DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Status of Claims
Claims 1-7 are presented for examination in this application. The application filing date on 11/16/2023. Claim 1 is independent.
Examiner notes
(A). Drawings submitted on 11/16/2025 comply with the provisions of 37 CFR 1.121(d), have been fully considered by the Examiner.
(B). IDS submitted on 11/16/2025 considered by the Examiner.
(C). Limitations have been provided with the Bold fonts in order to distinguish from the cited part of the reference (Italic).
(D). Examiner has cited particular columns, line numbers, references, or figures in the references applied to the claims above for the convenience of the applicant. Although the specified citations are representative of the teachings of passages and figures may apply as well. It is respectfully requested from the applicant in preparing responses to fully consider the reference in entirety, as potentially teaching all or part of the claimed invention. See MPEP §§ 2141.02 and 2123.
The examiner requests, in response to this Office action, support be shown for language added to any original claims on amendment and any new claims. That is, indicate support for newly added claim language by specifically pointing to page(s) and line number(s) in the specification and/or drawing figure(s). This will assist the examiner in prosecuting the application.
When responding to this office action, Applicant is advised to clearly point out the patentable novelty which he or she thinks the claims present, in view of the state of the art disclosed by the references cited or the objections made. He or she must also show how the amendments avoid such references or objections See 37 CFR 1.111 (c).
CONTINGENT LIMITATIONS
Claims 3-4 (method claims) interpreted based on Ex parte Schulhauser. See MPEP 2111.04 ll.
The broadest reasonable interpretation of a method (or process) claim having contingent limitations requires only those steps that must be performed and does not include steps that are not required to be performed because the condition(s) precedent are not met. For example, assume a method claim requires step A if a first condition happens and step B if a second condition happens. If the claimed invention may be practiced without either the first or second condition happening, then neither step A nor B is required by the broadest reasonable interpretation of the claim. If the claimed invention requires the first condition to occur, then the broadest reasonable interpretation of the claim requires step A. If the claimed invention requires both the first and second conditions to occur, then the broadest reasonable interpretation of the claim requires both steps A and B.
See Ex parte Schulhauser, Appeal 2013-007847 (PTAB April 28, 2016) for an analysis of contingent claim limitations in the context of both method claims and system claims. In Schulhauser, both method claims and system claims recited the same contingent step. When analyzing the claimed method as a whole, the PTAB determined that giving the claim its broadest reasonable interpretation, "[i]f the condition for performing a contingent step is not satisfied, the performance recited by the step need not be carried out in order for the claimed method to be performed" (quotation omitted). Schulhauser at 10. When analyzing the claimed system as a whole, the PTAB determined that "[t]he broadest reasonable interpretation of a system claim having structure that performs a function, which only needs to occur if a condition precedent is met, still requires structure for performing the function should the condition occur." Schulhauser at 14. Therefore "[t]he Examiner did not need to present evidence of the obviousness of the [ ] method steps of claim 1 that are not required to be performed under a broadest reasonable interpretation of the claim (e.g., instances in which the electrocardiac signal data is not within the threshold electrocardiac criteria such that the condition precedent for the determining step and the remaining steps of claim 1 has not been met);" however to render the claimed system obvious, the prior art must teach the structure that performs the function of the contingent step along with the other recited claim limitations. Schulhauser at 9, 14.Noting that no claim may be read apart from and independent of the supporting disclosure on which it is based, the court found that the claim was internally inconsistent based on the description, definitions and examples set forth in the specification relating to the appearance of the surface after treatment, and therefore indefinite. Id. (Cohn, 438 F.2d at 993).
Claim Objections
Claims 1-7 are objected to because of the following informalities:
Claim 1, line 6, “the creation” lacks proper antecedent basis.
Claims 2-7 depend on the objected claim and inherit the same issue.
Appropriate correction is required.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
The following is a quotation of 35 U.S.C. 112(d):
(d) REFERENCE IN DEPENDENT FORMS.—Subject to subsection (e), a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.
The following is a quotation of pre-AIA 35 U.S.C. 112, fourth paragraph:
Subject to the following paragraph [i.e., the fifth paragraph of pre-AIA 35 U.S.C. 112], a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.
Claims 2-4, 6, and 7 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA the applicant regards as the invention.
Claim 2:
Line 4, it is not clear whether “an application installation directory” is the same as “an application installation directory” in line 5 of claim 1 or not. For the examination purposes, “an application installation directory” in line 4 of claim 2 will be treated as --the application installation directory --.
Claim 3:
Line 4, it is not clear whether “a path-settable detailed module” is the same as “a path-settable detailed module” in lines 2-3 of the claim or not. For the examination purposes, “a path-settable detailed module” in line 4 of claim 3 will be treated as --the path-settable detailed module--.
line 5, it is not clear whether “a sub-path” is the same as “a sub-path” in line 4 of claim 2 or not. For the examination purposes, “a sub-path” in line 5 of claim 3 will be treated as --the sub-path --.
Claim 4:
Line 7, it is not clear whether “a sub-path” is the same as “a sub-path” in line 4 of claim 2 or not. For the examination purposes, “a sub-path” in line 7 of claim 4 will be treated as --the sub-path --.
Claim 6:
Line 4, it is not clear whether “a container volume” is the same as “a container volume” in line 2 of claim 5 or not. For the examination purposes, “a container volume” in line 4 of claim 6 will be treated as --the container volume --.
Claim 7:
Line 5, it is not clear whether “configuration files, data filed, and log files” are the same as “configuration files, data filed, and log files” in line 3 of the claim or not. For the examination purposes, “configuration files, data filed, and log files” in line 5 of the will be treated as --the configuration files, data filed, and log files --.
Claim 4 rejected under 35 U.S.C. 112(d) or pre-AIA 35 U.S.C. 112, 4th paragraph, as being failing to further limit the subject matter of the claim upon which it depends, or for failing to include all the limitations of the claim upon which it depends. They do not further limit claim 3, based on Ex parte Schulhauser. See MPEP 2111.04 ll. Applicant may cancel the claim(s), amend the claim(s), or present a sufficient showing that the dependent claim(s) complies with the statutory requirements.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-2 and 5 are rejected under 35 U.S.C. 103 as being obvious over Tikhomirov et al (US 12,118,379 B1) in view of Lee et al (IDS provided) (KR 20220080427 A, hereinafter Lee).
As to claim 1, Tikhomirov discloses a method for building and deploying an information leakage prevention application based on a container, which is performed by a system for building and deploying an information leakage prevention application, the method comprising the steps of:
under a container environment, installing and configuring packages of an application for information leakage prevention under an application installation directory (col. 4, ll. 8-14, To overcome the security deficiencies in conventional package installation techniques, techniques for secure package installation into a target container are described. Generally, the described techniques provide for increased system security as part of package installation by reducing exposure [i.e. leakage prevention] of host system resources to potentially unsecure and/or malicious processes. Further, col. 10, ll. 67-ll. 3 of col. 11, Generally, this enables a process in the service container 118 to install an application, inside of the service container 118, into a directory belonging to the target container file system 126).
Tikhomirov does not explicitly discloses the following limitation but,
Lee discloses building an image according to the creation of a deployment image for the application (page 3, the application container deployment completion image integrity reference value, a unique value for each image (watermark generation) can be managed, and individual container authentication can be performed periodically);
and deploying the application using the deployment image generated according to image building (page 3, container-based distribution image according to the present specification may include a signature (Signing), a section hash, and a distribution terminal identification (Identification) to improve a weak distribution process by a simple hash comparison. In order to analyze the container deployment image structure, the general linux boot file system for container booting (bootfs), the area where the actual OS is installed (rootfs), and each application image are composed of layers, and finally, a process that requires a container is created).
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Tikhomirov to include building an image according to the creation of a deployment image for the application and deploying the application using the deployment image generated according to image building, as disclosed by Lee, to generate an integrity verification key using the section hash, design the container distribution image integrity verification algorithm, and It may include; a target analysis unit that generates a verification key. (see Abstract of Lee).
As to claim 2, Tikhomirov discloses the method wherein the building of the image comprises:
installing and configuring at least one of configuration files,(col. 16, ll. 58-65, Step 414 executes the script files. For instance, executing of the script files can perform actions such as: a) checks for status of the target container, packages already installed un the target container, and/or the package; and b) configuration of: target container, the package and/or other packages (e.g., integration with them); and/or OS configuration files in target container file system. Note: container file system is considered as sub-path within the application installation directory); and
Lee discloses creating a package image for the application (page 3, store the application container deployment completion image integrity reference value, a unique value for each image (watermark generation). Further, page 4, the conventional electronic signature manages a unique value (Watermakr generation) for each individual image);
creating the deployment image for the application by committing changes in a container due to installation and configuration of the packages (Abstract, This specification discloses an Android security framework technology using a virtualized trust environment. The apparatus for checking the dynamic integrity of a container-based distribution image according to the present specification includes: an image management table for managing a hash of an image main region section; Container management table for managing hash of application main file system section, managing digital signature certificate (to be changed based on virtual trusted execution environment (VTEE) later), and managing random number generation key. Note: file system section, managing digital signature certificate (to be changed based on virtual trusted execution environment is considered as committing changes in a container installation and configuration package/application. Further, page 3, container-based distribution image according to the present specification may include a signature (Signing), a section hash, and a distribution terminal identification (Identification) to improve a weak distribution process by a simple hash comparison. In order to analyze the container deployment image structure, the general linux boot file system for container booting (bootfs), the area where the actual OS is installed (rootfs), and each application image are composed of layers, and finally, a process that requires a container is created).
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Tikhomirov to include creating a package image for the application and creating the deployment image for the application by committing changes in a container due to installation and configuration of the packages, as disclosed by Lee, to generate an integrity verification key using the section hash, design the container distribution image integrity verification algorithm, and It may include; a target analysis unit that generates a verification key. (see page 2 of Lee).
As to claim 5, Tikhomirov discloses the method wherein (col. 14, ll. 66-ll. 15, of ll. 13, application, package, service, daemon, driver, module, and/or etc. Step 402 creates and/or starts a service container. For instance, a host process 112 (e.g., the container management module 120) instantiates (e.g., starts, creates and starts, or restores from a checkpoint, etc.) the service container 118. Creating and starting a service container may optionally involve: creating a service container 118 from a template, a snapshot, or a check-point-restore image of an already prepared service container; setting up network access in service container 118; setting up package manager 130 for installation of the packages for the target container 116; and performing any actions needed to provide to the service container 118 an access to the file system 126 [i.e. installation directory] of the target container 116 (e.g., by mounting [i.e. overlay mounted] to the service container 118);
Lee discloses deploying the application by executing a container (page 3, the container deployment image structure, the general linux boot file system for container booting (bootfs), the area where the actual OS is installed (rootfs), and each application image are composed of layers, and finally, a process that requires a container is created and You can analyze the Read/Write Layer (layer n) to execute).
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Tikhomirov to include deploying the application by executing a container, as disclosed by Lee, to generate an integrity verification key using the section hash, design the container distribution image integrity verification algorithm, and It may include; a target analysis unit that generates a verification key. (see Abstract of Lee).
Claim 3 is rejected under 35 U.S.C. 103 as being obvious over Tikhomirov et al. and Lee as applied to claim 2 and further in view of LV et al. (CN 106325899 A, hereinafter LV) and Liu et al. (CN 104765816 B, hereinafter Liu).
As to claim 3, Tikhomirov as modified by Lee does not explicitly disclose the following limitations but,
LV discloses the method wherein the installing and configuring of the packages under the application installation directory comprises determining whether a detailed module is a path-settable detailed module that can set paths for the packages (page 6, based on the installation method embodiment, another embodiment of the invention further provides an application program installation system, with reference to FIG. 4. FIG. 4 is a schematic structural diagram of a mounting system questions provided by the embodiment of the invention, the mounting system comprises: obtaining release module 41, a registry modification module 42, an obtaining module 43, a target path determining module 44 and the operation module 45 obtaining the releasing module 41 from the BIOS module for obtaining the application program installation package, the installation package released in the hard disk of the electronic device. The registry modification module 42 with the acquired release module 41 for the installed in the hard release comprises modifying the registry. the obtaining module 43 and the registry modification module 42 for the application program obtains the registration table after the modification in the installation path. the target path determining module 44 is connected to the obtaining module 43, for determining the target path according to the installation path. the operation module 45 and the target path determining module 44 for running the application program. Note: applicant spec define path-settable detailed module
that can set paths for the packages per page 3 and 8. Thus, installation path is considered as path-settable detailed module);
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Tikhomirov to include the method wherein the installing and configuring of the packages under the application installation directory comprises determining whether a detailed module is a path-settable detailed module that can set paths for the packages, as disclosed by LV, for determining the target path according to the installation path according to the target path, running the installation package, the installation of the application program. (see page 3 of LV).
Liu discloses if the detailed module is a path-settable detailed module, installing and configuring a configuration file, data file, or log file of the path-settable detailed module in a sub-path of the application installation directory (page 2, obtaining module used for obtaining the upgrading data packet, and obtaining the local browser installation file, wherein the updating data packet comprises the upgrade configuration file and differential updating data, wherein the upgrading configuration file comprises a first file list updating, a file management module for creating the installation catalogue, and using the differential updating data for the installation file in the file list for indicating that the first indication of the upgrading file is processed. generating a first upgrade file, and storing the first update file to the installation directory, and an updating module used for updating the browser according to the file in the installation directory. Note: sub-path is consider un the installation directory).
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Tikhomirov to include creating a package image for the application and creating the deployment image for the application by committing changes in a container due to installation and configuration of the packages, as disclosed by Liu, for the purpose of acquiring upgrading data packet, and obtaining the local browser installation file, wherein the upgrading data packet comprises the upgrading configuration file and differential updating data, wherein the upgrading configuration file comprises a first file list updating, establishing installation directory. (see page 2 of Liu).
Claim 4 is rejected under 35 U.S.C. 103 as being obvious over Tikhomirov et al. , Lee, LV and Liu as applied to claim 3 and further in view of Kuo et al. (US 20160170735 A1, hereinafter Kuo), Wang et al. (CN 107220082 A, hereinafter Wang) and Shea et al. (US 20200073957 A1, hereinafter Shea).
As to claim 4, Tikhomirov discloses the method wherein the installing and configuring of the packages under the application installation directory comprises (col. 10, ll. 67-ll. 3 of col. 11, Generally, this enables a process in the service container 118 to install an application, inside of the service container 118, into a directory belonging to the target container file system 126),
Kuo discloses if the detailed module is a path-non-settable detailed module that cannot set paths for the packages, installing and configuring a configuration file, data file, or log file of the path-non-settable detailed module in a default set path (par. 0036, … the result of checking of step 250 or step 260 shows that the set of system data files SysFiles fails to conform to the checklist chklist, implying that files of the set of system data files SysFiles may be lost, damaged or dislocated in incorrect paths so that the set of system data files SysFiles cannot be used when installing the second operating system OS2, then step 256 or step 266 needs to be performed to download the complete updating package of files FullPkg for installing the second operating system OS2. … . Note: path-non-settable herein considered as system data files SysFiles cannot be used when installing);
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Tikhomirov to include if the detailed module is a path-non-settable detailed module that cannot set paths for the packages, installing and configuring a configuration file, data file, or log file of the path-non-settable detailed module in a default set path, as disclosed by Kuo, for the purpose to download the complete updating package of files FullPkg for installing. (see par. 0036 of Kuo).
Wang discloses moving a configuration file, data file, or log file for the path-non-settable detailed module to a sub-path of the application installation directory (abstract, … installation instruction according to the application program creating the second process moves the files to be installed under the data directory is installed under the installation directory. wherein the first UID and the second UID are the same. the application program file to be installed is downloaded directly under the data directory, when installing directly moves to the installation directory to install. Note: sub-path is considered within the application installation directory); and
(abstract).
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Tikhomirov to include moving a configuration file, data file, or log file for the path-non-settable detailed module to a sub-path of the application installation directory, as disclosed by Wang, for the purpose to install and it does not need to copy, effectively save the storage space and improve the user experience. (see abstract of Wang).
Shea discloses creating a symbolic link in the default set path (par. 0093, identifying a plurality of data objects for a file system to be installed on a computer system, wherein each of the plurality of data objects is to be stored in the file system using a respective path; creating an intermediate file system structure that includes a plurality of elements representing the plurality of data objects to be stored in the file system, each of the plurality of elements being placed in the intermediate file system structure at the respective path, wherein creating the intermediate file system structure comprises: identifying a subset of the plurality of data objects that each include a symbolic link in a portion of the respective path; and for each data object in the subset, replacing the symbolic link in the portion of the respective path with a target path associated with the symbolic link; and installing the file system on the computer system using the intermediate file system structure).
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Tikhomirov to include creating a symbolic link in the default set path, as disclosed by Shea, for the purpose to includes installing the file system on the computer system using the intermediate file system structure. (see abstract of Shea).
Allowable Subject Matter
Claims 6-7 are objected to as being dependent upon a rejected base claim 1, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims or amended to overcome the rejection(s) under 35 U.S.C. 112(d) and CONTINGENT, set forth in this Office action..
Conclusion
Prior arts made of record are considered pertinent to applicant's disclosure. See MPEP § 707.05 (C) For Examples:
I. Li et al. (US 20230222249 A1) discloses: “Embodiments of the teachings of the present disclosure include information leakage detection methods and apparatus, and a computer-readable medium, which can effectively detect information leakage and uses a smaller amount of computer resources. For example, some embodiments include an information leakage detection method (200), characterized by comprising: acquiring (S201) a data packet (30) sent from a protected system (100) to the outside; identifying (S202) signatures from the data packet (30), wherein a signature uniquely corresponds to a host (1000) in the protected system (100) and is stored in one or a plurality of files in the corresponding host (1000); and when a signature is identified, deciding (S203) that information in the host (1000) corresponding to the identified signature is leaked.” (please see [0005]).
II. Kim et al. (US 20240031405 A1) discloses: “A method for protecting personal information leaked by the phishing application includes a first step of extracting phishing server information, which is server information of a phishing application installed in a customer terminal, by decompiling a file related to the phishing application from which personal information was leaked, a second step of collecting customer-related information by accessing a phishing server through the phishing server information and scanning information included in a database, a third step of generating dummy data by performing falsification with random data so as to conform to a data format of the database of the phishing server based on the collected customer-related information, a fourth step of neutralizing personal information leakage by transmitting the dummy data to the phishing server.” (please see [abstract]).
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Mohammad Kabir whose telephone number is (571)270-13411. The examiner can normally be reached on M-F, 8:00 am - 5:00 pm. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Sam Sough can be reached on (571) 272-6799. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/Mohammad Kabir/
Examiner, Art Unit 2192
/S. SOUGH/spe, art unit 2192