NETWORK INTRUSION BASED INTELLIGENT REPLICATION OF MICROSERVICES IN A MULTI CLOUD SERVICE MESH

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Information Disclosure Statement The information disclosure statement(s) (IDS) submitted on 07/09/2025 was filed before the mailing date of this office action. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner. Response to Arguments Applicant’s arguments, see Remarks, filed 09/05/2025, with respect to the rejection(s) of the claims under 35 USC § 101, and 35 USC § 102 have been fully considered. The amendments overcome the 35 USC § 101, and 35 USC § 102 rejections. Hence the rejections of the claims under 35 USC § 101, and 35 USC § 102 have been withdrawn. However, the Applicant’s arguments are moot because of a new ground of rejection under 35 USC § 103 based on a newly found prior art, Johnson, US 2020/0007388. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-2, 4-5, 9-11, 13-14, 18 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over US-PGPUB No. 2021/0019194 A1 to Bahl et al. (hereinafter “Bahl”), US-PGPUB No. 2025/0016158 A1 to Castrejon et al. (hereinafter “Castrejon”), US-PGPUB No. 2018/0137300 A1 to Shi et al. (hereinafter “Shi”), US-PGPUB No. 2016/0127318 A1 to Hua et al. (hereinafter “Hua”), US-PGPUB No. 2020/0220875 A1 to Harguindeguy et al. (hereinafter “Harguindeguy”), and further in view of US-PGPUB No. 2020/0007388 A1 to Johnston et al. (hereinafter “Johnston”) Regarding claim 1: Bahl discloses: A computer-implemented method (see Fig. 6, process 600) for providing security in a multi-cloud service mesh (¶57: “… The security module 308 … can manage service authentication, authentication policy, role-based access control, … (TLS) authentication, and keys/certificates.”, see also Fig. 4, multi-cloud service mesh orchestration platform 400), the computer-implemented method comprising: selectively deploying, via an instruction from an administrator (¶71: “Administrators can utilize the UI 412 to deploy and manage service mesh application,”), a network intrusion prevention and protection tool (¶57: “security module 308 …”) in a multi-cloud service mesh (¶61-63: “… the multi-cloud service mesh orchestration platform 400 can include a control plane 402 … deployed in a private network 440 … the control plane 402 can comprise … the security module 308,”); However, Bahl does not explicitly teach the following limitation taught by Castrejon: performing historical learning for identifying microservice chains for each user profile whose activities result in a network intrusion detection within the multi-cloud service mesh (Castrejon, ¶94: “… determine patterns in the access for each user in the given previous known malfeasant activity (e.g., malfeasant activity may be more likely when a user has access to a first application and a second application). … the patterns may include user behavior (e.g., application usage of malfeasant users, application interaction patterns, etc.).”, ¶51: “AI/ML models can analyze historical patterns and trends to predict potential vulnerabilities.”); It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the teachings of Bahl to incorporate the system of using machine Learning/AI (ML/AI) to analyze one or more previous known malfeasant activity to determine potential malfeasant approval combinations, as disclosed by Castrejon, such modification would enable the system to determine access patterns for each user in a given previous known malfeasant activity, and the access patterns may include user behavior (e.g., application usage of malfeasant users, application interaction patterns, etc.). The combination of Bahl and Castrejon does not explicitly teach the following limitation taught by Shi: checking microservices served by user profiles in a prevention category cluster (Shi, ¶22-24: “… the results of the policy assessments including but not limited to threat level and security risks of the original document are returned from the policy assessment tools to the payload processor 110, … the payload processor 110 is configured to periodically check the policy assessment tools such as the DLP assessment cluster … for the policy assessment results.”, Note: the policy assessment tools are microservices deployed on the DLP and ATD clusters); It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the teachings of combination of Bahl and Castrejon to incorporate the functionality of the payload processor to periodically check the policy assessment tools for possible security threats, as disclosed by Shi, such modification would enable the system to effectively identify and mitigate security threats. The combination of Bahl, Castrejon and Shi does not explicitly teach the following limitation taught by Hua: auto-creating temporarily secured chains in the prevention category cluster for the user profiles (Hua, ¶58: “End user 508 generates an email, and a service chain is temporarily established by home PLMN 501 to apply the generic sender block list policy 511 utilizing SF 510.”); It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the teachings of the combination of Bahl, Castrejon and Shi to incorporate the functionality of the home PLMN 501 (see Fig. 5 of Hua) to establish a temporary service chain for an email generating user, as disclosed by Hua, such modification would enable the system to monitor and log service interactions within the chain to identify and troubleshoot issues. The combination of Bahl, Castrejon, Shi and Hua does not explicitly teach the following limitation taught by Harguindeguy: and routing requests of such users to one of the secured chains (Harguindeguy, ¶266: “… rerouting of data messages/data requests from a hacker or attacking client away from a server backend, and into a deception environment created within security server 1306 to continue observing the behavior of the attacking entity/anomalous entity,”), It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the teachings of the combination of Bahl, Castrejon, Shi and Hua does to incorporate the functionality of the method to create a deception environment to observe the behavior of an attacking entity/anomalous entity, as disclosed by Harguindeguy, such modification would allow security teams to monitor user activity in a controlled environment. The combination of Bahl, Castrejon, Shi, Hua and Harguindeguy does not explicitly teach the following limitation taught by Johnson: wherein the secured chains will have NIDPS (Network Intrusion Detection and Prevention Systems) protection at a beginning and each of the microservices involved (Johnson, p-35: “traffic flows traversing SC 201 may flow through a router (e.g., QoS Router 202), an inline intrusion protection system (IPS) 204, a load balancer 206, and a server (e.g., HTTP Server 208).”, see Figs. 3C and 3D); It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the teachings of the combination of Bahl, Castrejon, Shi, Hua and Harguindeguy to incorporate the functionality of the method to provide an inline intrusion protection system, as disclosed by Johnson, such modification would enable the system to ensure traffic within the secured chain is continuously monitored and protected. Regarding claim 2: The combination of Bahl, Castrejon, Shi, Hua, Harguindeguy and Johnston discloses: The computer-implemented method of claim 1, wherein a control plane accessible by the administrator (Bahl, see Fig. 4, UI 412) is aware of all clusters within the multi-cloud service mesh with prevention capabilities (Bahl, ¶71: “Administrators can utilize the UI 412 to deploy and manage a service mesh application, and optimize aspects of its operation according to user-defined criteria, such as … decrease effectiveness of Distributed Denial of Service (DDoS) attacks;”, see Fig. 4, multi-cloud service mesh orchestration platform management plane 410). Regarding claim 4: The combination of Bahl, Castrejon, Shi, Hua, Harguindeguy and Johnston discloses: The computer-implemented method of claim 2 further comprising: checking microservices served by the user profiles in a prevention category cluster (Shi, ¶22-24: “… the results of the policy assessments including but not limited to threat level and security risks of the original document are returned from the policy assessment tools to the payload processor 110, … the payload processor 110 is configured to periodically check the policy assessment tools such as the DLP assessment cluster … for the policy assessment results.”, Note: the policy assessment tools are microservices deployed on the DLP and ATD clusters); The same motivation which is applied to claim 1 with respect to Shi applies to claim 4. auto-creating temporarily secured chains in the prevention category cluster for the user profiles (Hua, ¶58: “End user 508 generates an email, and a service chain is temporarily established by home PLMN 501 to apply the generic sender block list policy 511 utilizing SF 510.”); The same motivation which is applied to claim 1 with respect to Hua applies to claim 5. and routing requests of such users to one of the secured chains (Harguindeguy, ¶266: “… rerouting of data messages/data requests from a hacker or attacking client away from a server backend, and into a deception environment created within security server 1306 to continue observing the behaviour of the attacking entity/anomalous entity,”). The same motivation which is applied to claim 1 with respect to Harguindeguy applies to claim 5. Regarding claim 5: The combination of Bahl, Castrejon, Shi, Hua, Harguindeguy and Johnston discloses: The computer-implemented method of claim 1 further comprising performing a partial deployment of the network intrusion prevention and protection tool such that at least one microservice is deployed in a prevention cluster (Shi, ¶22: “… provide the document to be scanned in background by a set of policy assessment tools, … to data loss protection (DLP) assessment cluster 116,”, see also Fig. 1, Note: a set of assessment tools deployed in data loss protection (DLP) assessment cluster 116) and at least one microservice is deployed in a detection cluster (Shi, ¶22: “… provide the document to be scanned in background by a set of policy assessment tools, … to … advanced threat detection (ATD) assessment cluster 118,”, Note: a set of assessment tools deployed in advanced threat detection (ATD) assessment cluster 118). The same motivation which is applied to claim 1 with respect to Shi applies to claim 5. Regarding claim 9: The combination of Bahl, Castrejon, Shi, Hua, Harguindeguy and Johnston discloses: The computer-implemented method of claim 1, embodied in a cloud-computing environment (Bahl, ¶115: “The process 600 can be performed by one or more processors of a computing system (e.g., the multi-cloud service mesh orchestration platform 400)”). Regarding claim 10: Bahl discloses: A network intrusion prevention and protection deployment computer program product for providing security in a multi-cloud service mesh (Bahl, see Fig. 4, The multi-cloud service mesh orchestration platform 400, ¶115: “… a computing system (e.g., the multi-cloud service mesh orchestration platform 400)”), the network intrusion prevention and protection deployment computer program product comprising a computer-readable storage medium having program instructions embodied therewith (Bahl, ¶115: “The process 600 can be performed by one or more processors of a computing system (e.g., the multi-cloud service mesh orchestration platform 400) including memory and having instructions that, when executed by the one or more processors, cause the computing system to the steps of the process 600.”), the program instructions executable by a computer to cause the computer to perform: selectively deploying, via an instruction from an administrator (Bahl, ¶71: “Administrators can utilize the UI 412 to deploy and manage service mesh application,”), a network intrusion prevention and protection tool (Bahl, ¶57: “security module 308 …”) in a multi-cloud service mesh (Bahl, ¶61-63: “… the multi-cloud service mesh orchestration platform 400 can include a control plane 402 … deployed in a private network 440 … the control plane 402 can comprise … the security module 308,”). In addition to the above limitations claim 10 recites substantially the same limitation as claim 1 in the form of a computer program product. Therefore, it is rejected by the same rationale. Regarding claims 11 and 13-14: Claims 11 and 13-14 substantially recite the same limitations as claims 2 and 4-5, respectively, in the form of a computer program product. Therefore, they are rejected by the same rationale. Regarding claim 18: Bahl discloses: A network intrusion prevention and protection deployment system (see the system of Fig. 7A) for providing security in a multi-cloud service mesh (¶57: “… The security module 308 (e.g., Istio® Citadel) can manage service authentication, authentication policy, role-based access control, Transport Layer Security (TLS) authentication, and keys/certificates.”), the network intrusion prevention and protection deployment system comprising: a processor (see Fig. 7A, Processor 710, ¶123: “computing system 700 can include a processing unit (CPU or processor) 710”); and a memory (see Fig. 7A, Memory 715), the memory storing instructions (¶132: “computer-executable instructions that are stored or otherwise available from computer readable media.”) to cause the processor to perform: selectively deploying, via an instruction from an administrator (¶71: “Administrators can utilize the UI 412 to deploy and manage service mesh application,”), a network intrusion prevention and protection tool (¶57: “security module 308 …”) in a multi-cloud service mesh (¶61-63: “… the multi-cloud service mesh orchestration platform 400 can include a control plane 402 … deployed in a private network 440 … the control plane 402 can comprise … the security module 308,”). In addition to the above limitations claim 18 recites substantially the same limitation as claim 1 in the form of a system. Therefore, it is rejected by the same rationale. Regarding claim 20: Claim 20 recites substantially the same limitation as claim 9 in the form of a system implementing the corresponding functionality. Therefore, it is rejected by the same rationale. Claims 3 and 12 are rejected under 35 U.S.C. 103 as being unpatentable over Bahl, Castrejon, Shi, Hua, Harguindeguy, Johnston, and further in view of US-PGPUB No. 2024/0073094 A1 to de Oliveira et al. (hereinafter “de Oliveira”) Regarding claim 3: The combination of Bahl, Castrejon, Shi, Hua, Harguindeguy and Johnston discloses the computer-implemented method of claim 1, but does not explicitly disclose the following limitation taught by de Oliveira: further comprising: determining whether there is, at least, one active user that is using the microservice chains (de Oliveira, ¶95: “users may move within an environment (e.g., a 5G environment). As a result, their services (e.g., the performance of the SFC instance) may begin to deteriorate (e.g., longer latency). To account for mobility, user mobility FIG. 6 discloses aspects of a placement operation related to user mobility.”, see Fig. 6, decision block 606: “Has user moved since placement?”); and in response to having determined that there is no active user, deleting the microservice chains (de Oliveira, ¶98: “The replacement performed at 610 may simply destroy the old SFC instance …”). It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the teachings of the combination of Bahl, Castrejon, Shi, Hua, Harguindeguy and Johnston to incorporate the functionality of the method to determine if a user has moved to another environment or is still using the service function chain, as disclosed by de Oliveira, such modification would enable the system to account for user mobility and avoid service deterioration which would result in longer latency. Regarding claims 12: Claim 12 recites substantially the same limitation as claims 3 in the form of a computer program product. Therefore, it is rejected by the same rationale. Claims 6 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Bahl, Castrejon, Shi, Hua, Harguindeguy, Johnston, and further in view of US-PGPUB No. 2025/0111030 A1 to Hamel et al. (hereinafter “Hamel”) Regarding claim 6: The combination of Bahl, Castrejon, Shi, Hua, Harguindeguy and Johnston discloses the computer-implemented method of claim 1, but does not explicitly disclose the following limitation taught by Hamel: further comprising dynamically changing a request routing to move a user back to an original location of the multi-cloud service mesh based on an absence of detection of a network intrusion by the user after the network intrusion prevention and protection tool is deployed (Hamel, ¶32: “… determine whether the user 185 is authorized to access the requested applications 110.”, ¶53: “Once a user 185 is authenticated with the identity management system 120, the 185 may be redirected back to the applications 110, where the applications 110 provides an access token to the user.”). It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the teachings of the combination of Bahl, Castrejon, Shi, Hua, Harguindeguy and Johnston to incorporate the functionality of the identity management system to redirect requests from a user back to the target applications after authenticating the user and determining the user is authorized to use the applications, as disclosed by Hamel, such modification would enable the system to identify if a user is a bad actor or not, and allow the user to use the services when determined to be an authorized user, protecting the services from hackers. Regarding claim 15: Claim 15 substantially recites the same limitation as claim 6 in the form of a computer program product. Therefore, it is rejected by the same rationale. Claims 7 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Bahl, Castrejon, Shi, Hua, Harguindeguy, Johnston, and further in view of US-PGPUB No. 2024/0126756 A1 to Schmidt et al. (hereinafter “Schmidt”) Regarding claim 7: The combination of Bahl, Castrejon, Shi, Hua, Harguindeguy and Johnston discloses the computer-implemented method of claim 1, but does not explicitly disclose the following limitation taught by Schmidt: further comprising optimizing selective prevention activations and lazy activations of prevention capabilities within participating clusters of the multi-cloud service mesh (Schmidt, ¶34: “Transformations are lazy, meaning that their results are not immediately computed. Actions are eager, signifying immediate computation of results. ... Laziness enables control of network communication and storage requirements using the programming model. It brings optimization benefits through allowing query optimizers (e.g., Catalyst) to see the full picture and produce more optimized plans.”). It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the teachings of the combination of Bahl, Castrejon, Shi, Hua, Harguindeguy and Johnston to incorporate the functionality of the method to implement eager evaluation for actions and lazy evaluations for transformations, as disclosed by Schmidt, such modification would enable the system to improve the performance and efficiency of applications. Regarding claim 16: Claim 16 substantially recites the same limitation as claim 7 in the form of a computer program product. Therefore, it is rejected by the same rationale. Claims 8, 17 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Bahl, Castrejon, Shi, Hua, Harguindeguy, Johnston, and further in view of US-PGPUB No. 2023/0412572 A1 to Turner et al. (hereinafter “Turner”) Regarding claim 8: The combination of Bahl, Castrejon, Shi, Hua, Harguindeguy and Johnston discloses the computer-implemented method of claim 2, but does not explicitly disclose the following limitation taught by Turner: wherein the control plane takes a desired configuration, and its view of the microservices, and dynamically programs proxy servers, updating the proxy servers as rules or environment changes (Turner, ¶53: “The K8s component 306 has a new configuration … A service mesh control plane 322 learns the application services 318 … The service mesh control plane 322 then programs a service mesh proxy 324.”). It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the teachings of the combination of Bahl, Castrejon, Shi, Hua, Harguindeguy and Johnston to incorporate the functionality of the method to program a service mesh proxy when a K8s component has a new configuration (environment change), as disclosed by Turner, such modification would enable the system to effectively monitor and identify traffic. Regarding claim 17: Claim 17 recites substantially the same limitation as claim 8 in the form of a computer program product. Therefore, it is rejected by the same rationale. Regarding claim 19: The combination of Bahl, Castrejon, Shi, Hua, Harguindeguy and Johnston discloses: The network intrusion prevention and protection deployment system of claim 18, further comprising wherein a control plane (Bahl, see Fig. 4, control plane 402, and p-60: “… interconnected microservice containers … may be managed under a single administrative control plane.”) accessible by the administrator (Bahl, see Fig. 4, UI 412) is aware of all clusters within the multi-cloud service mesh with prevention capabilities (Bahl, ¶71: “Administrators can utilize the UI 412 to deploy and manage a service mesh application, and optimize aspects of its operation according to user-defined criteria, such as … decrease effectiveness of Distributed Denial of Service (DDoS) attacks;”) […] The combination of Bahl, Castrejon, Shi, Hua, Harguindeguy and Johnston does not explicitly disclose the following limitation taught by Turner: and the control plane takes a desired configuration, and its view of the microservices, and dynamically programs proxy servers, updating the proxy servers as rules or environment changes (Turner, p-53: “The K8s component 306 has a new configuration … A service mesh control plane 322 learns the application services 318 … The service mesh control plane 322 then programs a service mesh proxy 324.”). It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the teachings of the combination of Bahl, Castrejon, Shi, Hua, Harguindeguy and Johnston to incorporate the functionality of the method to program a service mesh proxy when a K8s component has a new configuration (environment change), as disclosed by Turner, such modification would enable the system to effectively monitor and identify traffic. Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to MATTHIAS HABTEGEORGIS whose telephone number is (571)272-1916. The examiner can normally be reached M-F 8am-5pm ET. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, William R. Korzuch can be reached at (571)272-7589. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /M.H./ Examiner, Art Unit 2491 /DANIEL B POTRATZ/ Primary Examiner, Art Unit 2491