DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Claims 1-20 are rejected in the Instant Application.
Priority
Examiner acknowledges Applicant’s claim to priority benefits of Provisional Patent Application 63/468,652 filed 5/24/2023.
Claim Rejections - 35 USC § 103
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Greenberg (US20230401101A1) hereinafter Greenberg in view of Sammet et al. (US20170070483A1) hereinafter Sammet further in view of Fu et al. (US20030070089A1) hereinafter Fu.
Regarding claims 1, 12, 20: Greenberg teaches a method for software product deployment and compliance management, the method comprising (¶0041 see A system and method according to embodiments of the present invention can be used for software delivery, software continuous integration (CI), software continuous delivery (CD), software continuous deployment and other automation processes employed in the field of software development and infrastructure management):
receiving an indication of a first payload of a software deployment package (¶0046 see the exemplary application development environment workflow includes the following steps. When a user team commits the web application code to a git repository);
performing a first software scan of the first payload (¶0046 see (ii) runs various scans as shown in a step 20, such as virus and vulnerability scans;); and
wherein the method is performed using one or more processors (¶0078 see produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus)
Greenberg teaches deploy the containerized program to development infrastructure, run and report on an integration test suite validating the functionality of the program. ¶0052 see reporting (virus scanning, vulnerability scanning, penetration testing, and the like))
Greenberg does not explicitly teach integrity file
Sammet however in the same field of computer networking teaches integrity file (Sammet 0223-224 Create a Manifest of the Application Scanned for Use in Verifying Integrity: Another benefit of this scan is the creation of a manifest of the application scanned listing all the associated programs and libraries. This list could be used to verify the integrity of an application installed at a user location. This could be useful when a copy of a given application has issues functioning and there is a need to verify that rogue software instructions or libraries have not been introduced to the installation.)
Accordingly, it would have been obvious to one of ordinary skill in the art of computer networking at the effective filing date of the claimed invention given report of Greenberg and the teachings of Sammet for utilizing an integrity file for software scans to combine the teachings such that Greenberg utilizes the integrity file of Sammet. One of ordinary skill in the art would recognize that the results of the combination are predictable because each element in the combination is merely performing the same function it would perform separately. One would be motivated to combine these teachings because doing so will allow for deployment within a computer network for the secure control of a software application within the network is provided (Sammet ¶0196)
Greenberg teaches triggering a transfer of the first payload
Fu however in the same field of computer networking teaches payload from a first network domain to a second network domain different from the first network domain (¶0010 see provides a system to facilitate cross-domain push deployment of software in an enterprise environment. The system operates by receiving a machine name and a domain name associated with a client at a server)
Accordingly, it would have been obvious to one of ordinary skill in the art of computer networking at the effective filing date of the claimed invention given the transfer of software of Greenberg and the teachings of Fu for transferring software from one domain to another to combine the teachings such that Greenberg utilizes the transfer management of Fu as part of the software transfer. One of ordinary skill in the art would recognize that the results of the combination are predictable because each element in the combination is merely performing the same function it would perform separately. One would be motivated to combine these teachings because doing so will allow for software to be transferred remotely safely and securely (Fu ¶0007-0009)
Further regarding claim 12: Greenberg further teaches system for software product deployment and compliance management, the system comprising: one or more memories comprising instructions stored thereon; and one or more processors configured to execute the instructions and perform operations (¶0078 see computer readable program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions/acts)
Further regarding claim 20: Greenberg further teaches a non-transitory machine readable storage medium storing instructions for software product deployment and compliance management, wherein the instructions, when executed by one or more processors, cause the one or more processors to perform operations (¶0074 see A computer readable storage medium, as used herein, is not to be construed as being transitory signals per se, such as radio waves or other freely propagating electromagnetic waves, electromagnetic waves propagating through a waveguide or other transmission media (e.g., light pulses passing through a fiber-optic cable), or electrical signals transmitted through a wire)
Regarding claims 2, 13. The already combined references teach the method of claim 1, further comprising:
receiving a second payload of a configuration associated with the software deployment package (Greenberg ¶0038 see Managed Repository Configuration: A single configuration file committed to the managed repository);
generating a second integrity file including an indication of integrity of the second
payload (Greenberg ¶0052 see blueprint for web applications can define automation for continuous integration, continuous delivery, configuration management, security scans and reporting (virus scanning, vulnerability scanning, penetration testing, and the like)); and
triggering a transfer of the second payload the second integrity file from the first network domain to the second network domain (Greenberg ¶0038 see A single configuration file committed to the managed repository);
Regarding claims 3, 14. The already combined references teach the method of claim 2, further comprising:
checking payload availability in the second network domain (Greenberg ¶0071 see The system 100 tracks inputs to automation and propagates changes to impacted managed repositories via the source management system (e.g., pull requests or commits), as illustrated in FIG. 8 [propagating changes implies it search and applied changes to available payload]); and
downloading the first payload and the second payload (Greenberg ¶0038 see A single configuration file committed to the managed repository).
Regarding claims 4, 15. The already combined references teach the method of claim 3, wherein the first payload and the second payload are downloaded at two different times (Greenberg ¶0070 see user team can provide managed repository specific configuration through managed repository configuration (configurable steps and jobs) committed in the repository via the configuration file 260, as illustrated in FIG. 5 . According to embodiments of the present invention, the configuration file 260 is committed to the managed repository 270. The user team also can provide managed repository specific automation by configuring the automation in the managed repository configuration [adding the configuration file after the repository is formed clearly highlights deployment is done prior to the configuration file being added])
Regarding claims 5, 16. The already combined references teach the method of claim 3, further comprising:
verifying a first integrity of the downloaded first payload based at least in part on the
first integrity file; and verifying a second integrity of the downloaded second payload based at least in part on the second integrity file (Greenberg ¶0032 see run and report on an integration test suite validating the functionality of the program [Greenberg teaches report on the validation and testing interpreted to cover both the code and configuration file| Sammet teaches integrity files see claim 1])
Regarding claims 6, 17. The already combined references teach the method of claim 5, further comprising:
relaying the downloaded first payload or the downloaded second payload to a software deployment solution (Greenberg ¶0046 see shown in a step 20, such as virus and vulnerability scans; (iii) uploads software artifacts, as shown in a step 30, such as data models or workflow diagrams; (iv) deploys the application into a development environment)
Regarding claims 7, 18. The already combined references teach the method of claim 5, wherein the first software scan includes an anti-virus scan and a vulnerability scan (Greenberg ¶0032 see the workflow can run unit tests, build a container image for a software program, run virus and vulnerability scans, deploy the containerized program to development infrastructure)
Regarding claims 8, 19. The already combined references teach the method of claim 7, further comprising:
performing a second software scan to the downloaded first payload (Greenberg ¶0032 see deploy the containerized program to development infrastructure, run and report on an integration test suite validating the functionality of the program [second scan is interpreted as integration test])
Regarding claim 9. The already combined references teach the method of claim 8, wherein the second software scan includes an antivirus scan (Greenberg ¶0052 see blueprint for web applications can define automation for continuous integration, continuous delivery, configuration management, security scans and reporting (virus scanning, vulnerability scanning, penetration testing, and the like) [Greenberg allows for continuous scanning])
Regarding claim 10. The already combined references teach the method of claim 8, wherein the second software scan does not include a vulnerability scan (Greenberg ¶0032 see deploy the containerized program to development infrastructure, run and report on an integration test suite validating the functionality of the program [integration test is not a vulnerability test])
Regarding claim 11. The already combined references teach the method of claim 1, wherein the receiving an indication of a first payload of a software deployment package comprises:
checking for an update to one or more payloads; determining the first payload being updated; and downloading the first payload (Greenberg ¶0046 see exemplary application development environment workflow includes the following steps. When a user team commits the web application code to a git repository, for example GitHub, the automation generally (i) virtualizes the application by containerization, as shown in a step 10; (ii) runs various scans as shown in a step 20, such as virus and vulnerability scans; (iii) uploads software artifacts, as shown in a step 30, such as data models or workflow diagrams; (iv) deploys the application into a development environment, as shown in a step 40; and (v) runs a test suite, as shown in a step 50.)
Conclusion
References are cited not only for their quoted language but for all that they teach.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Atta Khan whose telephone number is 571-270-7364. The examiner can normally be reached on M-F 09:00-6:00.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Vivek Srivastava can be reached on (571) 272-7304. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/ATTA KHAN/
Examiner, Art Unit 2449