TECHNIQUES FOR VALIDATION AND OPTIMIZATION OF CLOUD COMPUTING ENVIRONMENTS

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Continued Examination Under 37 CFR 1.114 A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 01/30/2026 has been entered. Response to Amendment This action is responsive to an amendment filed on 01/30/2026. Claim 10 has been amended. Claim 20 has been added. Claims 1-20 are pending for examination. Response to Arguments Applicant’s arguments, see Applicant Arguments/Remarks, filed on 01/30/2026, with respect to the rejection of the pending claims under 35 U.S.C. §102 have been fully considered. However, the current rejection relies on Kwapniewski for the disputed limitation. Accordingly, applicant’s arguments are moot because they do not address the reference applied in the present rejection. See the newly crafted rejection, infra. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-3, 10-13 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over NPL: “Scenario Design and Validation for Next Generation Cyber Ranges” (Enrico et al.) in view of US 2024/0048449 (Kwapniewski et al.). Regarding Claim 1, Enrico teaches a method for validating a virtual range for simulating a cyberattack ([Abstract] teaches “Cyber Ranges are (virtual) infrastructures for the execution of cyber exercises of the highest quality that simulate cyber scenarios of real-world complexity.”. “propose a framework for automating the (i) design, (ii) model validation, (iii) generation and (iv) testing of cyber scenarios.”), comprising: receiving a plurality of instructions for deploying the virtual range in a cloud computing environment ([Page 1, Col. 1-2] Enrico teaches receiving scenario specifications (instructions) that drive deployment: “The input are some initial requirements… These elements drive the theater design… scenario design… objectives design.” Deployment occurs in a cloud/IaaS environment: “The validated blueprint reaches the scenario deployment phase… fed to an Infrastructure-as-a-Service provider.”), the plurality of instructions including an instruction to deploy a resource in the virtual range ([Page 1, Col. 1-2] elements drive the theater design whose objective is the definition of the blueprint of the infrastructure [i.e., resource]. the validated blueprint reaches the scenario deployment phase. This step generates a set of directives which are fed to an Infrastructure-as-a-Service (IaaS) provider. The result is a running infrastructure implementing the blueprint), and an instruction to initiate a simulated cyberattack respective of the resource ([Abstract] “Cyber Ranges are (virtual) infrastructures for the execution of cyber exercises of the highest quality that simulate cyber scenarios of real-world complexity.”. [Page 2, Col. 2] attacker behavior and exploit rules: “The attacker operates remotely… goal is to retrieve the flag.” “Vulnerabilities… enable a set of exploit rules… if a player can access a shell… he can also log in as U.” These are instructions defining simulated attack behavior.); While, Enrico teaches all phases are followed by a validation step for detecting and eliminating any inconsistency. …the deployed scenario usually undergoes a testing phase. When the test validation is passed, the scenario is ready for the execution [Page 1, Col. 2], however, Enrico does not explicitly teach, but Kwapniewski teaches applying a validation test to a first instruction of the plurality of instruction ([¶¶ 0094-0097] define a sequence by which network function (NF) should be made available…define a set of validation tests to be executed between each step in the sequence. Such tests include the capability to define a set of “if . . . else-if . . . then . . . ” statements describing the actions if the validation test is successful or not. For example, if a test is successful, the logic would generally indicate movement to the next step in sequence …communicates a suitable activation command to the NF. …communicate with NF to execute one or more validation tests); determining an execution order for the plurality of instructions, wherein the first instruction precedes a second instruction ([¶¶ 0093-0096] an operational device begins the process of the activation sequence…obtains information about dependencies in the network functions of the network…define a set of related NFs {NF_A, NF_B, NF_C, . . . }. …define dependencies between the NFs. In an example, NF_A is dependent on NF_B; NF_B is dependent on NF_C. …further define a sequence by which NFs should be made available…define a set of validation tests to be executed between each step in the sequence) ; and executing the second instruction in response to determining that the first instruction successfully completed execution and successfully completed the validation test ([¶¶ 0099-0104] …communicates a suitable activation command to the network function NF_C. …confirm the activation status of the network function NF_C. …following confirmation that the network function NF_C has been activated, …issues an activate command to network function NF_B). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate Kwapniewski’s sequential-activation and validation-gating techniques to the cyber-range deployment and validation framework of Enrico, because such incorporation would have been a straightforward and predictable improvement because applying dependency-based sequencing and validation gating to cyber-range deployment would reduce misconfiguration risk and ensure that later steps execute only when earlier steps are confirmed operational—precisely the reliability objective Enrico seeks to achieve. The combination merely applies a known orchestration technique (sequential activation with validation gating) to an analogous environment (deployment of virtualized cyber-range components), yielding no unexpected results. Regarding Claim 2, Enrico teaches the method of claim 1, wherein the validation test is any one of: a logical validation, a technical validation, and a combination thereof ([last para. 1st. col. Page 4] B. Testing: executing a test consists of (i) identifying the source of each step in a Datalog trace, (ii) extracting the values of the runtime property, (iii) completing the script with the runtime values and (iv) invoking the test interface on the generated scripts. Also see, section IV. VALIDATION VIA DATALOG ENCODING). Regarding Claim 3, Enrico teaches the method of claim 1, wherein the first instruction is the instruction to deploy the resource and the second instruction is the instruction to initiate a simulated cyberattack ([Page 1, Col. 1-2] teaches a framework for automating the (i) design, (ii) model validation, (iii) generation and (iv) testing of cyber scenarios. …elements drive the theater design whose objective is the definition of the blueprint of the infrastructure. the validated blueprint reaches the scenario deployment phase. This step generates a set of directives which are fed to an Infrastructure-as-a-Service (IaaS) provider. …the objectives design introduces the goals and rules of the cyber exercise. All these phases are followed by a validation step for detecting and eliminating any inconsistency. …Vulnerability…enable a set of exploit rules…the attacker operates remotely …the goal of the attacker is to retrieve the flag). Regarding Claim 10, the claim limitations are identical and/or equivalent in scope to claim 1, is therefore rejected for similar reasoning. Since, Enrico further discloses using file-server and a web-server in Fig. 2, therefore, Enrico inherently discloses the claimed “A non-transitory computer readable medium having stored thereon instructions for causing a processing circuitry to execute a process” as claimed in claim 10. Regarding Claim 11, the claim limitations are identical and/or equivalent in scope to claim 1, therefore, is rejected for similar reasoning. Since, Enrico further discloses using file-server and a web-server in Fig. 2, therefore, Enrico inherently discloses the claimed “A system…comprising: a processing circuitry; and a memory, the memory containing instructions that, when executed by the processing circuitry” as claimed in claim 11. Regarding Claims 12 and 13, the claim limitations are identical and/or equivalent in scope to claims 2 and 3, therefore, are rejected for similar reasoning. Regarding Claim 20, Enrico does not explicitly teach, however, Kwapniewski teaches the method of claim 1, further comprising: applying a second validation test to the second instruction prior to executing a third instruction and after execution of the first instruction; and executing the third instruction only after executing the second instruction and determining that the second instruction successfully completed execution (([¶¶ 0099-0105] …communicates a suitable activation command [i.e., first instruction] to the network function NF_C. …confirm the activation status of the network function NF_C. …following confirmation that the network function NF_C has been activated, …issues an activate command [i.e., second instruction] to network function NF_B…Similar to the process for network function NF_C, after execution of activation command confirms that the network function NF_B has been activated. Similar steps may be repeated for the network function NF_A and any other interdependent network processes…following confirmation that the network function NF_B has been activated, issues an activate command [i.e., third instruction] to network function NF_A.). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate Kwapniewski’s sequential-activation and validation-gating techniques to the cyber-range deployment and validation framework of Enrico, because such incorporation would have been a known orchestration technique (sequential activation with validation gating) to an analogous environment (deployment of virtualized cyber-range components), yielding no unexpected results. Claims 4-9 and 14-19 are rejected under 35 U.S.C. 103 as being unpatentable over Enrico in view Kwapniewski, and further in view of EP 3299960 (Ju et al.). Regarding Claim 4, Enrico in view Kwapniewski do not explicitly teach, however, Ju teaches the method of claim 1, further comprising: terminating the virtual range, in response to determining that a cyberattack simulation is complete ([Para. 6, page 7] virtual machine deployment policy that includes: a minimum number of deployed virtual machines, a maximum number of deployed virtual machines, end time of the reserved deployment for virtual machines. …the end time of the reserved deployment for virtual machines, and the range of the number of reserved virtual machines is determined according to the minimum number of deployed virtual machines and the maximum number of deployed virtual machines. [Para. 4-7, page 8], when the end time of the reserved deployment for virtual machines is reached, a second notification module notify the virtual machine management module for the virtual core network that the reserved deployment for virtual machines loses efficacy. …when the end time of the reserved deployment for virtual machines is reached, the virtual machine management module for the virtual core network clears restrictions to the number of deployed virtual machines. [Para. 3, page 9] When the end time of reserved deployment for virtual machines is reached, a message is sent through the VNFM to notify the virtual machine management module for the virtual core network. After the virtual machine management module for the virtual core network receives the message, restrictions to the number of deployed virtual machines are cleared). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combined teachings of Enrico and Kwapniewski by incorporating Ju's teachings of clears restrictions to the number of deployed virtual machines based on an end time, because such incorporation would have resulted in an improved performance through load distribution, easier scaling by adding or reducing resources. Regarding Claim 5, Enrico in view Kwapniewski do not explicitly teach, however, Ju teaches the method of claim 4, further comprising: generating a plurality of release instructions, the release instructions when executed configure the cloud computing environment to release resources of the cloud computing environment allocated to the virtual range ([Para. 4-7, page 8], when the end time of the reserved deployment for virtual machines is reached, a second notification module notify the virtual machine management module for the virtual core network that the reserved deployment for virtual machines loses efficacy. …when the end time of the reserved deployment for virtual machines is reached, the virtual machine management module for the virtual core network clears restrictions to the number of deployed virtual machines. [Para. 3, page 9] When the end time of reserved deployment for virtual machines is reached, a message is sent through the VNFM to notify the virtual machine management module for the virtual core network. After the virtual machine management module for the virtual core network receives the message, restrictions to the number of deployed virtual machines are cleared). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combined teachings of Enrico and Kwapniewski by incorporating Ju's teachings of clears restrictions to the number of deployed virtual machines based on an end time, because such incorporation would have resulted in an improved performance through load distribution, easier scaling by adding or reducing resources. Regarding Claim 6, Enrico in view Kwapniewski do not explicitly teach, however, Ju teaches The method of claim 5, wherein the plurality of release instructions are generated based on the received plurality of instructions ([Para. 3, page 9] When the end time of reserved deployment for virtual machines is reached, a message is sent through the VNFM to notify the virtual machine management module for the virtual core network that the reserved deployment for virtual machines loses efficacy. After the virtual machine management module for the virtual core network receives the message, restrictions to the number of deployed virtual machines are cleared). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combined teachings of Enrico and Kwapniewski by incorporating Ju's teachings of clears restrictions to the number of deployed virtual machines based on an end time, because such incorporation would have resulted in an improved performance through load distribution, easier scaling by adding or reducing resources. Regarding Claim 7, Enrico in view Kwapniewski do not explicitly teach, however, Ju teaches the method of claim 1, further comprising: determining an amount of a compute resource utilized by the virtual range ([Last para, page 7] The first determination unit is configured to determine the current number of virtual machines. The second determination unit when determining that the current number of virtual machines is smaller than the minimum number of deployed virtual machines, determine the current elastically scaled-out number of virtual machines according to a difference value between the current number of virtual machines and the minimum number of deployed virtual machines; and/or when determining that the current number of virtual machines is greater than the maximum number of deployed virtual machines, determine the current elastically scaled-in number of virtual machines according to a difference value between the current number of virtual machines and the maximum number of deployed virtual machines). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combined teachings of Enrico and Kwapniewski by incorporating Ju's teachings of determining a minimum and a maximum number of virtual machines required based on a deployment policy, because such incorporation would have allowed the system to ensured properly deploy virtual range according to the requirements. Regarding Claim 8, Enrico in view Kwapniewski do not explicitly teach, however, Ju teaches the method of claim 7, further comprising: generating an alternate virtual range configuration based on the received plurality of instructions, wherein the alternate virtual range configuration utilizes less than the determined amount of computed resource utilized by the virtual range ([Last para, page 7] The first determination unit is configured to determine the current number of virtual machines. The second determination unit when determining that the current number of virtual machines is smaller than the minimum number of deployed virtual machines, determine the current elastically scaled-out number of virtual machines according to a difference value between the current number of virtual machines and the minimum number of deployed virtual machines; and/or when determining that the current number of virtual machines is greater than the maximum number of deployed virtual machines, determine the current elastically scaled-in number of virtual machines according to a difference value between the current number of virtual machines and the maximum number of deployed virtual machines). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combined teachings of Enrico and Kwapniewski by incorporating Ju's teachings of scale-out or scale-in virtual machine based on a deployment policy, because such incorporation would have allowed the system to ensured properly deploy virtual range according to the requirements. Regarding Claim 9, Enrico in view Kwapniewski do not explicitly teach, however, Ju teaches the method of claim 8, further comprising: detecting an instruction for deploying an application in the plurality of instructions, the application deployed on a first virtual instance ([Last para, Page 8 ], a deployment policy for a virtual core network is configured in a Network Functions Virtualization Orchestrator (NFVO) reservation module. …the deployment policy for the virtual core network includes a number of reserved virtual machines, start time of reserved deployment and end time of reserved deployment… when the start time of reserved deployment for virtual machines is reached, a message is sent through a Virtualized Network Function Manager (VNFM) to notify a virtual machine management module for a virtual core network that a reserved deployment mechanism of virtual machines takes effect); determining that the application can be executed on a second virtual instance requiring less compute resources than the first virtual instance; and generating the alternate virtual range configuration to deploy the second virtual instance in place of the first virtual instance [Last para, page 11], an automatically elastically scaled-out or scaled-in number of virtual machines must be within the range of the number of reserved virtual machines. If it is calculated according to an automatic deployment function of virtual machines that the needed number of virtual machines is smaller than the minimum number of deployed virtual machines by reservation, an elastic scaling-in process of virtual machines cannot be triggered. Similarly, if it is calculated according to the automatic deployment function of virtual machines that the needed number of virtual machines is greater than the maximum number of deployed virtual machines by reservation, an elastic scaling-out process of virtual machines cannot be triggered, either). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combined teachings of Enrico and Kwapniewski by incorporating Ju's teachings of scale-out or scale-in virtual machine based on a deployment policy, because such incorporation would have allowed the system to ensured properly deploy virtual range according to the requirements. Regarding Claims 14-19, the claim limitations are identical and/or equivalent in scope to claims 4-9, therefore, are rejected for similar reasoning. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMAD YOUSUF A MIAN whose telephone number is (571)272-9206. The examiner can normally be reached Monday-Friday 9am-5:30pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, ARIO ETIENNE can be reached at 571-272-4001. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /MOHAMMAD YOUSUF A. MIAN/Examiner, Art Unit 2457 /ARIO ETIENNE/Supervisory Patent Examiner, Art Unit 2457