INITIATING EXECUTABLE CONTAINERS IN TRUSTED EXECUTION ENVIRONMENTS

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Claims 1-20 are pending. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Yang et Al. (US PGPUB 20220335139) in view of Dunn (US PGPUB 20120216052), further in view of Kon (Performance Improvement of File Operations on OverlayFS for Containers), each listed reference was cited in the PTO-892 issued on 6/11/2025. As per Claim 1, Yang teaches A method comprising: identifying, by an agent(container engine) running in a trusted execution environment, an encrypted first disk image comprising data associated with an executable container, wherein the encrypted first disk image was stored in the TEE by a container engine(registry) executing outside of the TEE (par. 0019; par. 0022, lines 1-6; par. 0027; figure 2-3, container engine is the agent identify or requesting for specific image (first disk) from the registry is the container engine in the claim which returns/stores the image to the TEE, figure 2, element 2 and figure 3, element 7); storing, in the TEE, an empty second disk image that is separate from the first disk image(par. 0030.; par. 0037; par. 0043; each layer of the container image acts as a layer as each can be downloaded as an image, creation of the new layer is the second image which is empty as its new); encrypting, decrypting, by the agent, the encrypted first disk image to generate a decrypted first disk image (par. 0022, lines 6-13); and generating, by the agent, an overlay between the decrypted first disk image and the encrypted second disk image (par. 0020, lines 1-7; par. 0038, Par. 0043; par. 48; image is a layer based image and new layers for adding changes to the image are added over the existing layers making previous layers immutable or read-only which implies overlayer writable layers over the existing layers, figure 1 also shows how layers added or overlayed on the existing layers). Yang do not specifically disclose(bolded) storing, in the TEE by the container engine, an empty second disk image that is separate from the first disk image; encrypting, by the agent, using one or more keys generated by the agent, the second disk image to generate an encrypted second disk image; and creating, by the agent, a file system on the second disk image and generating, by the agent, an overlay between the decrypted first disk image and the encrypted second disk image to generate a single directory structure that contains files and subdirectories from the decrypted first disk image and the encrypted second disk image. However Dunn teaches storing, in the TEE by the container engine(cloud controller), an empty second disk image(machine specific area 76) that is separate from the first disk image(base image 72) (par. 0024, par. 0032, machine specific data area 76 is empty second disk image generated by container engine/cloud controller within the VM, a virtual machine a isolated container or an enclave); encrypting, by the agent(disk encryptor), using one or more keys generated by the agent, the second disk image to generate an encrypted second disk image(par. 0023, par. 0032, par. 33, ); and creating, by the agent (disk encryptor), a file system on the second disk image (par. 0026, lines 1-6, par. 33; data and changes are stored in specific area 76 which implies creation of file system by the agent). It would have been obvious to a person of ordinary skill in art before the effective filling date of the invention to implement the function of Dunn into the method of Yang to have disk image encrypted by agent and creating file system in the disk image. The modification would have been obvious because one of the ordinary skills of the art would be motivated to utilize the feature of Dunn as all the references are in the field of container/VM deployment in the cloud/distributed environment. A person of ordinary skill of the art would have been motivated to perform the combination for being able to utilize the teaching to maintain an efficient local encryption system of the disk storage to have data privacy and have appropriate file system to store local changes/data for efficient retrieval. Yang and Dunn do not specifically disclose generating, by the agent, an overlay between the decrypted first disk image and the encrypted second disk image to generate a single directory structure that contains files and subdirectories from the decrypted first disk image and the encrypted second disk image. However Kon discloses generating It would have been obvious to a person of ordinary skill in art before the effective filling date of the invention to implement the function of Kon into the combined method of Yang and Dunn to have merging data into a single directory from the decrypted first disk image and the encrypted second disk image. The modification would have been obvious because one of the ordinary skills of the art would be motivated to utilize the feature of Yang and Dunn as all the references are in the field of container/VM deployment and migration in the cloud environment. A person of ordinary skill of the art would have been motivated to perform the combination to merge the VDISK of the base OS and application/data area into a single merged directory utilizing the teaching of Kon to have a unified file system of public image and secure private data of a secure container to preserve efficient data access without having security risk or corrupting data of the base image. As per claim 2, Yang teaches granting, to another agent running in another trusted execution environment, access to the encrypted first disk image (figure 1, par. 0010; par. 0022; each container engine has access to image registry and can request image from the registry which implies granting access to other container engines in each container; Also Dunn teaches in par. 22-23 that tenants include VM which is an instance from the base image library which implies agents having access to image library to request and download images) . As per claim 3, Yang teaches further comprising: providing, to the another agent, cryptographic data to decrypt the encrypted first disk image (figure 1, par. 0010; par. 0022; each container engine has access to image registry and can request image and key from the registry/security services;). As per claim 4, Kon teaches wherein generating the overlay comprises merging data from the decrypted first disk image and the encrypted second disk image (page 298, II. OVERLAYFS, left column, par. 2-3, right column last paragraph; figure 4). As per claim 5, Dunn teaches granting, to the executable container, write access to the empty second disk image (par. 26, lines 4-6; par. 0032, lines 6-11; data stored in the empty image which implies having write access). As per claim 7, Yang teaches wherein the encrypted first disk image comprises one or more read-only layers (par. 0020, lines 1-7). As per claim 7, Dunn teaches further comprising: presenting, to the agent, the encrypted first disk image and the second disk image as virtual block devices (par. 0024, lines 1-4, par. 0032, images are virtual disk volumes). As per claim 8, is a system claim having similar limitations of method claim 1, therefore it is rejected under the same rational as of claim 1. Additionally claim 8 includes additional limitations below that are rejected in view of Yang. Yang teaches a system comprising: a memory (par. 0056, figure 5); a processing device, operatively coupled to the memory, to (par. 0056, figure 5). As per claims 9-11 and 12-14, they are system claims having similar limitation of method claims 2-4 and 5-7 as rejected above. Therefore, they are rejected under the same rational. As per claim 15, is a program product claim having similar limitations as of method claim 1, therefore it is rejected under the same rational as of claim 1. Additionally claim 15 includes additional limitations below that are rejected in view of Yang. Yang teaches a non-transitory machine-readable storage medium storing executable instructions which, when executed by a processing device, cause the processing device to ((par. 0056, figure 5). As per claims 16-18 and 19-20, they are computer program product claims having similar limitation of method claims 2-4 and 5-6 as rejected above. Therefore, they are rejected under the same rational. Response to Arguments Applicant’s arguments with respect to claim(s) have been considered but are not persuasive. Argument regarding 103 Rejection: Cited reference Yang fails to disclose “wherein the encrypted first disk image was stored in the TEE by a container engine executing outside of the TEE” since the container engine is in Yang is disclosed in the TEE. Applicant also argues that the that Yang fails to disclose Yang fails to teach storing of second disk image separate from the first disk image since the layer is a part of a image. Yang does not disclose encrypting, by the agent, using one or more keys generated by the agent, the second disk image. Yang and Dunn fail to disclose “generating, by the agent, an overlay between the decrypted first disk image and the encrypted second disk image to generate a single directory structure that contains files and subdirectories from the decrypted first disk image and the encrypted second disk image”. Applicant submits the dependent claims are in condition for allowance based on the based on the reasoning stated for the independent claims. Response to argument: Examiner respectfully disagrees with applicant. Yang discloses a container engine which functions as a claimed agent inside the TEE as disclosed in the claim mapping. Yang also discloses a registry which is outside of the TEE and sends/stores the encrypted first disk image to in the TEE which implies the registry of Yang is the claimed container engine as cited and the container engine of Yang is the claimed agent (par. 0019; par. 0022, lines 1-6; par. 0027; figure 2-3, container engine is the agent identify or requesting for specific image (first disk) from the registry is the container engine in the claim which returns/stores the image to the TEE, figure 2, element 2 and figure 3, element 7). The claim limitation does not specifically disclose what constitutes an image or a disk image or contain in a disk image. Under broadest reasonable interpretation an image is a snapshot of a content or file. Accordingly, each layer as stated in Yang is an image as each layer consists of a set of isolated files that can be stored, requested and downloaded independently (Yang: (par. 0030.; par. 0037; par. 0043; each layer of the container image acts as a layer as each can be downloaded as an image, creation of the new layer is the second image which is empty as its new). The argued limitation is a newly amended limitation which is cited using Dunn reference, Dunn clearly discloses the claimed limitation “encrypting, by the agent, using one or more keys generated by the agent, the second disk image” in (par. 0023, par. 0032, par. 0033, which discloses a disk encryptor that performing the claimed function). The argument is related to newly amended limitation which has not been previously rejected and in the instant office action is being rejected in combination of Yang, Dunn and newly now added reference Kon as disclosed in the office action as a new ground of rejection which was necessitated by the amendment. Accordantly applicant’s argument is moot in view of the new ground of rejection. Similarly, applicant’s argument the cited references fails to teach the limitations of the dependent claims are not persuasive. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Tsirkin et al. (US PGPUB 20210409199 A1) Pascual et al. (US PGPUB 20210263759 A1) Li et al. (US PGPUB 20200134171 A1) Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to ABDULLAH AL KAWSAR whose telephone number is (571)270-3169. The examiner can normally be reached M-F 7:30am-4:30pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, David Wiley can be reached at 571-272-4150. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /ABDULLAH AL KAWSAR/Supervisory Patent Examiner, Art Unit 2127