Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-10 are presented for the examination.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 3, 6 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA the applicant regards as the invention.
The following terms lack proper antecedent basis:
The start – claim 3;
The monitoring processes - claim 6.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
3. Claims 9-10 are rejected under 35 U.S.C. 101 because the claimed invention is directed to apparatus claims, but appearing to be comprised of software alone without claiming associated computer hardware required for execution. For example, claim 9 defines “apparatus” in the preamble and the body of the claim recites “ host system”. Host system appears to be software module. Therefore, claim 9 is non-statutory because it recite claim that comprise software module.
§ 101 2. 35 U.S.C. 101 reads as follows
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
4.Claims 1, 2, 5, 9 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more.
5. As to Claims 1, 2, 9 have been rejected under 35 USC 101 for abstract idea without significantly more. Under Step 2A, Prong 1, the “comparison” recite a mental process since “ comparison” is function that can be reasonably performed in the human mind with the aid of pen and paper through observation, evaluation, judgment, opinion.
Under Prong 2, the additional element “ starting a respective checking process on the host system for each of at least two of the container applications, Assigning the respective checking process using a data-technology linkage ” are recited at a high-level of generality such that it amounts no more than mere instructions to apply the exception using a generic computer component, or merely a generic computer or generic computer components to perform the judicial exception, Accordingly, the additional elements do not integrate the recited judicial exception into a practical application, and the claim is therefore directed to the judicial exception. See MPEP 2106.05(f).
Under Step 2B, the additional elements “ starting a respective checking process on the host system for each of at least two of the container applications”-this generally have been a mental process although the respective checking process could be a generic computer component described as software in an actual computer hardware and Assigning the respective checking process using a data-technology linkage - this is mere instructions to apply the mental process under mpep 2106.05(f), amounts to merely generally linking the use of the judicial exception to a particular technological environment or field or use, and is merely applying the judicial exception, therefore, does not amount to significantly more, hence, cannot provide an inventive concept.
6. As to Claim 5 has been rejected under 35 USC 101 for abstract idea without significantly more. Under Step 2A, Prong 1, the “comparison” recite a mental process since “ comparison” is function that can be reasonably performed in the human mind with the aid of pen and paper through observation, evaluation, judgment, opinion.
Under Prong 2, the additional element “ starting a respective checking process on the host system for each of at least two of the container applications, Assigning the respective checking process using a data-technology linkage” are recited at a high-level of generality such that it amounts no more than mere instructions to apply the exception using a generic computer component, or merely a generic computer or generic computer components to perform the judicial exception, Accordingly, the additional elements do not integrate the recited judicial exception into a practical application, and the claim is therefore directed to the judicial exception. See MPEP 2106.05(f).
Under Step 2B, the additional elements “ starting a respective checking process on the host system for each of at least two of the container applications”-this generally have been a mental process although the respective checking process could be a generic computer component described as software in an actual computer hardware and Assigning the respective checking process using a data-technology linkage - this is mere instructions to apply the mental process under mpep 2106.05(f), amounts to merely generally linking the use of the judicial exception to a particular technological environment or field or use, and is merely applying the judicial exception, therefore, does not amount to significantly more, hence, cannot provide an inventive concept.
7. The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application. See MPEP 2106.05(d). Thus, the claim is not patent eligible.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
8. Claim(s) 1, 9 are rejected under 35 U.S.C. 103 as being unpatentable over LEVIN(US 20190058722 A1) in view of HONG( CN 101359335 A).
As to claim 1, Levin teaches The method for checking container applications on a host system for manipulation( Each image registry 330 stores container images 301 that can be imported and executed on the host device 310 (container images 301 illustrated as stored in the host device 310 but not the image registry 330 merely for simplicity purposes). An example of such a container image is shown in FIG. 2. A container image 301 is a static file and a runtime instance of the container image 301 is a software container 311 executing a specific application (hereinafter “APP container” 311), para[0034], ln 3-14/ the host device 310 is configured to host and execute a defender container 315. The defender container 315 is a software container configured to inspect and filter traffic directed to protected APP containers of the APP containers 311, para[0036], ln 2-6)
starting a respective checking process on the host system for each of at least two of the container applications( according to the disclosed embodiments, the host device 310 is configured to host and execute a defender container 315. The defender container 315 is a software container configured to inspect and filter traffic directed to protected APP containers of the APP containers 311, para[0036], ln 1-5/ In an embodiment, the defender container 315 is configured to inspect and filter encrypted traffic directed to the protected APP containers among the APP containers 311, para[0051], ln 1-5/ Accordingly, the method allows for dynamically adapting inspection and filtering by the defender container based on additions of and changes to container images. In some embodiments, after execution of the method of FIG. 6 terminates, execution of a method for runtime traffic inspection and filtering in a containerized environment (e.g., the method of FIG. 7) may start. Alternatively or collectively, the methods may be executed at least partially in parallel, thereby allowing for dynamic adaption both to new container images and to new deployments of containers, para[0081], ln 3-14/ Each filtering profile defines a configuration for inspecting and filtering traffic directed toward the respective protected APP container, para[0079], ln 5-8);
Wherein the checking processes subject the current behavior of at least one of the container applications other than the respective assigned container application to a comparison with a reference behavior of the at least one other container application( each filtering profile defines a configuration for inspecting and filtering traffic directed toward the respective protected APP container. Each filtering profile may further include the corresponding runtime model for the respective protected APP container such that particular filtering configurations may be associated with certain runtime behaviors, para[0079], ln 5-12/ The defender container 315 is a software container configured to inspect and filter traffic directed to protected APP containers of the APP containers , para[0036], ln 3-6/ the defender container 315 is configured to statically analyze container images 301 of one or more protected APP containers to be deployed in the host device 310 to determine an application type of each application to be executed by the at least one protected APP container . Each protected APP container is one of the APP containers 311 executed by the host device that is to be protected using the filtering rules, para[0041], ln 3-12/ At S630, the contents of each container image are analyzed to determine a type of application to be executed by a container corresponding to the container image. In an embodiment, S630 includes analyzing the application layers of the container image to determine the type of application to be executed at runtime by the respective container.
In an embodiment, S630 further includes creating a runtime model for each analyzed container image. The runtime model defines expected runtime behavior of the container[ the current behavior of at least one of the container applications], thereby allowing for detection of anomalous behavior at runtime, para[0077] to para[0078]/ the defender container 315 is configured to monitor deployment of the protected APP containers 311 within the host device 310. The monitoring may include, but is not limited to, comparing runtime behavior of each APP container 311 executed in the host device 310 to the expected runtime behaviors defined in the runtime model for the protected APP container[ the current behavior of at least one of the container applications], the monitoring may include detecting a container identifier of each deployed APP container 311 and comparing the detected container identifiers to container identifiers associated with the protected APP container, para[0047] ),
Hong teaches Assigning the respective checking process using a data-technology linkage(If another bidirectional link exists between the other container and a third container and if an error is found in the other bidirectional link, the file system performs a consistency check of data included in the third container, Sec: abstract, ln12-19/ and determining if a second bidirectional link exists between the second container and the third container. If a bidirectional link exists between of the second container and a third container and if an error is found in the second bidirectional link, the file system is further configured to comprising file data and performs a consistency check of the associated metadata in a third container, Sec: Various embodiments and claims a computer system and method, ln 18-31/ More specifically, the verification may include checking the correct parent-child relationship in the directory blocks and directory entries of all. In addition, it can check container linkage table. The inspection may include any hard link verification file to the selected container, and repair can be found any error (block 1076). In addition, can verify the selected container in the container linkage table reference other containers of item (block 1078). if one item in the selected container in the container linkage table references an index node in the outer container, then the corresponding entry in the container linkage table of the outer container also should be present. if there is not, then there is an error, it must verify that the outer container, Sec: Next, can verify the level of index node, ln 1-20/ performing a consistency check of file data and associated metadata included in the third container, in response to detecting an error in said second bidirectional link, sec: claim 9, ln 5-9).
It would have been obvious to one of the ordinary skill in the art before the effective filling date of claimed invention was made to modify the teaching of Levin with Hong to incorporate the above feature because this reduces the tool of time required for running and solves the problem of file system for dynamically managing system and method of resource more effectively.
As to claim 9, it is rejected for the same reason as to claim 1 above. In additional, Levin teaches contain image(A container image 301 is a static file and a runtime instance of the container image 301 is a software container 311 executing a specific application (hereinafter “APP container” 311), para[0034], ln 9-14).
9. Claim(s) 2, 5 are rejected under 35 U.S.C. 103 as being unpatentable over LEVIN(US 20190058722 A1) in view of HONG( CN 101359335 A) and further in view of MAGEN(US 20230169168 A1).
As to claim 2, Magen teaches ending manipulation of the at least one container application subjected to the comparison on the comparison( The probability score indicates a probability that the deployment of the container is anomalous compared to the historical deployments of containers. When the probability score is greater than a predetermined threshold, the computing system is configured to perform at least one of (1) generate a security alert, (2) reject the request for the deployment of the container, or (3) terminate the container that has been deployed, para[0010], ln 5-12/ para[0035]).
It would have been obvious to one of the ordinary skill in the art before the effective filling date of claimed invention was made to modify the teaching of Levin and Hong with Magen to incorporate the above feature because this detects anomalous deployments of containers that are performed via a container orchestration service.
As to claim 5, Magen teaches Comprising subjecting the current behavior of the at least one other container application to a comparison with the reference behavior with respect to a response behavior to question and /or with respect to an operating behavior and/or with respect to a behavior upon a manipulation attempt and/or upon an occurring manipulation( para[0010], ln 5-12/para[0035]) for the same reason as to claim 2 above.
10. Claim(s) 3, 4, 6 are rejected under 35 U.S.C. 103 as being unpatentable over LEVIN(US 20190058722 A1) in view of HONG( CN 101359335 A) and further in view of Killmar(US 8510712 B1).
As to claim 3, Killmar teaches communicating the reference behavior of the container application with the checking processes upon the start and/or stop and or upon a change of the at least one other container application( In-container test manager 102 can also instantiate, manipulate, and delete objects within container 100 in response to requests from testing process 150, as well as provide information indicating the results of instantiating, manipulating, or deleting in-container objects to testing process 150. Thus, in-container test manager 102 provides test manager 152 with visibility into container 100 as well as the ability to manipulate and monitor the behavior of objects within container 100. Testing process 150 is implemented independently of container 100. Thus, testing process 150 can be modified without having to stop and restart container 100 and without having to redeploy any code into container 100. A user can thus modify testing process 150 or dynamically change the flow of testing being performed by testing process 150 without needing to redeploy any test code or to restart container 100. At the same time, because testing process 150 can communicate with in-container test manager 102, testing process 150 has the ability to interact with in-container objects individually, col 2, ln 49-67).
It would have been obvious to one of the ordinary skill in the art before the effective filling date of claimed invention was made to modify the teaching of Levin and Hong with Killmar to incorporate the above feature because this provides laborious, error prone, and/or inefficient container testing and provides new techniques for testing in-container objects are desired,
As to claim 4, Killmar teaches wherein the checking process is assigned to the respective container application by starting the checking process as part of the respective container application( col 2, ln 49-67) for the same reason as to claim 3 above.
As to claim 6, Killmar teaches further comprising communicating with a reference behavior component the reference behavior to the monitoring process( col 2, ln 40-67) for the same reason as to claim 4 above.
11. Claim(s) 7 is rejected under 35 U.S.C. 103 as being unpatentable over LEVIN(US 20190058722 A1) in view of HONG( CN 101359335 A) and further in view of Bhalotra(US 10397255 B1).
As to claim 7, Bhalotra teaches the reference behavior component is cryptographically protected( The container security platform 142 supplies measures of confidence in the integrity of applications or containers. The measure of confidence may evaluate multiple factors including but not limited to: (1) whether a container image employs signing using cryptographic keys and whether such keys have been generated by administrators or end users of the platform or a private or public certificate authority; (2) whether the containers have undergone a trusted attestation process using a hardware root of trust such as a Trusted Platform Module (TPM); (3) whether a container image contains vulnerabilities that are surfaced by scanning each layer of the image; (4) metadata attributes of the container including labels, the environment in which is running, or the type of data it is intended to process; (5) runtime behavior determined to be benign, anomalous, or malicious by the platform's machine learning module; and (6) efficacy metrics of the machine learning model (e.g., true positives, false positives, true negatives, false negatives). The platform applies a weighting to each of these factors to generate a measure of confidence regarding the integrity of the application or container. The platform also evaluates occurrences of specific security events associated with these factors to determine a measure of uniqueness that indicates the relative frequency of security events affecting the integrity of an application, col 13, ln 25-50).
It would have been obvious to one of the ordinary skill in the art before the effective filling date of claimed invention was made to modify the teaching of Levin and Hong with Bhalotra to incorporate the above feature because this provides security in a distributed computation system utilizing application containers and protects the software infrastructure and containers that are used to run applications.
12. Claim(s) 8, 10 are rejected under 35 U.S.C. 103 as being unpatentable over LEVIN(US 20190058722 A1) in view of HONG( CN 101359335 A) and further in view of Adams(US 20130198722 A1).
As to claim 8, Adams teaches the reference behavior component is implemented by means of a distributed database( FIG. 1 is a block diagram of a distributed computer system that includes a server computer having a middleware container and transaction database that interact with a transaction process monitoring program to manage transactions of a software application,, para[0011], ln 1-6/ middleware container 115 that provides an environment for hosting and managing transactions 120. Middleware container 115 implements business logic to coordinate transactions 120. Business logic refers to rules (e.g., business rules) that govern steps to complete transactions 120, wherein each of the transactions is one or more program functions (i.e., program code) to perform a group of tasks, para[0018], ln 6-16/ while computer system 100 is deployed to a software test environment, first test metrics on transactions 120 are collected by middleware container 115. In one embodiment, the first test metrics collected by middleware container 115 may include input size for each transaction 120, the number of switches between tasks for each of the transactions, average amount of time spent per each of the transactions, and average amount of time spent per task of each of the transactions. The first test metrics collected form a historical log of data that can be processed by transaction process monitoring program 125 to generate baseline values that represent a pattern of expected execution behavior of transactions 120. The first test metrics that are collected are stored in transaction database 130, para[0019], ln 1-20).
It would have been obvious to one of the ordinary skill in the art before the effective filling date of claimed invention was made to modify the teaching of Levin and Hong with Adams to incorporate the above feature because this provides a middleware container behaves as a parent program or software environment to manage execution of one or more program functions (i.e., program code) or commands, or other suitable software routines.
As to claim 10, Adams teaches the system comprises manufacturing or processing system( para[0011], ln 1-7/ para[0016]/ para[0017], ln 1-10/ para[0024], ln 1-9) for the same reason as to claim 8 above.
Conclusion
US 20190108336 A1 teaches Software container models can identify anomalous software container instances, identify the application type of an anonymous software container instance, and detect a change in the behavior of a software container instance.
US 20070174073 A1 teaches to information stored in container processing database 108 to identify the type of container, the material from which it is formed, the distributor to which the material should be delivered, etc. If information on the container can be read and successfully compared to information.
US 8775392 B1 teaches Comparing two versions of a file container 100 can include comparing state information for the respective file containers to determine which, if any, of files 120 contained in file container 100 have changed.
US 20190245766 A1 When the latency inspector 153 determines that the service 50 does not satisfy the performance requirement, the behavior calculator 154 transmits, as information indicating behavior in the abnormal state, the calculated percentile values for the containers and the servers to the abnormal factor estimator 155. Then, the abnormal factor estimator 155 compares the behaviors in the normal state with the behaviors in the abnormal state.
US 20170230477 A1 teaches specific behaviors patterns of an implementation may be checked against the observed behavior of other implementations in the cohort to determine a statistical probability that the behavior would be exhibited by a member of the cohort. Observation data associated with an implementation is received (602). The observed behavior is compared to the observed behavior of other implementations in a cohort of which the implementation
US 20190058722 teaches A1he monitoring may include, but is not limited to, comparing runtime behavior of each APP container 311 executed in the host device 310 to the expected runtime behaviors defined in the runtime model for
Any inquiry concerning this communication or earlier communications from the examiner should be directed to LECHI TRUONG whose telephone number is (571)272-3767. The examiner can normally be reached 10-8 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor Young Kevin can be reached on (571)270-3180. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/LECHI TRUONG/ Primary Examiner, Art Unit 2194