Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
Applicant’s arguments with respect to claim(s) 21-40 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Claim Objections
Claim 21 is objected to because of the following informalities: “responsive to an indication of new build” should be “responsive to an indication of a new build.” Additionally, claim 21 lacks grammatical parallelism throughout – for example, “the building comprising . . . determine . . . minimize . . . wherein minimize . . . comprises . . . add . . . exclude” (etc.) should be “the building comprising . . . determining . . . minimizing . . . wherein minimizing . . . comprises . . . adding . . . excluding” (etc.). Claim 34 contains lack of parallelism with at least “add” and “exclude.”
Appropriate correction is required.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claim(s) 21, 26, 27, 32-34, 39, and 40 is/are rejected under 35 U.S.C. 103 as being unpatentable over Behrendt (US 2019/0018715) and further in view of Gokhman (US 2021/0117548) and further in view of Assuncao (US 2015/0081910).
Regarding claim 21, Behrendt teaches: A system, comprising: one or more processors and one or more memories to store computer-executable instructions that, when executed, cause the one or more processors to implement a machine image manager configured to:
initiate a build of a machine image for an application, the build comprising: determine one or more package dependencies of the application (¶ 59, “a build event is generated to trigger the builder component to start a new compilation process 420” and “an analysis of the application code to identify its dependencies and the use of required operating system functions or components”);
minimize, based on the one or more package dependencies, a first subset of a plurality of operating system components to include in the machine image (¶ 59, “This includes an analysis of the application code to identify its dependencies and the use of required operating system functions or components”), wherein minimize the first subset comprises: add, based on the one or more package dependencies, one or more operating system components to the first subset (¶ 42, “To build a unikernel packaged application, only those operating system components required for the application to run are compiled with the application code”); and
exclude, from the first subset, a second subset of the plurality of operating system components on which the application is not dependent (¶ 46, “That is, in one or more embodiments, the application code unikernel does not include a full guest operating system, but only portions or components of an operating system, needed for the application code to run”); and
generate the machine image comprising the minimized first subset of the plurality of operating system components, the application, and the package dependencies (¶ 59, “Based on that analysis, the application code is compiled together with its runtime and the previously identified dependencies (operating system components) into a lightweight bootable virtual machine image 430”).
Behrendt does not teach; however, Gokhman discloses: determine, by walking a dependency tree representing dependencies of the application, one or more package dependencies of the application (¶ 45, “a new graph for representing dependencies may be built . . . The package tree may be traversed to determine how to construct the package-instance graph. In some exemplary embodiments, the package tree may be traversed recursively, starting from the root node”).
It would have been obvious to a person having ordinary skill in the art, at the effective filing date of the invention, to have applied the known technique of determine, by walking a dependency tree representing dependencies of the application, one or more package dependencies of the application, as taught by Gokhman, in the same way to the event to the determining dependencies to build a machine image, as taught by Behrendt. Both inventions are in the field of building machine images, and combining them would have predictably resulted in a system configured to “help programmers develop software faster by sparing them the need to create functionality that other developers have already implemented,” as indicated by Gokhman (¶ 5).
Behrendt and Gokham do not teach; however, Assuncao discloses: responsive to an indication of new build of an operating system (¶ 57, “the image update system determines 110 whether a pending patch or update(s) is(are) designated for requested resources from logged request information 106”), an indication of a security update (¶ 55, “VM images require updates or patches, e.g., to fix bugs, patch security weaknesses or patch software features”), a custom trigger (¶ 61, “The image update system first determines 152 risk, cost and urgency for an incoming software patch 154 from patch history information 156 (e.g., from a patch history repository maintained by an incident management system), guided by the Complexity Determination Table 140 decision matrix”), or an indication of an updated or new test or policy for validating machine images, initiate a build of a machine image for an application (¶ 57, “If the image update system updates the image, the system stores the updated image in the image library 114, replacing the old image”).
It would have been obvious to a person having ordinary skill in the art, at the effective filing date of the invention, to have applied the known technique of responsive to an indication of new build of an operating system, an indication of a security update, a custom trigger, or an indication of an updated or new test or policy for validating machine images, initiate a build of a machine image for an application, as taught by Assuncao, in the same way to the event to the event that triggers a build process, as taught by Behrendt. Both inventions are in the field of building/updating/patching machine images, and combining them would have predictably resulted in a system configured to “applying pending patches and updates to virtual machine images for satisfying resource requests and instantiating virtual machines with minimal delay and disruption,” as indicated by Assuncao (¶ 2).
Regarding claim 26, Behrendt teaches: The system of claim 21, wherein the computer-executable instructions comprise instructions to: launch a virtual machine instance based on the machine image (claim 1, “the application code unikernel comprising uploaded application code in a single-purpose virtual machine image”); and run the application in the virtual machine instance (claim 1, “based on receiving the code execution request, running the application code unikernel”).
Claims 27, 32-34, 39, and 40 recite commensurate subject matter as claims 21 and 26. Therefore, they are rejected for the same reasons.
Claim(s) 22-25, 28-31, and 35-38 is/are rejected under 35 U.S.C. 103 as being unpatentable over Behrendt, Gokhman, Assuncao, as applied above, and further in view of Suarez (US 2017/0177860).
Regarding claim 22, Behrendt, Gokhman, Assuncao do not teach; however, Suarez discloses: validate the machine image for compliance with one or more policies (¶ 55, “FIG. 4 depicts a security sweep of one or more repositories of a container registry, such as the container registry 202 of FIG. 2. In some embodiments, the system of the present disclosure is configured to perform security sweeps based on security vulnerabilities, licensing, or other compliance issues,” the security sweep corresponds to the validating); or validate that the machine image includes sufficient components to execute the application (¶ 60, “the scanning mechanism 554 may open each container image (which may be stored as a tarball or other archive file format) in a specified repository, and scan through the image files for specified (e.g., specified through an application programming interface of a container registry front-end service) criteria, depicted in the example 500 as the reference criteria 556”).
It would have been obvious to a person having ordinary skill in the art, at the effective filing date of the invention, to have applied the known technique of validate the machine image for compliance with one or more policies; or validate that the machine image includes sufficient components to execute the application, as taught by Suarez, in the same way to system, as taught by Behrendt, Gokhman, Assuncao. Both inventions are in the field of managing VM images, and combining them would have predictably resulted in “providing a service for revision control of container images configured to run as software containers,” as indicated by Suarez (¶ 25).
Regarding claim 23, Behrendt, Gokhman, Assuncao do not teach; however, Suarez discloses: validate the machine image for compliance with one or more policies, the policies comprising: one or more policies applicable to a particular account (¶ 63, “customers can specify, such as through an application programming interface, certain reference criteria that current and/or future container images should be scanned for”), wherein the one or more policies are inapplicable to one or more other accounts (¶ 58, “a customer can specify (e.g., via an application programming interface, through a user interface, etc.) whether or not to perform a vulnerability sweep on one or more repositories of the customer, which levels of vulnerabilities to ignore”); or one or more organizational or industry-specific policies, wherein validate the machine image for compliance ensures that the machine image handles sensitive data in a secure manner or is not subject to known security vulnerabilities for a particular solution domain (¶ 38, “each of the services may include one or more service interfaces that enable the services to access each other (e.g., to enable a virtual computer system of the virtual computer system service to store data in or retrieve data from an on-demand data storage service and/or access one or more block-level data storage devices provided by a block-lever data storage service). Each of the service interfaces may also provide secured and/or protected access to each other via encryption keys and/or other such secured and/or protected access methods, thereby enabling secure and/or protected access between them”).
It would have been obvious to a person having ordinary skill in the art, at the effective filing date of the invention, to have applied the known technique of validate the machine image for compliance with one or more policies, the policies comprising: one or more policies applicable to a particular account, wherein the one or more policies are inapplicable to one or more other accounts; or one or more organizational or industry-specific policies, wherein said validate ensures that the machine image handles sensitive data in a secure manner or is not subject to known security vulnerabilities for a particular solution domain, as taught by Suarez, in the same way to system, as taught by Behrendt, Gokhman, Assuncao. Both inventions are in the field of managing VM images, and combining them would have predictably resulted in “providing a service for revision control of container images configured to run as software containers,” as indicated by Suarez (¶ 25).
Regarding claim 24, Behrendt, Gokhman, Assuncao do not teach; however, Suarez discloses: control access to the machine image according to one or more account-specific policies (¶ 74, “The container registry proxy 662 may have access to a key management service, such as the key management service 220, for decrypting and obtaining information from the authorization token, such as credentials and/or additional information about the customer and/or the customer account”).
It would have been obvious to a person having ordinary skill in the art, at the effective filing date of the invention, to have applied the known technique of control access to the machine image according to one or more account-specific policies, as taught by Suarez, in the same way to system, as taught by Behrendt, Gokhman, Assuncao. Both inventions are in the field of managing VM images, and combining them would have predictably resulted in “providing a service for revision control of container images configured to run as software containers,” as indicated by Suarez (¶ 25).
Regarding claim 25, Suarez teaches: The system of claim 24, wherein the one or more account-specific policies specifies one or more policy compliance or usability tests as a precondition for distribution of the machine image to one or more approved accounts (¶ 66, “FIG. 5 depicts a first scenario where the scanning mechanism 554 opens a first container image 552A and scans through a file structure 558, searching for the reference criteria 556” and “The output 560 that a match was found may result in one or more actions, including notifying a customer associated with the repository in which the second container image was stored that a match was found, flagging the second container image 552 or its layers as un-referenceable, or deletion of the second container image 552B”).
Claims 28-31 and 35-38 recite commensurate subject matter as claims 22-25. Therefore, they are rejected for the same reasons.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The filing of a terminal disclaimer by itself is not a complete reply to a nonstatutory double patenting (NSDP) rejection. A complete reply requires that the terminal disclaimer be accompanied by a reply requesting reconsideration of the prior Office action. Even where the NSDP rejection is provisional the reply must be complete. See MPEP § 804, subsection I.B.1. For a reply to a non-final Office action, see 37 CFR 1.111(a). For a reply to final Office action, see 37 CFR 1.113(c). A request for reconsideration while not provided for in 37 CFR 1.113(c) may be filed after final for consideration. See MPEP §§ 706.07(e) and 714.13.
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The actual filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/apply/applying-online/eterminal-disclaimer.
Claims 21-40 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-19 of U.S. Patent No. 11,822,947. Although the claims at issue are not identical, they are not patentably distinct from each other because U.S. Patent No. 11,822,947 teaches or at least suggests each and every limitation of the instant application. See claim correspondence below.
Instant Application
Patent No.: 11,822,947
21. (Currently amended) A system, comprising: one or more processors and one or more memories to store computer-executable instructions that, when executed, cause the one or more processors to implement a machine image manager configured to
Claim 1, “A system, comprising: one or more processors and one or more memories to store computer-executable instructions that, when executed, cause the one or more processors to:”
responsive to an indication of new build of an operating system, an indication of a security update, a custom trigger, or an indication of an updated or new test or policy for validating machine images, initiate a build of a machine image for an application, the build comprising
Claim 1, “wherein the trigger comprises an arrival of a scheduled time, an availability of one or more updated components of a machine image, or an availability of one or more updated policies or tests associated with the machine image build process”
determine, by walking a dependency tree representing dependencies of the application, one or more package dependencies of the application;
2. The system as recited in claim 1, wherein the plurality of operating system components are determined using a plurality of package dependencies of the application, and wherein the machine image excludes one or more additional operating system components not indicated by the plurality of package dependencies.
minimize, based on the one or more package dependencies, a first subset of a plurality of operating system components to include in the machine image
Claim 1, “wherein the machine image comprises a plurality of operating system components supporting execution of an application”
wherein minimize the first subset comprises: add, based on the one or more package dependencies determined by walking the dependency tree, one or more operating system components to the first subset
Claim 1, “the components of the machine image for compliance with one or more policies that specify requirements of the components supporting execution of the application”
And exclude, from the first subset, a second subset of the plurality of operating system components on which the application is not dependent
Claim 2, “the machine image excludes one or more additional operating system components not indicated by the plurality of package dependencies”
And generate the machine image comprising the minimized first subset of the plurality of operating system components, the application, and the package dependencies
Claim 1, “distribute, responsive to the machine image passing the validation test for compliance with the one or more policies, the machine image to one or more compute instances in a multi-tenant provider network”
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JACOB D DASCOMB whose telephone number is (571)272-9993. The examiner can normally be reached M-F 9:00-5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Pierre Vital can be reached at (571) 272-4215. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/JACOB D DASCOMB/ Primary Examiner, Art Unit 2198
Prosecution Insights