Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
This is the initial office action that has been issued in response to patent application, 18/855,704, filed on 10/10/2024. Claims 1-4, 9, 13-19 and 23-26 are currently pending and have been considered below.
Priority
The application is a section 371 national stage application of International Application No. PCT/IB2023/053581 04/07/2023. The certified copy has been filed with United Kingdom Application No. 2205485.2 filed on 04/13/2022.
Drawings
The drawings filed on 10/10/2024 are accepted by the examiner.
Information Disclosure Statement
The information disclosure statements (IDS' s) submitted on 04/2029/2025 is in compliance with provisions of 37 CFR 1.97. Accordingly, the information disclosure statement.
Election/Restrictions
Applicant’s election without traverse of Group 1, specifically claims 1-4, 13-19 and 23-26 in the reply filed on 03/25/2026 is acknowledged.
Accordingly, claims 5-7 and 10 are withdrawn from further consideration pursuant to 37 CFR 1.142(b) as being drawn to a non-elected invention.
Claim 9, identified as a linking claim, will be examined with the elected invention.
Claim Objections
Claim 14 is objected to because of the following limitation “preferably wherein the reachability…” renders the claim unclear in scope by introducing non-limiting language. The phrase is improper in a claim and should be deleted to clarify the scope of the invention. Appropriate correction is required.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(d):
(d) REFERENCE IN DEPENDENT FORMS.—Subject to subsection (e), a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.
The following is a quotation of pre-AIA 35 U.S.C. 112, fourth paragraph:
Subject to the following paragraph [i.e., the fifth paragraph of pre-AIA 35 U.S.C. 112], a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.
Claims 18 and 19 are rejected under 35 U.S.C. 112(d) or pre-AIA 35 U.S.C. 112, 4th paragraph, as being of improper dependent form for failing to further limit the subject matter of the claim upon which they depend, but merely changing the embodiment. Specifically, claims 18 and 19 merely recite a computer program product and a system configured to perform the method of claim 1 without adding any additional limitation to the method steps of claim 1. Applicant may cancel the claim(s), amend the claim(s) to place the claim(s) in proper dependent form, rewrite the claim(s) in independent form, or present a sufficient showing that the dependent claim(s) complies with the statutory requirement.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-4, 9, 13-19 and 23-26 are rejected under 35 U.S.C. 103 as being unpatentable over Mestery (US Patent No. 10764244 B1) in view of Manion(US Publication No. 20080183853 A1).
Regarding Claim 1:
Mestery discloses:
A computer-implemented method for establishing or facilitating connectivity between a plurality of systems over an overlay network(Mestery, Col. 3, lines 49-51, at the first client and with the second client, a bidirectional connection, and establishing, based on the bidirectional connection, a tunnel between the first client and the second client. Col. 1, lines 8-10, the field of cloud computing and more specifically to providing an end-to-end secured connectivity and global reachability between various microservices…),
wherein each system in the plurality is registered with a computer-based platform(Mestery, Col. 3, lines 3-5, a registration of the first microservice at a server… Col. 13-14, lines 65-67, and 1, Agents that are deployed with, within or close to microservice workloads are in charge of registering themselves with the constellation server 410);
the method comprising: downloading, installing and/or executing a software-based Agent on the at least one system(Mestery, an agent or a sidecar proxy is deployed with, within or close to microservice workloads.),
wherein the Agent is operative to enable the at least one system to use, communicate with and/or be managed by the platform(Mestery, Col. 13, lines 63-65, Agents, or sidecar proxies, also maintain a control plane connection with the server 410 to help set up secure mesh tunnels with their peers) ;
wherein the Agent comprises or is otherwise associated with a stub resolver(Mestery, Col. 12-13, lines 67 and 1-2, a domain name system (DNS) Component which can assign constellation IP addresses… Col. 14, lines 12-13,The DNS service associated with the server 410 enables microservice discovery.)
Mestery does not disclose:
that is operative to resolve a domain name to an IP address
Manion discloses:
that is operative to resolve a domain name to an IP address(Manion, [0069], local DNS resolver component 702 as part of the IVLAN user application 304 to resolve all the DNS requests locally. The resolver component 702 maintains an NL list 704 of peer IDs, IP addresses,).
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Mestery’s systems and methods providing a multi-cloud microservices gateway using a sidecar proxy by enhancing Mestery’s systems for domain name resolution within the overlay network to ensure accurate and efficient mapping of service identifiers to network addresses as taught by Manion in order to enhance reliable service discovery and communication between distributed systems. The motivation is to ensure efficient and scalable resolution of domain names to IP addresses for connectivity across networked systems.
Regarding Claim 2:
The computer implemented method of claim 1, Mestery in view of Manion disclose and further comprising at least one of the steps of: i) using the platform to define and/or store at least one policy defining traffic flow criteria; and/or at least one tag denoting a class, type or category of computer system; ii) associating the at least one tag or policy with at least one system in the plurality of systems; and/or iii) associating the at least one tag or policy with a domain name; and/or iv) associating the domain name with an IP address of the at least one system in the plurality of systems if the at least one tag and/or policy permits it(Mestery, Col. 5, lines 7-12, A central controller may orchestrate the connections in the service mesh, and a control plane may be configured to monitor the service traffic flowing between sidecar proxies. The control plane may deliver access control policies and collects performance metrics to be provided to the orchestrator. )
Regarding Claim 3:
The computer implemented method of claim 1, Mestery in view of Manion disclose wherein the stub resolver: is operative to resolve a domain name to an IP address for a system on the overlay network and/or creates and/or maintains a record of IP-addresses and respective associated domain names; and/or is operative to intercept and/or respond to a DNS query; and/or is distinct from and/or not part of an Operating System installed on the at least one system(Mestery, Col. 14, lines 15-19, The reachability controller component shown in server 410 is responsible for maintaining a database of agent reachability information candidates, distributed constellation IP addresses the agents and synchronizing connectivity set of processes.). )
Regarding Claim 4:
The computer implemented method of claims 1, Mestery in view of Manion disclose further comprising the step: storing, at the platform for each system in the plurality of systems, reachability information comprising the IP address of the respective system(Mestery, Col. 2-3, lines 65-67 and 1-4, gathering, by the first agent, reachability candidate information including endpoint-related information of other microservices different from the first agent and required by the first microservice, to yield first reachability candidate information, receiving, based on the first reachability candidate information, a registration of the first microservice at a server and authenticating the first microservice by the server. Col. 3, lines 28-31, a first constellation IP address for the first microservice, and receiving, based on the second authentication and at the second agent, a second constellation IP address for the second microservice).
Regarding Claim 9:
The computer implemented method of claim 5, Mestery in view of Manion disclose wherein i) the CSR comprises a request for a digital certificate for verifying the identity of a resource on an overlay network that is established between a plurality of systems enrolled at the Platform, each system having a respective Agent installed on it; and/or ii) the Platform enables the establishment of a Virtual Private Network between systems that are enrolled at the Platform; and/or iii) the CSR is sent from the System to the Certificate authority over a closed communication channel, preferably over an overlay network; and/or iv) the digital certificate is sent from the Certificate Authority to the System over a closed communication channel, preferably over an overlay network; and/or v) the digital certificate is generated from or using a root certificate that is specific and/or unique to a given organization(Mestery, Col. 10, lines 12-17, the platform functions 214, and the base automation functions 216 can be implemented as microservices in which respective software functions are implemented in multiple containers communicating with each rather than amalgamating all tools and workflows into a single software binary.).
Regarding Claim 13:
The computer implemented method of claim 1, Mestery in view of Manion disclose wherein the first and second systems are each: registered with a computer-based Platform(Mestery, Col. 3, lines 3-5, a registration of the first microservice at a server… Col. 13-14, lines 65-67, and 1, Agents that are deployed with, within or close to microservice workloads are in charge of registering themselves with the constellation server 410);;
and associated at the Platform with a cryptographic key and an arbitrary identifier(Mestery, The respective agent sends its SPIFEE Verifiable identity document (SVID) to the server 410/514. If the authentication succeeds, the agent 512 receives a valid certificate that will be used later for authentication with other peer microservices);
and wherein the method further comprises the step of establishing connectivity between the first and second systems by: introducing, for connection, the first system to the second system(Mestery, the initial registration and setup process for the constellation of clients to be able to establish, on demand, direct or indirect tunnels between respective microservices, even if they are different types. An example method includes deploying a first agent in connection with a first microservice in a first cloud computing environment, the first microservice being of a first type (570), gathering, by the first agent, reachability candidate information including endpoint-related information)
if an explicit or implied permission to connect has been provided to and/or stored at the Platform for or by both the first and second systems(Mestery, Col 8-9, lines 63-67 and line 1 . The AP VXLAN tunnel can carry segmentation and policy information to and from the fabric edge nodes 126, allowing connectivity and functionality identical or similar to that of a wired endpoint. When the wireless endpoints 130 join the network fabric 120 via the fabric wireless access points 128).
Regarding Claim 14:
The computer implemented method of claim 1, Mestery in view of Manion disclose wherein the first and second systems are each: registered with a computer-based Platform; and associated at the Platform with a cryptographic key and a certificate name(Mestery, candidate information, receiving, based on the first reachability candidate information, a registration of the first microservice at a server and authenticating the first microservice by the server.);
and wherein the method further comprises the step of establishing connectivity between the first and second systems by: i) defining and/or storing a Policy defining traffic flow criteria and/or a tag denoting a class, type or category of computer system(Mestery, A central controller may orchestrate the connections in the service mesh, and a control plane may be configured to monitor the service traffic flowing between sidecar proxies. The control plane may deliver access control policies and collects performance metrics to be provided to the orchestrator.);
ii) using an Enrolment Key provided by the Platform to the first and/or second system to apply the Policy and/or tag to the first and/or second system(Mestery, The management cloud 102 can be responsible for forwarding configuration and policy distribution, as well as device management and analytics. The management cloud 102 can include one or more network controller appliances 104, one or more authentication, authorization,);
and iii) providing reachability information to the first or second system to enable it to connect to the other system(Mestery, A server is established that is reachable by all the agents. Agents can have different form factors depending on the microservice deployment type such as whether it is a container, virtual machine, or bare metal. Through the operations of the agents, communications between microservices via direct or indirect tunnels can be established to enable data to flow between respective microservices.);
preferably wherein the reachability information is provided if, and only if, any and all rules, criteria and requirements associated with the Policy and/or tag permit connection of the first system and second system(Mestery, Col 17-18, lines62 -67 and line 1, a registration of the second microservice at the server and authenticating the second microservice by the server (578). The method can further include transmitting a first verifiable identity document from the first agent to the server (580), receiving, from the server, a first valid certificate at the first agent based on the first verifiable identity document to yield a first authentication (582)… Col. 10, lines, 42-44, The service mesh 302 provides an infrastructure layer for governing service-to-service communications.).
Regarding Claim 15:
The computer implemented method according to claim 14, Mestery in view of Manion disclose and comprising the step: enrolling the first and second systems at the Platform in association with an Enrolment Key(Mestery, Col. 13-14, lines 65-67, lines 1-2, 5-7, Agents that are deployed with, within or close to microservice workloads are in charge of registering themselves with the constellation server 410 in order to join the constellation application… The server 410 performs agent registration authentication. The service is responsible for verifying agent identity and delivering signed certificates. ).
Regarding Claim 16:
The computer implemented method according to claims 14, Mestery in view of Manion disclose wherein the first and second systems are each: registered with a computer-based Platform which comprises a Certificate Authority; and associated at the Platform with a cryptographic key and a certificate name; wherein the method further comprises the step of using the Certificate Authority to(Mestery, the server 410 includes a number of components and performs a number of functions. The server 410 performs agent registration authentication. The service is responsible for verifying agent identity and delivering signed certificates. The services also in charge of distributing access policies to the agents):
receive, from the first system, the cryptographic key and an Enrolment Key associated with the first system(Mestery, The respective agent sends its SPIFEE Verifiable identity document (SVID) to the server 410/514. If the authentication succeeds);
and generate, transmit and/or exchange a signed digital certificate comprising the cryptographic key and certificate name associated with the first and/or second system(Mestery, The respective agent sends its SPIFEE Verifiable identity document (SVID) to the server 410/514. If the authentication succeeds, the agent 512 receives a valid certificate that will be used later for authentication with other peer microservices… The server 410 performs agent registration authentication. The service is responsible for verifying agent identity and delivering signed certificates.)
Regarding Claim 17:
The computer implemented method of claim 1, Mestery in view of Manion disclose wherein the Platform: i) is cloud-based, at least in part; and/or ii) provides a Software as a Service (SaaS) function; and/or iv) comprises one or more of: a portal, preferably a web portal (3); and/or a certificate authority (5); and/or at least one relay service (2); and/or an interface; and/or a discovery service(Mestery, Col. 13, lines 60-63, The server 410 serves as a public microservice discovery service. The server is in charge of microservice authentication, constellation IP address distribution and DNS for microservice discovery.).
Regarding Claim 18:
A computer program embodied on computer-readable storage and configured so as, when run on one or more processors, Mestery in view of Manion disclose to perform the method of claim 1. Claim 18 is rejected for the same reason as claim 1 because it merely recites a computer-readable medium storing instructions that, when executed perform the method of claim 1. Accordingly, the limitations of claim 18 are met or rendered obvious by the references applied to claim 1
Regarding Claim 19:
A computer-implemented system comprising: Mestery in view of Manion disclose memory comprising one or more memory units; and processing apparatus comprising one or more processing units, wherein the memory stores instructions arranged for execution on the processing apparatus and configured so as, when executed, cause the processing apparatus to perform the method of claim 1. Claim 19 is rejected for the same reasons as claim 1 because it recites a system comprising generic memory and processing apparatus configured to execute instructions to perform the method of claim 1. The references applied to claim 1 teach or render obvious the claimed subject matter.
Regarding Claim 23:
The computer implemented method of claim 1, Mestery in view of Manion disclose and further comprising: using the stub resolver to resolve a domain name to an IP address for a system on the overlay network in response to a DNS query(Manion, [0064], Dynamic name resolution of a name to an IP address is something that users have been used to, and hence, should be supported inside the virtual IP network. The traditional mechanism used for name resolution is DNS.);
reverting or passing the DNS query to the operating system’s stub resolver and/or the Internet if the stub resolver is unable to resolve the browser’s DNS query(Manion, [0061], In the IVLAN architecture, only IP-based Ethernet packets are routed in the graph, while all non-IP based packets are discarded. An exception is for ARP and ICMPv6 request packets…)
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Mestery’s systems and methods providing a multi-cloud microservices gateway using a sidecar proxy by enhancing Mestery’s systems for domain name resolution within the overlay network to ensure accurate and efficient mapping of service identifiers to network addresses as taught by Manion in order to enhance robustness and reliability of name resolution whin distributed network environments.. The motivation is to ensure seamless and fault tolerant domain name resolution by forwarding unresolved queries to alternative resolution mechanisms.
Regarding Claim 24:
The computer implemented method of claim 1, Mestery in view of Manion disclose wherein the stub resolver is operative to perform one or more of: i) determine the IP address associated with a given domain name(Mestery, The DNS service associated with the server 410 enables microservice discovery….The reachability controller component shown in server 410 is responsible for maintaining a database of agent reachability information candidates, distributed constellation IP addresses the agents and synchronizing connectivity set of processes.);
ii) intercept and respond to a browser’s DNS query before it arrives at a stub resolver of an operating system of the system(Mestery, [0062], Instead of discarding or using the graph to resolve ARP requests, ARP requests can be handled locally by each node inside the VNIC driver. The MAC addresses for the different VNIC are derived by a static algorithm from the virtual IP address associated to the node…);
iii) revert or pass the query to the stub resolver of the system’s operating system and/or the Internet if the stub resolver is unable to resolve the browser’s DNS query(Manion, [0064], The traditional mechanism used for name resolution is DNS. However, it is likely that no DNS server will be present in a virtual IP network. Thus, a different name resolution mechanism should be utilized. [0061], ARP requests are used with IPv4 to resolve a destination IP address to a MAC (media access control) address when the address is in the same subnet as the address of the resolving node. ARP requests are broadcast at the link layer and a possible way to support ARP requests would be to use the flooding support of the graph for broadcasting.).
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Mestery’s systems and methods providing a multi-cloud microservices gateway using a sidecar proxy by enhancing Mestery’s systems for domain name resolution within the overlay network to ensure accurate and efficient mapping of service identifiers to network addresses as taught by Manion in order to enhance reliable service discovery and communication between distributed systems. The motivation is to ensure DNS resolution by forwarding unresolved queries to alternative resolvers such as an operating system resolver or external network services.
Regarding Claim 25:
The computer implemented method of claim 4 Mestery in view of Manion disclose further comprising the step: refreshing or updating the reachability information each time the Agent connects or reconnects to the Platform(Mestery, The reachability controller component shown in server 410 is responsible for maintaining a database of agent reachability information candidates, distributed constellation IP addresses the agents and synchronizing connectivity set of processes.).
Regarding Claim 26:
The computer-implemented method of claim 1, Mestery in view of Manion disclose further comprising the steps of: i) providing a spurious MAC address in a data packet; and sending the data packet from a first system to a second system via an overlay network; and/or ii) receiving, at a second system, a data packet that has been transmitted from a first system via an overlay network; and providing a spurious MAC address to an operating system associated with the second system.(Manion, [0062], the VNIC driver receives an ARP request packet for an IP address A.B.C.D (e.g., 192.168.100.35) the driver creates an ARP reply in which the MAC address for the requested IP address is generated locally. [0063], MAC addresses are generated from IP addresses by prefixing 00-FF at the beginning of the IP addresses. [0061], In the IVLAN architecture, only IP-based Ethernet packets are routed in the graph, while all non-IP based packets are discarded. An exception is for ARP and ICMPv6 request packets. )
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Mestery’s systems and methods providing a multi-cloud microservices gateway using a sidecar proxy by enhancing Mestery’s systems for domain name resolution within the overlay network to ensure accurate and efficient mapping of service identifiers to network addresses as taught by Manion in order flexibility and compatibility of communication across virtualized or overlay network environments. The motivation is to ensure efficient packet handling and address management by abstracting or modifying a link-layer identifiers in distributed network communications.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MAYASA SHAAWAT whose telephone number is (571)272-3939. The examiner can normally be reached on M-F, 8 AM TO 5 PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, JEFFREY PWU can be reached on (571)272-6789. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/MAYASA A. SHAAWAT/Examiner, Art Unit 2433
/JEFFREY C PWU/Supervisory Patent Examiner, Art Unit 2433
Prosecution Insights