Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
Currently pending claims are 1 – 20.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claim 17 is rejected under 35 U.S.C. 101 because the claim(s) is/are directed to “A computer program product”, which is merely an example of functional descriptive material, (i.e. software per se), and is nonstatutory under 35 USC 101. By not limiting the computer program product (a) to being stored / embedded on a computer readable storage device (or a non-transitory storage medium), it may be reasonably interpreted as being intended to merely include communication medium that include signal / carrier wave which “bear" instructions as claimed and there is a lack of the required functional and structural interrelationship between the software and the computer storage device that permits the functionality of the software (b) to be realized / executed upon access by a hardware processor. This ability is what underlies the ability to provide a practical application. Warmerdam, 33 F.3d at 1361, 31 USPQ2d at 1760. In re Sarkar, 588 F.2d 1330, 1333, 200 USPQ 132, 137 (CCPA 1978). See MPEP § 2106 (IV.B).1(a).
It is respectfully suggested by the Examiner to amend the claim as “A computer program product … comprising a computer storage medium” should be replaced with either:
(a) “A computer program product … embedded in a non-transitory computer readable storage medium”, or
(b) “A computer program product … embedded in a computer readable storage device”. Any other claims not addressed are rejected by virtue of their dependency.
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the exclaimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1 – 20 are rejected under 35 U.S.C.103 as being unpatentable over Quevedo et al. (U.S. Patent 11,625,491), in view of Franco et al. (U.S. Patent 11,720,675), and in view of McBride et al. (EP 305-7283).
As per claim 1, 9 & 17, Quevedo teaches a method for security breach auto-containment and auto-remediation, comprising:
identifying a tenant compromised by a security breach in a multi-tenant cloud environment including at least one virtual machine (VM) (Quevedo: Col. 24 Line 1 – 11 & Col. 18 Line 20 – 23: identifying a compromised requestor (i.e. a user / tenant / client) based on a security threshold mechanism in a multi-tenant cloud-based environment including a plurality of virtual machines (VMs));
However, Quevedo does not disclose expressly storing at least one snapshot of the at least one VM.
Franco (& Quevedo) teaches storing at least one snapshot of the at least one VM (Franco: see above & Col. 6 Line 33 – 41: storing a snapshot of a target user VM of interest to capture a state of a (potentially compromised) user VM for verification w.r.t. a security attack).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention was made to propose the modification of storing at least one snapshot of the at least one VM because Franco teaches to alternatively, effectively and securely provide a comprehensive security mechanism by storing a snapshot of a target user VM of interest to capture a state of a (potentially compromised) user VM for verification w.r.t. a security attack (see above) within the Quevedo’s system of identifying a compromised requestor (i.e. a user / tenant / client) based on a security threshold mechanism in a multi-tenant cloud-based environment including a plurality of virtual machines (VMs) (see above).
automatically performing containment of the security breach by mitigating the tenant compromised by the security breach (Quevedo: see above & Col. 18 Line 20 – 23: the compromised tenant (i.e. requestor) is blocked upon a detection of the security breach to mitigate the impact to the entire system); and
automatically performing remediation of at least one salvageable image in the multi-tenant cloud environment by (see below):
migrating one or more other tenants not yet compromised by the security breach in the multi-tenant cloud environment to a sandbox (Quevedo: see above & Col. 18 Line 15 – 19: a requestor (user / tenant), who sends a request and may be potentially compromised or likely to be a legitimate user, is sandboxed for verification to determine whether exceeding a threshold number of matches within a predefined and/or dynamic time period and accordingly to conclude whether the requestor has been compromised or not, based on a threshold number of matches to conclude a data leakage (e.g. a compromised credential), and if so, the target requestor (tenant) should be blocked accordingly to mitigate the security impact);
verifying the one or more other tenants are not compromised by the security breach by testing the one or more other tenants in the sandbox for a probationary period (Quevedo: see above & Col. 18 Line 15 – 19: a requestor (user / tenant), who sends a request and may be potentially compromised or likely to be a legitimate user (i.e. not yet compromised), is sandboxed for verification to determine whether exceeding a threshold number of matches within a predefined and/or dynamic time period (i.e. a probationary period) and accordingly to conclude the requestor is not compromised if not exceeding the threshold number of matches).
However, Quevedo as modified does not disclose expressly migrating the one or more other tenants to a new cloud container in production environment in response to the verifying.
McBride (& Quevedo as modified) teaches migrating the one or more other tenants to a new cloud container in production environment in response to the verifying (McBride: Col. 7 Line 7 – 14 / Line 16 – 18 & Col. 8 Line 10 – 14 / Line 27 – 29: in response to a verification and detection of a security breach, based upon a threshold confidence level, that indicates a target VM is compromised, and as a result, the compromised VM is sandboxed and quarantined; while on the other hand, other users (tenants), not compromised, are migrated to a replacement VM (i.e. a new cloud container) other than the sandbox (i.e. a production VM environment)).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention was made to propose the modification of migrating the one or more other tenants to a new cloud container in production environment in response to the verifying because McBride teaches to alternatively, effectively and securely enhance the security responsive to a verification and detection of a security breach, based upon a threshold confidence level, that indicates a VM is compromised, and as a result, the compromised VM is sandboxed and quarantined; while on the other hand, other users (tenants), not compromised, are migrated to a replacement VM (i.e. a new cloud container) other than the sandbox (i.e. a production VM environment (see above) within the Quevedo’s system of identifying a compromised requestor (i.e. a user / tenant / client) based on a security threshold mechanism in a multi-tenant cloud-based environment including a plurality of virtual machines (VMs) (see above).
As per claim 2, 10 & 18, Quevedo as modified teaches wherein the mitigating comprises freezing or deleting the tenant compromised by the security breach (Quevedo: see above & Col. 18 Line 20 – 23: blocking (i.e. freezing) the requestor / tenant compromised by the security breach as a result of verification).
As per claim 3, 6, 11, 14 & 19, the instant claim is directed to a claimed content having functionality corresponding to the Claims 1, and are rejected by a similar rationale.
As per claim 4, 12 & 20, Quevedo as modified teaches creating a dummy container or virtual machine with fake data (McBride: see above & Col. 7 Line 32 – 37 and Col. 8 Line 38 – 45: the compromised VM is maintained as a honey pot (i.e. a dummy VM container), to lure the attacker to continue to use the fake resources so as to collect the malicious behaviors from the attacker).
As per claim 5 & 13, Quevedo as modified teaches determining there are no active malware present on each virtual machine corresponding to the one or more other tenants; and determining there are no malware traces, fragments, or remnants on each virtual machine corresponding to the one or more other tenants (Quevedo: see above & Col. 18 Line 4 – 23: providing (a) an enhanced verification mechanism with a trade-off (reasonable) threshold level as well as implementing (b) a detected computing entity (as compromised) would be blocked to justify there is no active malware present and no malware traces / fragments existed to spread the malicious malware).
As per claim 7 & 15, Quevedo as modified teaches providing one or more notifications of the security breach to a security operations center for the multi-tenant cloud environment (Quevedo: see above & Col. 18 Line 10 – 23: a security alert is sent to an administrator of the multi-tenant cloud-based environment).
As per claim 8 & 16, Quevedo as modified teaches providing one or more recommended remediation actions to the security operations center (Franco: see above & Col. 6 Line 26 – 28) || (Quevedo: see above).
Any inquiry concerning this communication or earlier communications from the examiner should be directed to LONGBIT CHAI whose telephone number is (571)272-3788. The examiner can normally be reached Monday - Friday 9:00am-5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn D. Feild can be reached at 571-272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
---------------------------------------------------
/Longbit Chai/
Longbit Chai E.E. Ph.D.
Primary Examiner, Art Unit 2431
No. #2579 – 2025 ---------------------------------------------------