Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 24 November 2025 has been entered.
Response to Arguments
Applicant’s arguments with respect to claim(s) 21-40 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Additionally, Applicant contends that Behrendt does not teach “exclude . . . a second subset of the plurality of operating system components,” because Behrendt “says nothing about restricting or minimizing.”
The Examiner respectfully disagrees. Behrendt specifically discloses restricting or minimizing components. Behrendt at ¶ 42 (“To build a unikernel packaged application, only those operating system components required for the application to run are compiled with the application code”).
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 21-26 rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
Claim 21 recites the limitation "add . . . one or more operating system components to the first." There is insufficient antecedent basis the reference to “the first.” For the purpose of examination, “the first” has been interpreted as “the first subset.” Claims 22-26 depend on claim 21; therefore, they are indefinite for the same reason. Appropriate correction is required.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claim(s) 21, 26, 27, 32-34, 39, and 40 is/are rejected under 35 U.S.C. 103 as being unpatentable over Behrendt (US 2019/0018715) and further in view of Gokhman (US 2021/0117548).
Regarding claim 21, Behrendt teaches: A system, comprising: one or more processors and one or more memories to store computer-executable instructions that, when executed, cause the one or more processors to implement a machine image manager configured to:
responsive to a request to build a machine image for an application, determine one or more package dependencies of the application (¶ 59, “a build event is generated to trigger the builder component to start a new compilation process 420” and “an analysis of the application code to identify its dependencies and the use of required operating system functions or components”);
minimize, based on the one or more package dependencies, a first subset of a plurality of operating system components to include in the machine image (¶ 59, “This includes an analysis of the application code to identify its dependencies and the use of required operating system functions or components”), wherein minimize the first subset comprises: add, based on the one or more package dependencies, one or more operating system components to the first (¶ 42, “To build a unikernel packaged application, only those operating system components required for the application to run are compiled with the application code”); and
exclude, from the first subset, a second subset of the plurality of operating system components on which the application is not dependent (¶ 46, “That is, in one or more embodiments, the application code unikernel does not include a full guest operating system, but only portions or components of an operating system, needed for the application code to run”); and
generate the machine image comprising the minimized first subset of the plurality of operating system components, the application, and the package dependencies (¶ 59, “Based on that analysis, the application code is compiled together with its runtime and the previously identified dependencies (operating system components) into a lightweight bootable virtual machine image 430”).
Behrendt does not teach; however, Gokhman discloses: determine, by walking a dependency tree representing dependencies of the application, one or more package dependencies of the application (¶ 45, “a new graph for representing dependencies may be built . . . The package tree may be traversed to determine how to construct the package-instance graph. In some exemplary embodiments, the package tree may be traversed recursively, starting from the root node”).
It would have been obvious to a person having ordinary skill in the art, at the effective filing date of the invention, to have applied the known technique of determine, by walking a dependency tree representing dependencies of the application, one or more package dependencies of the application, as taught by Gokhman, in the same way to the event to the determining dependencies to build a machine image, as taught by Behrendt. Both inventions are in the field of building machine images, and combining them would have predictably resulted in a system configured to “help programmers develop software faster by sparing them the need to create functionality that other developers have already implemented,” as indicated by Gokhman (¶ 5).
Regarding claim 26, Behrendt teaches: The system of claim 21, wherein the computer-executable instructions comprise instructions to: launch a virtual machine instance based on the machine image (claim 1, “the application code unikernel comprising uploaded application code in a single-purpose virtual machine image”); and run the application in the virtual machine instance (claim 1, “based on receiving the code execution request, running the application code unikernel”).
Claims 27, 32-34, 39, and 40 recite commensurate subject matter as claims 21 and 26. Therefore, they are rejected for the same reasons.
Claim(s) 22-25, 28-31, and 35-38 is/are rejected under 35 U.S.C. 103 as being unpatentable over Behrendt and Gokhman, as applied above, and further in view of Suarez (US 2017/0177860).
Regarding claim 22, Behrendt and Gokhman do not teach; however, Suarez discloses: validate the machine image for compliance with one or more policies (¶ 55, “FIG. 4 depicts a security sweep of one or more repositories of a container registry, such as the container registry 202 of FIG. 2. In some embodiments, the system of the present disclosure is configured to perform security sweeps based on security vulnerabilities, licensing, or other compliance issues,” the security sweep corresponds to the validating); or validate that the machine image includes sufficient components to execute the application (¶ 60, “the scanning mechanism 554 may open each container image (which may be stored as a tarball or other archive file format) in a specified repository, and scan through the image files for specified (e.g., specified through an application programming interface of a container registry front-end service) criteria, depicted in the example 500 as the reference criteria 556”).
It would have been obvious to a person having ordinary skill in the art, at the effective filing date of the invention, to have applied the known technique of validate the machine image for compliance with one or more policies; or validate that the machine image includes sufficient components to execute the application, as taught by Suarez, in the same way to system, as taught by Behrendt and Gokhman. Both inventions are in the field of managing VM images, and combining them would have predictably resulted in “providing a service for revision control of container images configured to run as software containers,” as indicated by Suarez (¶ 25).
Regarding claim 23, Behrendt and Gokhman do not teach; however, Suarez discloses: validate the machine image for compliance with one or more policies, the policies comprising: one or more policies applicable to a particular account (¶ 63, “customers can specify, such as through an application programming interface, certain reference criteria that current and/or future container images should be scanned for”), wherein the one or more policies are inapplicable to one or more other accounts (¶ 58, “a customer can specify (e.g., via an application programming interface, through a user interface, etc.) whether or not to perform a vulnerability sweep on one or more repositories of the customer, which levels of vulnerabilities to ignore”); or one or more organizational or industry-specific policies, wherein validate the machine image for compliance ensures that the machine image handles sensitive data in a secure manner or is not subject to known security vulnerabilities for a particular solution domain (¶ 38, “each of the services may include one or more service interfaces that enable the services to access each other (e.g., to enable a virtual computer system of the virtual computer system service to store data in or retrieve data from an on-demand data storage service and/or access one or more block-level data storage devices provided by a block-lever data storage service). Each of the service interfaces may also provide secured and/or protected access to each other via encryption keys and/or other such secured and/or protected access methods, thereby enabling secure and/or protected access between them”).
It would have been obvious to a person having ordinary skill in the art, at the effective filing date of the invention, to have applied the known technique of validate the machine image for compliance with one or more policies, the policies comprising: one or more policies applicable to a particular account, wherein the one or more policies are inapplicable to one or more other accounts; or one or more organizational or industry-specific policies, wherein said validate ensures that the machine image handles sensitive data in a secure manner or is not subject to known security vulnerabilities for a particular solution domain, as taught by Suarez, in the same way to system, as taught by Behrendt and Gokhman. Both inventions are in the field of managing VM images, and combining them would have predictably resulted in “providing a service for revision control of container images configured to run as software containers,” as indicated by Suarez (¶ 25).
Regarding claim 24, Behrendt and Gokhman do not teach; however, Suarez discloses: control access to the machine image according to one or more account-specific policies (¶ 74, “The container registry proxy 662 may have access to a key management service, such as the key management service 220, for decrypting and obtaining information from the authorization token, such as credentials and/or additional information about the customer and/or the customer account”).
It would have been obvious to a person having ordinary skill in the art, at the effective filing date of the invention, to have applied the known technique of control access to the machine image according to one or more account-specific policies, as taught by Suarez, in the same way to system, as taught by Behrendt and Gokhman. Both inventions are in the field of managing VM images, and combining them would have predictably resulted in “providing a service for revision control of container images configured to run as software containers,” as indicated by Suarez (¶ 25).
Regarding claim 25, Suarez teaches: The system of claim 24, wherein the one or more account-specific policies specifies one or more policy compliance or usability tests as a precondition for distribution of the machine image to one or more approved accounts (¶ 66, “FIG. 5 depicts a first scenario where the scanning mechanism 554 opens a first container image 552A and scans through a file structure 558, searching for the reference criteria 556” and “The output 560 that a match was found may result in one or more actions, including notifying a customer associated with the repository in which the second container image was stored that a match was found, flagging the second container image 552 or its layers as un-referenceable, or deletion of the second container image 552B”).
Claims 28-31 and 35-38 recite commensurate subject matter as claims 22-25. Therefore, they are rejected for the same reasons.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The filing of a terminal disclaimer by itself is not a complete reply to a nonstatutory double patenting (NSDP) rejection. A complete reply requires that the terminal disclaimer be accompanied by a reply requesting reconsideration of the prior Office action. Even where the NSDP rejection is provisional the reply must be complete. See MPEP § 804, subsection I.B.1. For a reply to a non-final Office action, see 37 CFR 1.111(a). For a reply to final Office action, see 37 CFR 1.113(c). A request for reconsideration while not provided for in 37 CFR 1.113(c) may be filed after final for consideration. See MPEP §§ 706.07(e) and 714.13.
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The actual filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/apply/applying-online/eterminal-disclaimer.
Claims 21-40 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-19 of U.S. Patent No. 11,822,947. Although the claims at issue are not identical, they are not patentably distinct from each other because U.S. Patent No. 11,822,947 teaches or at least suggests each and every limitation of the instant application. See claim correspondence below.
Instant Application
Patent No.: 11,822,947
21. (Currently amended) A system, comprising: one or more processors and one or more memories to store computer-executable instructions that, when executed, cause the one or more processors to implement a machine image manager configured to :responsive to a request to build a machine image for an application, determine, by walking a dependency tree representing dependencies of the application, one or more package dependencies of the application; minimize, based on the one or more package dependencies, a first subset of a plurality of operating system components to include in the machine image, wherein minimize the first subset comprises: add, based on the one or more package dependencies determined by walking the dependency tree, one or more operating system components to the first and exclude[[s]], from the first subset, a second subset of the plurality of operating system components on which the application is not dependent; and generate the machine image comprising the minimized
1. A system, comprising: one or more processors and one or more memories to store computer-executable instructions that, when executed, cause the one or more processors to: determine that a trigger for a machine image build process has occurred, wherein the trigger comprises an arrival of a scheduled time, an availability of one or more updated components of a machine image, or an availability of one or more updated policies or tests associated with the machine image build process; perform the machine image build process responsive to the trigger, wherein the machine image build process generates the machine image, wherein the machine image comprises a plurality of operating system components supporting execution of an application; perform one or more tests on the machine image, wherein the one or more tests validate, via static analysis, the components of the machine image for compliance with one or more policies that specify requirements of the components supporting execution of the application, and wherein the machine image passes the validation test based on whether the components support execution of the application according to the requirements specified in the one or more policies; and distribute, responsive to the machine image passing the validation test for compliance with the one or more policies, the machine image to one or more compute instances in a multi-tenant provider network, wherein the one or more compute instances are launched using the machine image, and wherein the application is executed on the one or more compute instances launched using the machine image.
2. The system as recited in claim 1, wherein the plurality of operating system components are determined using a plurality of package dependencies of the application, and wherein the machine image excludes one or more additional operating system components not indicated by the plurality of package dependencies.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JACOB D DASCOMB whose telephone number is (571)272-9993. The examiner can normally be reached M-F 9:00-5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Pierre Vital can be reached at (571) 272-4215. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/JACOB D DASCOMB/Primary Examiner, Art Unit 2198