DETAILED ACTION
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
This Office Action is in response to the communication filed on 02/24/2026.
Claims 1, 5, 6, 10, 11, 15, 16, and 20 have been amended.
Claims 1-20 are pending for consideration.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
Applicant's arguments filed 02/24/2026 have been fully considered but they are not persuasive. Applicant argues that Gan nor De Santis teaches or suggests “in response to detecting the start of the virtual machine, disabling the connection from the computing device to the virtual private network” because Gan’s purpose for detecting VM startup is to perform an integrity check of the virtual machine, not to disable a VPN connection of the host computing device. Furthermore, De Santis teaches detaching a VM connection to a network and not a host computing device, and De Santis’s detachment occurs in response to a compliance scan.
Examiner disagrees. While De Santis does not explicitly teach “in response to detecting the start of a virtual machine”, utilizing/replacing DeSantis’s compliance checking event with Gan’s detection of the startup of a virtual machine as a trigger to scan for a change in compliance status would be obvious to one of ordinary skill in the art as startup or initialization of a virtual machine represents a non-validated entity with access to the environment. Furthermore, De Santis performs detachment from a network instead of a host device. However, the purpose of the detachment is to prevent an unauthorized entity from gaining access to external resources. Detaching from the network provides the same isolation to prevent escalation of an attack.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1, 6, 11, 16, 5, 10, 15, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Gan et al. (U.S. 10,776,482)(hereinafter Gan) in view of De Santis et al. (U.S 10,108,444)(hereinafter De Santis).
Regarding claims 1, 6, 11, and 16, Gan teaches a method implemented by a network traffic management system comprising one or more network traffic management apparatuses, server devices, or client devices (Gan: see Col 15 lines 50-54, "In view of the implementation alternatives described above, the present technology may be implemented within a cloud computing platform, at a user computing device, at a server device level, or by a combination of such platforms and devices as appropriate for a given implementation"), the method comprising:
establishing a connection from a computing device to a virtual private network (Gan: see FIG. 3 items 102 and 106; Col 15 lines 32-34, "A computing device_1 102 through a computing device_N 104 communicate via a network 106 with several other devices"; Col 15 lines 58-63, "The network 106 may include any form of interconnection suitable for the intended purpose, including a private or public network such as an intranet or the Internet, respectively, direct inter-module interconnection, dial-up, wireless, or any other interconnection mechanism capable of interconnecting the respective devices");
detecting a start of a virtual machine on the computing device (Gan: see Col 21 lines 19-28, "At decision point 802, the process 800 makes a determination as to whether a virtual machine (VM) startup has been detected by an associated health check agent/processor. It should be noted that a virtual machine startup may be detected early, such as while the virtual machine is in its early boot operations to allow the process 800 to detect a compromised virtual machine early in the boot sequence to prevent any such corrupted virtual machine from corrupting the deployed system within which the virtual machine is booting").
However, Gan does not teach in response to the detecting the start of the virtual machine, disabling the connection from the computing device to the virtual private network.
Nevertheless, De Santis-which is in the same field of endeavor- teaches in response to the detecting the start the virtual machine, disabling the connection from the computing device to the virtual private network (De Santis: see Col 2 lines 16-20, "The method may comprise, detecting non-compliance of a VM with the compliance rule using a compliance agent. The compliance agent may be deployed on the VM. Additionally, the existing VM may be detached or disconnected from a network").
Gan and De Santis are analogous art because they are from the same field of endeavor. Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to combine Gan’s method for detecting a process of a virtual machine with De Santis’s disconnection from a network to disable a network connection. The suggestion/motivation for doing so would be to reduce the attack surface of the network by preventing potential malware from the virtual machine from entering the established network connection.
Regarding claims 5, 10, 15, and 20, Gan and De Santis teach detecting a termination of the virtual machine (Gan: see Col 21 lines 19-28, "At decision point 802, the process 800 makes a determination as to whether a virtual machine (VM) startup has been detected by an associated health check agent/processor. It should be noted that a virtual machine startup may be detected early, such as while the virtual machine is in its early boot operations to allow the process 800 to detect a compromised virtual machine early in the boot sequence to prevent any such corrupted virtual machine from corrupting the deployed system within which the virtual machine is booting");
in response to the detecting the termination of the virtual machine, re-enabling the connection from the computing device to the virtual private network (De Santis: see Col 5 lines 3-13, "According to just another embodiment, the method may also comprise attaching back the virtual machine to the network. After such an operation, the VM may again be fully functional within the context of a data center. No further bottleneck may be expected. Such a re-attaching back to the computer network may be performed after the compliance scan that may have been performed after the remediation action. This way, it may be ensured that only compliant system may be attached to the network again"). Motivation to combine Gan and De Santis in the instant claim, is the same as that in claims 1, 6, 11, and 16.
Claims 2, 7, 12, 17, 3, 8, 13, 18, 4, 9, 14, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Gan and De Santis as applied to claims 1, 6, 11, 16, 5, 10, 15, and 20 above, and further in view of Sawhney et al. (U.S. 8,938,782)(hereinafter Sawhney).
Regarding claims 2, 7, 12, and 17, Gan and De Santis teach determining, based on the signal from the compliance process, that the virtual machine complies with a security policy (De Santis: see Col 12 Claim 1 lines 24-29, "a compliance scan to ensure that the virtual machine complies with the compliance rule; and responsive to ensuring that the virtual machine complies with the compliance rule, attaching the virtual machine back to the network");
re-enabling the connection from the computing device to the virtual private network based on the determining that the virtual machine complies with the security policy (De Santis: see Col 5 lines 3-13, "According to just another embodiment, the method may also comprise attaching back the virtual machine to the network. After such an operation, the VM may again be fully functional within the context of a data center. No further bottleneck may be expected. Such a re-attaching back to the computer network may be performed after the compliance scan that may have been performed after the remediation action. This way, it may be ensured that only compliant system may be attached to the network again").
However, Gan and De Santis do not teach prompting a user of the computing device to execute a compliance process on the virtual machine and detecting a signal from the compliance process executing on the virtual machine.
Nevertheless, Sawhney-which is in the same field of endeavor-teaches prompting a user of the computing device to execute a compliance process on the virtual machine (Sawhney: see Col 5 lines 3-6, " In some embodiments, the remediation may be fully transparent to a user of virtual machine. In other embodiments, access-control module 114 may provide remediation information to a user for manual remediation");
detecting a signal from the compliance process executing on the virtual machine (Sawhney: see Col 2 lines 56-58, "According to various embodiments, the indication of compliance may be sent from the security agent to the access control module via an inter-virtual-machine communication").
Gan, De Santis, and Sawhney are analogous art because they are from the same field of endeavor, securing virtual computer environments. Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to utilize the Gan and De Santis’ method for detection and network control with Sawhney’s compliance indication method. The suggestion/motivation for doing so would be to prevent a user from bypassing the compliance steps and verifying the remediation action instead of blindly trusting that the user completed the remediation steps.
Regarding claims 3, 8, 13, and 18, Gan, De Santis, and Sawhney teach prompting the user of the computing device to execute the compliance process comprises prompting the user to install security policy enforcement software on the virtual machine (Sawhney: see Col 5 lines 3-6, " In some embodiments, the remediation may be fully transparent to a user of virtual machine. In other embodiments, access-control module 114 may provide remediation information to a user for manual remediation"; Col 5 lines 60-65, "Databases 130 may also include a remediation database 134. Remediation database 134 may include one or more patches, antivirus software definitions, anti-spyware applications, and/or any other software that may need to be provided to a virtual machine to bring the virtual machine into compliance with one or more network access control policies");
the re-enabling the connection from the computing device to the virtual private network is further based on a determining that the security policy enforcement software is installed on the virtual machine (De Santis: see Col 5 lines 3-13, "According to just another embodiment, the method may also comprise attaching back the virtual machine to the network. After such an operation, the VM may again be fully functional within the context of a data center. No further bottleneck may be expected. Such a re-attaching back to the computer network may be performed after the compliance scan that may have been performed after the remediation action. This way, it may be ensured that only compliant system may be attached to the network again"). Motivation to combine Gan, De Santis, and Sawhney in the instant claim, is the same as that in claims 2, 7, 12, and 17.
Regarding claims 4, 9, 14, and 19, Gan, De Santis, and Sawhney teach establishing a secure virtual channel with the compliance process (De Santis: see Col 7 lines 54-61, "VM 216—as well as the other VMs (not shown)—may also be connected via connection 232 to a network 230, e.g., a datacenter or enterprise network, or a wide area network. The connection may be established via the computer hardware, as a skilled person would know. On each VM 214, 216, 218, a separate compliance agent 224, 226, 228 may be deployed beside other software programs (not shown). The network 230 may be a dedicated communication network"); receiving the signal from the compliance process via the secure virtual channel (De Santis: see Col 8 lines 25-3, "Initially, a compliance scan may be performed, 402. A test may be run, whether or not the related VM may be compliant, 404. In case of “yes”, it may be checked whether the VM is connected to the network, 412. In case of “no”, the VM may be connected to the network, 414. If the test 412 results in a “yes”, the system may wait for the next compliance scan, 416"). Motivation to combine Gan, De Santis, and Sawhney in the instant claim, is the same as that in claims 2, 7, 12, and 17.
Conclusion
THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KELAH JANAE MCFARLAND-BARNES whose telephone number is (571)272-5953. The examiner can normally be reached Monday through Friday 8:00am until 4:00pm Central Time.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn D Feild can be reached at 571-272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/KELAH JANAE MCFARLAND-BARNES/Examiner, Art Unit 2431
/SARAH SU/Primary Examiner, Art Unit 2431