TECHNIQUES FOR TRANSFERRING DATA ACROSS AIR GAPS

§101 §102 §103 §112 §DP

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Election/Restrictions NO restrictions warranted at applicant’s time of filing for CONtinuation. Priority Applicant’s instant application is CONtinuation that claims domestic priority under 35 USC 120 to non – provisional application # 17/152610, filed on 01/19/2021, now US PAT # 12149509; which further claims domestic priority under 35 USC 119e to provisional application # 62/963481, filed on 01/20/2020. Information Disclosure Statement The information disclosure statement (IDS) submitted on 11/15/2024, the submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner. Drawings Applicant’s drawings filed on 10/15/2024 have been inspected and is in compliance with MPEP 608.02. Specification Applicant’s specification filed on 10/15/2024 has been considered, and is in compliance with MPEP 608.01. Claim Objections NO claim objections warranted at applicant’s time of filing for CONtinuation. Claim Interpretation – 35 USC 112th f It is in the examiner’s opinion the claim[s] 1 – 20 do not invoke means for or step plus functional claim language under the meaning of the statute. Claim Rejections - 35 USC § 112 NO rejections warranted at applicant’s time of filing for CONtinuation. Claim Rejections - 35 USC § 101 NO rejections warranted at applicant’s time of filing for CONtinuation. Double Patenting The non-statutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A non-statutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969). A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on non-statutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). The filing of a terminal disclaimer by itself is not a complete reply to a non-statutory double patenting (NSDP) rejection. A complete reply requires that the terminal disclaimer be accompanied by a reply requesting reconsideration of the prior Office action. Even where the NSDP rejection is provisional the reply must be complete. See MPEP § 804, subsection I.B.1. For a reply to a non-final Office action, see 37 CFR 1.111(a). For a reply to final Office action, see 37 CFR 1.113(c). A request for reconsideration while not provided for in 37 CFR 1.113(c) may be filed after final for consideration. See MPEP §§ 706.07(e) and 714.13. The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The actual filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based e-Terminal Disclaimer may be filled out completely online using web-screens. An e-Terminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about e-Terminal Disclaimers, refer to www.uspto.gov/patents/apply/applying-online/eterminal-disclaimer. Claim[s] 1 – 5, 8 – 12, 15 – 16, 18 are rejected on the ground of non-statutory double patenting as being unpatentable over claim[s] 1 – 5, 8 – 12, 15, 17, 18 of U.S. Patent No. 12149509. Although the claims at issue are not identical, they are not patentably distinct from each other because the subject matter of the pending application and the patent are the same or similar in subject matter and are not distinct: Transferring data to a secure computing region that is isolated from any public networks, where the data is packaged – composed of one or more data packets. The data packets are received and transmitted to the secure computing region where the data is restricted from being transmitted to a destination outside of the secure computing region. Also, see the table below for a claim-by-claim comparison. Pending US Application # 18916415 US Patent # 12149509 1. A computer-implemented method, comprising: executing a cloud-computing orchestration service of a cloud-computing environment, the cloud-computing orchestration service being configured to provision infrastructure components and deploy images to provisioned infrastructure components; receiving, by a computing component of the cloud-computing environment from the cloud-computing orchestration service, a send request corresponding to an image to be deployed to a secure computing region that is isolated from any public networks, the send request being initiated by the cloud-computing orchestration service, and the secure computing region comprising a component that restricts data from being transmitted to destinations outside of the secure computing region; obtaining, by the computing component from the cloud-computing environment, the image to be deployed to the secure computing region; and transmitting, to the secure computing region, the image, wherein transmitting the image enables a corresponding computing component of the secure computing region to perform one or more orchestration tasks to deploy the image within the secure computing region. 1. (Currently Amended) A computer-implemented method, comprising: executing a cloud-computing orchestration service of a cloud-computing environment, the cloud-computing orchestration service being configured to provision infrastructure components and deploy images to provisioned infrastructure components based at least in part on identifying an automated workflow for modifying a current state of the cloud- computing environment to conform to a desired state expressed by declarative statements in a set of configuration files; receiving, by a computing component of the cloud-computing environment from the cloud-computing infrastructure orchestration service that provisions infrastructure components and deploys images to provisioned infrastructure components of the cloud- computing environment, a send request comprising metadata corresponding to an image to be deployed to a secure computing region that is isolated from any public networks, the send request being initiated by the cloud-computing orchestration service based at least in part on detecting a modification in at least one of the set of configuration files, and the secure computing region comprising a component that restricts data from being transmitted to destinations outside of the secure computing region; obtaining, by the computing component from the cloud-computing environment, the image to be deployed to the secure computing region based at least in part on the metadata; segmenting, by the computing component, the image into a plurality of data packets with which the image is constructable, each of the plurality of data packets being individually associated with the metadata, the metadata indicating a destination for the image within the secure computing region; and transmitting, to a first data diode endpoint device of the cloud-computing environment for transmission to a second data diode endpoint device of the secure computing region, the plurality of data packets comprising the image and the metadata corresponding to the image, wherein transmitting the plurality of data packets causes at least one enables a corresponding computing component of the secure computing region to perform one or more orchestration tasks to deploy the image within the secure computing region. 2. The computer-implemented method of claim 1, wherein the secure computing region comprises a data diode endpoint device that restricts reception to a restricted set of file types. 2. (Original) The computer-implemented method of claim 1, wherein the second data diode endpoint device restricts reception to a restricted set of file types. The computer-implemented method of claim 1, wherein the cloud computing environment comprises a specialized sending card and the secure computing region comprises a specialized receiving card, and wherein the specialized sending card is connected by an optical transmit only cable to the specialized receiving card. 3. (Previously Presented) The computer-implemented method of claim 1, wherein the first data diode endpoint device comprises a specialized sending card and the second data diode endpoint device comprises a specialized receiving card, and wherein the specialized sending card is connected by an optical transmit only cable to the specialized receiving card. 4. The computer-implemented method of claim 3, wherein the image is transmitted via the optical transmit only cable. 4. (Previously Presented) The computer-implemented method of claim 3, wherein the plurality of data packets are transmitted via the optical transmit only cable. 5. The computer-implemented method of claim 1, further comprising digitally signing the image to generate a digital signature, wherein at least one component of the secure computing region verifies the digital signature as part of reconstructing the image. 5. (Previously Presented) The computer-implemented method of claim 1, further comprising digitally signing the metadata to include a digital signature, wherein at least one component of the secure computing region verifies the digital signature as part of reconstructing the image. 8. A computing system of a cloud-computing environment, comprising: a cloud-computing orchestration service that provisions infrastructure components and deploy images to provisioned infrastructure components; a processor; and a memory storing instructions that, when executed by the processor, cause the computing system to: receive, from the cloud-computing orchestration service, a send request corresponding to an image to be deployed to a secure computing region that is isolated from any public networks, the send request being initiated by the cloud-computing orchestration, and the secure computing region comprising a component that restricts data from being transmitted to destinations outside of the secure computing region; obtain the image to be deployed to the secure computing region; and transmit, to the secure computing region, the image, wherein transmitting the image enables a corresponding computing component of the secure computing region to perform one or more orchestration tasks to deploy the image within the secure computing region. 8. (Currently Amended) A computing system of a cloud-computing environment, comprising: a cloud-computing orchestration service that provisions infrastructure components and deploy images to provisioned infrastructure components based at least in part on identifying an automated workflow for modifying a current state of the cloud-computing environment to conform to a desired state expressed by declarative statements in a set of configuration files; a processor; and a memory storing instructions that, when executed by the processor, cause the computing system to: receive a send request initiated by the cloud-computing infrastructure orchestration service based at least in part on detecting a modification in at least one of the set of configuration files that provisions infrastructure components and deploys images to provisioned infrastructure components of the cloud computing environment, the send request comprising metadata corresponding to an image to be deployed to a secure computing region that is isolated from any public networks, and the secure computing region comprising a component that restricts data from being transmitted to destinations outside of the secure computing region; obtain the image to be deployed to the secure computing region based at least in part on the metadata; segment the image into a plurality of data packets with which the image can be constructed, each of the plurality of data packets being individually associated with the metadata, the metadata indicating a destination for the image within the secure computing region; and transmit, to a first data diode endpoint device of the cloud-computing environment for transmission to a second data diode endpoint device of the secure computing region, the plurality of data packets comprising the image and the metadata corresponding to the image, wherein transmitting the plurality of data packets causes at least one enables a computing component of the secure computing region to perform one or more orchestration tasks to deploy the image within the secure computing region. 9. The computing system of claim 8, wherein the secure computing region comprises a data diode endpoint device that restricts reception to a restricted set of file types. 9. (Original) The computing system of claim 8, wherein the second data -diode endpoint device restricts reception to a restricted set of file types. 10. The computing system of claim 8, wherein the cloud-computing environment comprises a specialized sending card and the secure computing region comprises a specialized receiving card, and wherein the specialized sending card is connected by an optical transmit only cable to the specialized receiving card. 10. (Previously Presented) The computing system of claim 8, wherein the first data diode endpoint device comprises a specialized sending card and the second data diode endpoint device comprises a specialized receiving card, and wherein the specialized sending card is connected by an optical transmit only cable to the specialized receiving card. 11. The computing system of claim 10, wherein the image is transmitted via the optical transmit only cable. 11. (Previously Presented) The computing system of claim 10, wherein the plurality of data packets are transmitted via the optical transmit only cable. 12. The computing system of claim 8, wherein executing the instructions further causes the processor to digitally sign the image to generate a digital signature, wherein at least one component of the secure computing region verifies the digital signature as part of reconstructing the image. 12. (Previously Presented) The computing system of claim 8, wherein executing the instructions further causes the computer system to digitally sign the metadata to include a digital signature, and wherein at least one component of the secure computing region verifies the digital signature as part of constructing the image. 15. A non-transitory computer-readable medium, the computer-readable medium including instructions that when executed by one or more processors of a computing system of a cloud-computing environment, cause the computing system to: execute a cloud-computing orchestration service configured to provision infrastructure components and deploy images to provisioned infrastructure components; receive, from the cloud-computing orchestration service, a send request corresponding to an image to be deployed to a secure computing region that is isolated from any public networks, the send request being initiated by the cloud-computing orchestration service, and the secure computing region comprising a component that restricts data from being transmitted to destinations outside of the secure computing region; obtain the image to be deployed to the secure computing region; and transmit, to the secure computing region, the image, wherein transmitting the image enables a corresponding computing component of the secure computing region to perform one or more orchestration tasks to deploy the image within the secure computing region. 15. (Currently Amended) A non-transitory computer-readable medium, the computer-readable medium including instructions that when executed by one or more processors of a computing system of a cloud-computing environment, cause the computing system to: execute a cloud-computing orchestration service configured to provision infrastructure components and deploy images to provisioned infrastructure components based at least in part on identifying an automated workflow for modifying a current state of the cloud- computing environment to conform to a desired state expressed by declarative statements in a set of configuration files; receive a send request initiated by the cloud-computing infrastructure orchestration service based at least in part on detecting a modification in at least one of the set of configuration files that provisions infrastructure components and deploys images to provisioned infrastructure components of the cloud computing environment, the send request comprising metadata corresponding to an image to be deployed to a secure computing region that is isolated from any public networks, the secure computing region comprising a component that restricts data from being transmitted to destinations outside of the secure computing region; obtain the image to be deployed to the secure computing region based at least in part on the metadata; segment the image into a plurality of data packets with which the image can be constructed, each of the plurality of data packets being individually associated with the metadata, the metadata indicating a destination for the image within the secure computing region; and transmit, to a first data diode endpoint device of the cloud-computing environment for transmission to a second data diode endpoint device of the secure computing region, the plurality of data packets comprising the image and the metadata corresponding to the image, wherein transmitting the plurality of data packets causes at least one enables a computing component of the secure computing region to perform one or more orchestration tasks to deploy the image within the secure computing region. 16. The non-transitory computer-readable medium of claim 15, wherein the cloud-computing environment comprises a specialized sending card and the secure computing region comprises a specialized receiving card, and wherein the specialized sending card is connected by an optical transmit only cable to the specialized receiving card. 17. (Previously Presented) The non-transitory computer-readable medium of claim 15, wherein the first data diode endpoint device comprises a specialized sending card and the second data diode endpoint device comprises a specialized receiving card, and wherein the specialized sending card is connected by an optical transmit only cable to the specialized receiving card, and wherein the plurality of data packets are transmitted via the optical transmit only cable. 18. The non-transitory computer-readable medium of claim 15, wherein executing the instructions further causes processor to digitally sign the image to generate a digital signature, wherein at least one component of the secure computing region verifies the digital signature as part of reconstructing the image. 18. (Previously Presented) The non-transitory computer-readable medium of claim 15, wherein executing the instructions further causes the computer system to digitally sign the metadata to include a digital signature, and wherein at least one component of the secure computing region verifies the digital signature as part of reconstructing the image. Claim Rejections - 35 USC § 102 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. (a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention. Claim(s) 1, 8, 15 is/are rejected under 35 U.S.C. 102(a)(2) as being taught by Kludy [US PGPUB # 2020/0167149]. As per claim 1. Kludy does teach a computer-implemented method [Kludy, paragraph: 0006, lines 1 – 6, In accordance with one or more aspects of the disclosure, an image update orchestrator having at least one processor, memory, and a communication interface may receive, from a client device, via an orchestrated update service provided by the computing platform, a request to upgrade a virtual machine image], comprising: executing a cloud-computing orchestration service of a cloud-computing environment, the cloud-computing orchestration service being configured to provision infrastructure components and deploy images to provisioned infrastructure components [Kludy, Figure # 8A, and paragraph: 0111, Referring to FIG. 8A, at step 801, a requesting service on behalf of a client device may send request to an image update orchestrator to upgrade a virtual machine image. For example, a requesting service in a cloud computing environment may send a request on behalf of client device 740 to image update orchestrator 710 to upgrade a virtual machine image. In some examples, client device 740 may be a policy managed device, such as a policy managed device in a development or testing environment. Client device 740 may use a requesting service associated with enterprise cloud service to send the request to image update orchestrator 710. In alternative arrangements, client 740 may send a request directly to image update orchestrator 710.]; receiving, by a computing component of the cloud-computing environment from the cloud-computing orchestration service, a send request corresponding to an image to be deployed to a secure computing region that is isolated from any public networks, the send request being initiated by the cloud-computing orchestration service [Kludy, paragraph: 0112, In some embodiments, the orchestrated update service provided by image update orchestrator may enable automated updates of virtual machine images with OS, application, and infrastructure software component on a scheduled basis. In some embodiments, the orchestrated update service may enable automated deployment of updated virtual machine images to end-users in a test user group. In some embodiments, the orchestrated update service may enable automated promotion of tested virtual machine images to end-users in a production user group], and the secure computing region comprising a component that restricts data from being transmitted to destinations outside of the secure computing region [Kludy, Figure 8A and paragraph: 0116, At step 803, the image update orchestrator may start an instance of virtual machine. For example, image update orchestrator 710 may start virtual machine instance 750 with the resources provided in the enterprise cloud computing environment and the spun up virtual machine instance may be employed as a sandbox [i.e. applicant’s secure computing region] to perform upgrade to the common image. In some examples, virtual machine instance 750 may be running on policy managed devices in a development, testing, or production environment. On alternative arrangements, virtual machine instance 750 may be spun up using resources separate from policy managed devices in the development, testing or production environment.]; obtaining, by the computing component from the cloud-computing environment, the image to be deployed to the secure computing region [Kludy, paragraph: 0113, lines 1 – 11, At step 802, the requesting service may send a virtual machine image, a plurality of software upgrades to be applied to the virtual machine image and configuration information to the image update orchestrator. For example, the requesting service may, on behalf of client device 740, send a virtual machine image, a plurality of software upgrades to be applied to the virtual machine image and configuration information The virtual machine image may be a common image used as catalog image or template to provision numerous policy managed devices in the development, testing and production environments]; and transmitting, to the secure computing region, the image, wherein transmitting the image enables a corresponding computing component of the secure computing region to perform one or more orchestration tasks to deploy the image within the secure computing region [Kludy, Figure # 8a, and paragraph: 0117, At step 804, the image update orchestrator may provision, based on the configuration information, the instance of virtual machine with the virtual machine image. For example, image update orchestrator 710 may provision virtual machine instance 750 with the received virtual machine image from client device 740 based on the configuration information. In some examples, virtual machine instance 750 may be running on a policy managed device managed by a device manager and image update orchestrator 710 may send the virtual machine image to the device manager, which may in turn install the virtual machine image on virtual machine instance 750.]. As per computing system claim 8, that includes the same or similar claim limitations as method claim 1, and is similarly rejected. ***The examiner notes that the recited “processor” “memory, storing instructions,” and “computing system,” is taught by the prior art of Kludy at paragraphs: 0029, 0105, lines 1 – 8. As per non – transitory computer-readable medium claim 15, that includes the same or similar claim limitations as method claim 1, and is similarly rejected. ***The examiner notes that the recited: “non – transitory computer-readable medium” “processor” “memory, storing instructions,” and “computing system,” is taught by the prior art of Kludy at paragraphs: 0029, 0142, 0143, and paragraph: 0105, lines 1 – 8. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or non-obviousness. Claim(s) 2, 7, 9, 14, 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Kludy [US PGPUB # 2020/0167149] in view of Doge et al. [US PGPUB # 2017/0048259] As per claim 2. Kludy does teach what is taught in the rejection of claim # 1, above. Kludy does not clearly teach the computer-implemented method of claim 1, wherein the secure computing region comprises a data diode endpoint device that restricts reception to a restricted set of file types. However, Doge does teach the rejection of claim # 1, above. Kludy does not clearly teach the computer-implemented method of claim 1, wherein the secure computing region comprises a data diode endpoint device that restricts reception to a restricted set of file types [Dodge, Figure # 2, and paragraph: 0030, lines 1 – 7, The method 200 can further include determining (e.g., using the transfer guard module 116), whether the second content includes a permission level that violates a permission level of the low side domain, contains an improper content type, or includes improper content, such as can include content with an unknown content type, a virus, malware, or other]. It would have been obvious to one ordinary skilled in the art before the effective filing date of the claimed invention to combine the teachings of Kludy and Dodge in order for the sending of the requested virtual machine update image from the image update orchestrator to the virtual machine instance in the sandbox environment of the testing environment of the cloud service enterprise of Kludy to include a permission level operation of Dodge. This would allow for the cloud enterprise and or image update orchestrator to determine if a virtual machine image update can be authorized for a virtual machine instance. See paragraph: 0007 of Dodge. As per claim 7. Kludy does not clearly teach the computer-implemented method of claim 1, wherein the send request further comprises metadata corresponding to the image to be deployed to the secure computing region, wherein transmitting the image further comprises transmitting the metadata, and wherein the metadata indicates a destination for the image within the secure computing region [Dodge, paragraph: 0008, lines 12 – 20, The system 100 includes a transfer guard module 116 [i.e. applicant’s computing component] that implements two way file transfer protocols over Transmission Control Protocol/Internet Protocol (TCP/IP) [i.e. applicant’s generating one or more data packets individually associated with metadata indicating one or more destination components for the one or more artifacts]. The system 100 includes a termination of these two-way file transfers [i.e. applicant’s artifacts] at the diode modules 112A-B, which can support one-way transfer via User Datagram Protocol (UDP). The diode modules 112A-B prevent improper two-way communications or covert exfiltration of content at the interface.]. As per computing system claim 9, that includes the same or similar claim limitations as method claim 2, and is similarly rejected. As per computing system claim 14, that includes the same or similar claim limitations as method claim 7, and is similarly rejected. As per non – transitory computer-readable medium claim 20, that includes the same or similar claim limitations as method claim 7, and is similarly rejected. Claim(s) 3, 4, 10, 11, 16, 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Kludy [US PGPUB # 2020/0167149] in view of Mraz et al. [US PGPUB # 2014/0139732] As per claim 3. Kludy does teach what is taught in the rejection of claim # 1, above. Kludy does not clearly teach the computer-implemented method of claim 1, wherein the cloud computing environment comprises a specialized sending card and the secure computing region comprises a specialized receiving card, and wherein the specialized sending card is connected by an optical transmit only cable to the specialized receiving card. However, Mraz does teach the computer-implemented method of claim 1, wherein the cloud computing environment comprises a specialized sending card and the secure computing region comprises a specialized receiving card, and wherein the specialized sending card is connected by an optical transmit only cable to the specialized receiving card [paragraph: 0006, In such systems, shown in block diagram form in FIG. 1, a first server (the Blue Server) 101 includes a transmit application 102 for sending data across a one-way data link, e.g., optical link 104, from a first network domain coupled to server 101 to a second network domain coupled to server 111. First server 101 also includes a transmit (here a photo-transmission) component, e.g., optical emitter 103. Transmit application 102 provides data to the optical emitter for transmission across the optical link 104. A second server (the Red Server) 111 includes a receive (here a photodetection) component, e.g., optical detector 113, for receiving data from the optical link 104, which data is then provided to the receive application 112 for further processing. The first server 101 is only able to transmit data to second server 111, since it does not include any receive circuitry (e.g., an optical detector comparable to detector 113) and the second server 11 is only able to receive data from first server 101, since it does not include any transmit circuitry (e.g., an optical emitter comparable to emitter 103.]. It would have been obvious to one of ordinary skilled in the art before the effective filing date of the claimed invention to combine the teachings of Kludy as modified and Mraz in order for the sending of the requested virtual machine update image from the image update orchestrator to the virtual machine instance in the sandbox environment of the testing environment of the cloud service enterprise of Kludy as modified to include sending of the virtual machine image update in real-time of Mraz. This would allow for prevention of introducing delay in the sending of the image and allow for instant sending and receiving of the image. See paragraphs: 0001, 0002 of Mraz. As per claim 4. Kludy as modified does teach the computer-implemented method of claim 3, wherein the image is transmitted via the optical transmit only cable [Mraz, paragraph: 0006, In such systems, shown in block diagram form in FIG. 1, a first server (the Blue Server) 101 includes a transmit application 102 for sending data across a one-way data link, e.g., optical link 104, from a first network domain coupled to server 101 to a second network domain coupled to server 111. First server 101 also includes a transmit (here a photo-transmission) component, e.g., optical emitter 103. Transmit application 102 provides data to the optical emitter for transmission across the optical link 104. A second server (the Red Server) 111 includes a receive (here a photodetection) component, e.g., optical detector 113, for receiving data from the optical link 104, which data is then provided to the receive application 112 for further processing. The first server 101 is only able to transmit data to second server 111, since it does not include any receive circuitry (e.g., an optical detector comparable to detector 113) and the second server 11 is only able to receive data from first server 101, since it does not include any transmit circuitry (e.g., an optical emitter comparable to emitter 103.]. As per computing system claim 10, that includes the same or similar claim limitations as method claim 3, and is similarly rejected. As per computing system claim 11, that includes the same or similar claim limitations as method claim 4, and is similarly rejected. As per non – transitory computer-readable medium claim 16, that includes the same or similar claim limitations as method claim 3, and is similarly rejected. As per non – transitory computer-readable medium claim 17, that includes the same or similar claim limitations as method claim 4, and is similarly rejected. Claim(s) 5, 12, 18 is/are rejected under 35 U.S.C. 102(a)(2) as being taught by Kludy [US PGPUB # 2020/0167149] in view of La Grone et al. [US PGPUB # 2017/0149568] As per claim 5. Kludy does teach what is taught in the rejection of claim # 1, above. Kludy does not clearly teach the computer-implemented method of claim 1, further comprising digitally signing the image to generate a digital signature, wherein at least one component of the secure computing region verifies the digital signature as part of reconstructing the image. However, La Grone does teach the computer-implemented method of claim 1, further comprising digitally signing the image to generate a digital signature, wherein at least one component of the secure computing region verifies the digital signature as part of reconstructing the image [Figure # 1, and paragraph: 0019, Third-party entity 130 may refer to any entity that is not associated with and/or is remote to enterprise 110. For example, third-party entity 130 may be another enterprise, business, country, or user that is outside of enterprise 110. In some embodiments, before artifacts 163 are sent outside of enterprise 110 (i.e., to third-party entity 130), certain security checks or reviews must be performed. EDSM 140 may validate artifact 163 using enhanced digital signatures 185 in order to ensure that proper protocol has been performed before transmitting the artifact 163 outside of enterprise 110]. It would have been obvious to one of ordinary skilled in the art before the effective filing date of the claimed invention to combine the teachings of Kludy as modified and LaGrone in order for the sending of the requested virtual machine update image from the image update orchestrator to the virtual machine instance in the sandbox environment of the testing environment of the cloud service enterprise of Kludy as modified to include sending of the updated virtual machine image with an enhanced digital signature of LaGrone. This would allow for the sent or received updated virtual machine image to be validated based on an attached attestation and the updated virtual machine image used in the required manner to which is was created for by cloud enterprise policies. See paragraphs: 0004, 0005 of LaGrone. As per computing system claim 12, that includes the same or similar claim limitations as method claim 5, and is similarly rejected. As per non – transitory computer-readable medium claim 18, that includes the same or similar claim limitations as method claim 5, and is similarly rejected. Claim(s) 6, 13, 19 is/are rejected under 35 U.S.C. 102(a)(2) as being taught by Kludy [US PGPUB # 2020/0167149] in view of Foster et al. [US PGPUB # 2015/0012751]. As per claim 6. Kludy does teach what is taught in the rejection of claim # 1, above. Kludy does not clearly teach the computer-implemented method of claim 1, wherein provisioning the infrastructure components and deploying the images to the provisioned infrastructure components are based at least in part on identifying an automated workflow for modifying a current state of the cloud-computing environment to conform to a desired state expressed by declarative statements in a set of configuration files. However, Foster does teach the computer-implemented method of claim 1, wherein provisioning the infrastructure components and deploying the images to the provisioned infrastructure components are based at least in part on identifying an automated workflow for modifying a current state of the cloud-computing environment to conform to a desired state expressed by declarative statements in a set of configuration files [paragraph: 0049, Embodiments described herein can be implemented in the form of control logic in software or hardware or a combination of both. The control logic may be stored in an information storage medium, such as a computer-readable medium, as a plurality of instructions adapted to direct an information processing device to perform a set of steps disclosed in the various embodiments. Based on the disclosure and teachings provided herein, a person of ordinary skill in the art will appreciate other ways and/or methods to implement the invention.]. It would have been obvious to one of ordinary skilled in the art before the effective filing date of the claimed invention to combine the teachings of Kludy as modified and Foster in order for the sending of the requested virtual machine update image from the image update orchestrator to the virtual machine instance in the sandbox environment of the testing environment of the cloud service enterprise of Kludy as modified to include encrypting of the requested virtual machine update image while being sent between the image update orchestrator and the virtual machine instance of Forster. This would allow for the requested virtual machine update to be secure while being sent to virtual machine instances. See paragraph: 0030, lines 5 – 12 of Forster. As per computing system claim 13, that includes the same or similar claim limitations as method claim 6, and is similarly rejected. As per non – transitory computer-readable medium claim 19, that includes the same or similar claim limitations as method claim 6, and is similarly rejected. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Chen et al. [US PGPUB # 2017/0134519], who does teach a method is provided to deploy an application in multiple cloud computing environments. The method may comprise a computing system generating a first request to deploy an application in a first cloud computing environment according to a first deployment plan and a second request to deploy the application in a second cloud computing environment according to a second deployment plan. The method may comprise selecting, from multiple communication components configured on the computing system, a first communication component to communicate with a first orchestration node in the first cloud computing environment and a second communication component to communicate with a second orchestration node in the second cloud computing environment. The method may further comprise sending the first request to the first orchestration node via the first communication component, and the second request to the second orchestration node via the second communication component. Any inquiry concerning this communication or earlier communications from the examiner should be directed to DANT SHAIFER - HARRIMAN whose telephone number is (571)272-7910. The examiner can normally be reached M - F: 9am to 5pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached at 571- 272- 3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /DANT B SHAIFER HARRIMAN/ Primary Examiner, Art Unit 2434