Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Amendment
Claims 1-20 are currently pending and have been considered below. Claims 1, 9 and 15 are independent claims. Claims 1, 9 and 15 have been amended.
Response to Arguments
In view of Applicant’s arguments, the rejection under 35 USC 112(b) and 112(f) is withdrawn.
Applicant’s arguments with respect to claims 1-20 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1, 9 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Gajananan(US Publication No. 20210397712 A1) in view of Smith(US Publication No. 2024/0022609 A1) .
Regarding Claim 1:
Gajananan discloses:
A method for managing operation of a deployment, the method comprising: obtaining, from a requestor, a request for the deployment to provide a desired service(Gajananan, [0063], A Helm-based package deployment creates a series of resource creation requests to the k8s cluster 440.);
based on the request: obtaining a desired service identifier for the requestor, the desired service identifier uniquely identifying the requestor and the desired service(Gajananan, [0099], At block 703, sign a deployment configuration 602 by a signing authority to obtain a signed deployment configuration 602A and persist the signature as a CRD in the cluster 606. [0111], At block 730, responsive to all of Requests 5-6 being received, identify package content by checking ownerReference in the cluster 606 and verify integrity.);
and providing access to the secure and traceable data package to the requestor, where the access enables at least a portion of the deployment to be configured to obtain an updated deployment that provides the desired service(Gajananan, [0186], User portal 1483 provides access to the cloud computing environment for consumers and system administrators. Service level management 1484 provides cloud computing resource allocation and management such that required service levels are met).
Gajananan does not disclose:
obtaining, using the public key and the private key, a secure and traceable data package
Smith discloses:
obtaining, using the public key and the private key, a secure and traceable data package(Smith, [0172], The present systems and methods automate building of trusted repositories at the locations where WLs are hosted. These may be cloud and edge public and private repositories containing sensitive trusted identities; [0174], In more detail, the scanner 3612 (e.g., provided by Synk, Sysdig scanners) are tools and frameworks detect vulnerabilities in container images and packages); (Smith, [0172], The present systems and methods automate building of trusted repositories at the locations where WLs are hosted. These may be cloud and edge public and private repositories containing sensitive trusted identities; [0174], In more detail, the scanner 3612 (e.g., provided by Synk, Sysdig scanners) are tools and frameworks detect vulnerabilities in container images and packages)
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Gajananan’s preventing unauthorized package deployment in clusters by enhancing Gajananan’s systems for automating application deployment to ensure that the security policies associated with the resources as taught by Smith in order to ensure the confidentiality, integrity, and authenticity of the data package.
The motivation is to enhance encrypted data with a policy and a set of attributes wherein the recipient's private key is associated with their own attributes, granting access only if their attributes match the policy and helps prove ownership and detect unauthorized copying or distribution of the data.
Gajananan and Smith do not disclose:
obtaining, using a cryptographic algorithm with the desired service identifier as a seed, a public key and a private key
confirming that a requester copy of the public key matches a vendor copy of the public key;
Lackey disclsoes:
obtaining, using a cryptographic algorithm with the desired service identifier as a seed, a public key and a private key(Lackey, Claim 1, generating a first party seed by the first party; Col. 4, lines 54-67, the first party seed rB, is utilized to determine Bob's private key, b. The private key is generated according to a fixed public deterministic algorithm or key derivation function (KDF) as specified in step 102…the private key, b, can be represented as KDF (rB).) (U) Next at step 108, Bob utilizes the basepoint, G and the key pair-basepoint relationship to determine his public key, B=bG.);
confirming that a requester copy of the public key matches a vendor copy of the public key;(Lackey, Col. 5, lines 61-67, Alice compares the recovered public key, B* to the public key, B, determined by the first party at step 108 and transmitted to the second party at step 118. At step 158, Alice determines whether the recovered public key, B* matches the delivered public key, B. If the recovered public key, B*, matches the received public key, B, the received public key, B)
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Gajananan in view of Smith preventing unauthorized package deployment in clusters by enhancing Gajananan in view of Smith systems for automating application deployment to generate cryptographic keys using a seed input and verifying public keys through comparison as taught by Smith in order to ensure secure, consistent and verifiable key generation and prevent unauthorized or invalid key usage in cryptographic systems.
The motivation is to enhance identifier based key derivation verification processes, and accurate binding between generated keys and their originating source. Furthermore, to detect mismatch or improperly generated public keys.
Regarding Claim 9:
Gajananan discloses:
A non-transitory machine-readable medium having instructions stored therein, which when executed by a processor, cause the processor to perform operations for managing operation of a deployment, the operations comprising(Gajananan, [0008], The server further includes a hardware processor configured to run the program code to detect a resource creation request from a client. The hardware processor further runs the program code to, responsive to the resource creation request being an initial resource creation request for the object):
obtaining, from a requestor, a request for the deployment to provide a desired service; based on the request: obtaining a desired service identifier for the requestor, the desired service identifier uniquely identifying the requestor and the desired service(Gajananan, [0099], At block 703, sign a deployment configuration 602 by a signing authority to obtain a signed deployment configuration 602A and persist the signature as a CRD in the cluster 606. [0111], At block 730, responsive to all of Requests 5-6 being received, identify package content by checking ownerReference in the cluster 606 and verify integrity.);
and providing access to the secure and traceable data package to the requestor wherein the access enable at least a portion of the deployment to be configured to obtain an updated deployment that provides the desired service e(Gajananan, [0186], User portal 1483 provides access to the cloud computing environment for consumers and system administrators. Service level management 1484 provides cloud computing resource allocation and management such that required service levels are met).
Gajananan does not disclose:
obtaining, using the public key and the private key, a secure and traceable data package
Smith discloses:
obtaining, using the public key and the private key, a secure and traceable data package (Smith, [0172], The present systems and methods automate building of trusted repositories at the locations where WLs are hosted. These may be cloud and edge public and private repositories containing sensitive trusted identities; [0174], In more detail, the scanner 3612 (e.g., provided by Synk, Sysdig scanners) are tools and frameworks detect vulnerabilities in container images and packages); (Smith, [0172], The present systems and methods automate building of trusted repositories at the locations where WLs are hosted. These may be cloud and edge public and private repositories containing sensitive trusted identities; [0174], In more detail, the scanner 3612 (e.g., provided by Synk, Sysdig scanners) are tools and frameworks detect vulnerabilities in container images and packages)
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Gajananan’s preventing unauthorized package deployment in clusters by enhancing Gajananan’s systems for automating application deployment to ensure that the security policies associated with the resources as taught by Smith in order to ensure the confidentiality, integrity, and authenticity of the data package.
The motivation is to enhance encrypted data with a policy and a set of attributes wherein the recipient's private key is associated with their own attributes, granting access only if their attributes match the policy and helps prove ownership and detect unauthorized copying or distribution of the data.
Gajananan and Smith do not disclose:
obtaining, using a cryptographic algorithm with the desired service identifier as a seed, a public key and a private key
Lackey discloses:
obtaining, using a cryptographic algorithm with the desired service identifier as a seed, a public key and a private key (Lackey, Claim 1, generating a first party seed by the first party; Col. 4, lines 54-67, the first party seed rB, is utilized to determine Bob's private key, b. The private key is generated according to a fixed public deterministic algorithm or key derivation function (KDF) as specified in step 102…the private key, b, can be represented as KDF (rB).) (U) Next at step 108, Bob utilizes the basepoint, G and the key pair-basepoint relationship to determine his public key, B=bG.);
confirming that a requester copy of the public key matches a vendor copy of the public key (Lackey, Col. 5, lines 61-67, Alice compares the recovered public key, B* to the public key, B, determined by the first party at step 108 and transmitted to the second party at step 118. At step 158, Alice determines whether the recovered public key, B* matches the delivered public key, B. If the recovered public key, B*, matches the received public key, B, the received public key, B)
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Gajananan in view of Smith preventing unauthorized package deployment in clusters by enhancing Gajananan in view of Smith systems for automating application deployment to generate cryptographic keys using a seed input and verifying public keys through comparison as taught by Smith in order to ensure secure, consistent and verifiable key generation and prevent unauthorized or invalid key usage in cryptographic systems.
The motivation is to enhance identifier based key derivation verification processes, and accurate binding between generated keys and their originating source. Furthermore, to detect mismatch or improperly generated public keys.
Regarding Claim 15:
Gajananan discloses:
A data processing system, comprising: a processor; and a memory coupled to the processor to store instructions, which when executed by the processor, cause the processor to perform operations managing operation of a deployment the operations comprising(Gajananan, [0008], The server further includes a hardware processor configured to run the program code to detect a resource creation request from a client. The hardware processor further runs the program code to, responsive to the resource creation request being an initial resource creation request for the object):
obtaining, from a requestor, a request for the deployment to provide a desired service(Gajananan, [0063], A Helm-based package deployment creates a series of resource creation requests to the k8s cluster 440.);
based on the request: obtaining a desired service identifier for the requestor, the desired service identifier uniquely identifying the requestor and the desired service(Gajananan, [0099], At block 703, sign a deployment configuration 602 by a signing authority to obtain a signed deployment configuration 602A and persist the signature as a CRD in the cluster 606. [0111], At block 730, responsive to all of Requests 5-6 being received, identify package content by checking ownerReference in the cluster 606 and verify integrity.);
and providing access to the secure and traceable data package to the requestor, wherein the access enable at least a portion of the deployment to be configured to obtain an updated deployment that provides the desired service(Gajananan, [0186], User portal 1483 provides access to the cloud computing environment for consumers and system administrators. Service level management 1484 provides cloud computing resource allocation and management such that required service levels are met).
Gajananan does not disclsoe:
obtaining, using the public key and the private key, a secure and traceable data package;
Smith discloses:
obtaining, using the public key and the private key, a secure and traceable data package(Smith, [0172], The present systems and methods automate building of trusted repositories at the locations where WLs are hosted. These may be cloud and edge public and private repositories containing sensitive trusted identities; [0174], In more detail, the scanner 3612 (e.g., provided by Synk, Sysdig scanners) are tools and frameworks detect vulnerabilities in container images and packages); (Smith, [0172], The present systems and methods automate building of trusted repositories at the locations where WLs are hosted. These may be cloud and edge public and private repositories containing sensitive trusted identities; [0174], In more detail, the scanner 3612 (e.g., provided by Synk, Sysdig scanners) are tools and frameworks detect vulnerabilities in container images and packages)
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Gajananan’s preventing unauthorized package deployment in clusters by enhancing Gajananan’s systems for automating application deployment to ensure that the security policies associated with the resources as taught by Smith in order to ensure the confidentiality, integrity, and authenticity of the data package.
The motivation is to enhance encrypted data with a policy and a set of attributes wherein the recipient's private key is associated with their own attributes, granting access only if their attributes match the policy and helps prove ownership and detect unauthorized copying or distribution of the data.
Gajananan and Smith do not disclose:
obtaining, using a cryptographic algorithm with the desired service identifier as a seed, a public key and a private key
confirming that a requester copy of the public key matches a vendor copy of the public key
Lackey discloses:
obtaining, using a cryptographic algorithm with the desired service identifier as a seed, a public key and a private key (Lackey, Claim 1, generating a first party seed by the first party; Col. 4, lines 54-67, the first party seed rB, is utilized to determine Bob's private key, b. The private key is generated according to a fixed public deterministic algorithm or key derivation function (KDF) as specified in step 102…the private key, b, can be represented as KDF (rB).) (U) Next at step 108, Bob utilizes the basepoint, G and the key pair-basepoint relationship to determine his public key, B=bG.);
confirming that a requester copy of the public key matches a vendor copy of the public key (Lackey, Col. 5, lines 61-67, Alice compares the recovered public key, B* to the public key, B, determined by the first party at step 108 and transmitted to the second party at step 118. At step 158, Alice determines whether the recovered public key, B* matches the delivered public key, B. If the recovered public key, B*, matches the received public key, B, the received public key, B)
Claim 2-8, 10-14 and 16-20 are rejected under 35 U.S.C. 103 as being unpatentable over Gajananan(US Publication No. 20210397712 A1) in view of Smith(US Publication No. 2024/0022609 A1) in further view of Lackey (US Patent No. 9635003 B1)in further view of Leiserson(US Publication No. 20210111886 A1).
Regarding Claim 2:
Gajananan in view of Smith in further view of Lackey disclose:
The method of claim 1…
wherein obtaining the secure and traceable data package comprises: obtaining, based on the desired service, a desired state chart for at least one artifact(Gajananan, [0011], The computer-implemented method of claim 1, wherein the signature is detected as an artifact associated with the specific deployment configuration.);
obtaining, based on the desired service, the at least one artifact(Gajananan, [0083], a chart repository 603, a Helm client 604, a k8s API 605 of a k8s cluster 606, a package release (manifest) 607, a Custom Resource Definition 608, and an artifact repository 609.);
the desired state chart and the at least one artifact to obtain a signed desired state chart and a signed at least one artifact(Gajananan, [0109], verify integrity using the signed Helm package 601A (template) and the signed deployment configuration by (a) creating the expected resource definition from the signed Helm package (template) 601A and the signed deployment configuration 602A and (b) comparing the expected resource definition with the resource definition in the incoming admission request.);
at least the signed desired state chart and the signed at least one artifact to obtain the secure and traceable data package(Gajananan, [0028], One or more embodiments of the present invention can verify the integrity of an application package deployment using an integrity chain. For example, for each resource creation request, using the signed helm package (template) and signed deployment configuration, (a) create the expected resource definition and (b) compare it with the resource definition in the incoming admission request.).
Gajananan in view of Smith in further view of Lackey does not disclose:
signing, using the private key
and encrypting, using the public key
Leiserson discloses:
signing, using the private key(Leiserson, [0024], The signature may be generated by the private key),
and encrypting, using the public key(Leiserson, [0012], the enclave manager may
encrypt the file system with a public key),
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Gajananan in view of Smith in further view of Lackey’s preventing unauthorized package deployment in clusters by enhancing Gajananan in view of Smith in further view of Lackey’s systems for automating application deployment to ensure the encrypted file system key may be received as taught by Leiserson in order to ensure the signature remains valid even if the signing certificate expires.
The motivation is to enhance an applications like code signing, private keys should be stored and used within a secure, tamper-resistant hardware device by preventing theft of the private key from a regular server or workstation. Also, by ensuring the signature remains valid.
Regarding Claim 3:
The method of claim 2, Gajananan in view of Smith in further view of Lackey and in further view of Leiserson disclose further comprising: providing, to the requestor, secure access to the private key to enable the secure and traceable data package to be decrypted(Leiserson, [0024], …the encrypted file system key may be the file system key that has been encrypted based on a first secure enclave key. The encrypted file system key may be decrypted by the private key…).
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Gajananan in view of Smith in further view of Lackey’s preventing unauthorized package deployment in clusters by enhancing Gajananan in view of Smith in further view of Lackey’s systems for automating application deployment to ensure the encrypted file system key may be received as taught by Leiserson in to provide secure and traceable access to the private key is to uphold the fundamental principles of data secure.
The motivation is to ensure and prevent unauthorized decryption and access to the sensitive data contained within the package wherein an attacker obtains the private key, they can decrypt the data, leading to a data breach within the system.
Regarding Claim 4:
The method of claim 3, Gajananan in view of Smith in further view of Lackey’s and in further view of Leiserson disclose wherein providing the secure access to the private key comprises: storing the private key in a secure location to be accessible only by the requestor(Smith, [0172], The present systems and methods automate building of trusted repositories at the locations where WLs are hosted. These may be cloud and edge public and private repositories containing sensitive trusted identities.).
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Gajananan’s preventing unauthorized package deployment in clusters by enhancing Gajananan’s systems for automating application deployment to ensure that the security policies associated with the resources as taught by Smith in order to ensure the confidentiality, integrity, and authenticity of the data package.
The motivation is to enhance encrypted data with a policy and a set of attributes wherein the recipient's private key is associated with their own attributes, granting access only if their attributes match the policy and helps prove ownership and detect unauthorized copying or distribution of the data.
Regarding Claim 5:
The method of claim 2, Gajananan in view of Smith in further view of Lackey’s and in further view of Leiserson disclose wherein the desired service identifier associates the desired state chart(Gajananan, [0025], The present invention provides a cluster-side integrity verification mechanism to meet the following conditions: (a) identify any admission requests originated from a Helm installation; (b) identify package content from each individual admission request),
the public key, and the private key to the requestor(Smith, [0175], The end-to-end workflow illustrated in FIG. 36 illustrates a dynamic building of trusted repositories where a cloud hosting environment hosts public and private repositories, and where a client application interacts with live repositories.)
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Gajananan’s preventing unauthorized package deployment in clusters by enhancing Gajananan’s systems for automating application deployment to ensure that the security policies associated with the resources as taught by Smith in order to ensure the confidentiality, integrity, and authenticity of the data package.
The motivation is to enhance encrypted data with a policy and a set of attributes wherein the recipient's private key is associated with their own attributes, granting access only if their attributes match the policy and helps prove ownership and detect unauthorized copying or distribution of the data.
Regarding Claim 6:
The method of claim 5, G Gajananan in view of Smith in further view of Lackey’s and in further view of Leiserson disclose wherein the desired state chart is a set of instructions for configuring and managing container applications(Gajananan, [0061], The client 401 includes a package (Helm chart) 410, a deployment configuration (values.yaml) 420, a template engine/application installer (Helm) 430.).
Regarding Claim 7:
The method of claim 2, Gajananan in view of Smith in further view of Lackey’s and in further view of Leiserson disclose wherein the at least one artifact comprises executable code, configurations, libraries, or container applications(Gajananan, [0047], Our approach aims to make no changes to application package installers or bundles. Therefore, we design our method to sign an application package as a single artifact).
Regarding Claim 8:
The method of claim 7, Gajananan in view of Smith in further view of Lackey’s and in further view of Leiserson disclose wherein the secure and traceable data package comprises a set of signed and encrypted artifacts and a signed and encrypted desired state chart(Gajananan, [0026], One or more embodiments of the present invention can involve identifying application package content from individual admission requests by detecting an initial admission request with a release secret and correlating other admission requests, which correspond to the specific package deployment for creating the individual resources included in the package.).
Regarding Claim 10:
Gajananan in view of smith in further view of Lackey disclose:
The non-transitory machine-readable medium of claim 9,
wherein obtaining the secure and traceable data package comprises: obtaining, based on the desired service, a desired state chart for at least one artifact(Gajananan, [0011], The computer-implemented method of claim 1, wherein the signature is detected as an artifact associated with the specific deployment configuration.);
obtaining, based on the desired service, the at least one artifact(Gajananan, [0083], a chart repository 603, a Helm client 604, a k8s API 605 of a k8s cluster 606, a package release (manifest) 607, a Custom Resource Definition 608, and an artifact repository 609.);
the desired state chart and the at least one artifact to obtain a signed desired state chart and a signed at least one artifact(Gajananan, [0109], verify integrity using the signed Helm package 601A (template) and the signed deployment configuration by (a) creating the expected resource definition from the signed Helm package (template) 601A and the signed deployment configuration 602A and (b) comparing the expected resource definition with the resource definition in the incoming admission request.);
at least the signed desired state chart and the signed at least one artifact to obtain the secure and traceable data package(Gajananan, [0028], One or more embodiments of the present invention can verify the integrity of an application package deployment using an integrity chain. For example, for each resource creation request, using the signed helm package (template) and signed deployment configuration, (a) create the expected resource definition and (b) compare it with the resource definition in the incoming admission request.).
Gajananan in view of Smith in further view of Lackey’s and in further view of Leiserson do not disclose:
signing, using the private key
and encrypting, using the public key
Leiserson discloses:
signing, using the private key(Leiserson, [0024], The signature may be generated by the private key),
and encrypting, using the public key(Leiserson, [0012], the enclave manager may
encrypt the file system with a public key),
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Gajananan in view of Smith in view of Lackey’s preventing unauthorized package deployment in clusters by enhancing Gajananan in view of Smith in view of Lackey’s systems for automating application deployment to ensure the encrypted file system key may be received as taught by Leiserson in order to ensure the signature remains valid even if the signing certificate expires.
The motivation is to enhance an applications like code signing, private keys should be stored and used within a secure, tamper-resistant hardware device by preventing theft of the private key from a regular server or workstation. Also, by ensuring the signature remains valid.
Regarding Claim 11:
The non-transitory machine-readable medium of claim 10, Ganjananan in view of Smith in further view Lackey and in further view of Leiserson disclose wherein the operations further comprise: providing, to the requestor, secure access to the private key to enable the secure and traceable data package to be decrypted(Leiserson, [0024], …the encrypted file system key may be the file system key that has been encrypted based on a first secure enclave key. The encrypted file system key may be decrypted by the private key…).
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Gajananan in view of Smith in further view of Lackey’s preventing unauthorized package deployment in clusters by enhancing Gajananan in view of Smith in further view of Lackey’s systems for automating application deployment to ensure the encrypted file system key may be received as taught by Leiserson in to provide secure and traceable access to the private key is to uphold the fundamental principles of data secure.
The motivation is to ensure and prevent unauthorized decryption and access to the sensitive data contained within the package wherein an attacker obtains the private key, they can decrypt the data, leading to a data breach within the system.
Regarding Claim 12:
The non-transitory machine-readable medium of claim 11, Ganjananan in view of Smith in further view Lackey and in further view of Leiserson disclose wherein providing the secure access to the private key comprises: storing the private key in a secure location to be accessible only by the requestor(Leiserson, [0024], …the encrypted file system key may be the file system key that has been encrypted based on a first secure enclave key. The encrypted file system key may be decrypted by the private key…).
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Gajananan in view of Smith in further view of Lackey’s preventing unauthorized package deployment in clusters by enhancing Gajananan in view of Smith in further view of Lackey’s systems for automating application deployment to ensure the encrypted file system key may be received as taught by Leiserson in to provide secure and traceable access to the private key is to uphold the fundamental principles of data secure.
The motivation is to ensure and prevent unauthorized decryption and access to the sensitive data contained within the package wherein an attacker obtains the private key, they can decrypt the data, leading to a data breach within the system.
Regarding Claim 13:
The non-transitory machine-readable medium of claim 10, Ganjananan in view of Smith in further view Lackey and in further view of Leiserson disclose wherein the desired service identifier associates the desired state chart(Gajananan, [0025], The present invention provides a cluster-side integrity verification mechanism to meet the following conditions: (a) identify any admission requests originated from a Helm installation; (b) identify package content from each individual admission request),
the public key, and the private key to the requestor(Smith, [0175], The end-to-end workflow illustrated in FIG. 36 illustrates a dynamic building of trusted repositories where a cloud hosting environment hosts public and private repositories, and where a client application interacts with live repositories.)
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Gajananan’s preventing unauthorized package deployment in clusters by enhancing Gajananan’s systems for automating application deployment to ensure that the security policies associated with the resources as taught by Smith in order to ensure the confidentiality, integrity, and authenticity of the data package.
The motivation is to enhance encrypted data with a policy and a set of attributes wherein the recipient's private key is associated with their own attributes, granting access only if their attributes match the policy and helps prove ownership and detect unauthorized copying or distribution of the data.
Regarding Claim 14:
The non-transitory machine-readable medium of claim 13, Ganjananan in view of Smith in further view Lackey and in further view of Leiserson disclose wherein the desired state chart is a set of instructions for configuring, installing, and managing container applications(Gajananan, [0061], The client 401 includes a package (Helm chart) 410, a deployment configuration (values.yaml) 420, a template engine/application installer (Helm) 430.).
Regarding Claim 16:
Ganjananan in view of Smith in further view of Lackey’s disclose:
The data processing system of claim 15…
wherein obtaining the secure and traceable data package comprises: obtaining, based on the desired service, a desired state chart for at least one artifact(Gajananan, [0011], The computer-implemented method of claim 1, wherein the signature is detected as an artifact associated with the specific deployment configuration.);
obtaining, based on the desired service, the at least one artifact(Gajananan, [0083], a chart repository 603, a Helm client 604, a k8s API 605 of a k8s cluster 606, a package release (manifest) 607, a Custom Resource Definition 608, and an artifact repository 609.);
the desired state chart and the at least one artifact to obtain a signed desired state chart and a signed at least one artifact(Gajananan, [0109], verify integrity using the signed Helm package 601A (template) and the signed deployment configuration by (a) creating the expected resource definition from the signed Helm package (template) 601A and the signed deployment configuration 602A and (b) comparing the expected resource definition with the resource definition in the incoming admission request.);
at least the signed desired state chart and the signed at least one artifact to obtain the secure and traceable data package(Gajananan, [0028], One or more embodiments of the present invention can verify the integrity of an application package deployment using an integrity chain. For example, for each resource creation request, using the signed helm package (template) and signed deployment configuration, (a) create the expected resource definition and (b) compare it with the resource definition in the incoming admission request.).
Gajananan in view of Smith in further view of Lackey’s disclose:
signing, using the private key
and encrypting, using the public key
Leiserson discloses:
signing, using the private key(Leiserson, [0024], The signature may be generated by the private key),
and encrypting, using the public key(Leiserson, [0012], the enclave manager may
encrypt the file system with a public key),
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Gajananan in view of Smith in further view of Lackey’s preventing unauthorized package deployment in clusters by enhancing Gajananan in view of Smith in further view of Lackey’s systems for automating application deployment to ensure the encrypted file system key may be received as taught by Leiserson in order to ensure the signature remains valid even if the signing certificate expires.
The motivation is to enhance an applications like code signing, private keys should be stored and used within a secure, tamper-resistant hardware device by preventing theft of the private key from a regular server or workstation. Also, by ensuring the signature remains valid.
Regarding Claim 17:
The data processing system of claim 16, Ganjananan in view of Smith in further view Lackey and in further view of Leiserson disclose wherein the operations further comprise: providing, to the requestor, secure access to the private key to enable the secure and traceable data package to be decrypted(Leiserson, [0024], …the encrypted file system key may be the file system key that has been encrypted based on a first secure enclave key. The encrypted file system key may be decrypted by the private key…).
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Gajananan in view of Smith in further view of Lackey’s preventing unauthorized package deployment in clusters by enhancing Gajananan in view of Smith in further view of Lackey’s systems for automating application deployment to ensure the encrypted file system key may be received as taught by Leiserson in to provide secure and traceable access to the private key is to uphold the fundamental principles of data secure.
The motivation is to ensure and prevent unauthorized decryption and access to the sensitive data contained within the package wherein an attacker obtains the private key, they can decrypt the data, leading to a data breach within the system.
Regarding Claim 18:
The data processing system of claim 17, Ganjananan in view of Smith in further view Lackey and in further view of Leiserson disclose wherein providing the secure access to the private key comprises: storing the private key in a secure location to be accessible only by the requestor(Smith, [0172], The present systems and methods automate building of trusted repositories at the locations where WLs are hosted. These may be cloud and edge public and private repositories containing sensitive trusted identities.).
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Gajananan’s preventing unauthorized package deployment in clusters by enhancing Gajananan’s systems for automating application deployment to ensure that the security policies associated with the resources as taught by Smith in order to ensure the confidentiality, integrity, and authenticity of the data package.
The motivation is to enhance encrypted data with a policy and a set of attributes wherein the recipient's private key is associated with their own attributes, granting access only if their attributes match the policy and helps prove ownership and detect unauthorized copying or distribution of the data.
Regarding Claim 19:
The data processing system of claim 16, Ganjananan in view of Smith in further view Lackey and in further view of Leiserson disclose wherein the desired service identifier associates the desired state chart, the public key, and the private key to the requestor(Gajananan, [0061], The client 401 includes a package (Helm chart) 410, a deployment configuration (values.yaml) 420, a template engine/application installer (Helm) 430.).
Regarding Claim 20:
The data processing system of claim 19, G Ganjananan in view of Smith in further view Lackey and in further view of Leiserson disclose wherein the desired state chart is a set of instructions for configuring, installing, and managing container applications(Gajananan, [0047], Our approach aims to make no changes to application package installers or bundles. Therefore, we design our method to sign an application package as a single artifact).
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MAYASA SHAAWAT whose telephone number is (571)272-3939. The examiner can normally be reached on M-F, 8 AM TO 5 PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, JEFFREY PWU can be reached on (571)272-6789. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/MAYASA A. SHAAWAT/Examiner, Art Unit 2433
/JEFFREY C PWU/Supervisory Patent Examiner, Art Unit 2433
Prosecution Insights