Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Detailed Action
2. Claims 1-20 are pending.
Response to Argument
3. Applicant's amendment/arguments filed on 02/17/2026 have been fully considered but are moot in view of new ground(s) of rejection.
4. Regarding Double Patenting rejection, Applicant requested to hold the rejection in abeyance until the pending application is in condition for allowance. Therefore, Examiner maintained the rejection
Claim Rejections - 35 USC § 103
5. In the event the determination of the status of the application as subject to AlA 35 U.S.C. 102 and 103 (or as subject to pre-AlA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
6. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
7. Claims 21-24, 28-31 and 35-38 are rejected under 35 U.S.C. 103 as being unpatentable over Mital et al. (US 20190179725 A1) hereinafter Mital in view of Arregoces et al. (US 20170104755 A1 ) hereinafter Arregoces and further in view of Palavalli et al. (US 20170371636 A1) hereinafter Palavalli.
Regarding claims 21, 28 and 35, Mital disclose system, comprising: a non-public-network-accessible server set configured to execute a first instance of an application (see Fig. 1)
wherein the non-public-network-accessible server set comprises a traffic monitor configured to generate traffic telemetry indicating demand on the non-public-network-accessible server set (para. [0016]-[0019] at operation 204, the cloud telemetry analytics engine 104, via the cloud application manager 102, collects performance metrics of the application 116 as the application 116 is executing on the private cloud computing network 106. For example, the private cloud computing network 106 may transmit performance metrics to the cloud application manager 102 regarding the performance of application 116. That is, while the application 116 is executing, various performance metrics related to the execution of the application 116 on the private cloud computing network 106 may be generated. [0022] At operation 208, the simulated workload or model 118 generated at operation 206 is executed on the first and second public cloud computing networks 108 and 110. Specifically, the first and second public cloud computing networks 108 and 110 may make available various application programming interfaces (APIs) via which the simulated workload or model 118 can be provided to the first and second public cloud computing networks 108 and 110. The APIs may also accept indications of various network traffic levels. The various network traffic levels may be input into the simulated workload or model 118. By varying the network traffic levels input into the simulated workload or model 118, varying demand for the application 116 and the resulting performance metrics may be generated ); and
a public-network-accessible server set communicatively coupled to the non-public- network-accessible server set and configured to receive the traffic telemetry from the non-public- network-accessible server set (para. [0011] private cloud computing network 106, first public cloud computing network 108, and second public cloud computing network 110 may communicate with the network 112 via communication links 114. [0015] At operation 202, the cloud application manager 102 determines, based on input received from a client (i.e. the private cloud computing network 106 may be owned and/or operated by the client, the user that desires to have an application hosted in a public cloud network), which application 116 is to be hosted on a public cloud computing network. The application 116 may be any application suitable to be hosted on a public cloud computing network, such as a web, media streaming, or e-commerce application, among others. After the application 116 has been selected, the application 116 may be built and deployed on the private cloud computing network 106. The application 116 may then be executed on the private cloud computing network 106).
Mital may not explicitly disclose wherein the public-network-accessible server set is configured to execute a second instance of the application to service requests received from computing devices over one or more communication channels and the public-network-accessible server set comprising: a traffic manager configured to route each request of the requests to the first instance of the application executing on the non-public-network-accessible server set or to the second instance of the application executing on the public-network-accessible server set based at least in part on the traffic telemetry received from the non-public- network-accessible server set, wherein the second instance of the application is instantiated and executed at the public-network-accessible server set based at least in part on demand indicated by the traffic telemetry.
However, Arregoces discloses wherein the public-network-accessible server set is configured to execute a second instance of the application to service requests received from computing devices over one or more communication channels (para.[0038] hybrid cloud technologies, can utilize a secure transport layer (e.g., Layer 4 or “L4”) tunnel as the communication link 170 between a first cloud gateway 125 in a private cloud 105 and a second cloud gateway 135 in a public cloud 110, where the secure transport layer tunnel is configured to provide a link layer 170 (e.g., Layer 2 or “L2”) network extension between the private cloud and the public cloud [0036] the virtual supervisor module 130 in the private cloud 105 can be used to create VMs in the public cloud 110 or private cloud 105, such as VM1 150, VM2 152, and VM3 154. Each VM can host a private application, even VM3 154 in the public cloud 110 can host a private application such that VM3 154 in the public cloud 110 executes as if it were within the private cloud 105. [0049] if data requested from private cloud 402 has a security group tag authorizing exit from private cloud 402, based on an allowed subnet, said data may be transmitted to data at provider public gateway 416 in order to ensure that the data is part of an authorized security group for access into provider public cloud 41. [0041] hybrid cloud environment as illustrated in FIG. 1 being used to migrate a VM from private cloud 105 to public cloud 110. It can be desirable to migrate an application on the private cloud 105 to the public cloud 110 FIG. 2 illustrates VM1 150 on private cloud 105 being migrated to public cloud 110);
the public-network-accessible server set comprising: a traffic manager configured to route each request of the requests to the first instance of the application executing on the non-public-network-accessible server set or to the second instance of the application executing on the public-network-accessible server set based at least in part on the traffic telemetry received from the non-public- network-accessible server set, wherein the second instance of the application is instantiated and executed at the public-network-accessible server set based at least in part on demand indicated by the traffic telemetry (para.[0038] hybrid cloud technologies, can utilize a secure transport layer (e.g., Layer 4 or “L4”) tunnel as the communication link 170 between a first cloud gateway 125 in a private cloud 105 and a second cloud gateway 135 in a public cloud 110, where the secure transport layer tunnel is configured to provide a link layer 170 (e.g., Layer 2 or “L2”) network extension between the private cloud and the public cloud. By establishing a secure transport layer (L4) tunnel 170 (e.g., transport layer security (TLS), datagram TLS (DTLS), secure socket layer (SSL), etc.) [0049] if data requested from private cloud 402 has a security group tag authorizing exit from private cloud 402, based on an allowed subnet, said data may be 333 transmitted to data at provider public gateway 416 in order to ensure that the data is part of an authorized security group for access into provider public cloud 412 [0052] if data requested from public cloud 412 has a security group tag authorizing exit from public cloud 412, based on an allowed extended VLAN, said data may be transmitted/routed to private cloud 402 via secure tunnel 418).
Therefore it would have been obvious to one of ordinary skill in the art before the effective filling date of the invention to modify the teaching of Mital and include wherein the public-network-accessible server set is configured to execute a second instance of the application to service requests received from computing devices over one or more communication channels and the public-network-accessible server set comprising: a traffic manager configured to route each request of the requests to the first instance of the application executing on the non-public-network-accessible server set or to the second instance of the application executing on the public-network-accessible server set based at least in part on the traffic telemetry received from the non-public- network-accessible server set, wherein the second instance of the application is instantiated and executed at the public-network-accessible server set based at least in part on demand indicated by the traffic telemetry using the teaching of Arregoces. The motivation for doing so would have been in ordered to allow for greater flexibility of movement of data inside a particular cloud environment while preserving security.
Mital and Arregoces may not explicitly disclose wherein the first instance of the application and the second instance of the application are both configured for the application received from computing devices over one or more communication channels.
However, Palavalli discloses wherein the first instance of the application and the second instance of the application are both configured for the application received from computing devices over one or more communication channels ( para. [0059] the enterprise 1302 may consider using a hybrid cloud model in which the application runs in the private cloud 1304 and is also run in one or more of the public cloud services 1308-1311. For example, as shown in FIG. 13, a hybrid cloud 1314 is formed from the private cloud 1304 and the public clouds services provided by a public cloud service provider 1308 to execute the same application).
Therefore it would have been obvious to one of ordinary skill in the art before the effective filling date of the invention to modify the teaching of Mital/ Arregoces and include wherein the first instance of the application and the second instance of the application are both configured for the application received from computing devices over one or more communication channels using the teaching of Palavalli. The motivation for doing so would have been in ordered to provide efficient load balancing and fault tolerance in the cloud environment.
Regarding claims 22, 29 and 36 claim 21 is incorporated. Mital further discloses wherein the public-network-accessible server set is communicatively coupled to the non-public-network-accessible server set via the one or more communication channels
(para. [0011] and Fig, 1, private cloud computing network 106, first public cloud computing network 108, and second public cloud computing network 110 may communicate with the network 112 via communication links 114. The communication links 114 may be wired communication links, wireless communication links, or a combination of wired and wireless communication links).
Regarding claim 23, 30 and 37, claim 22 is incorporated. Mital further discloses wherein the one or more communication channels comprises one or more public communication channels (para. [0011] and Fig, 1, private cloud computing network 106, first public cloud computing network 108, and second public cloud computing network 110 may communicate with the network 112 via communication links 114. The communication links 114 may be wired communication links, wireless communication links, or a combination of wired and wireless communication links).
Regarding claims 23, 31 and 38, claim 23 is incorporated. Mital may not explicitly disclose wherein the one or more communication channels further comprises one or more secure communication channels. However, Arregoces discloses wherein the one or more communication channels further comprises one or more secure communication channels (para.[0038] hybrid cloud technologies, can utilize a secure transport layer (e.g., Layer 4 or “L4”) tunnel as the communication link 170 between a first cloud gateway 125 in a private cloud 105 and a second cloud gateway 135 in a public cloud 110, where the secure transport layer tunnel is configured to provide a link layer 170 (e.g., Layer 2 or “L2”) network extension between the private cloud and the public cloud. By establishing a secure transport layer (L4) tunnel 170 (e.g., transport layer security (TLS), datagram TLS (DTLS), secure socket layer (SSL), etc.) [0049] if data requested from private cloud 402 has a security group tag authorizing exit from private cloud 402, based on an allowed subnet, said data may be 333transmitted to data at provider public gateway 416 in order to ensure that the data is part of an authorized security group for access into provider public cloud 412).
Therefore it would have been obvious to one of ordinary skill in the art before the effective filling date of the invention to modify the teaching of Mital and include wherein the one or more communication channels further comprises one or more secure communication channels using the teaching of Arregoces. The motivation for doing so would have been in ordered to allow for greater flexibility of movement of data inside a particular cloud environment while preserving security.
8. Claims 25, 32 and 39 are rejected under 35 U.S.C. 103 as being unpatentable over Mital in view of Arregoces in view Palavalli and further in view of Ghosh et al. (US 20160055023 A1) hereinafter referred as Ghosh.
Regarding claims 25,32 and 39, claim 21 is incorporated. Mital/Arregoces/ Palavalli may not explicitly disclose wherein the public-network-accessible server set, and all instances of the application instantiated at the public-network-accessible server set, are configured to not save data received from the non-public-network-accessible server set to persistent storage of the public- network-accessible server set. However, Ghosh discloses wherein the public-network-accessible server set, and all instances of the application instantiated at the public-network-accessible server set, are configured to not save data received from the non-public-network-accessible server set to persistent storage of the public- network-accessible server set ([see para. 0027] the organization may be unwilling to move private databases to public cloud for reasons related to security, confidentiality).
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Mital/Arregoces/Palavalli and include wherein the public-network-accessible server set, and all instances of the application instantiated at the public-network-accessible server set, are configured to not save data received from the non-public-network-accessible server set to persistent storage of the public- network-accessible server set using the teaching of Ghosh. One would have been motivated to do so in order to prevent data tampering and other security threats.
9. Claims 26-27, 33 -34 and 40 are rejected under 35 U.S.C. 103 as being unpatentable over Mital in view of Arregoces in view of Palavalli and further in view of Wei (US 11032369 B1) hereinafter referred as Wei.
Regarding claims 26 and 33, claim 21 is incorporated. Mital/Arregoces/ Palavalli may not explicitly disclose wherein the first and second instances of the application belong to a same virtual network address space. However, Wei discloses wherein the first and second instances of the application belong to a same virtual network address space (col. 3 37-56 and col 6 lines 13-24, operating as virtual appliances for example, the first gateway is deployed on a subnet from which a software component is to be migrated. The second gateway is launched on a virtual public cloud (VPC) subnet to establish a bi-directional secure communication channel between the first and second gateways. Thereafter, an instance of the software component is migrated from the subnet of the first network (hereinafter, “on-premises subnet”); namely, the instance of the software component (also referred to as “migrated software component”) is installed on a public cloud platform while preserving the previously assigned IP address and this software component may be removed from local storage accessible via the on-premises network. Hence, the migrated software component would feature the same IP address as the IP address of the software component prior to migration, and thus, any on-premises host will be able to communicate with the migrated software component as if the software component still resided locally).
Therefore it would have been obvious to one of ordinary skill in the art before the effective filling date of the invention to modify the teaching of Mital /Arregoces/ Palavalli and include a secure communication channel interface to communicatively couple the public-network accessible server set to the non-public- network-accessible server set and provide secure transfer of data therebetween using the teaching of Wei. The motivation for doing so would have been in ordered to update security policies of the public cloud platform to maintain secure connection.
Regarding claims 27, 34 and 40, claim 26 is incorporated. Mital/Arregoces/ Palavalli may not explicitly disclose wherein a storage of the non-public-network-accessible server set belongs to the same virtual network address space and is communicatively coupled to the first and second instances of the application (col. 3 37-56 and col 6 lines 13-24, supporting migration of the first software component 140 from the on-premises network 120 to the public cloud network 160, the logic 110 includes a first gateway 170 and a second gateway 175. As shown, the first gateway 170 is deployed as part of the on-premises (first) network 120 while the second gateway 175 is deployed as part of the public cloud (second) network 160. The first gateway 170 and the second gateway 175 are configured to establish a secure communication path 180 (e.g., tunnel over DX or IPSec) between these gateways 170 and 175. Hence, the public cloud network 160 is configured sharing a subnet IP address range (e.g., Classless Inter-Domain Routing “CIDR” block) with the on-premises network 120.operating as virtual appliances for example, the first gateway is deployed on a subnet from which a software component is to be migrated. The second gateway is launched on a virtual public cloud (VPC) subnet to establish a bi-directional secure communication channel between the first and second gateways. Thereafter, an instance of the software component is migrated from the subnet of the first network (hereinafter, “on-premises subnet”); namely, the instance of the software component (also referred to as “migrated software component”) is installed on a public cloud platform while preserving the previously assigned IP address and this software component may be removed from local storage accessible via the on-premises network. Hence, the migrated software component would feature the same IP address as the IP address of the software component prior to migration, and thus, any on-premises host will be able to communicate with the migrated software component as if the software component still resided locally).
Therefore it would have been obvious to one of ordinary skill in the art before the effective filling date of the invention to modify the teaching of Mital/Arregoces/ Palavalli and include a secure communication channel interface to communicatively couple the public-network accessible server set to the non-public- network-accessible server set and provide secure transfer of data therebetween using the teaching of Wei. The motivation for doing so would have been in ordered to update security policies of the public cloud platform to maintain secure connection.
Conclusion
10. Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
11. Any inquiry concerning this communication or earlier communications from the examiner should be directed to Kidest Mendaye whose telephone number is (571)272-2603. The examiner can normally be reached on Monday through Friday 7:00 am-5:00pm EST. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ario Etienne can be reached on (571) 272-4001. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
06/11/2026
/KIDEST MENDAYE/
Examiner, Art Unit 2457
/ARIO ETIENNE/Supervisory Patent Examiner, Art Unit 2457