Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Detailed Action
Claims filed on 12/31/2025 for patent application 18/149,623 has been acknowledged. Claims 1-6 and 9-22 are currently pending and have been considered below. Claims 1, 13, and 20 are independent claims. Claims 1, 13, and 20 have been amended. No new claims have been added.
Response to Arguments
Applicant’s arguments with respect to independent claims 1, 13, and 20, on page 7-8 of the remarks, filed on 12/31/2025, have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Applicant's arguments with respect to the dependent claims 11 and 18, on page 8 of the remarks, filed on 12/31/2025, have been fully considered but they are not persuasive. The reasons set forth below.
On page 8 of the remarks applicant argues: “the cited references fail to disclose, teach or suggest "wherein the plurality of authentication levels comprises a second authentication level, wherein the first authentication level provides a first control type for the first virtual resource and wherein the second authentication level provides a second control type for the first virtual resource" as recited in claims 11 and 18.”
Examiner respectful disagrees.
As noted on pages 3-5 of the non-final rejection, filed on 10/01/2025, Duffell in view of Zu teaches the concept of a “plurality of authentication levels.” A person of ordinary skills in the art understand that a “second authentication level” is implicitly taught by a “plurality of authentication levels.” Accordingly, Duffell teaches: The system of claim 1, wherein the plurality of authentication levels comprises a second authentication level (Duffell, ¶[0026], “ … the plurality of levels of authentication which matches or is associated with the requested at least one service from the plurality of services.” ¶[0007], “… to provide an authentication level based access control for the plurality of authentication levels associated with the plurality of services.”)
Furthermore, Duffell in view of Zu teaches: virtual resources (Zu, ¶[0048], “receiving an instruction to create a virtual machine and/or a container …”)
Additionally, Hubble is relied upon to teach the following limitations of claim 11 and 18 on pages 19-21:
wherein the first authentication level provides a first control type for the first resource (Hubble, col 1, line 52-67, common authentication methods include typing a password on a screen, moving an object to a certain location on a screen, connecting dots in a certain pattern, and matching fingerprints; the present invention permits the user to easily authenticate himself or herself with a gesture; the mobile device may be required to be at a particular geographic location in order for authentication to be successful. A variety of access levels may be created by the owner of the mobile device for added security.) and
wherein the second authentication level provides a second control type for the first resource (Hubble, col 8, line 1-13, the user performing the same gesture in different locations may allow different types of access to the mobile device (e.g., access to different e-mail accounts, access to different levels of security within application, etc.). Higher levels of security may be configured to permit access if the location and gesture matches, however, other methods as known in the art (such as login and password, key input, matching a pattern, image recognition, and voice recognition) may be used in addition to establish increased security.).
Thus, the 35 USC 103 rejection is maintained and updated below.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-4, 6, 9- 10, 13-15, 17 and 20-22 are rejected under 35 U.S.C. 103 as being unpatentable over Duffell et al. (US Patent Application Publication No US 2015/0256541 A1, hereinafter, Duffell) in view of Zu et al. (US Patent Application Publication No US 2021/0117220 A1, hereinafter, Zu) and further in view of Wilczynski et al. (US Patent No US 10,609,041 B1, hereinafter, Wilczynski).
Regarding Claim 1, Duffell discloses:
A system comprising: a microprocessor; and a computer readable medium, coupled with the microprocessor and comprising microprocessor readable and executable instructions that, when executed by the microprocessor, cause the microprocessor to (Duffell, ¶[0091], the computer program product may include a computer readable storage medium (or media) having computer readable program instructions thereon for causing a processor to carry out aspects of the present invention.):
receive a request to grant control of a first resource wherein the request to grant control of the first resource uses a first authentication level of a plurality of authentication levels associated with the first resource (Duffell, ¶[0026], the service provider module 411 may be configured to receive requests for services and/or resources from the end user and furthermore provide or enable the access to these services and/or resources by an end user following the authentication provider determining a distributed multilevel authentication process for the level of authentication from the plurality of levels of authentication which matches or is associated with the requested at least one service from the plurality of services. ¶[0007], a service request is determined for at least one of the services from a user apparatus; a distributed authentication provider is negotiated with to provide an authentication level based access control for the plurality of authentication levels associated with the plurality of services.);
validate the request to grant control of the first resource (Duffell, ¶[0026], relaying party/service provider apparatus 3 is further shown with respect to operational modules suitable for implementing distributed authentication according to some embodiments.); and
in response to validating the request to grant control of the first resource (Duffell, ¶[0025], based on a correct authentication of a user at a determined authentication level associated with the requested at least one service from the plurality of services),
grant control of the first resource according to the first authentication level of the plurality of authentication levels (Duffell, ¶[0024], the authentication module 403 may be configured to communicate with the service provider apparatus 3 and/or the authentication provider apparatus 5 to enable the service module 401 to access the required or requested service or resource. ¶[0025], the service provider apparatus 3 may in some embodiments be configured to store and/or access services and/or resources and apply a multi-level authentication control system to the accessing of the services.),
Duffell does not explicitly teach the following limitation that Zu teaches:
Virtual (resource); wherein granting control of the first virtual resource comprises an ability to construct a type of the first virtual resource (Zu, ¶[0048], receiving an instruction to create a virtual machine and/or a container, wherein the instruction includes parameters of the virtual machine and/or the container; selecting a first computing node from physical nodes according to the parameters; transmitting the parameters and information of the first computing node to a virtual machine management module and/or a container management module depending on a type of creation, such that the virtual machine management module allocates resources for the virtual machine through a virtual machine management agent module on the first computing node and/or such that the container management module to allocate resources for the container through a container management agent module on the first computing node), and
wherein the ability to construct the type of the first virtual resource comprises an amount of memory, an amount of disk space, a number of processor cores of the first virtual resource (Zu, ¶[0023] In the above unified resource scheduling coordinator, the allocated resources comprises computing resources, network resources and storage resources. ¶[0025] Optionally, the system further includes: a container management module configured to allocate CPU and memory resources to the container. ¶[0128] After the cloud unified interface issues an instruction to create a virtual machine, the unified resource scheduling coordinator receives the instruction and acquires requirements of the virtual machine, that is, 3 CPUs, 40G memory, 40G hard disk with the type of local storage, and connection network net),
Duffell in view of Zu is analogous art because the references are from the “same field of endeavor” and are from the same “problem solving area.” Namely, they pertain to the field of “management and deployment of computing resources.” It would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Duffell with Zu to implement:
“Virtual (resource); wherein granting control of the first virtual resource comprises an ability to construct a type of the first virtual resource, and wherein the ability to construct the type of the first virtual resource comprises an amount of memory, an amount of disk space and a number of processor cores of the virtual resource”
because the disclosure discloses a method for creating a virtual machine and/or a container through a unified resource scheduling coordinator (Zu, Abstract).
Duffell in view of Zu does not explicitly teach the following limitation that Wilczynski teaches:
and administrative attributes of the first virtual resource (Wilczynski, col 5, line 52 – col 6, line 18, FIG. 3 schematically illustrates an example of modifying access control policy of an artifact upon its association with a container … a new artifact 310A created within container 300 automatically inherits access control policy 320 of container 300 … includes one or more access control rules, such that each access control rule includes an identifier of a user group 342 and a corresponding set of access permissions 345, thus indicating that a member of user group 342 is authorized to perform, with respect to one or more resources associated with access control policy 320, the actions identified by access permissions 345.).
Duffell in view of Zu and further in view of Wilczynski is analogous art because the references are from the “same field of endeavor” and are from the same “problem solving area.” Namely, they pertain to the field of “management and deployment of computing resources.” It would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Duffell in view of Zu with Wilczynski to implement:
“and administrative attributes of the first virtual resource”
Because This disclosure is related to resource access control, and in particular to enforcing granular access control policies (Wilczynski, Background, col 1, lines 1-17).
Regarding Claim 2, Duffell in view of Zu and further in view of Wilczynski discloses:
The system of claim 1, wherein granting control of the first virtual resource comprises granting access to the first virtual resource (Duffell, ¶[0024], the authentication module 403 may be configured to communicate with the service provider apparatus 3 and/or the authentication provider apparatus 5 to enable the service module 401 to access the required or requested service or resource.).
Regarding Claim 3, Duffell in view of Zu and further in view of Wilczynski discloses:
The system of claim 1, wherein granting control of the first virtual resource comprises granting access to one of a plurality of applications in the first virtual resource (Duffell, ¶[0024], the authentication module 403 may be configured to communicate with the service provider apparatus 3 and/or the authentication provider apparatus 5 to enable the service module 401 to access the required or requested service or resource.).
Regarding Claim 4, Duffell in view of Zu and further in view of Wilczynski discloses:
The system of claim 1, wherein granting control of the first virtual resource (Duffell, ¶[0024], the authentication module 403 may be configured to communicate with the service provider apparatus 3 and/or the authentication provider apparatus 5 to enable the service module 401 to access the required or requested service or resource.)
comprises an ability to execute the first virtual resource (Zu, ¶[0129], physical resource conditions obtained by statistical resource determination is executed on an appropriate physical node through scheduling containers/virtual machines …).
Regarding Claim 6, Duffell in view of Zu and further in view of Wilczynski discloses:
The system of claim 1, wherein granting control of the first virtual resource comprises an ability to construct the first virtual resource (Duffell, ¶[0024], the authentication module 403 may be configured to communicate with the service provider apparatus 3 and/or the authentication provider apparatus 5 to enable the service module 401 to access the required or requested service or resource. Zu, ¶[0054], the container management module, after receiving the creation request, …, and finally completes creation of the container …).
Regarding Claim 9, Duffell in view of Zu and further in view of Wilczynski discloses:
The system of claim 1, wherein the first virtual resource comprises a plurality of virtual resources and wherein granting control of the first virtual resource comprises granting control of the plurality of virtual resources (Duffell, ¶[0007], a distributed authentication provider is negotiated with to provide an authentication level based access control for the plurality of authentication levels associated with the plurality of services. The user apparatus is provided access to the at least one of the services within the service request based on a successful authentication at the distributed authentication provider for the authentication level associated with the at least one of the services within the service request.).
Regarding Claim 10, Duffell in view of Zu and further in view of Wilczynski discloses:
The system of claim 1, wherein the plurality of authentication levels associated with the first virtual resource are associated with a plurality of virtual resources and wherein a second authentication level of the plurality of authentication levels provides control of a second virtual resource (Duffell, ¶[0056], Table 1, Table 2, although in Table 1, S1-S4 are shown as single services, it is equally feasible that S1-S4 may be classes of services with multiple services per class. Thus for example each of the (classes of) services S1-S4 may be assigned an authentication method from the tiered authentication structure NoA-A4. For instance, each service S1-S4 is assigned an authentication level. Furthermore as discussed herein each authentication level may furthermore be mapped onto one or more authentication methods.).
Regarding Claim 13, Duffell discloses:
A method comprising: receiving, by a microprocessor (Duffell, ¶[0007], a method; ¶[0025], the relaying party/service provider 3 may further comprise a microprocessor),
a request to grant control of a first resource wherein the request to grant control of the first resource uses a first authentication level of a plurality of authentication levels associated with the first resource (Duffell, ¶[0026], the service provider module 411 may be configured to receive requests for services and/or resources from the end user and furthermore provide or enable the access to these services and/or resources by an end user following the authentication provider determining a distributed multilevel authentication process for the level of authentication from the plurality of levels of authentication which matches or is associated with the requested at least one service from the plurality of services. ¶[0007], a service request is determined for at least one of the services from a user apparatus; a distributed authentication provider is negotiated with to provide an authentication level based access control for the plurality of authentication levels associated with the plurality of services.);
validating, by the microprocessor, the request to grant control of the first resource (Duffell, ¶[0026], relaying party/service provider apparatus 3 is further shown with respect to operational modules suitable for implementing distributed authentication according to some embodiments.); and
in response to validating the request to grant control of the first resource (Duffell, ¶[0025], based on a correct authentication of a user at a determined authentication level associated with the requested at least one service from the plurality of services),
granting, by the microprocessor, control of the first resource according to the first authentication level of the plurality of authentication levels (Duffell, ¶[0024], the authentication module 403 may be configured to communicate with the service provider apparatus 3 and/or the authentication provider apparatus 5 to enable the service module 401 to access the required or requested service or resource. ¶[0025], the service provider apparatus 3 may in some embodiments be configured to store and/or access services and/or resources and apply a multi-level authentication control system to the accessing of the services.),
Duffell does not explicitly teach the following limitation that Zu teaches:
Virtual (resource); wherein granting control of the first virtual resource comprises an ability to construct a type of the first virtual resource (Zu, ¶[0048], receiving an instruction to create a virtual machine and/or a container, wherein the instruction includes parameters of the virtual machine and/or the container; selecting a first computing node from physical nodes according to the parameters; transmitting the parameters and information of the first computing node to a virtual machine management module and/or a container management module depending on a type of creation, such that the virtual machine management module allocates resources for the virtual machine through a virtual machine management agent module on the first computing node and/or such that the container management module to allocate resources for the container through a container management agent module on the first computing node), and
wherein the ability to construct the type of the first virtual resource comprises an amount of memory, an amount of disk space, a number of processor cores of the virtual resource (Zu, ¶[0023] In the above unified resource scheduling coordinator, the allocated resources comprises computing resources, network resources and storage resources. ¶[0025] Optionally, the system further includes: a container management module configured to allocate CPU and memory resources to the container. ¶[0128] After the cloud unified interface issues an instruction to create a virtual machine, the unified resource scheduling coordinator receives the instruction and acquires requirements of the virtual machine, that is, 3 CPUs, 40G memory, 40G hard disk with the type of local storage, and connection network net),
Duffell in view of Zu are analogous art because they are from the “same field of endeavor” and are from the same “problem solving area.” Namely, they pertain to the field of “management and deployment of computing resources.” It would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Duffell with Zu to implement:
“Virtual (resource); wherein granting control of the first virtual resource comprises an ability to construct a type of the first virtual resource, and wherein the ability to construct the type of the first virtual resource comprises an amount of memory, an amount of disk space and a number of processor cores of the virtual resource”
because the disclosure discloses a method for creating a virtual machine and/or a container through a unified resource scheduling coordinator (Zu, Abstract).
Duffell in view of Zu does not explicitly teach the following limitation that Wilczynski teaches:
and administrative attributes of the first virtual resource (Wilczynski, col 5, line 52 – col 6, line 18, FIG. 3 schematically illustrates an example of modifying access control policy of an artifact upon its association with a container … a new artifact 310A created within container 300 automatically inherits access control policy 320 of container 300 … includes one or more access control rules, such that each access control rule includes an identifier of a user group 342 and a corresponding set of access permissions 345, thus indicating that a member of user group 342 is authorized to perform, with respect to one or more resources associated with access control policy 320, the actions identified by access permissions 345.).
Duffell in view of Zu and further in view of Wilczynski is analogous art because the references are from the “same field of endeavor” and are from the same “problem solving area.” Namely, they pertain to the field of “management and deployment of computing resources.” It would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Duffell in view of Zu with Wilczynski to implement:
“and administrative attributes of the first virtual resource”
Because This disclosure is related to resource access control, and in particular to enforcing granular access control policies (Wilczynski, Background, col 1, lines 1-17).
Regarding Claim 14, Duffell in view of Zu and further in view of Wilczynski discloses:
The method of claim 13, wherein granting control of the first virtual resource comprises granting access to one of a plurality of applications in the first virtual resource (Duffell, ¶[0024], the authentication module 403 may be configured to communicate with the service provider apparatus 3 and/or the authentication provider apparatus 5 to enable the service module 401 to access the required or requested service or resource.).
Regarding Claim 15, Duffell in view of Zu and further in view of Wilczynski discloses:
The method of claim 13, wherein granting control of the first virtual resource (Duffell, ¶[0024], the authentication module 403 may be configured to communicate with the service provider apparatus 3 and/or the authentication provider apparatus 5 to enable the service module 401 to access the required or requested service or resource.)
comprises an ability to execute the first virtual resource (Zu, ¶[0129], physical resource conditions obtained by statistical resource determination is executed on an appropriate physical node through scheduling containers/virtual machines …).
Regarding Claim 17, Duffell in view of Zu and further in view of Wilczynski discloses:
The method of claim 13, wherein the first virtual resource comprises a plurality of virtual resources and wherein granting control of the first virtual resource comprises granting control of the plurality of virtual resources (Duffell, ¶[0007], a distributed authentication provider is negotiated with to provide an authentication level based access control for the plurality of authentication levels associated with the plurality of services. The user apparatus is provided access to the at least one of the services within the service request based on a successful authentication at the distributed authentication provider for the authentication level associated with the at least one of the services within the service request.).
Regarding Claim 20, Duffell discloses:
A non-transient computer readable medium having stored thereon instructions that cause a processor to execute a method, the method comprising instructions to (Duffell, ¶[0091], the computer program product may include a computer readable storage medium (or media) having computer readable program instructions thereon for causing a processor to carry out aspects of the present invention. Duffell, ¶[0092], a computer readable storage medium, as used herein, is not to be construed as being transitory signals per se.):
receive a request to grant control of a first resource wherein the request to grant control of the first resource uses a first authentication level of a plurality of authentication levels associated with the first resource (Duffell, ¶[0026], the service provider module 411 may be configured to receive requests for services and/or resources from the end user and furthermore provide or enable the access to these services and/or resources by an end user following the authentication provider determining a distributed multilevel authentication process for the level of authentication from the plurality of levels of authentication which matches or is associated with the requested at least one service from the plurality of services. ¶[0007], a service request is determined for at least one of the services from a user apparatus; a distributed authentication provider is negotiated with to provide an authentication level based access control for the plurality of authentication levels associated with the plurality of services.);
validate the request to grant control of the first resource (Duffell, ¶[0026], relaying party/service provider apparatus 3 is further shown with respect to operational modules suitable for implementing distributed authentication according to some embodiments.); and
in response to validating the request to grant control of the first resource (Duffell, ¶[0025], based on a correct authentication of a user at a determined authentication level associated with the requested at least one service from the plurality of services),
grant control of the first resource according to the first authentication level of the plurality of authentication levels (Duffell, ¶[0024], the authentication module 403 may be configured to communicate with the service provider apparatus 3 and/or the authentication provider apparatus 5 to enable the service module 401 to access the required or requested service or resource. ¶[0025], the service provider apparatus 3 may in some embodiments be configured to store and/or access services and/or resources and apply a multi-level authentication control system to the accessing of the services.),
Duffell does not explicitly teach the following limitation that Zu teaches:
Virtual (resource); wherein granting control of the first virtual resource comprises an ability to construct a type of the first virtual resource (Zu, ¶[0048], receiving an instruction to create a virtual machine and/or a container, wherein the instruction includes parameters of the virtual machine and/or the container; selecting a first computing node from physical nodes according to the parameters; transmitting the parameters and information of the first computing node to a virtual machine management module and/or a container management module depending on a type of creation, such that the virtual machine management module allocates resources for the virtual machine through a virtual machine management agent module on the first computing node and/or such that the container management module to allocate resources for the container through a container management agent module on the first computing node), and
wherein the ability to construct the type of the first virtual resource comprises an amount of memory, an amount of disk space, a number of processor cores of the virtual resource (Zu, ¶[0023] In the above unified resource scheduling coordinator, the allocated resources comprises computing resources, network resources and storage resources. ¶[0025] Optionally, the system further includes: a container management module configured to allocate CPU and memory resources to the container. ¶[0128] After the cloud unified interface issues an instruction to create a virtual machine, the unified resource scheduling coordinator receives the instruction and acquires requirements of the virtual machine, that is, 3 CPUs, 40G memory, 40G hard disk with the type of local storage, and connection network net),
Duffell in view of Zu are analogous art because they are from the “same field of endeavor” and are from the same “problem solving area.” Namely, they pertain to the field of “management and deployment of computing resources.” It would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Duffell with Zu to implement:
“Virtual (resource); wherein granting control of the first virtual resource comprises an ability to construct a type of the first virtual resource, and wherein the ability to construct the type of the first virtual resource comprises an amount of memory, an amount of disk space and a number of processor cores of the virtual resource”
because the disclosure discloses a method for creating a virtual machine and/or a container through a unified resource scheduling coordinator (Zu, Abstract).
Duffell in view of Zu does not explicitly teach the following limitation that Wilczynski teaches:
and administrative attributes of the first virtual resource (Wilczynski, col 5, line 52 – col 6, line 18, FIG. 3 schematically illustrates an example of modifying access control policy of an artifact upon its association with a container … a new artifact 310A created within container 300 automatically inherits access control policy 320 of container 300 … includes one or more access control rules, such that each access control rule includes an identifier of a user group 342 and a corresponding set of access permissions 345, thus indicating that a member of user group 342 is authorized to perform, with respect to one or more resources associated with access control policy 320, the actions identified by access permissions 345.).
Duffell in view of Zu and further in view of Wilczynski is analogous art because the references are from the “same field of endeavor” and are from the same “problem solving area.” Namely, they pertain to the field of “management and deployment of computing resources.” It would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Duffell in view of Zu with Wilczynski to implement:
“and administrative attributes of the first virtual resource”
Because This disclosure is related to resource access control, and in particular to enforcing granular access control policies (Wilczynski, Background, col 1, lines 1-17).
Regarding Claim 21, Duffell in view of Zu and further in view of Wilczynski discloses:
The system of claim 1, wherein the type of the first virtual resource is a container-type first virtual resource (Zu, ¶[0048], a method for creating a virtual machine and/or container through a unified resource scheduling coordinator is provided. As shown in FIG. 1, the method includes: receiving an instruction to create a virtual machine and/or a container, wherein the instruction includes parameters of the virtual machine and/or the container; selecting a first computing node from physical nodes according to the parameters; transmitting the parameters and information of the first computing node to a virtual machine management module and/or a container management module depending on a type of creation, such that the virtual machine management module allocates resources for the virtual machine through a virtual machine management agent module on the first computing node and/or such that the container management module to allocate resources for the container through a container management agent module on the first computing node).
Regarding Claim 22, Duffell in view of Zu and further in view of Wilczynski discloses:
The method of 13, wherein the type of the first virtual resource is a container-type first virtual resource (Zu, ¶[0048], a method for creating a virtual machine and/or container through a unified resource scheduling coordinator is provided. As shown in FIG. 1, the method includes: receiving an instruction to create a virtual machine and/or a container, wherein the instruction includes parameters of the virtual machine and/or the container; selecting a first computing node from physical nodes according to the parameters; transmitting the parameters and information of the first computing node to a virtual machine management module and/or a container management module depending on a type of creation, such that the virtual machine management module allocates resources for the virtual machine through a virtual machine management agent module on the first computing node and/or such that the container management module to allocate resources for the container through a container management agent module on the first computing node).
Claims 5 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Duffell et al. (US Patent Application Publication No 2015/0256541 A1, hereinafter, Duffell) in view of Zu et al. (US Patent Application Publication No US 2021/0117220 A1, hereinafter, Zu) and further in view of Wilczynski et al. (US Patent No US 10,609,041 B1, hereinafter, Wilczynski), and Shankara Murthy et al. (US Patent Application Publication No US 2020/0249975 A1, hereinafter, Shankara Murthy).
Regarding Claim 5, Duffell in view of Zu and further in view of Wilczynski teaches: the system of claim 1, wherein granting control of the first virtual resource comprises
Duffell in view of Zu and further in view of Wilczynski does not explicitly teach the following limitation that Shankara Murthy teaches:
an ability to spawn a second virtual resource from the first virtual resource (Shankara Murthy, ¶[0012], in examples where a cloud controller is able to deploy or manage virtual resources such as virtual machines (VMs), the cloud controller can be used to spawn VMs. In some examples, the cloud controller is able to create a new hypervisor in a cloud. The cloud controller can issue a request to boot a VM to a hypervisor, which in turn creates the VM.).
Duffell in view of Zu and further in view of Wilczynski and Shankara Murthy is analogous art because the references are from the “same field of endeavor” and are from the same “problem solving area.” Namely, they pertain to the field of “management and deployment of computing resources.” It would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Duffell in view of Zu and further in view of Wilczynski with Shankara Murthy to
“allow an ability to spawn a second virtual resource from the first virtual resource”
because it would be desirable to manage a cloud and the cloud's resources and to enables tenants to access services of the cloud (Shankara Murthy, ¶[0010]).
Regarding Claim 16, Duffell in view of Zu and further in view of Wilczynski and Shankara Murthy teaches: the method of claim 13, wherein granting control of the first virtual resource comprises an ability to spawn a second virtual resource from the first virtual resource (Shankara Murthy, ¶[0012], in examples where a cloud controller is able to deploy or manage virtual resources such as virtual machines (VMs), the cloud controller can be used to spawn VMs. In some examples, the cloud controller is able to create a new hypervisor in a cloud. The cloud controller can issue a request to boot a VM to a hypervisor, which in turn creates the VM.).
Claims 11 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Duffell et al. (US Patent Application Publication No 2015/0256541 A1, hereinafter, Duffell) in view of Zu et al. (US Patent Application Publication No US 2021/0117220 A1, hereinafter, Zu) and further in view of Wilczynski et al. (US Patent No US 10,609,041 B1, hereinafter, Wilczynski), and Hubble (US Patent No US 9,119,068 B1).
Regarding Claim 11, Duffell in view of Zu and further in view of Wilczynski teaches: The system of claim 1, wherein the plurality of authentication levels comprises a second authentication level, virtual (resource), virtual (resource);
Duffell in view of Zu and further in view of Wilczynski does not explicitly teach the following limitation that Hubble teaches:
wherein the first authentication level provides a first control type for the first resource (Hubble, col 1, line 52-67, common authentication methods include typing a password on a screen, moving an object to a certain location on a screen, connecting dots in a certain pattern, and matching fingerprints; the present invention permits the user to easily authenticate himself or herself with a gesture; the mobile device may be required to be at a particular geographic location in order for authentication to be successful. A variety of access levels may be created by the owner of the mobile device for added security.) and
wherein the second authentication level provides a second control type for the first resource (Hubble, col 8, line 1-13, the user performing the same gesture in different locations may allow different types of access to the mobile device (e.g., access to different e-mail accounts, access to different levels of security within application, etc.). Higher levels of security may be configured to permit access if the location and gesture matches, however, other methods as known in the art (such as login and password, key input, matching a pattern, image recognition, and voice recognition) may be used in addition to establish increased security.).
Duffell in view of Zu and further in view of Wilczynski and Hubble is analogous art because the references are from the “same field of endeavor” and are from the same “problem solving area.” Namely, they pertain to the field of “management and deployment of computing resources.” It would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Duffell in view of Zu and further in view of Wilczynski with Hubble, wherein the first authentication level provides a first control type for the first resource and wherein the second authentication level provides a second control type for the first resource, because other levels of security may be created by the user and authentication setup may be repeated using additional gestures or various locations in order to authenticate the user to a different application on the mobile device, or to authenticate the user at a different level within a particular application (Hubble, col 7, line 60-67).
Regarding Claim 18, Duffell in view of Zu and further in view of Wilczynski and Hubble teaches: The method of claim 13, wherein the plurality of authentication levels comprises a second authentication level, wherein the first authentication level provides a first control type for the first virtual resource (Hubble, col 1, line 52-67, common authentication methods include typing a password on a screen, moving an object to a certain location on a screen, connecting dots in a certain pattern, and matching fingerprints; the present invention permits the user to easily authenticate himself or herself with a gesture; the mobile device may be required to be at a particular geographic location in order for authentication to be successful. A variety of access levels may be created by the owner of the mobile device for added security.) and
wherein the second authentication level provides a second control type for the first virtual resource (Hubble, col 8, line 1-13, the user performing the same gesture in different locations may allow different types of access to the mobile device (e.g., access to different e-mail accounts, access to different levels of security within application, etc.). Higher levels of security may be configured to permit access if the location and gesture matches, however, other methods as known in the art (such as login and password, key input, matching a pattern, image recognition, and voice recognition) may be used in addition to establish increased security.).
Claims 12 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Duffell et al. (US Patent Application Publication No 2015/0256541 A1, hereinafter, Duffell) in view of Zu et al. (US Patent Application Publication No US 2021/0117220 A1, hereinafter, Zu) and further in view of Wilczynski et al. (US Patent No US 10,609,041 B1, hereinafter, Wilczynski), and Tome et al. (US Patent Application Publication No US 2007/0204166 A1, hereinafter, Tome).
Regarding Claim 12, Duffell in view of Zu and further in view of Wilczynski teaches: The system of claim 1, wherein control of the first virtual resource is based on
Duffell in view of Zu and further in view of Wilczynski does not explicitly teach the following limitation that Tome teaches:
attributes stored within an image of the first virtual resource (Tome, ¶[0082], the virtual machine is preassociated with a specific secured network with certificates or other authorization and authentication materials that are stored within the virtual machine image.).
Duffell in view of Zu and further in view of Wilczynski and Tome is analogous art because the references are from the “same field of endeavor” and are from the same “problem solving area.” Namely, they pertain to the field of “management and deployment of computing resources.” It would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Duffell in view of Zu and further in view of Wilczynski with Tome wherein control of the first virtual resource is based on attributes stored within an image of the first virtual resource because this technique provides improved protection for integrity and privacy of virtual machine configurations (Tome, ¶[0041]).
Regarding Claim 19, Duffell in view of Zu and further in view of Wilczynski and Tome teaches: The method of claim 13, wherein control of the first virtual resource is based on attributes stored within an image of the first virtual resource (Tome, ¶[0082], the virtual machine is preassociated with a specific secured network with certificates or other authorization and authentication materials that are stored within the virtual machine image.).
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to EDGAR W XIE whose telephone number is (703)756-4777. The examiner can normally be reached Monday - Friday, 8:00am - 5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JEFFREY PWU can be reached at (571)272-6798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/EDGAR W XIE/ Examiner, Art Unit 2433
/WASIKA NIPA/ Primary Examiner, Art Unit 2433