Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
Introduction
This office action is in response to Applicant’s communication filed via Pre-Appeal Conference Request on 06/10/2022. Claims 20-40 have been examined.

Information Disclosure Statement
The information disclosure statements (IDS) submitted on 5/23/2022 and 07/25/2022 have been considered by the examiner.

Response to Arguments
Applicant’s arguments on 35 U.S.C 103:
Applicant’s arguments, see pages 1-5, filed via Pre-Appeal Conference Request on 06/10/2022, with respect to the rejection(s) of claims 20-40 have been fully considered and are persuasive. Therefore, the rejection has been withdrawn. However, upon further consideration, a new ground(s) of rejection is made in view of Zheng et al. Publication No. US 2009/0158432 A1 and Seshadri Patent No. US 8,484,739 B1.

Claim Rejections - 35 USC § 112

The following is a quotation of 35 U.S.C. 112(b):

(b)  CONCLUSION.— The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.



Claims 21 and 25 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention. 
Regarding claim 21 and 25, each claim recites the limitation “the data compute node”. There is insufficient antecedent basis for this limitation in the claim.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 20 and 25 are rejected under 35 U.S.C. 103 as being unpatentable over Zheng et al. Publication No. US 2009/0158432 A1 (Zheng hereinafter) in view of Seshadri Patent No. US 8,484,739 B1 (Seshadri hereinafter).

Regarding claim 20,
Zheng teaches a method of controlling network access on a host computer (Fig. 6 – host 504) on which a machine executes (Fig. 6 – one or more guest virtual machines (VMs) 502a-c), the method comprising: 
at a service engine executing on the host computer separately from the machine (Fig. 6 – Scanner VM 602 is on the host 504 and separately from the VMs 502a-c):
receiving, through a guest introspection (GI) agent installed on the machine, captured contextual data […] identifying a resource that the machine is attempting to access through a network (Para 0037, 0040 - driver portion 506a-c of the guest VMs may be configured to intercept file access requests that originate from a source 516a-c within the corresponding one of guest VMs 502a-c. When such a file access request is intercepted, driver portion 506a-c causes information regarding the requested file to be sent to and received by the scanning portion 508 of the Scanner VM 602. Information regarding the requested file includes the contents and location of the requested file). 
using the captured data […] to identify a policy applicable to the attempted network access (Para 0039, 0040 – based on the received contents and location information of the requested file from the driver portion 506a-c, the scanner VM 602 is configured to determine and identify one or more virus signatures in database 512 that are mapping to the received information). 
based on the identified policy, directing the GI agent to allow or reject the network access (Para 0038 – Based on determining that the requested file is mapping to the identified virus signature, i.e. the file is infected, the scanner VM 602 reports back that the file is infected, driver portion 506a-c may block the file access request). 
While Zheng teaches that the captured contextual data includes an application program executing in the corresponding guest VM 502a-c (Zheng, Para. 0037), Zheng does not explicitly disclose
captured contextual data that includes a uniform resource identifier identifying a resource that the machine is attempting to access through a network. 
using the uniform resource identifier to identify a policy applicable to the attempted network access.
Seshadri teaches:
captured contextual data that includes a uniform resource identifier identifying a resource that the machine is attempting to access through a network; using the uniform resource identifier to identify a policy applicable to the attempted network access (Col. 5 lines 5-34 - an agent on the secure portion 100 may monitor network requests of guest OS 108 from outside of guest OS 108 by monitoring network communications in the network stack outside of guest OS 108. For example, the agent on the secure portion 110 may detect a URL requested by guest OS 108, which may be associated with the downloading of an executable file; and Col. 7, lines 50-60 -  Based on the URL information from request, the secure portion 100 may determine and identify a particular policy from data store such as a particular reputation data which associated to the requested URL in order to determine whether the requested URL is allowed or denied). 
Zheng and Seshadri are analogous art because they are from a similar field of endeavor in the access request monitoring techniques. Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Zheng to include the teachings of Seshadri. The motivation for doing so is to determine a particular page or resource's relevance to a network requests.

Regarding claim 25, the method of claim 20,
Zheng teaches wherein
the data computer node is a guest virtual machine; and the service engine is a service virtual machine executing on the host computer ((Para 0045 and Fig. 6 – a scanner VM 602 is separated from VMs 502a-c, wherein all the scanner VM 602 and the VMs 502a-c are executing on the host computer 504). 

- 29 -DOCS 123144-014UT1/2670836.1
Claims 21-23 are rejected under 35 U.S.C. 103 as being unpatentable over Zheng and Seshadri, and further in view of Kindlund et al. Patent No. US 9,565,202 B1 (Kindlund hereinafter).

Regarding claim 21, the method of claim 20,
Zheng does not explicitly disclose
wherein the GI agent is a network introspection agent that captures data through a set of filters that is defined in a network stack of the data compute node. 
Kindlund teaches:
wherein the GI agent is a network introspection agent that captures data through a set of filters that is defined in a network stack of the data compute node (col 5 lines 40-45 – packet capturer 202 may be implemented to filter and capture data in any one or more layer filters of a library network stack, such as filtering and capturing data at an application layer of the library network stack, filtering and capturing data at a transport control protocol (TCP) layer of the library network stack, filtering and capturing data at an Internet protocol (IP) layer of the library network stack, and/or filtering and capturing data at a media access control (MAC) layer of the library network stack, etc.).
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Zheng to include the teachings of Kindlund. The motivation for doing so is to determine that the captured data is implemented in a network stack.

Regarding claim 22, the method of claim 21,
Zheng does not explicitly disclose
wherein the set of filters include a transport layer library filter. 
Kindlund teaches:
wherein the set of filters include a transport layer library filter (col 5 lines 40-45 – packet capturer 202 may be implemented to filter and capture data in any one or more layer filters of a library network stack, such as filtering and capturing data at a transport control protocol (TCP) layer of the library network stack). 
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Zheng to include the teachings of Kindlund. The motivation for doing so is to determine that the captured data is implemented in a network stack.

Regarding claim 23, the method of claim 21,
Zheng does not explicitly disclose
wherein the set of filters incudes a filter that is defined in a library that handles communication protocol operations higher than layer 4. 
Kindlund teaches:
wherein the set of filters incudes a filter that is defined in a library that handles communication protocol operations higher than layer 4 (col 5 lines 40-45 – packet capturer 202 may be implemented to filter and capture data in any one or more layer filters of a library network stack, such as filtering and capturing data at an application layer (higher than layer 4) of the library network stack). 
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Zheng to include the teachings of Kindlund. The motivation for doing so is to determine that the captured data is implemented in a network stack.

Claim 24 is rejected under 35 U.S.C. 103 as being unpatentable over Zheng and Seshadri, Kindlund and further in view of Roth et al. Publication No. US 2013/0085880 A1 (Roth hereinafter).

Regarding claim 24, the method of claim 21,
Zheng does not explicitly disclose
wherein the set of filters capture the data before the data is encrypted, wherein the capturing of the unencrypted data allows the captured data to be used to examine network access policies without decrypting the data. 
Kindlund teaches:
wherein the set of filters capture the data (col 5 lines 40-45 – packet capturer 202 may be implemented to filter and capture data in any one or more layer filters of a library network stack, such as filtering and capturing data at an application layer of the library network stack, filtering and capturing data at a transport control protocol (TCP) layer of the library network stack, filtering and capturing data at an Internet protocol (IP) layer of the library network stack, and/or filtering and capturing data at a media access control (MAC) layer of the library network stack, etc.) wherein the capturing of the […] data allows the captured data to be used to examine network access policies (col 7 lines 30-35 – dynamically performs a packet inspection on the captured outbound network traffic to determine whether the outbound network traffic satisfies a set of one or more rules).
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Zheng to include the teachings of Kindlund. The motivation for doing so is to determine that the captured data is implemented in a network stack.
Roth teaches:
capturing the data before the data is encrypted, wherein the capturing of the unencrypted data allows the captured data to be used to examine without decrypting the data (para 0012 – when Hypervisor 102 receives an outgoing message from a guest operating system, the message is captured by the hypervisor. The hypervisor uses captured state information associated with the guest operating system and destination computing device to process and prepare secure message before the message is encrypted and sent to the destination; and [para 0034] the message also is captured and encrypted by a security component 730 inside Guest System C). 
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Zheng and Kindlund to include the teachings of Roth. The motivation for doing so is to allow information in messages to/from Guest Operating systems of a host to be examined prior to being encrypted without “cracked” and “re-encrypted” the messages in order to improve security.

Claims 26-29 are rejected under 35 U.S.C. 103 as being unpatentable over Zheng and Seshadri, and further in view of Nicodemus et al. Publication No. US 2007/0143851 A1 (Nicodemus hereinafter).

Regarding claim 26, the method of claim 20,
Zheng does not explicitly disclose
wherein the uniform resource identifier identifies a website that is intended for access, the method further comprising evaluating the identified policy to determine whether the machine is allowed to access the website.
However, Nicodemus teaches:
wherein the uniform resource identifier identifies a website that is intended for access (Para 0097 – condition information are monitored by agents 102E, wherein the agents collecting and transmitting information to agent managers 102D for aggregation by agent monitor 102F; and Para 0214-0215 – the collected information includes web sites information such as identified URLs being accessed), the method further comprising evaluating the identified policy to determine whether the machine is allowed to access the website (Para 0656 – The policy data store 106B contains a plurality of policies that associated to collected condition information. When the analysis engine 106C receives condition state information 104F from the agent monitors, the analysis engine 106C makes one or more queries to the policy data store 106B for each endpoint condition to determines and retrieves a particular policy associated with the collected condition information; and Para 0556, 0559-0560 – Web browsers policies include at least a policy which permits/prohibits website to be accessed). 
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Zheng to include the teachings of Nicodemus. The motivation for doing so is to identify a particular website that is blocked for network access.

Regarding claim 27, the method of claim 26,
Zheng does not explicitly disclose
wherein evaluating the identified policy comprises evaluating the identified policy to determine whether the website is accessible by an application that executes on the machine and that is attempting the network access.
However, Nicodemus teaches:
wherein evaluating the identified policy comprises evaluating the identified policy to determine whether the website is accessible by an application that executes on the machine and that is attempting the network access (Para 0647 – The analysis engine analytical model compares the collected condition information to policies regarding those conditions and makes action decisions resulting from those conditions and policies. Analysis engine 106C subsequently initiates actions to permit, deny or control access to local and/or remote computing resources based on policies that identified permitted and/or denied; Para 0097 - associated with host system 102 are a variety of resources, indicated at 102G, including, for example: user data, user applications and other resources; and Para 0548, 0559-0560 – Application-Specific Policies include at least a policy that permits a web site which is related to a particular application to be accessed).
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Zheng to include the teachings of Nicodemus. The motivation for doing so is to identify a particular user that is blocked for network access.

Regarding claim 28, the method of claim 26,
Zheng does not explicitly disclose
wherein evaluating the identified policy comprises evaluating the identified policy to determine whether the website is accessible by a user that is using the machine while the network access is being attempted. 
However, Nicodemus teaches:
wherein evaluating the identified policy comprises evaluating the identified policy to determine whether the website is accessible by a user that is using the machine while the network access is being attempted (Para 0647 – The analysis engine analytical model compares the collected condition information to policies regarding those conditions and makes action decisions resulting from those conditions and policies. Analysis engine 106C subsequently initiates actions to permit, deny or control access to local and/or remote computing resources based on policies that identified permitted and/or denied; Para 0097 - associated with host system 102 are a variety of resources, indicated at 102G, including, for example: user data, user applications and other resources; and Para 0015 – Network Access Policies include at least a policy that permits network addresses allowed to be accessed by the user).
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Zheng to include the teachings of Nicodemus. The motivation for doing so is to identify a particular user that is blocked for network access.

Regarding claim 29, the method of claim 26,
Zheng does not explicitly disclose
wherein the website access is for accessing a file, and evaluating the identified policy determines comprises evaluating the identified policy to determine whether the file is available for the network access. 
However, Nicodemus teaches:
wherein the website access is for accessing a file (Para 0097 – condition information are monitored by agents 102E, wherein the agents collecting and transmitting information to agent managers 102D for aggregation by agent monitor 102F; and Para 0178-0185 – the collected information includes accessed file information such as read/write or created/deleted the file information), and evaluating the identified policy determines comprises evaluating the identified policy to determine whether the file is available for the network access (Para 0647 – The analysis engine analytical model compares the collected condition information to policies regarding those conditions and makes action decisions resulting from those conditions and policies. Analysis engine 106C subsequently initiates actions to permit, deny or control access to local and/or remote computing resources based on policies that identified permitted and/or denied; and Para 0036 – one or more policy-defined corrective actions, e.g. block access to a particular file). 
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Zheng to include the teachings of Nicodemus. The motivation for doing so is to identify a particular user that is blocked for network access.


Claims 30-31 and 36 are rejected under 35 U.S.C. 103 as being unpatentable over Zheng et al. Publication No. US 2009/0158432 A1 (Zheng hereinafter) in view of Seshadri Patent No. US 8,484,739 B1 (Seshadri hereinafter) and Black Publication No. US 2014/0181889 A1 (Black hereinafter).

Regarding claim 30, the method of claim 20,
Zheng does not explicitly disclose
identifying a category associated with the uniform resource identifier.
evaluating the identified policy to determine whether the identified category is one category of resources that the machine has a right to access.
However, Black teaches:
identifying a category associated with the uniform resource identifier; evaluating the identified policy to determine whether the identified category is one category of resources that the machine has a right to access (Para 0058 - Upon receiving the resource request 111, the resource manager 110 searches the URL category database for the URL to identify one or more categories assigned to the URL; and Para 0064 - the policy application module 340 may compare the URL category determined by the URL categorization module 330 against one or more allowed categories determined by a policy determined by the policy determination module 335. If the URL category is allowed by the determined policy, then access to the URL may be allowed by the resource manager 110. Conversely, if the policy indicates access to URL's in that category are not authorized, the requesting computer may be blocked from accessing content identified by the URL). 
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Zheng to include the teachings of Black. The motivation for doing so is to reduce a vast number of websites into a limited number of categories, which helps security monitoring user activity.

Regarding claim 31,
Zheng teaches a non-transitory machine readable medium for storing a service engine to control network access on a host computer on which a machine executes (Fig. 6 – one or more guest virtual machines (VMs) 502a-c), the service engine to execute on the host computer (Fig. 6 – Scanner VM 602 is on the host 504 and separately from the VMs 502a-c), the service engine comprising sets of instructions for: 
receiving, through a guest introspection (GI) agent installed on the machine, captured contextual data […] identifying a resource that the machine is attempting to access through a network (Para 0037, 0040 - driver portion 506a-c of the guest VMs may be configured to intercept file access requests that originate from a source 516a-c within the corresponding one of guest VMs 502a-c. When such a file access request is intercepted, driver portion 506a-c causes information regarding the requested file to be sent to and received by the scanning portion 508 of the Scanner VM 602. Information regarding the requested file includes the contents and location of the requested file). 
based on a categorization of the resource identified by the uniform resource identifier identifying a policy applicable to the attempted network access (Para 0037, 0040 - driver portion 506a-c of the guest VMs may be configured to intercept file access requests that originate from a source 516a-c within the corresponding one of guest VMs 502a-c. When such a file access request is intercepted, driver portion 506a-c causes information regarding the requested file to be sent to and received by the scanning portion 508 of the Scanner VM 602. Information regarding the requested file includes the contents and location of the requested file). 
when the identified policy allows the network access, directing the GI agent to allow the network access; and when the identified policy does not allow the network access, directing the GI agent to reject the network access (Para 0038 – Based on determining that the requested file is mapping to the identified virus signature, i.e. the file is infected, the scanner VM 602 reports back that the file is infected, driver portion 506a-c may block the file access request. If scanning portion 508 reports back that the file is clean, i.e., devoid of malicious software, then the driver portion 506a-c allows the file access request to proceed). 
While Zheng teaches that the captured contextual data includes an application program executing in the corresponding guest VM 502a-c (Zheng, Para. 0037), Zheng does not explicitly disclose
captured contextual data that includes a uniform resource identifier identifying a resource that the machine is attempting to access through a network. 
based on a categorization of the resource identified by the uniform resource identifier identifying a policy applicable to the attempted network access. 
Seshadri teaches:
captured contextual data that includes a uniform resource identifier identifying a resource that the machine is attempting to access through a network (Col. 5 lines 5-34 - an agent on the secure portion 100 may monitor network requests of guest OS 108 from outside of guest OS 108 by monitoring network communications in the network stack outside of guest OS 108. For example, the agent on the secure portion 110 may detect a URL requested by guest OS 108, which may be associated with the downloading of an executable file. Based on the URL information from request, the secure portion 100 may determine and identify a particular reputation score for the requested URL in order to determine whether the requested URL is allowed or denied). 
Zheng and Seshadri are analogous art because they are from a similar field of endeavor in the access request monitoring techniques. Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Zheng to include the teachings of Seshadri. The motivation for doing so is to determine a particular page or resource's relevance to a network requests.
Black teaches:
based on a categorization of the resource identified by the uniform resource identifier identifying a policy applicable to the attempted network access (Para 0058 - Upon receiving the resource request 111, the resource manager 110 searches the URL category database for the URL to identify one or more categories assigned to the URL; and Para 0064 - the policy application module 340 may compare the URL category determined by the URL categorization module 330 against one or more allowed categories determined by a policy determined by the policy determination module 335. If the URL category is allowed by the determined policy, then access to the URL may be allowed by the resource manager 110. Conversely, if the policy indicates access to URL's in that category are not authorized, the requesting computer may be blocked from accessing content identified by the URL). 
Zheng and Black are analogous art because they are from a similar field of endeavor in the access request monitoring techniques. Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Zheng to include the teachings of Black. The motivation for doing so is to reduce a vast number of websites into a limited number of categories, which helps security monitoring user activity.


Regarding claim 36, the non-transitory computer-readable medium of claim 31,
Zheng teaches wherein
the data computer node is a guest virtual machine; and the service engine is a service virtual machine executing on the host computer ((Para 0045 and Fig. 6 – a scanner VM 602 is separated from VMs 502a-c, wherein all the scanner VM 602 and the VMs 502a-c are executing on the host computer 504). 


Claims 32-34 are rejected under 35 U.S.C. 103 as being unpatentable over Zheng, Seshadri and Black, and further in view of Kindlund et al. Patent No. US 9,565,202 B1 (Kindlund hereinafter).

Regarding claim 32, the non-transitory computer-readable medium of claim 31,
Zheng does not explicitly disclose
wherein the GI agent is a network introspection agent that captures data through a set of filters that is defined in a network stack of the data compute node. 
Kindlund teaches:
wherein the GI agent is a network introspection agent that captures data through a set of filters that is defined in a network stack of the data compute node (col 5 lines 40-45 – packet capturer 202 may be implemented to filter and capture data in any one or more layer filters of a library network stack, such as filtering and capturing data at an application layer of the library network stack, filtering and capturing data at a transport control protocol (TCP) layer of the library network stack, filtering and capturing data at an Internet protocol (IP) layer of the library network stack, and/or filtering and capturing data at a media access control (MAC) layer of the library network stack, etc.).
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Zheng to include the teachings of Kindlund. The motivation for doing so is to determine that the captured data is implemented in a network stack.

Regarding claim 33, the non-transitory computer-readable medium of claim 32,
Zheng does not explicitly disclose
wherein the set of filters include a transport layer library filter. 
Kindlund teaches:
wherein the set of filters include a transport layer library filter (col 5 lines 40-45 – packet capturer 202 may be implemented to filter and capture data in any one or more layer filters of a library network stack, such as filtering and capturing data at a transport control protocol (TCP) layer of the library network stack). 
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Zheng to include the teachings of Kindlund. The motivation for doing so is to determine that the captured data is implemented in a network stack.

Regarding claim 34, the non-transitory computer-readable medium of claim 32,
Zheng does not explicitly disclose
wherein the set of filters incudes a filter that is defined in a library that handles communication protocol operations higher than layer 4. 
However, Kindlund teaches:
wherein the set of filters incudes a filter that is defined in a library that handles communication protocol operations higher than layer 4 (col 5 lines 40-45 – packet capturer 202 may be implemented to filter and capture data in any one or more layer filters of a library network stack, such as filtering and capturing data at an application layer (higher than layer 4) of the library network stack). 
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Zheng to include the teachings of Kindlund. The motivation for doing so is to determine that the captured data is implemented in a network stack.

Claim 35 is rejected under 35 U.S.C. 103 as being unpatentable over Zheng, Seshadri and Black, Kindlund and further in view of Roth et al. Publication No. US 2013/0085880 A1 (Roth hereinafter).

Regarding claim 35, the non-transitory computer-readable medium of claim 32,
Zheng does not explicitly disclose
wherein the set of filters capture the data before the data is encrypted, wherein the capturing of the unencrypted data allows the captured data to be used to examine network access policies without decrypting the data. 
However, Kindlund teaches:
wherein the set of filters capture the data (col 5 lines 40-45 – packet capturer 202 may be implemented to filter and capture data in any one or more layer filters of a library network stack, such as filtering and capturing data at an application layer of the library network stack, filtering and capturing data at a transport control protocol (TCP) layer of the library network stack, filtering and capturing data at an Internet protocol (IP) layer of the library network stack, and/or filtering and capturing data at a media access control (MAC) layer of the library network stack, etc.) wherein the capturing of the […] data allows the captured data to be used to examine network access policies (col 7 lines 30-35 – dynamically performs a packet inspection on the captured outbound network traffic to determine whether the outbound network traffic satisfies a set of one or more rules).
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Zheng to include the teachings of Kindlund. The motivation for doing so is to determine that the captured data is implemented in a network stack.
Roth teaches:
capturing the data before the data is encrypted, wherein the capturing of the unencrypted data allows the captured data to be used to examine without decrypting the data (para 0012 – when Hypervisor 102 receives an outgoing message from a guest operating system, the message is captured by the hypervisor. The hypervisor uses captured state information associated with the guest operating system and destination computing device to process and prepare secure message before the message is encrypted and sent to the destination; and [para 0034] the message also is captured and encrypted by a security component 730 inside Guest System C). 
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Zheng and Kindlund to include the teachings of Roth. The motivation for doing so is to allow information in messages to/from Guest Operating systems of a host to be examined prior to being encrypted without “cracked” and “re-encrypted” the messages.

Claims 37-40 are rejected under 35 U.S.C. 103 as being unpatentable over Zheng, Seshadri and Black, and further in view of Nicodemus et al. Publication No. US 2007/0143851 A1 (Nicodemus hereinafter).

Regarding claim 37, the non-transitory computer-readable medium of claim 31,
Zheng does not explicitly disclose
wherein the uniform resource identifier identifies a website that is intended for access, the service engine further comprising a set of instruction for evaluating the identified policy to determine whether the machine is allowed to access the website.
However, Nicodemus teaches:
wherein the uniform resource identifier identifies a website that is intended for access (Para 0097 – condition information are monitored by agents 102E, wherein the agents collecting and transmitting information to agent managers 102D for aggregation by agent monitor 102F; and Para 0214-0215 – the collected information includes web sites information such as identified URLs being accessed), the service engine further comprising a set of instruction for evaluating the identified policy to determine whether the machine is allowed to access the website (Para 0656 – The policy data store 106B contains a plurality of policies that associated to collected condition information. When the analysis engine 106C receives condition state information 104F from the agent monitors, the analysis engine 106C makes one or more queries to the policy data store 106B for each endpoint condition to determines and retrieves a particular policy associated with the collected condition information; and Para 0556, 0559-0560 – Web browsers policies include at least a policy which permits/prohibits website to be accessed). 
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Zheng to include the teachings of Nicodemus. The motivation for doing so is to identify a particular website that is blocked for network access.

Regarding claim 38, the non-transitory computer-readable medium of claim 37,
Zheng does not explicitly disclose
wherein the set of instructions for evaluating the identified policy comprises a set of instructions for evaluating the identified policy to determine whether the website is accessible by an application that executes on the machine and that is attempting the network access.
However, Nicodemus teaches:
wherein the set of instructions for evaluating the identified policy comprises a set of instructions for evaluating the identified policy to determine whether the website is accessible by an application that executes on the machine and that is attempting the network access (Para 0647 – The analysis engine analytical model compares the collected condition information to policies regarding those conditions and makes action decisions resulting from those conditions and policies. Analysis engine 106C subsequently initiates actions to permit, deny or control access to local and/or remote computing resources based on policies that identified permitted and/or denied; Para 0097 - associated with host system 102 are a variety of resources, indicated at 102G, including, for example: user data, user applications and other resources; and Para 0548, 0559-0560 – Application-Specific Policies include at least a policy that permits a web site which is related to a particular application to be accessed).
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Zheng to include the teachings of Nicodemus. The motivation for doing so is to identify a particular user that is blocked for network access.

Regarding claim 39, the non-transitory computer-readable medium of claim 37,
Zheng does not explicitly disclose
wherein the set of instructions for evaluating the identified policy comprises a set of instructions for evaluating the identified policy to determine whether the website is accessible by a user that is using the machine while the network access is being attempted. 
However, Nicodemus teaches:
wherein the set of instructions for evaluating the identified policy comprises a set of instructions for evaluating the identified policy to determine whether the website is accessible by a user that is using the machine while the network access is being attempted (Para 0647 – The analysis engine analytical model compares the collected condition information to policies regarding those conditions and makes action decisions resulting from those conditions and policies. Analysis engine 106C subsequently initiates actions to permit, deny or control access to local and/or remote computing resources based on policies that identified permitted and/or denied; Para 0097 - associated with host system 102 are a variety of resources, indicated at 102G, including, for example: user data, user applications and other resources; and Para 0015 – Network Access Policies include at least a policy that permits network addresses allowed to be accessed by the user). 
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Zheng to include the teachings of Nicodemus. The motivation for doing so is to identify a particular user that is blocked for network access.

Regarding claim 40, the non-transitory computer-readable medium of claim 37,
Zheng does not explicitly disclose
wherein the website access is for accessing a file, and evaluating the identified policy comprises evaluating the identified policy to determine whether the file is available for the network access. 
However, Nicodemus teaches:
wherein the website access is for accessing a file (Para 0097 – condition information are monitored by agents 102E, wherein the agents collecting and transmitting information to agent managers 102D for aggregation by agent monitor 102F; and Para 0178-0185 – the collected information includes accessed file information such as read/write or created/deleted the file information), and evaluating the identified policy determines comprises evaluating the identified policy to determine whether the file is available for the network access (Para 0647 – The analysis engine analytical model compares the collected condition information to policies regarding those conditions and makes action decisions resulting from those conditions and policies. Analysis engine 106C subsequently initiates actions to permit, deny or control access to local and/or remote computing resources based on policies that identified permitted and/or denied; and Para 0036 – one or more policy-defined corrective actions, e.g. block access to a particular file). 
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Zheng to include the teachings of Nicodemus. The motivation for doing so is to identify a particular user that is blocked for network access.

- 29 -DOCS 123144-014UT1/2670836.1
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DA T. TON whose telephone number is (571)272-9956. The examiner can normally be reached Mon-Fri (9am-5pm).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Oscar A. Louie can be reached on 571-270-1684. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/DA T TON/Acting Patent Examiner of Art Unit 2445                                                                                                                                                                                                        

/YOUNES NAJI/Primary Examiner, Art Unit 2445