SYSTEM AND METHOD FOR SECURE RECOVERY OF APPLICATION GROUP IN CONTAINER DEPLOYMENT ENVIRONMENTS

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Amendment 2. The Amendment filed on November 20th, 2025 has been entered. Claims 1, 3, 9, 11, 17 and 19 have been amended. Claims 1 - 20 are currently pending. Response to Arguments 35 U.S.C. §102 3. Applicant's arguments, see Remarks pp. 7 - 8, filed November 20th, 2025, with respect to the rejections of claims 1, 2, 4, 5, 9, 10, 12, 13, 17, 18 and 20 under 35 U.S.C. §102 have been fully considered and they are persuasive. The crux of Applicant’s arguments is that the amendments to the independent claims are not taught by the cited art of record. Examiner respectfully agrees Upon further consideration new grounds of rejection have been necessitated due to Applicant's amendments and are made in view of Balcha et al., (United States Patent Publication Number 20230082186) hereinafter Balcha Claim Rejections – 35 U.S.C. §103 4. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. 5. The factual inquiries set forth in Graham v John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: a. Determining the scope and contents of the prior art b. Ascertaining the differences between the prior art and the claims at issue c. Resolving the level of ordinary skill in the pertinent art d. Considering objective evidence present in the application indicating obviousness or nonobviousness Claims 1, 2, 4, 5, 9, 10, 12, 13, 17, 18 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Kumar et al. (United States Patent Publication Number 20220292002), hereinafter Kuma, in view of Balcha et al., (United States Patent Publication Number 20230082186) hereinafter Balcha . Regarding claim 1 Kumar teaches a system (Fig. 1 information processing system [0006]) comprising: memory configured to store data (the persistent memory may be implemented as a designated portion or portions of one or more of the storage devices 108 [0029]) ) related to (related to [0056]) a container deployment environment; (virtual resources such as VMs or Linux containers (LXCs), or combinations of both as in an arrangement in which Docker containers or other types of LXCs are configured to run on VMs [0024]) SEE ALSO Fig. 8 [0073] and one or more processors (one or more processing devices each comprising a processor [0040]) that are executable by instructions, (executable program code [0082]) wherein the instructions, (program code [0082]) when executed, cause the one or more processors (one or more software programs stored in memory and executed by a processor of a processing device [0089]) to: receive a request for recovering a backup (Fig 4 requests for backup files [0009], [0061]; Figs 7A – 7D service requests for backup files [0011], [0064]) of an application group (Fig. 8 sets of application 810-1, 810-2, … 810-L [0075]) such as “application group” in the container deployment environment; (virtual resources such as VMs or Linux containers (LXCs), or combinations of both as in an arrangement in which Docker containers or other types of LXCs are configured to run on VMs [0024]) SEE ALSO Fig. 8 [0073] receive a validation result (Fig. 2 (208) receive, from the virtual desktop infrastructure client, a selection of at least a given one of a set of copies of the data of the one or more virtual desktops [0049]) from the catalogue; (catalog of the VDI environment [0050]) SEE EXAMPLES Fig. 3 (305) Virtual Machine Copy Catalog Library, (307) Datastore Copy Catalog Library [0057] generate a recovery token (Fig. 2, (204) push a token to at least one of the one or more virtual desktops hosted on at least one of the one or more virtual machines, (206) authenticate the request to recover data based at least in part on validating a proof of knowledge of the token received from the virtual desktop client [0048]) responsive to the validation result; (Fig. 2 (208) receive, from the virtual desktop infrastructure client, a selection of at least a given one of a set of copies of the data of the one or more virtual desktops [0049]) and cause the recovery (Fig. 2, (210) mount the given copy in at least one of the one or more virtual desktops hosted on at least one of the one or more virtual machines [0051], Fig. 7, (724) notify that recovered data is mounted [0069], (725) copy required file(s), [0069]. (727) recovery workflow completed [0069]) of the application group(Fig. 8 sets of application 810-1, 810-2, … 810-L [0075]) such as “application group” based on the recovery token. (Fig. 2, (204) push a token to at least one of the one or more virtual desktops hosted on at least one of the one or more virtual machines, (206) authenticate the request to recover data based at least in part on validating a proof of knowledge of the token received from the virtual desktop client [0048]) Kumar does not fully disclose determine a recovery point and a destination identifier of a destination cluster; access an application group token comprising ownership data associated with the application group; register a recovery at a catalogue using the application group token, wherein the catalogue validates, using the ownership data in the application group token, the recovery point and the destination identifier with information stored in the destination cluster Balcha teaches determine a recovery point (Fig. 6A create a snapshot [0055]) SEE EXAMPLE a snapshot 512 of PV-A volume 510 can be created and a new persistent volume 514 is created from the snapshot [0055] such as “recovery point” and a destination identifier (network identifiers for one or more networks being used, storage identifiers for one or more storage systems being used, [0042]) such as “destination identifiers” of a destination cluster; (Fig,. 10 any one of the multi-clusters 1002, 1002', 1002", 1002"', 1002"" [0097]) SEE ALSO remote cluster [0057] access an application group token (secrets information [0059]) such as “application group token” comprising ownership data (application-related configuration information and metadata [0059]) such as “ownership data” associated with the application group; (Fig. 2 pods [0036]) such as “application groups” register a recovery (a snapshot 512 of PV-A volume 510 can be created and a new persistent volume 514 is created from the snapshot. [0055]) such as “recovery” at a catalogue ( The new persistent volume 514 is attached to a data mover pod 516. The data mover service copies the persistent volume 514 to a repository 518. [0055]) such as “catalogue” using the application group token, (secrets information [0059]) such as “application group token” wherein the catalogue (repository 518. [0055]) such as “catalogue” validates, (consistency of stateful information [0078]) using the ownership data (application-related configuration information and metadata [0059]) such as “ownership data” in the application group token, (secrets information [0059]) such as “application group token” the recovery point (Fig. 6A create a snapshot [0055]) SEE EXAMPLE a snapshot 512 of PV-A volume 510 can be created and a new persistent volume 514 is created from the snapshot [0055] such as “recovery point” and the destination identifier (network identifiers for one or more networks being used, [0042]) such as “destination identifiers” with information (stateful information [0053], [0054] and [0078]) stored in the destination cluster(Fig,. 10 any one of the multi-clusters 1002, 1002', 1002", 1002"', 1002"" [0097]) It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Kumar to incorporate the teachings of Balcha wherein determine a recovery point and a destination identifier of a destination cluster; access an application group token comprising ownership data associated with the application group; register a recovery at a catalogue using the application group token, wherein the catalogue validates, using the ownership data in the application group token, the recovery point and the destination identifier with information stored in the destination cluster. By doing so continuous restore via either a backup media approach or a storage-level data replication approach Described. Balcha [0065] Claims 9 and 17 correspond to claim 1 and are rejected accordingly Regarding claim 2 Kumar in view of Balcha teaches the system of claim 1, Kumar as modified does not fully disclose wherein the recovery point and the cluster identifier are included in a recovery access token (token [0048], [0065]) that is validated by the catalogue Balcha teaches wherein the recovery point (Fig. 6A create a snapshot [0055]) SEE EXAMPLE a snapshot 512 of PV-A volume 510 can be created and a new persistent volume 514 is created from the snapshot [0055] such as “recovery point” and the cluster identifier (storage identifiers for one or more storage systems being used, [0042]) such as “cluster identifiers” are included in a recovery access token (secrets information [0059]) such as “recovery access token” that is validated (consistency of stateful information [0078]) by the catalogue( The new persistent volume 514 is attached to a data mover pod 516. The data mover service copies the persistent volume 514 to a repository 518. [0055]) such as “catalogue” It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Kumar to incorporate the teachings of Balcha wherein the recovery point and the cluster identifier are included in a recovery access token (token [0048], [0065]) that is validated by the catalogue. By doing so continuous restore via either a backup media approach or a storage-level data replication approach Described. Balcha [0065] Claims 10 and 18 correspond to claim 2 and are rejected accordingly Regarding claim 4 Kumar in view of Balcha teaches the system of claim 1, Kumar as modified further teaches wherein the recovery point(time range for recovery denoted by point-in-time copies [0050]) (e.g., point-in-time) when the backup, copy or snapshot was created [0063] is determined by: accessing (retrieve [0063]) one or more recovery points (time range for recovery denoted by point-in-time copies [0050]) (e.g., point-in-time) when the backup, copy or snapshot was created [0063] corresponding to the application group; (Fig. 8 sets of application 810-1, 810-2, … 810-L [0075]) such as “application group” and receiving a user selection (A selection of at least a given one of a set of copies of the data of the one or more virtual desktops is received from the VDI client in step 208 [0049]) of the recovery point (time range for recovery denoted by point-in-time copies [0050]) (e.g., point-in-time) when the backup, copy or snapshot was created [0063] from the one or more recovery points. (point-in-time copies [0050]) Claim 12 and 20 correspond to claim 4 and are rejected accordingly Regarding claim 5 Kumar in view of Balcha teaches the system of claim 1, Kumar as modified does not fully disclose wherein the destination identifier is a destination cluster identifier. Balcha teaches wherein the destination identifier (network identifiers for one or more networks being used, [0042]) such as “destination identifiers” is a destination cluster identifier. (storage identifiers for one or more storage systems being used, [0042]) such as “cluster identifiers” It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Kumar to incorporate the teachings of Balcha wherein the destination identifier is a destination cluster identifier. By doing so replication can occur in multiple locations. Balcha [0077] Claim 13 corresponds to claim 5 and is rejected accordingly Claims 3, 11 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Kumar et al. (United States Patent Publication Number 20220292002), hereinafter Kumar in view of Balcha et al., (United States Patent Publication Number 20230082186) hereinafter Balcha and in further view of Garaev et al. (United States Patent Publication Number 20220413877 ), hereinafter referred to as Garaev . Regarding claim 3 Kumar in view of Balcha teaches the system of claim 2, Kumar teaches wherein the recovery access token (token [0048], [0065]) at the time of requesting (requesting [0063]) the recovery access token, (token [0048], [0065]) Kumar does not fully disclose further comprises: or a source cluster token for a cluster on which the application group was registered at a time of backup if the application group does not exist at the time of requesting the recovery access token. Garaev teaches or a source cluster token for a cluster on which the application group was registered at a time of backup if the application group does not exist at the time of requesting the recovery access token It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Kumar in view of Balcha to incorporate the teachings of Garaev whereby an application group token if the application group exists. By doing so that identity can be used to access authorization information (such as tokens, certificates, etc.) from Auth provider 112 and to access other secret information 180 through other secrets provider 118. Garaev [0030] Claims 11 and 19 correspond to claim 3 and are rejected accordingly Claims 6 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Kumar et al. (United States Patent Publication Number 20220292002), hereinafter Kumar in view of Balcha et al., (United States Patent Publication Number 20230082186) hereinafter Balcha in view of Avi Shua (United States Patent Publication Number 20220345483), hereinafter referred to as Shua and in further view of Karr et al., (United States Patent Publication Number 2021/0019237), hereinafter referred to as Karr. Regarding claim 6 Kumar in view of Balcha teaches the system of claim 1, Kumar as modified does not fully disclose wherein the destination identifier includes a cloud identifier and a region identifier responsive to a destination cluster identifier is unavailable. Balcha teaches a destination identifier(network identifiers for one or more networks being used, [0042]) such as “destination identifiers” It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified to incorporate the teachings of Balcha wherein in destination identifier. By doing so replication can occur in multiple locations. Balcha [0077] Shua teaches includes a cloud identifier (cloud identifier [0117]) and a region identifier (region identifier [0416]) It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Kumar in view of Balcha to incorporate the teachings of Shua wherein includes a cloud identifier and a region identifier. By doing so the scanning/mapping process may be performed by scanning system 101 with cloud infrastructure 106. In some embodiments, the scanning and mapping process may include analyzing data relating to cloud infrastructure 106 using scanning system 101, by reading cloud infrastructure 106 through the connection made in step 201 and generate a "map" ( e.g., a data structure or data collection) representing systems and devices in cloud infrastructure 106. Shua [0063]. Karr teaches responsive to a destination cluster identifier is unavailable (detecting when a storage node has become unavailable, [0075]) SEE ALSO Fig. 7 (702) – (706), Fig. 9 (902) – (006); paragraphs [0084], [0287] – [0289], [0291], [0302] – [0304] It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Kumar in view of Balcha and Shua to incorporate the teachings of Karr responsive to a destination cluster identifier is unavailable. By doing so the balancing of inputs and outputs can be handles on a distributed basis across multiple storage nodes. Karr [0075] Claim 14 corresponds to claim 6 and is rejected accordingly Claims 7, 8, 15 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Kumar et al. (United States Patent Publication Number 20220292002), hereinafter Kumar in view of Balcha et al., (United States Patent Publication Number 20230082186) hereinafter Balcha and in further view of Gunjikar et al. (United States Patent Publication Number 2022/0156164), hereinafter referred to as Gunjikar Regarding claim 7 Kumar in view of Balcha teaches the system of claim 1, Kumar does not fully disclose wherein the recovery of the application group is recovered to a source cluster that is different from the destination cluster. Gunjikar teaches wherein the recovery (performs a cluster level recovery process [0146]) of the application group (API Group [0136]) is recovered to a source cluster (source cluster [0122]) that is different from the destination cluster (target cluster [0122]) It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Kumar in view of Balcha to incorporate the teachings of Gunjikar wherein the recovery of the application group is recovered to a source cluster that is different from the destination cluster. By doing so It can migrate applications (both stateful and stateless) from on-premises to the cloud and vice versa. It can protect applications across multiple locations with integrated application-level disaster recovery and ensure business continuity. Gunjikar [0123] Claim 15 corresponds to claim 7 and is rejected accordingly Regarding claim 8 Kumar in view of Balcha teaches the system of claim 1, Kumar does not fully disclose wherein the container deployment environment) is a Kubernetes environment. Gunjikar teaches wherein the container deployment environment (Pods ( or group of one or more containers with shared storage and network resources, and a specification for how to run the containers) [0127] is a Kubernetes environment (Kubernetes cluster [0132], [0136], [0159], [0161]) It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Kumar in view of Balcha to incorporate the teachings of Gunjikar wherein the container deployment environment) is a Kubernetes environment. By doing so a project is an extension of Kubernetes' use of namespaces for isolation, resource allocation and basic authorization on a cluster basis. Gunjikar [0037] Claim 16 corresponds to claim 8 and is rejected accordingly Conclusion 6. Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. 7. Any inquiry concerning this communication or earlier communications from the examiner should be directed to Kweku Halm whose telephone number is (469)295- 9144. The examiner can normally be reached on 9:00AM - 5:30PM Mon - Thur. If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Sanjiv Shah can be reached on (571) 272 - 4098. The fax phone number for the organization where this application or proceeding is assigned is 571-273- 8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786- 9199 (IN USA OR CANADA) or 571-272-1000. /KWEKU WILLIAM HALM/Examiner, Art Unit 2166 /SANJIV SHAH/Supervisory Patent Examiner, Art Unit 2166