DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114 A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 05/14/2025 has been entered.
Claims 1-20 are presented for the examination.
Double Patenting
3. The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The filing of a terminal disclaimer by itself is not a complete reply to a nonstatutory double patenting (NSDP) rejection. A complete reply requires that the terminal disclaimer be accompanied by a reply requesting reconsideration of the prior Office action. Even where the NSDP rejection is provisional the reply must be complete. See MPEP § 804, subsection I.B.1. For a reply to a non-final Office action, see 37 CFR 1.111(a). For a reply to final Office action, see 37 CFR 1.113(c). A request for reconsideration while not provided for in 37 CFR 1.113(c) may be filed after final for consideration. See MPEP §§ 706.07(e) and 714.13.
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The actual filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/apply/applying-online/eterminal-disclaimer.
Claims 1-20 are provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of copending Application No 17/867,540. Although the claims at issue are not identical, they are not patentably distinct from each other because both computer systems comprise substantially the same elements.
Application No 17/867,540 teaches deploying a first set of containers within an environment, wherein each container included in the first set of containers includes a first service that implements a first interface and a first shim that implements a second interface( deploying a first container within an environment, wherein the first container includes a first service that implements a first interface and a first shim that implements a second interface),
Transmitting a first request that is associated with the second interface ( receiving, at the first shim, a first request associated with the second interface)
The difference between claims 1, 11, 20 of the copending application and this case are the request is outside container and request is processed by an instance of the first shim and an instance of the first service executing within the first container. It would have been obvious to one of the ordinary skill level in the art to include above feature because this reduces network latency of communications between applications executing in separate software containers.
this is a provisional nonstatutory double patenting rejection because the patentably indistinct claims have not in fact been patented.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1, 11, 20 are rejected under 35 U.S.C. 103 as being unpatentable over Smith(US 11277436 B1) in view of KIM( US 20200210242 A1) in view of Carmack( US 12034740 B1) and further in view of SUN(US 20200026859 A1).
As to claim 1, Smith teaches each container included in the first set of containers includes a first service that implements a first interface and a first shim that implements a second interface(a shim employed in connection with a container may be contained within the container, col 3, ln 35-37/ The container 110 may include a network application 112, a network communication library 114[first service], a shim library 116 , and a malicious third-party library 118[first service], col 4, ln 65-67/ The network communication library 114 may be any network communication library[ instance] that may be employed to establish network connections between two devices. Example communication libraries include, but are not limited to, curl, libcurl, POCO (the networking functionality), Boost.asio, Python socket library, and Python Requests library[first interface]. In some embodiments, the malicious third-party library 118 may also be employed to establish these network connections, and may be similar to and/or mimic the functionality[first instance] of the network communication library 114, col 5, ln 5-15/ Fig.1/ pass the API call along to the corresponding API call[first service] in the network communication library 114, col 5, ln 45-50/ the network connection call may result in the network communication library 114 and/or to the malicious third-party library 118 establishing, at action 216, the network connections requested[first interface] in the network connection calls that were sent at action 204, col 7, ln 55-60/ the shim may include a shim library, and the receiving, from the shim library, of the notifications may include receiving the notifications from the shim library due to a function[instance] from the shim library[shim] being called from within the container, col 2, ln 20-25/ As used herein, the term “shim”[shim] refers to a module or library capable of receiving and sending API calls, as well as sending notifications of received API calls[ second interface]. )
and transmitting a first request associated with the second interface to a first container ( For example, in a supply chain attack where a malicious actor gains access[first request] to a container in a supply chain by inserting a malicious library, malicious application, or other malicious code into the container, col 3, ln 65-67/ For example, malicious actors may attempt to insert a malicious library, malicious application, or other malicious code into a container in an attempt to create malicious network connections between the container and another device, col 3, ln 20-16/establishing, at action 216, the network connections requested in the network connection calls that were sent at action 204, col 7, ln 55-59 The method 200 may include, at action 204, sending network connection calls. For example, the container 110 may send, at action 204, network connection calls. In some embodiments, these network connection calls may be sent by the network application 112 that is executing within the container 110. Where these network connection calls[request] are legitimate, they may be sent via the shim library 116 and may include the unique identifier of the container 110, col 7, ln 5-15/ receiving network connection calls[request], at action 212, sending notifications of all network connections that a container has sought to establish through a shim and, at action 214, receiving the notifications. In some embodiments, the shim may include a shim library, and the receiving, from the shim library, of the notifications may include receiving the notifications from the shim library due to a function from the shim library being called from within the container, col 7, ln 20-32/ The shim library 116 may then send, at action 208, and the network communication library 114 may receive, at action 210, the network connection calls, col 7, ln 35-40/ the network connection call may result in the network communication library 114 and/or to the malicious third-party library 118 establishing, at action 216, the network connections requested in the network connection calls that were sent at action 204, col 7, ln 54-60/ The method 200 may include, at action 216, establishing actual network connections, col 7, ln 46-50/ determining whether any actual network connection does not have a corresponding notification from the shim library 116. If there is no corresponding notification, then the security application 108 may determine that the actual network connection bypassed the shim. However, if there is a corresponding notification, then the security application 108 may determine that the actual network connection did not bypass the shim. Further, the security application 108 may determine, at action 222, whether any notification failed to include the unique identifier. This determination may include determining whether a matching notification is nevertheless defective because it failed to include the unique identifier associated with the container 110…… The method 200 may include, at action 224, identifying the network connection as a malicious network connection and, at action 226, performing[process] a security action to mitigate harm from the malicious network connection[first request], col 8, ln 20-45/ Fig 2/ transmitting a first request to container since malicious actor gain access[first request] to the container or the api calls is received by components within the container, malicious network connections between the container and another device, and malicious network connections as described above ),
wherein the first request is processed by an instance of the first shim and an instance of the first service executing within the first container (the method 200 may improve the technical field of securing network devices. For example, employing a shim to identify and mitigate harm from malicious network connections by the container 110 may enable the method 200 to prevent [process] a malicious actor in the supply chain attack from stealing sensitive information from the container 110 or from granting[processing] access[first request] to the container 110 , col 9,l n 60-67 to col 10, ln 1-3/ Fig. 2/ Fig. 3/ receiving network connection calls, at action 212, sending notifications of all network connections that a container has sought to establish through a shim and, at action 214, receiving the notifications. In some embodiments, the shim may include a shim library, and the receiving, from the shim library, of the notifications may include receiving the notifications from the shim library due to a function from the shim library being called from within the container, col 7, ln 20-32/ The shim library 116 may then send, at action 208, and the network communication library 114 may receive, at action 210, the network connection calls, col 7, ln 35-40/ the network connection call may result in the network communication library 114 and/or to the malicious third-party library 118 establishing, at action 216, the network connections requested in the network connection calls that were sent at action 204, col 7, ln 54-60/ The method 200 may include, at action 216, establishing actual network connections, col 7, ln 46-50/ determining whether any actual network connection does not have a corresponding notification from the shim library 116. If there is no corresponding notification, then the security application 108 may determine that the actual network connection bypassed the shim. However, if there is a corresponding notification, then the security application 108 may determine that the actual network connection did not bypass the shim. Further, the security application 108 may determine, at action 222, whether any notification failed to include the unique identifier. This determination may include determining whether a matching notification is nevertheless defective because it failed to include the unique identifier associated with the container 110…… The method 200 may include, at action 224, identifying the network connection as a malicious network connection and, at action 226, performing a security action to mitigate harm from the malicious network connection, col 8, ln 20-45/ Fig 2 to Fig.3/ first request is processed by an instance of the first shim and an instance of the first service since the method 200 is used to process the access by using instance of shim and instance of communication library 114 to produce the notification, actual network connection and comparing the notification produced by instance of shim and actual network connection to process the access ) as described above in method 200 of Fig 2a and Fig 2b ,
they may be sent, at action 204, by the network application 112 from within the container 110 and received, at action 206, at the shim library 116. The shim library 116 may then send, at action 208, and the network communication library 114 may receive, at action 210, the network connection calls, col 7, ln 33-40/ sending network connection calls, at action 210, receiving network connection calls, at action 212, sending notifications of all network connections that a container has sought to establish through a shim and, at action 214, receiving the notifications. In some embodiments, the shim may include a shim library, and the receiving, from the shim library, of the notifications may include receiving the notifications from the shim library due to a function from the shim library being called[ processing request] from within the container, col 7, ln 20-30/ When each API call is made to the shim library 116, not only may the shim library 116 pass the API call along to the corresponding API call in the network communication library 114, col 5, ln 45-50/ the method 200 may include, at action 216, establishing actual network connections. For example, whether the network connection calls are legitimate and sent via the shim library 116 with a unique identifier of the container 110, or are illegitimate and sent directly to the network communication library 114 and/or to the malicious third-party library 118 or sent to the shim library 116 without the unique identifier, the network connection call may result[processing request] in the network communication library 114 and/or to the malicious third-party library 118 establishing, at action 216, the network connections requested in the network connection calls that were sent at action 204., col 7, ln 47-59/The network communication library 114 may be any network communication library that may be employed to establish network connections between two devices. Example communication libraries include, but are not limited to, curl, libcurl, POCO (the networking functionality), Boost.asio, Python socket library, and Python Requests library. In some embodiments, the malicious third-party library 118 may also be employed to establish these network connections, and may be similar to and/or mimic the functionality of the network communication library 114, col 5, ln 5-15/ api calls are received by the shim and communication library 114 within the container , shim and communication library process the api calls to produce the notification and actual network connection to grant access to container described above ).
Kim teaches transmitting, to a first container included in the first set of containers, a first request is received from outside of the first container( multiple GPUs are allocated to a single container, a single GPU is shared by multiple containers, or multiple GPUs are shared by multiple containers, can be implemented by expanding a container virtualization technique, para[0008], ln 2-8/ Referring to FIG. 1, the software structure of a GPU virtualization system 100 is configured of a physical GPU 110, an operating system 120, and a plurality of containers 130. The operating system 120 is configured of a node controller 121, a container engine 123, and an operating system kernel 125, para[0020] to para[0021]/ The node controller 121 may transfer a configuration file including resource constraint information and a system call/API profile to the container 130 and store them in the container, para[0022], ln 1-5/ the node controller 121 transmits a configuration file including GPU resource constraint information and a system call/API profile to the container (step S203). The library controller and the system call controller in the container may receive and store the configuration file including the resource constraint information. When the container is executed, as the library controller 137 provided in the container intercepts the library call and changes an argument related to the GPU resource amounts, and the system call controller 139 intercepts the system call and changes the argument and return values, the virtual GPU is implemented (step S205). At this point, the library controller 137 may change structure fields and return values, as well as the arguments related to the GPU resource amounts, and call the original library function, para[0033] to para[0034]/ That is, as the library controller 137 in the container intercepts the library call and changes arguments related to the GPU resource amounts and the system call controller 139 intercepts the system call and changes argument and return values, a virtual GPU can be implemented, para[0031])/ wherein operations of the system call controller, with respect to intercepting the system call, claim 1, ln 28-33/ wherein operations of the library controller, with respect to intercepting the library call , claim 1, ln 26-30/ The GPU library 133 may include a library so that a deep learning framework may operate, and for example, at least one of deep learning frameworks such as TensorFlow, Caffe, Pytorch, CNTK and Chainer may operate, para[0027]).
It would have been obvious to one of the ordinary skill in the art before the effective filing date of claimed invention was made to modify the teaching of Smith with Kim to incorporate the above feature because this provides an option for limiting a maximum amount of hardware resources available for each container.
Kim teaches library controller is interceptor the API and Carmack teaches the interceptor the API is a Shim( Specifically, FIG. 5 depicts a computing device 502 with system hardware 528 running a container encapsulation engine 530 that provides support for running one or more software containers 506A-06N in the container instances 504A-N. Information about the software container 506A-06N, such as communications between the software containers and external entities may be collected by the agents 514A-14N and relayed to a container migration service 512 through a network 532, col 19, ln 15-25/ The agents 514A-14N may be embedded as a container wrapper in within its respective software container or implemented as a shim (i.e., an application that transparently intercepts application programming interface calls before redirecting the calls to the target software application) resident within the container instance hosting the software container of the software application, col 19, ln 40-50/ The customers 202 may utilize the functionality provided by these services by making web service application programming interface function calls through the front-end service 204, which may be configured to receive requests from the customers 202 and forward the requests to the appropriate service, col 8, ln 48-54).
It would have been obvious to one of the ordinary skill in the art before the effective filing date of claimed invention was made to modify the teaching of Smith, Kim with Carmack to incorporate the above feature because reduces network latency of communications between applications executing in separate software containers.
Smith does not explicitly teaches executing one or more services in a technology stack, the method comprising: deploying a first set of containers within an environment for an instance of shim and the first service executing within the first container. However, Sun teaches executing one or more services in a technology stack, the method comprising: deploying a first set of containers within an environment for an instance of shim and the first service executing within the first container ( Some popular uses for containers and container management tools include deployment of web applications, such as web server containers (e.g., nginx, Tomcat, httpd, php, etc.) and data store containers (e.g., MySQL, Redis, MongoDB, and Postgres), para[0035], ln 1-7/ the processes inside the container 324 may be normal processes with different attributes, such as pid, uid, and gid, when viewed from the host operating system. For example, each container may include a process with PID 1 318, but the same process may have a PID larger than 1000 on the host operating system, para[0041], ln 8-15/ multiple processes may be running inside a container, as shown at 324, even if only one service is hosted. Therefore, the system call tracing component 108 may need to ensure that all the processes inside the container at 324 are correctly identified to adequately collect the invoked system calls. System call tracing may be performed by using a static analyzer to extract all the system calls used from a container image or by using a dynamic analyzer to collect the system calls invoked during the container booting and running stages. For example, the Linux Strace tool may be used to dynamically trace the necessary system calls for a given application container. Process mapping between the container and a host operating system may be used to trace container processes outside 326 the container, para[0040], ln 5-21).
It would have been obvious to one of the ordinary skill in the art before the effective filing date of claimed invention was made to modify the teaching of Smith, Kim and Carmack with Sun to incorporate the feature of executing one or more services in a technology stack, the method comprising: deploying a first set of containers within an environment for an instance of shim and the first service executing within the first container because this allows these popular container management tools to obtain and customize a set of necessary system calls for a given application. considerations are addressed by the approaches set forth herein.
As to claims 11, 20, they are rejected for the same reasons as to claims 1, 5 above.
Claims 2, 12 are rejected under 35 U.S.C. 103 as being unpatentable over Smith(US 11277436 B1) in view of KIM( US 20200210242 A1) in view of Carmack( US 10268514 B1) in view of SUN(US 20200026859 A1) and further in view of Ruty(US 20190079788 A1).
As to claim 2, Ruty teaches building a first image as a series of layers, wherein the first image is associated with the first set of containers, and the series of layers includes the first service and the first shim; and executing the first image within each container included in the first set of containers(virtualize a container image at the host 302 for purposes of running a container using the contain image virtualized at the host 302. A container image can be virtualized at the host 302, para[0055], ln 1-5/ Blocks, or otherwise portions, of a container image can include portions of data in a container image that can be used to run a container. Specifically, blocks of a container image can include an entire layer of a plurality of incremental layers of a contain image. For example, a block of a container image can include a first layer of 24 sequential layers of the container image used in beginning execution of a container using the container image. Additionally, blocks of a container image can include portions of a layer of a container image. For example, a block of a container image can include a portion of a layer of the container image used to resume execution of a container using the container image, para[0056]).
It would have been obvious to one of the ordinary skill in the art before the effective filling date of claim invention was made to modify the teaching of Smith Kim, Carmack and Sun with Ruty to incorporate the feature of building a first image as a series of layers, wherein the first image is associated with the first set of containers, and the series of layers includes the first service and the first shim; and executing the first image within each container included in the first set of containers because this allows for fast container execution.
As to claim 12, Ruty teaches deploying the first set of containers comprises: applying a series of changes to a first image to add the first service and the first shim to the first image, wherein the first image is associated with the first set of containers; and executing the first image within each container included in the first set of containers( para[0063], ln 1-16/ para[0062]/ para[0061], ln 1-12) for the same reason as to claim 1 above.
Claims 3, 4, 13 are rejected under 35 U.S.C. 103 as being unpatentable over Smith(US 11277436 B1) in view of KIM( US 20200210242 A1) in view of Carmack( US 10268514 B1) in view of SUN(US 20200026859 A1) and further in view of Sangle(US 20210405902 A1).
As to claim 3, Smith, Kim, Carmack and Sun do not teach deploying a second set of containers within the environment, wherein each container included in the second set of containers includes a second service that implements a third interface and a second shim that implements the second interface; and transmitting a second request associated with the second interface to a second container included in the second set of containers, wherein the second request is processed by an instance of the second shim and an instance of the second service executing within the second container. However, Sangle teaches deploying a second set of containers within the environment, wherein each container included in the second set of containers includes a second service that implements a third interface and a second shim that implements the second interface; and transmitting a second request associated with the second interface to a second container included in the second set of containers, wherein the second request is processed by an instance of the second shim and an instance of the second service executing within the second container( one or more clusters of storage nodes while maintaining high availability of the data, capacity management, and performance across the storage nodes of the clusters, para[0030], ln 2-6/ scalable storage container node system 202 includes a storage container node cluster 204, which includes storage container nodes 206, 208, 210, and 212, para[0042], ln 6-10/ The storage container node 302 shown in FIG. 3 includes a server layer 304, an operating system layer 306, a container engine 308, a web server container 310, an email server container 312, a web application container 314, and a privileged storage container 316, para[0053], ln 10/ For instance, the web server container 220 may provide files such as webpages to client machines upon request. The email server 312 may handle the receipt and transmission of emails as well as requests by client devices to access those emails. The web application container 314 may be configured to execute any type of web application, such as an instant messaging service, an online auction, a wiki, or a webmail service, para[0059], ln 7-17/ n different computing environments. For example, a software container may transmit a storage request to the container engine 308 via a standardized interface. The container engine 308 may transmit the storage request to the privileged storage container 316. The privileged storage container 316 may then communicate with privileged storage containers located on other storage container nodes and/or may communicate with hardware resources located at the storage container node 302 to execute the request, para[0060], ln 9-20).
It would have been obvious to one of the ordinary skill in the art before the effective filling date of claim invention was made to modify the teaching of Smith, Kim, Carmack and Sun with Sangle to incorporate the feature of deploying a second set of containers within the environment, wherein each container included in the second set of containers includes a second service that implements a third interface and a second shim that implements the second interface; and transmitting a second request associated with the second interface to a second container included in the second set of containers, wherein the second request is processed by an instance of the second shim and an instance of the second service executing within the second container because this provides need for dynamic provisioning of heterogeneous systems in order to improve capacity management, high availability, and performance.
As to claim 4, Sangle teaches further comprising, in response to deploying the second set of containers within the environment, removing the first set of containers from the environment( para[0050], ln 5-10) for the same reason as to claim 3 above.
As to claim 13, it is rejected for the same reason as to claim 3 above.
Claims 5, 15 are rejected under 35 U.S.C. 103 as being unpatentable over Smith(US 11277436 B1) in view of KIM( US 20200210242 A1) in view of Carmack( US 10268514 B1) in view of SUN(US 20200026859 A1) and further in view of Thoemmes(US 20220027203 Al).
As to claim 5, It is rejected for the same reason as to claim 1 above. In additional, Thoemmes teaches receiving, via a messaging system, a first message associated with the first request from the first container; and transmitting, via the messaging system, the first message to one or more additional containers included in the first set of containers( the function management module 125 may determine a number of function instances that may be safely executed within the runtime container 210A. The function management module may then direct a load balancer to instantiate the determined number of function instances within the runtime container 210A. If a new request is received and the runtime container 210 has reached the maximum number of function instances, an additional runtime container 210B may be created to execute another function instance in response to the request. Accordingly, the function management module 125 may determine whether a runtime container 210A or 210B has available resources and direct new function instances to a runtime container with available resources, para[0020], ln 1-19).
It would have been obvious to one of the ordinary skill in the art before the effective filling date of claim invention was made to modify the teaching of Smith, Kim, Carmack and Sun with Sangle to incorporate the feature of receiving, via a messaging system, a first message associated with the first request from the first container; and transmitting, via the messaging system, the first message to one or more additional containers included in the first set of containers because this allows determined number of allowed function instances run in the runtime container in response to concurrent requests for the function.
As to claim 15, it is rejected for the same reason as to claim 5 above.
Claims 6, 16 are rejected under 35 U.S.C. 103 as being unpatentable over Smith(US 11277436 B1) in view of KIM( US 20200210242 A1) in view of Carmack( US 10268514 B1) in view of SUN(US 20200026859 A1) in view of Thoemmes(US 20220027203 Al) and further in view of Wagner(US 9727725 B2)
As to claim 6, Smith, Kim, Carmack and Thoemmes do not teach the first message comprises one or more parameters included in the first request and a first status associated with processing the first request. However, Wagner teaches the first message comprises one or more parameters included in the first request and a first status associated with processing the first request( A user request may specify one or more third-party libraries (including native libraries) to be used along with the user code. In one embodiment, the user request is a ZIP file containing the user code and any libraries (and/or identifications of storage locations thereof). In some embodiments, the user request includes metadata that indicates the program code to be executed, the language in which the program code is written, the user associated with the request, and/or the computing resources (e.g., memory, CPU, storage, network packets, etc.) to be reserved for executing the program code. For example, the program code may be provided with the request, previously uploaded by the user, provided by the virtual compute system 110 (e.g., standard routines), and/or provided by third parties. In some embodiments, resource-level constraints (e.g., how much memory is to be allocated for executing a particular user code) are specified for the particular user code, and may not vary over each execution of the user code, col 7, ln 35-55).
It would have been obvious to one of the ordinary skill in the art before the effective filling date of claim invention was made to modify the teaching of Smith, Kim, Carmack, Sun and Thoemmes with Wagner to incorporate the feature of the first message comprises one or more parameters included in the first request and a first status associated with processing the first request because this enable a computing device to provide different desired functionalities, or to provide similar functionalities more efficiently.
As to claim 16, it is rejected for the same reason as to claim 6 above.
Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over Smith(US 11277436 B1) in view of KIM( US 20200210242 A1) in view of Carmack( US 10268514 B1) in view of SUN(US 20200026859 A1) in view of Thoemmes(US 20220027203 Al) and further in view of Fong(US 20210208941 A1).
As to claim 7, Fong teaches the messaging system comprises a publish-subscribe messaging system( If controller 212 decides to run the function in a separate container, then a new remote request is made to execute the call in a separate container. The medium for the request could be, for example, Transmission Control Protocol (TCP), HyperText Transfer Protocol (HTTP), Remote Procedure Call (RPC), Simple Object Access Protocol (SOAP), Publish/Subscribe (PUB/SUB), para[0051], ln 3-12).
It would have been obvious to one of the ordinary skill in the art before the effective filling date of claim invention was made to modify the teaching of Smith, Kim, Carmack, Sun and Thoemmes with Fong to incorporate the feature of messaging system comprises a publish-subscribe messaging system because this enable a user to develop and manage application functions without the complexities of developing and deploying an application.
Claims 8, 17 are rejected under 35 U.S.C. 103 as being unpatentable over Smith(US 11277436 B1) in view of KIM( US 20200210242 A1) in view of Carmack( US 10268514 B1) in view of SUN(US 20200026859 A1) and further in view of Yamagami(US 20180173569 A1).
As to claim 8, Yamagami teaches transmitting the first request to the first container comprises determining that the first request should be routed to the first container based on a load-balancing technique( the load balancer 41 determines a container 11 for executing a process corresponding to the request and outputs the request to the determined container 11, para[0131], ln 6-11).
It would have been obvious to one of the ordinary skill in the art before the effective filling date of claim invention was made to modify the teaching of Smith, Kim, Carmack and Sun with Yamagami to incorporate the feature of transmitting the first request to the first container comprises determining that the first request should be routed to the first container based on a load-balancing technique because this suppresses a reduction in the availability and portability of the so-called microservices.
As to claim 17, it is rejected for the same reason as to claim 8 above.
Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over Smith(US 11277436 B1) in view of KIM( US 20200210242 A1) in view of Carmack( US 10268514 B1) in view of SUN(US 20200026859 A1) and further in view of LIU(US 20210294623 A1).
As to claim 9, LIU teaches the instance of the first shim processes the first request associated with the second interface by converting the first request into a second request associated with the first interface(when the first process in the first container serves as a client to request a service from the server, a preset interface function (for example, a transact interface function) is actually invoked, and a data format of the content information in the request message sent by the first process complies with a structure format of the interface. When notifying the second process that there is a request message needing to be processed, the server also needs to invoke a preset interface function (for example, a notify interface function), and a data format of the content information of the sent request message should comply with a structure format of the interface. Therefore, the server needs to modify a format of the content information stored by the first process in the private memory 2412, so that the second process, needing to process the request message, in the first container can receive the request message, and perform a corresponding action based on the content information in the request message, para[0098], ln 5-25).
It would have been obvious to one of the ordinary skill in the art before the effective filling date of claimed invention was made to modify the teaching of Smith, Kim, Carmack and Sun with LIU to incorporate the feature of teach the instance of the first shim processes the first request associated with the second interface by converting the first request into a second request associated with the first interface because this ensures consistency of data processing processes of a plurality of containers.
Claim 10 is rejected under 35 U.S.C. 103 as being unpatentable over Smith(US 11277436 B1) in view of KIM( US 20200210242 A1) in view of Carmack( US 10268514 B1) in view of SUN(US 20200026859 A1) and further in view of TAYLOR(US 20180285494 A1).
As to claim 10, Taylor teaches the first service comprises at least one of a model repository, a feature store, a model training service, or a model execution service(system arranged to store a plurality of application containers, each application container including components required to execute a model and each application container defining a computing environment suitable for implementing the model, para[0010]).
It would have been obvious to one of the ordinary skill in the art before the effective filling date of claimed invention was made to modify the teaching of Smith, Kim, Carmack and Sun with Taylor to incorporate the feature of teach the instance of the first shim processes the first request associated with the second interface by converting the first request into a second request associated with the first interface because this provides the model implementer is arranged to implement the model using a stateless container suitable for implementing the model
Claim 14 is rejected under 35 U.S.C. 103 as being unpatentable over Smith(US 11277436 B1) in view of KIM( US 20200210242 A1) in view of Carmack( US 10268514 B1) in view of SUN(US 20200026859 A1) in view of Sangle(US 20210405902 A1) and further in view of LIU(US 20210294623 A1).
As to claim 14, Liu teaches transmitting the second request to the second container comprises determining that the second request should be routed to the second container based on one or more fields included in the request(the namespace filtering module 244 may record the control information in the request message sent by the container 250 into the private service linked list 2411. For example, information recorded in the private service linked list 2411 may include but is not limited to: an identifier ID of the first process, an identifier ID of the second process, information indicating that the first process is a requesting party sending a request message, and information indicating that the second process is a requested party needing to be notified by the server to perform request message processing, para[0065], ln 6-11) for the same reason as to claim 9 above.
It would have been obvious to one of the ordinary skill in the art before the effective filling date of claimed invention was made to modify the teaching of Smith, Kim, Carmack, Sun and Sangle with LIU to incorporate the feature of transmitting the second request to the second container comprises determining that the second request should be routed to the second container based on one or more fields included in the request because this ensures consistency of data processing processes of a plurality of containers.
Claim 18 is rejected under 35 U.S.C. 103 as being unpatentable over Smith(US 11277436 B1) in view of KIM( US 20200210242 A1) in view of Carmack( US 10268514 B1) in view of SUN(US 20200026859 A1) and further in view of Zhang(US 20200250074 A1).
As to claim 18, Zhang teaches wherein the second interface comprises a representational state transfer application programming interface( The authentication container 320 may use a local file system's private key(s), a one-time token, and/or another authentication technique or combination thereof to obtain the authentication data. Alternatively or additionally, the authentication container 320 may expose an API (e.g., a REST API) to support authentication-related operations such as supplying authentication data to an authentication manager 310, deleting authentication data, rotating authentication data (e.g., rotating credentials), managing a location that stores authentication data, and/or another authentication-related operation or combination thereof, para[0072], ln 10-24).
It would have been obvious to one of the ordinary skill in the art before the effective filling date of claimed invention was made to modify the teaching of Smith, Kim, Carmack and Sun with Zhang to incorporate the feature of wherein the second interface comprises a representational state transfer application programming interface because this allows microservice applications, different microservices are independently deployable as separate executables.
Claim 19 is rejected under 35 U.S.C. 103 as being unpatentable over Smith(US 11277436 B1) in view of KIM( US 20200210242 A1) in view of Carmack( US 10268514 B1) in view of SUN(US 20200026859 A1) and further in view of Rochette(US 20050060722 A1).
As to claim 19, Rochette teaches the first interface comprises a first set of objects and a first set of functions and the second interface comprises a second set of objects and a second set of functions ( A container comprises one or more application programs including one or more processes, and associated system files for use in executing the one or more processes; but containers do not comprise a kernel; each container has its own execution file associated therewith for starting one or more applications, para[0014], ln 12-20).
It would have been obvious to one of the ordinary skill in the art before the effective filling date of claimed invention was made to modify the teaching Smith, Kim, Carmack and Sun with Rochette to incorporate the feature of the first interface comprises a first set of objects and a first set of functions and the second interface comprises a second set of objects and a second set of functions because this allows applications to be easily moved between platforms, without the requirement for a separate and distinct operating system for each application.
Response to the argument:
A. Applicant amendment filed on 05/14/2025 has been considered but they are not persuasive:
Applicant argued in substance that :
(1) “ references also fail to teach or suggest the above limitations of amended claim 1 ”
B. Examiner respectfully disagreed with Applicant's remarks:
As to the point (1), Kim teaches multiple GPUs are allocated to a single container, a single GPU is shared by multiple containers, or multiple GPUs are shared by multiple containers, can be implemented by expanding a container virtualization technique, para[0008], ln 2-8/ Referring to FIG. 1, the software structure of a GPU virtualization system 100 is configured of a physical GPU 110, an operating system 120, and a plurality of containers 130. The operating system 120 is configured of a node controller 121, a container engine 123, and an operating system kernel 125, para[0020] to para[0021]/ The node controller 121 may transfer a configuration file including resource constraint information and a system call/API profile to the container 130 and store them in the container, para[0022], ln 1-5/ the node controller 121 transmits a configuration file including GPU resource constraint information and a system call/API profile to the container (step S203). The library controller and the system call controller in the container may receive and store the configuration file including the resource constraint information. When the container is executed, as the library controller 137 provided in the container intercepts the library call and changes an argument related to the GPU resource amounts, and the system call controller 139 intercepts the system call and changes the argument and return values, the virtual GPU is implemented (step S205). At this point, the library controller 137 may change structure fields and return values, as well as the arguments related to the GPU resource amounts, and call the original library function, para[0033] to para[0034]/ That is, as the library controller 137 in the container intercepts the library call and changes arguments related to the GPU resource amounts and the system call controller 139 intercepts the system call and changes argument and return values, a virtual GPU can be implemented, para[0031])/ wherein operations of the system call controller, with respect to intercepting the system call, claim 1, ln 28-33/ wherein operations of the library controller, with respect to intercepting the library call , cliam 1, ln 26-30/ The GPU library 133 may include a library so that a deep learning framework may operate, and for example, at least one of deep learning frameworks such as TensorFlow, Caffe, Pytorch, CNTK and Chainer may operate, para[0027]).
Kim teaches library controller is interceptor the API and Carmack teaches the interceptor the API is a Shim( Specifically, FIG. 5 depicts a computing device 502 with system hardware 528 running a container encapsulation engine 530 that provides support for running one or more software containers 506A-06N in the container instances 504A-N. Information about the software container 506A-06N, such as communications between the software containers and external entities may be collected by the agents 514A-14N and relayed to a container migration service 512 through a network 532, col 19, ln 15-25/ The agents 514A-14N may be embedded as a container wrapper in within its respective software container or implemented as a shim (i.e., an application that transparently intercepts application programming interface calls before redirecting the calls to the target software application) resident within the container instance hosting the software container of the software application, col 19, ln 40-50/ The customers 202 may utilize the functionality provided by these services by making web service application programming interface function calls through the front-end service 204, which may be configured to receive requests from the customers