Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
This Office Action is in response to the amendment filed 09/18/2025. In the instant amendment, claims 1, 6, 9, 11, 16 and 19 were amended; claims are 1 and 11 are independent claims. Claims 1-20 are pending in this application. THIS ACTION IS MADE FINAL.
Response to Arguments
Applicant’s arguments with respect to claims 1 and 11 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1, 9, 11 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Yang et al (“Yang,” US 20220391494) and further in view of Cabrera et al (“Cabrera,” US 20150319192).
Regarding claim 1, Yang discloses a method, comprising:
receiving, by a confidential container service from each tenant from among a plurality of tenants, a request to provision respective confidential container, which is tenant-specific; (Yang discloses receiving, by a confidential container service [0024], [0027] from each tenant [0100] from among a plurality of tenants [0100], a request to provision [0042], [0077] respective confidential container [0024], which is tenant-specific [0100], [0027])
provisioning the respective confidential container using a multi-tenant trusted execution environment (TEE) attested resource provisioning process; (Yang discloses provisioning [0042], [0101] the respective confidential container [0024] using a multi-tenant trusted execution environment (TEE) [0037], [0100] attested resource provisioning process [0023], [0042])
implementing security procedures, specified in the tenant-specific security information, in the respective confidential container; (Yang discloses implementing [0116] security procedures, [0020], [0035], [0047], specified in the tenant-specific security information [0100], [0089], [0077] in the respective confidential container [0024])
and upon successful authentication of the tenant, using the security procedures, enabling the tenant to access tenant specific confidential resources from the respective confidential container; (Yang discloses and upon successful authentication [0054] of the tenant [0054], using the security procedures [0020], [0035], [0047], enabling the tenant [0100] to access tenant specific confidential resources [0020]-[0021], [0035] from the respective confidential container [0024])
wherein the respective confidential container is accessible by a corresponding tenant only; (Yang discloses wherein the respective confidential container [0024] is accessible [0108] by a corresponding tenant only [0100])
and wherein the tenant-specific catalog comprises TEE resource discovery, and resource shared policies, crypto algorithms, and crypto key policies, (Yang discloses and wherein the tenant-specific catalog [0095], [0025] comprises TEE resource discovery [0042], and resource shared policies [0091], crypto algorithms [0085], and crypto key policies [0085], [0115], [0091])
Yang fails to explicitly disclose receiving, from the tenant, tenant-specific security information concerning the respective confidential container; storing the tenant-specific security information in a tenant-specific catalog; and wherein the tenant-specific catalog comprises provisioning and subscription licenses.
However, in an analogous art, Cabrera discloses receiving, from the tenant, tenant-specific security information concerning the respective confidential container; storing the tenant-specific security information in a tenant-specific catalog; and wherein the tenant-specific catalog comprises provisioning and subscription licenses, (Cabrera discloses receiving [0004], from the tenant [0036], tenant-specific security information [0004], [0040], [0050] concerning the respective confidential container [0025]; storing the tenant-specific security information [0004], [0040], [0050] in a tenant-specific catalog [0025]; [0056] and wherein the tenant-specific catalog [0025], [0056] comprises provisioning [0042] and subscription licenses [0042], [0044], [0040])
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Cabrera with method and system of Yang to include receiving, from the tenant, tenant-specific security information concerning the respective confidential container; storing the tenant-specific security information in a tenant-specific catalog; and wherein the tenant-specific catalog comprises provisioning and subscription licenses. One would have been motivated to provide a method and system for managing secrets of tenants in a multi-tenant computing environment that includes maintaining a service provider secrets policy, receiving a request to apply a tenant secrets policy to the multi-tenant computing environment, comparing the tenant secrets policy to the service provider secrets policy, and authorizing the application of the tenant secrets policy to the multi-tenant computing environment if the tenant secrets policy satisfies the requirements of the service provider secrets policy (Cabrera, [0004]).
Regarding claim 9, Yang and Cabrera disclose the method as recited in claim 1.
Yang further discloses wherein when the tenant is authenticated, running a tenant workload on the respective confidential container, (Yang describes wherein when the tenant [0023] is authenticated [0054], running a tenant workload [0023], [0038]-[0039] on the respective confidential container [0024])
Regarding claim 11, claim 11 is directed to a non-transitory storage medium. Claim 11 is similar in scope to claim 1 and therefore rejected under the same rationale.
Regarding claim 19, claim 19 is directed to the non-transitory storage medium as recited in claim 11. Claim 19 is similar in scope to claim 9 and therefore rejected under the same rationale.
Claims 2-3 and 12-13 are rejected under 35 U.S.C. 103 as being unpatentable over Yang et al (“Yang,” US 20220391494) in view of Cabrera et al (“Cabrera,” US 20150319192) and further in view of Narula et al (“Narula,” US 11,240,110).
Regarding claim 2, Yang and Cabrera disclose the method as recited in claim 1.
Yang and Cabrera fail to explicitly disclose further comprising receiving, from the tenant, a change to the tenant-specific security information.
However, in an analogous art, Narula discloses further comprising receiving, from the tenant, a change to the tenant-specific security information (Narula, Col. 6, Lines 17-22 describes receiving from the tenant, a change to the tenant ID [tenant-specific security information]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Narula with method and system of Yang and Cabrera to include further comprising receiving, from the tenant, a change to the tenant-specific security information. One would have been motivated to provide security orchestration and automated response platforms (Narula, Col. 1, Lines 20-22).
Regarding claim 3, Yang and Cabrera disclose the method as recited in claim 2.
Yang and Cabrera fail to explicitly disclose further comprising updating the tenant-specific catalog with the change.
However, in an analogous art, Narula discloses further comprising updating the tenant-specific catalog with the change, (Narula, Col. 6, Lines 11-22, describe changing [updating] the record [tenant-specific catalog] with the change of the tenant ID)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Narula with method and system of Yang and Cabrera to include further comprising updating the tenant-specific catalog with the change. One would have been motivated to provide security orchestration and automated response platforms (Narula, Col. 1, Lines 20-22).
Regarding claim 12, claim 12 is directed to the non-transitory storage medium as recited in claim 11. Claim 12 is similar in scope to claim 2 and therefore rejected under the same rationale.
Regarding claim 13, claim 13 is directed to the non-transitory storage medium as recited in claim 12. Claim 13 is similar in scope to claim 3 and therefore rejected under the same rationale.
Claims 4 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Yang et al (“Yang,” US 20220391494) in view of Cabrera et al (“Cabrera,” US 20150319192) and further in view of Bhatnagar et al (“Bhatnagar,” US 20240220109).
Regarding claim 4, Yang and Cabrera disclose the method as recited in claim 1.
Yang and Cabrera fail to explicitly disclose wherein a cloud management service plugin to a cloud framework is provided to the tenant by a confidential compute node container manager.
However, in an analogous art, Bhatnagar discloses wherein a cloud management service plugin to a cloud framework is provided to the tenant by a confidential compute node container manager, (Bhatnagar, [0323], [0131], [0169] describes wherein the cloud management service plugin to a cloud framework is provided to the tenant [0121] by a confidential compute node container manager; [0126], [0204], [0229[)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Bhatnagar with method and system of Yang and Cabrera to include wherein a cloud management service plugin to a cloud framework is provided to the tenant by a confidential compute node container manager. One would have been motivated to provide automated elastic resource management (Bhatnagar, [0033]).
Regarding claim 14, claim 14 is directed to the non-transitory storage medium as recited in claim 11. Claim 14 is similar in scope to claim 4 and therefore rejected under the same rationale.
Claims 5 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Yang et al (“Yang,” US 20220391494) in view of Cabrera et al (“Cabrera,” US 20150319192) and further in view of Liu et al (“Liu,” US 20240414148)
Regarding claim 5, Yang and Cabrera disclose the method as recited in claim 1.
Yang and Cabrera fail to explicitly disclose wherein the tenant-specific security information comprises any one or more of: tenant id; tenant metadata; tenant service tag; or tenant security certificate.
However, in an analogous art, Liu discloses wherein the tenant-specific security information comprises any one or more of:
tenant id; (Liu, describes tenant-specific security information comprises a tenant id)
tenant metadata;
tenant service tag;
or tenant security certificate.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Liu with method and system of Yang and Cabrera to include wherein the tenant-specific security information comprises any one or more of: tenant id; tenant metadata; tenant service tag; or tenant security certificate. One would have been motivated to provide a context enforcement system that efficiently and securely protects tenant context information that travels across microservices in a multi-tenant distributed cloud infrastructure or computing system (or simply “multi-tenant cloud system”) and protects against data leaks that often occur in conventional microservice management systems (Liu, [0010]).
Regarding claim 15, claim 15 is directed to the non-transitory storage medium as recited in claim 11. Claim 15 is similar in scope to claim 5 and therefore rejected under the same rationale.
Claims 6 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Yang et al (“Yang,” US 20220391494) in view of Cabrera et al (“Cabrera,” US 20150319192) in view of Parekh et al (“Parekh,” CN 116204269, See Google Patents Translation, Pages 1-10).
Regarding claim 6, Yang and Cabrera disclose the method as recited in claim 1.
Yang and Cabrera fail to explicitly disclose wherein the tenant-specific catalog is stored at a cloud site that includes the respective confidential container.
However, in an analogous art, Parekh discloses wherein the tenant-specific catalog is stored at a cloud site that includes the respective confidential container, (Parekh discloses wherein the tenant-specific catalog (Parkeh, Page 5, Sxith Paragraph is stored at a cloud site (Page 4, Fourth Paragraph from bottom) that includes the respective confidential container (Page 4, Fourth Paragraph and Sixth Paragraph from the Top)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Parekh with method and system of Yang and Cabrera to include wherein the tenant-specific catalog is stored at a cloud site that includes the respective confidential container. One would have been motivated to provide a management cluster with integrated services for deploying and managing services in tenant clusters (Parekh, Page 3, Line 15).
Regarding claim 16, claim 16 is directed to the non-transitory storage medium as recited in claim 11. Claim 16 is similar in scope to claim 6 and therefore rejected under the same rationale.
Claims 7 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Yang et al (“Yang,” US 20220391494) in view of Cabrera et al (“Cabrera,” US 20150319192) and further in view of Beecham et al (“Beecham,” US 20220407861).
Regarding claim 7, Yang and Cabrera disclose the method as recited in claim 1.
Yang and Cabrera fail to explicitly disclose wherein the tenant-specific catalog is provided by a confidential compute node catalog manager.
However, in an analogous art, Beecham discloses wherein the tenant-specific catalog is provided by a confidential compute node catalog manager, (Beecham, [0019], [0035], [0120], describes wherein the tenant specific catalog is provided by a private compute node container manager [confidential compute node container manager])
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Beecham with method and system of Yang and Cabrera to include wherein the tenant-specific catalog is provided by a confidential compute node catalog manager. One would have been motivated to apply security policies to database queries (Beecham, [0002]).
Regarding claim 17, claim 17 is directed to the non-transitory storage medium as recited in claim 11. Claim 17 is similar in scope to claim 7 and therefore rejected under the same rationale.
Claims 8 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Yang et al (“Yang,” US 20220391494) in view of Cabrera et al (“Cabrera,” US 20150319192) and further in view of Gupta et al (“Gupta,” 20180041515).
Regarding claim 8, Yang and Cabrera disclose the method as recited in claim 1.
Yang and Cabrera fail to explicitly disclose wherein the provisioning, the storing, and the implementing, are all provided as-as-Service to the tenant.
However, in an analogous art, Gupta discloses wherein the provisioning, the storing, and the implementing, are all provided as-as-Service to the tenant, (Gupta, [0004], [0092], [0064], [0103] describes provisioning, the storing and the implementing are all provided as-as-service to the tenant; also see [0132])
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Gupta with method and system of Yang and Cabrera to include wherein the provisioning, the storing, and the implementing, are all provided as-as-Service to the tenant. One would have been motivated to provide identity management in a cloud system (Gupta, [0002]).
Regarding claim 18, claim 18 is directed to the non-transitory storage medium as recited in claim 11. Claim 18 is similar in scope to claim 8 and therefore rejected under the same rationale.
Claims 10 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Yang et al (“Yang,” US 20220391494) in view of Cabrera et al (“Cabrera,” US 20150319192) in view of Bandarupalli et al (“Bandarupalli,” US 20220159010) and further in view of Morano et al (“Morano,” WO 2024123351).
Regarding claim 10, Yang, Cabrera and Bandarupalli disclose the method as recited in claim 9.
Yang, Cabrera and Bandarupalli fail to explicitly disclose wherein the tenant workload is a containerized workload implemented using a containerized workload management system.
However, in an analogous art, Morano discloses wherein the tenant workload is a containerized workload implemented using a containerized workload management system, (Morano, [0019], [0022], [0037], describes wherein the tenant’s workload is a containerized workload implemented using a containerized workload management system)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Morano with method and system of Yang, Cabrera and Bandarupalli to include wherein the tenant workload is a containerized workload implemented using a containerized workload management system. One would have been motivated to provide a method and system for adjusting user configuration settings for a group of users within a cloud-based network architecture (Morano, [0004]).
Regarding claim 20, claim 20 is directed to the non-transitory storage medium as recited in claim 19. Claim 20 is similar in scope to claim 10 and therefore rejected under the same rationale.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAMES J WILCOX whose telephone number is (571)270-3774. The examiner can normally be reached M-F: 8 A.M. to 5 P.M..
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu T. Pham can be reached at (571)270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/JAMES J WILCOX/Examiner, Art Unit 2439
/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439