DETAILED ACTION
This Office Action is in response to the application 17/060,196 filed on January 10th, 2020.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Claims 1-20 are pending and herein considered.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS), submitted on 10/01/2020, is in compliance with the provisions of 37 CRR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.

Priority
Acknowledgement is made of Applicant’s claim for foreign priority under 35 U.S.C. 119(a)-(d) to Application No. 2020-055399, the signed copy having been filed on March 26th, 2020.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows: 
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 18-19 are rejected under 35 U.S.C. 101 as being directed to non-statutory subject matter.
Regarding claim 11; claim 18 calls for a relay system; however, the body of the claim does not positively recite any hardware element. As recited in the body of the claim, the claimed system contains “a reservation apparatus” and “a relay apparatus.” The reservation apparatus and the relay apparatus can be construed by a software component. Because the elements of claim 18 are interpreted as merely software and the claim lacks any physical device or machine, the claim is directed to non-statutory subject matter. It is suggested that the claim be further amended to positively recite at least one hardware element within the body of the claim to make the claim statutory under 35 U.S.C. 101.
Regarding claim 19; claim 19 does not recite any hardware element to resolve the issue in the independent claim 18. Therefore, claim 19 is also non-statutory under 35 U.S.C. 101.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.

Claims 1-20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Spiers et al. (Spiers), U.S. Pub. Number 2012/0266231.
Regarding claim 1; Spiers discloses a relay apparatus comprising
a processor (par. 0031; fig. 1; a processor 103.) configured to receive reservation information that designates a server apparatus (par. 0088; a reservation R with unique authentication code U and specific networking settings including interne protocol (VIP) address I.), a terminal connected to the relay apparatus by a communication network (par. 0088; the secure/trusted boot server.), and a period in which the server apparatus and the relay apparatus are connected over a virtual private network (VPN) (par. 0059; the VPN may use a digital certificate, username/unique token and password to create a secure channel for the traffic.), and that reserves the period (par. 0093; a time threshold within which a Measured VM may be required to complete an attestation sequence and receive its bootloader.), and 
in response to a request, in the period designated by the received reservation information, from the terminal designated by the reservation information, for a connection over the VPN to the server apparatus designated by the reservation information (par. 0088; receive a request to download a bootloader from VIP address.), connect the server apparatus and the relay apparatus over the VPN and relay communication between the terminal and the server apparatus over the period (par. 0106; cloud orchestrator and/or Secure/Trusted boot server may confirm that code of an authentic not-tampered Measured VM BIOS function operates in an expected manner and may allow TLS connections with servers having a certificate issued by particular certificate authority (CA) as specified in configuration information of the virtualization platform.).
Regarding claim 2; Spiers discloses the relay apparatus according to Claim 1, wherein: the processor is configured to receive the reservation information designating code used for the VPN, and in response to a request for the connection from the terminal in the period using the code designated by the received reservation information, relay communication between the terminal and the server apparatus (par. 0100; a reservation R corresponding to information provided in the PXE boot request in an attempt to associate the PXE boot request with the original request to create the Measured VM sent by the cloud orchestrator.).
Regarding claim 3; Spiers discloses the relay apparatus according to Claim 2, wherein the code includes information indicating a system of the VPN (par. 0039; a frame relay network, an asynchronous transfer mode (ATM) network, a virtual private network (VPN).).
Regarding claim 4; Spiers discloses the relay apparatus according to Claim 2, wherein the code includes information used in authenticating a user of the VPN (par. 0086; code segment process of making and storing measurement values may establish a chain of trust back to the trusted code segment to confirm integrity and authenticity of a desired number of code segments.).
Regarding claim 5; Spiers discloses the relay apparatus according to Claim 3, wherein the code includes information used in authenticating a user of the VPN (par. 0088; the authentication code U may be used to confirm that the cloud orchestrator was the device that sent the create Measured VM request, and not some other device.).
Regarding claim 6; Spiers discloses the relay apparatus according to Claim 1, wherein: the processor is configured to receive the reservation information designating a setting of the communication network, and in response to a request for the connection from the terminal in the period, apply the setting designated by the received reservation information to the communication network, and relay communication between the terminal and the server apparatus (par. 0105; the secure tunnel may protect against a Man in the Middle (MiM) attack on any future communications between the Secure/Trusted boot server and Measured VM; a MiM attack is an attack in which an intruder eavesdrops on and/or tampers with communications between two parties; rather than communicating with each other directly, each of the two parties unknowingly communicates with the intruder, which controls the connections and relays messages between the communicating parties.).
Regarding claim 7; Spiers discloses the relay apparatus according to Claim 2, wherein: the processor is configured to receive the reservation information designating a setting of the communication network, and in response to a request for the connection from the terminal in the period, apply the setting designated by the received reservation information to the communication network, and relay communication between the terminal and the server apparatus (par. 0134; using a PXE boot mechanism as a communication channel between a virtualization platform and a tenant for attestation of the virtualization platform; inclusion of a secure tunnel measurement as part of measurements of the virtualization platform may solve the problem of associating particular physical infrastructure to a specific TPM to protect against Man-in-the-Middle and Relay attacks.).
Regarding claim 8; Spiers discloses the relay apparatus according to Claim 3, wherein: the processor is configured to receive the reservation information designating a setting of the communication network, and in response to a request for the connection from the terminal in the period, apply the setting designated by the received reservation information to the communication network, and relay communication between the terminal and the server apparatus (par. 0128; Secure/Trusted boot server may ensure that there is only one secure tunnel per VIP address I, authentication code U, reservation R, and secure tunnel measurement (e.g., measurement of TLS session key); a signed measurement of the secure tunnel is part of the TPM quote received from the Measured VM, which means the Measured VM runs on a TPM that produced that signature, as there may not be a way to inject the value of the secret key for the TLS session into an authentic TPM running and authentic platform.).
Regarding claim 9; Spiers discloses the relay apparatus according to Claim 4, wherein: the processor is configured to receive the reservation information designating a setting of the communication network, and in response to a request for the connection from the terminal in the period, apply the setting designated by the received reservation information to the communication network, and relay communication between the terminal and the server apparatus (par. 0154; if a given phase (e.g., create phase, boot phase, unlock phase, connect phase) does not finish within a predetermined threshold, the cloud orchestrator may determine that an anomalous event has occurred and abort the process (e.g., sending instructions to abort the process, deleting/designating the reservation as void, denying the request for components, and/or other cautionary actions); the start of the phase may be triggered by the recording of the first token in association with a reservation, and the end of the phase may be triggered by the receipt of the first token from cloud DMZ.).
Regarding claim 10; Spiers discloses the relay apparatus according to Claim 5, wherein: the processor is configured to receive the reservation information designating a setting of the communication network, and in response to a request for the connection from the terminal in the period, apply the setting designated by the received reservation information to the communication network, and relay communication between the terminal and the server apparatus (par. 0175; the first token may server as a nonce for associating a request to create a VM with a request that the VM later sends to the tenant’s secure boot server to download the desired components to boot the newly created VM; since the cloud orchestrator system provided the unique data elements that were sent to the cloud provider in a request to create a VM, the system expects to receive communication from the location (e.g., IP address) indicated in the specific network settings it provided, and which are associated with the reservation.).
Regarding claim 11; Spiers discloses the relay apparatus according to Claim 1, wherein the processor is configured to start connecting the server apparatus and the relay apparatus over the VPN from a time earlier by a predetermined time than a start time of the period designated by the received reservation information (par. 0149; the tenant and the cloud provider may use a private encrypted connection (e.g., private circuit, site-to-site VPN) with strict filtering and authentication rules to cross connect the tenant data center and the cloud provider data center.).
Regarding claim 12; Spiers discloses the relay apparatus according to Claim 2, wherein the processor is configured to start connecting the server apparatus and the relay apparatus over the VPN from a time earlier by a predetermined time than a start time of the period designated by the received reservation information (par. 0175; the organization network (e.g., cloud orchestrator system) may allocate a reservation to the request and record a first token associated with the newly created VM instance; the reservation may contain unique data elements (e.g., a unique token, specific networking settings such as mac address, IP address, other identifiers.).
Regarding claim 13; Spiers discloses the relay apparatus according to Claim 3, wherein the processor is configured to start connecting the server apparatus and the relay apparatus over the VPN from a time earlier by a predetermined time than a start time of the period designated by the received reservation information (par. 0154; dynamic rules may be used to set and enforce thresholds (e.g., time duration thresholds) for communication between the VPC and the organization network and secure cloud zone.).
Regarding claim 14; Spiers discloses the relay apparatus according to Claim 4, wherein the processor is configured to start connecting the server apparatus and the relay apparatus over the VPN from a time earlier by a predetermined time than a start time of the period designated by the received reservation information (par. 0154; if the time duration of the create phase exceeds the threshold, an entry may be recorded in a log file (e.g., recording the identity of the source, destination, time, date, and other information) and the process aborted to prevent possibly malicious activity.).
Regarding claim 15; Spiers discloses the relay apparatus according to Claim 5, wherein the processor is configured to start connecting the server apparatus and the relay apparatus over the VPN from a time earlier by a predetermined time than a start time of the period designated by the received reservation information (par. 0140; a Measured VM may only be attested to a single time during a PXE boot sequence (e.g., before tenant’s workload is delivered to the Measured VM); because there might not be a follow up attestation once the Measured VM is running, the virtualization platform and physical infrastructure hosting the Measured VM might not be permitted to change any binaries, configuration, loadable modules, firmware, certificates.).
Regarding claim 16; Spiers discloses the relay apparatus according to Claim 6, wherein the processor is configured to start connecting the server apparatus and the relay apparatus over the VPN from a time earlier by a predetermined time than a start time of the period designated by the received reservation information (par. 0132; to ensure that a malicious boot server or technical difficulties do not prevent permanent block on creation of VMs with secure boot, a configurable timer may be used; if the time expires before the Measured VM, virtualization platform and infrastructure have been authenticated, cloud orchestrator determines that the virtualization platform is not authentication and abort the boot request.).
Regarding claim 17; Spiers discloses the relay apparatus according to Claim 1, wherein the processor is configured to, in a case where the received reservation information is encrypted, decrypt the reservation information (par. 0095; the Measured VM may contain a fully encrypted operating system (OS) or other software which cannot be executed until it is decrypted by the tenant by providing an appropriate key or decrypting software once the integrity and authenticity of the Measured VM has been confirmed.).
Regarding claims 18-19; Claims 18-19 are directed to relay system which have similar scope as claims 1-17. Therefore, claims 18-19 remain un-patentable for the same reasons. 
Regarding claim 20; Claim 20 is directed to a non-transitory computer readable medium which has similar scope as claim 1. Therefore, claim 20 remains un-patentable for the same reasons.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KHOI V LE whose telephone number is (571)270-5087.  The examiner can normally be reached on 9:00 AM - 5:00 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on 571-272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/KHOI V LE/
Primary Examiner, Art Unit 2436