DETAILED ACTION
Notice of Pre-AIA or AIA Status
1. The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
2. Claims 1-20 are pending and have been examined.
Claim Rejections - 35 USC § 112
3. The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
Claims 1-20 are rejected under 35 U.S.C. 112(b) as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor regards as the invention.
As for claims 1, 12, and 17, these claims each recite the limitation “…wherein the stateful security policy has a connection to previous data…”. It is not clear what is meant by a “connection to previous data” since the Applicant’s Specification does not define this by adequate description or by providing examples of what is meant by “connection” or “previous data”.
As for claims 8, 16, and 20, these claims each recite the limitation "…a second effect graph…”. There is insufficient antecedent basis for this limitation in the claims.
As for claims 2-7, 9-11, 13-15, 18, and 20, these claims are ultimately dependent on claims 1, 12, and 17 and do not cure their deficiencies. Therefore, they are rejected on the same basis.
4. The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.
Claims 1-20 are rejected under 35 U.S.C. 112(a) as failing to comply with the written description requirement. The claims contain subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor at the time the application was filed, had possession of the claimed invention.
As for claims 1, 3-7, 11, 12, 14, 15, 17, and 19, these claims each recite limitations involving the use of a “stateful security policy”. However, the Applicant’s Specification lacks an adequate definition of the term or any examples of one. The only definition is found in paragraph [0017] where a stateful security policy may have a connection to previous data and transactions and may return to them. However, the terms “connection to”, “previous data”, and “transactions” all lack adequate description as well.
As for claims 2, 8, 9, 16, 18, and 20, these claims each recite limitations involving “generating a behavioral model”. However, the However, the Applicant’s Specification lacks an adequate description of this step, it does not disclose any detailed algorithms, representative species, and etc., sufficient to convey Applicant’s possession of all embodiments. For example, the discussion of telemetry streams lack a clear description of how this is incorporated into an effect graph/ behavioral model.
As for claims 3 and 14, these claims each recite limitations involving “comparing” a behavioral model to a security model. However, the Applicant’s Specification lacks an adequate description of this step, it does not disclose any detailed algorithms, representative species, and etc., sufficient to convey Applicant’s possession of all embodiments. The process of comparing effect graphs is not adequately defined.
As for claims 1, 5, 6, 12, and 17, these claims each recite limitations involving “enforcing” or “enforce” a security policy against a container. However, the Applicant’s Specification lacks an adequate description of this step, it does not disclose any detailed algorithms, representative species, and etc., sufficient to convey Applicant’s possession of all embodiments.
As for claims 10, and 13, these claims are dependent on claims 9 and 12 respectively, and ultimately on claim 1. Claims 10 and 13 do not cure the deficiencies of their parent claims and are therefore rejected on the same basis.
Claim Rejections - 35 USC § 101
5. 35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
6. Claims 1-3 and 7-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception in the form of an abstract idea without significantly more.
The claims recite abstract ideas involving the receipt, transformation, comparison of data. These claims fall into categories such as mental processes, mathematical concepts, and certain methods of organizing human activity. The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because the judicial exception is not integrated into a practical application, the claimed steps fail to recite a practical application. Additionally, the claims merely implement these steps on a generic computer processor without any specific technological improvement.
Claim Rejections - 35 USC § 102
7. In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
8. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.
9. Claims 1-5, 11-14, 17 and 18 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Levin et. al, US 2018/029803 A1. Levin teaches:
As per claim 1, a computer-implemented method comprising [0009]:
receiving a stateful security policy ([0032]: a security profile is created for a software container, [0057]: a security policy determines if the security profile is to be enforced against a container),
wherein the stateful security policy has connection to previous data ([0033]: a static security profile is created by analysis of a stored container image stored in an image registry as per [0037], reading on a security profile having connection to previous data, [0032]: security profile includes whitelisted filesystem actions based on the context of the application executed in the container, reading on a stateful security policy);
determining that the stateful security policy applies to a corresponding container
([0043] and [0044]: an event is received by an event detector indicating that a container image in a registry has been changed, as a result a security profile is generated for the container);
and enforcing the stateful security policy against the container ([0057]-[0061]: a security policy determines if the security profile is to be enforced against a container and if so, the execution of the container is monitored for any actions that deviate from those allowed in the security profile).
As per claim 2, the method of claim 1, further comprising: obtaining a security model for the container ([0032]: a security profile is created for a software container, [0057]: a security policy determines if the security profile is to be enforced against a container); and generating a behavioral model for the container ([0034]: a security profile is generated based on behavioral analysis based on monitoring of the container at runtime).
As per claim 3, the method of claim 2, further comprising: comparing the behavioral model to the security model; and determining whether the container has deviated from the stateful security policy based on the comparing ([0035]: behavior of the container at runtime is monitored, reading on generation of a behavioral model, and compared to the security profile to detect any breach of the security profile).
As per claim 4, the method of claim 3, further comprising: determining that the container has deviated from the stateful security policy ([0035]: behavior of the container at runtime is monitored, reading on generation of a behavioral model, and is then compared to the security profile to detect any breach of the security profile); and
determining that the container has potentially malicious behavior ([0053] and [0059]: a determination is made as to whether a binary file (e.g. a containerized application) is malicious based on an access pattern).
As for claim 5, the method of claim 4, wherein enforcing the stateful security policy comprises: flagging the container as having potentially malicious behavior ([0060] an alert for the container in question is generated and associated with it); determining which behaviors from the behavior model are different from the stateful security policy ([0053] and [0059]: access pattern of a binary is determined and compared to a security policy); and pausing execution of the container ([0060]: an enforcement action may include halting execution of the container).
As per claim 11, the method of claim 1, further comprising: continuously monitoring the container and the stateful security policy ([0053] and [0059]: access pattern of a binary is determined and compared to a security policy).
As for claims 12-14: these claims are drawn to the system that corresponds to the method of claims 1-3. Claims 12-14 recite substantially the same limitations as claims 1-3 and are rejected on the same basis.
As for claims 17 and 18, these claims are drawn to the computer-program product embodied in a computer storage media thar corresponds to the method of claims 1 and 2. Claims 17 and 18 recite substantially the same limitations as claims 1 and 2 and are rejected on the same basis.
Claim Rejections - 35 USC § 103
10. In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
11. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
12. The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
13. This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
14. Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over Levin and Shuster et. al, US 2019/0310935 A1.
As for claim 6, Levin teaches the method of claim 3. Shuster teaches the additional steps not taught by Levin wherein, in response to determining that the container has not deviated from the stateful security policy, enforcing the stateful security policy comprises: marking the container as conforming with the stateful security policy ([0016]: a machine learning function analyzes security data regarding a container and may classify it into a “normal class” and label it as “safe”.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have incorporated this feature into the invention of Levin. It would have been desirable to do so since this would provide a user with a rapid means of deciding whether or not to deploy a container in a system and thereby increase the utility of Levin’s system.
Conclusion
15. Any inquiry concerning this communication or earlier communications from the examiner should be directed to Paul E. Callahan whose telephone number is (571) 272-3869. The examiner presently works a part-time schedule and can normally be reached from 9am to 5pm on the first Monday and Tuesday and the second Thursday and Friday of the USPTO bi-week schedule.
The examiner’s email address is: Paul.Callahan1@USPTO.GOV
If attempts to reach the examiner by telephone are unsuccessful, the Examiner's supervisor, Alexander Lagor, can be reached on (571) 270-5143. The fax phone number for the organization where this application or proceeding is assigned is: (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).
/PAUL E CALLAHAN/ Examiner, Art Unit 2437