafter referred to as Amoudi) in view of Vincent (GB 2551792 A, hereafter referred to as Vincent).

Regarding claim 3, Amoudi teaches the limitations of claim 1, as rejected above.
Additionally, Amoudi teaches the computing platform further comprising: a second gateway (Amoudi [0037] discloses a plurality of security gateway) including egress filtering logic configured to (i) filter messages routed from the second gateway in accordance with a second set of filtering rules maintained by the second gateway (Amoudi [0079, 0084-0085] discloses policy parameters to filter incoming or outgoing traffic) and (ii) bypass the filtering of messages directed to or originating from one or more selected subnetworks in accordance with the second set of filtering rules (Amoudi [0080, 0012, 0038, 0049] teaches accepting traffic based on a filtering policy [0049] wherein the filtering policy specifies whitelisted or blacklisted domains [0087] and source IP addresses [0048-0049]).  
However, Amoudi does not explicitly teach a second virtual private cloud network communicatively coupled to the controller, the second virtual private cloud network includes at least the second gateway.
Vincent, in an analogous art, teaches a second virtual private cloud network communicatively coupled to the controller (Vincent [00106] teaches a second virtual private cloud including one or more load balancing gateways [00108] in communication with a controller [00108]),, the second virtual private cloud network includes at least the second gateway (Vincent [Fig 4-430 and 00106] teaches a second virtual private cloud including one or more load balancing gateways (Vincent [Fig 4-435 and 00108]) in communication with a controller [00108]).
It would have been obvious for a person having ordinary skill in the art, before the effective filing date of the claimed invention, to modify Amoudi in view of Vincent in order to configure the second gateway including egress filtering logic, as taught by Amoudi, to be included in a second virtual private cloud network communicatively coupled to the controller, as taught by Vincent.
One of ordinary skill in the art would have been motivated in order to provide protection across virtual private clouds and to protect access from one virtual private cloud to another virtual private cloud (Vincent [0091]).

Regarding claim 4, Amoudi-Vincent teach the limitations of claim 3, as rejected above.
Additionally, Amoudi-Vincent teach the computing platform, wherein the first set of filtering rules being different than the second set of filtering rules (Amoudi [0045] discloses each security gateway performs different scans and analysis).  

Regarding claim 5, Amoudi-Vincent teach the limitations of claim 3, as rejected above.
Additionally, Amoudi-Vincent teach the computing platform, operating as a multi-cloud computing platform that comprises the first virtual private cloud network being deployed within a first public cloud network (Amoudi [0030] discloses a plurality of clouds, including public networks, wherein computer network comprises an enterprise system) and the second virtual private cloud network being deployed within a second public cloud network that is different (Vincent [Fig 4-430 and 00106] teaches a second (and third) virtual private cloud including one or more load balancing gateways (Vincent [Fig 4-435 and 00108]) wherein the plurality of virtual private clouds are distinct) from the first public cloud network (Amoudi [0030] discloses a plurality of clouds, including public networks, wherein computer network comprises an enterprise system).  

Regarding claim 6, Amoudi teaches the limitations of claim 1, as rejected above.
Additionally, Amoudi teaches the computing platform wherein the controller is configured with access to one or more routing data stores including the first set of filtering rules being used by the egress filtering logic (Amoudi [0089] discloses log data used to modify or update filter policy data for the controllers [0073]. Additionally, [0075] discloses gathering data to update policies [0049]).  

Allowable Subject Matter
Claim 7-9, 14 objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Glenn et al (US EP 3334129 A1);

Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHEAN TOKUTA whose telephone number is (571)272-5145. The examiner can normally be reached M-TH 630-430.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Brian Gillis can be reached on 5712727952. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

SHEAN TOKUTA
Primary Examiner
Art Unit 2446



/SHEAN TOKUTA/Primary Examiner, Art Unit 2446