Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1, 9, 11, and 17 are amended
Claims 8 and 20 are cancelled
Claims 1-7, 9-19 are pending
Response to Arguments
Applicant’s arguments filed on April 16, 2026 have been considered.
With respect to the arguments regarding the objections, these are persuasive in view of the drawing amendment.
With respect to arguments regarding claim 1, examiner respectfully disagrees. The argument states that the prior art of record fails to teach the amended claims. However, examiner relies on Mestery col 5 lines 12-15, col 8 lines 20-25 and 43-44, col 12 lines 53-57 and lines 59-61, and col 21 lines 8-10 to help teach the amended feature.
With respect to arguments regarding all of the dependent claims, these arguments are not persuasive as these claims depend on previously rejected claims.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 1, 9, 11, 15, 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Nichols (US 10642593 B2, hereinafter referred to as Nichols) in view of Mestery (US 10764244 B1, hereinafter referred to as Mestery).
Regarding claim 1, Nichols discloses: A [secure] application migration system (Nichols: [Col 2 lines 43-44], [Col 2 lines 51-53], and [Col 6 lines 57-58]. [Col 2 lines 43-44] states, "FIG. 1 is a block diagram of an exemplary network environment 100 that includes a server or a cloud server 102." [Col 2 lines 51-53] states, "The clients 114-1 and 114-2 (collectively referred to as clients 114) can include one or more computing devices or systems." [Col 6 lines 57-58] states, "FIG. 2 illustrates an exemplary method 200 for logical migration of applications and data.") comprising: a computing environment comprising a plurality of computing devices (Nichols: [Col 2 lines 43-44], [Col 2 lines 51-53], and [Col 6 lines 57-58]. [Col 2 lines 43-44] states, "FIG. 1 is a block diagram of an exemplary network environment 100 that includes a server or a cloud server 102." [Col 2 lines 51-53] states, "The clients 114-1 and 114-2 (collectively referred to as clients 114) can include one or more computing devices or systems." [Col 6 lines 57-58] states, "FIG. 2 illustrates an exemplary method 200 for logical migration of applications and data."), but fails to explicitly disclose: A secure application migration system.
However, in the same field of endeavor, Mestery discloses: A secure application migration system (Mestery: [Col 4 lines 13-16] and [col 18 lines 48-40]. [Col 4 lines 13-16] states, "Containers are a lightweight, efficient and standard way for applications to move between different environments (e.g., an on-premises site, a remote site, etc.) and run independently." [col 18 lines 48-40] mentions, "A server or system for enabling end-to-end secured connectivity and global reachability in a constellation of microservices.").
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify the teaching of Nichols and include the above limitation with the teaching of Mestery in order to secure the migration between two computing devices.
This motivation applies to the remainder of the claim.
Nichols further discloses: and an Information Handling System (IHS) comprising at least one memory coupled to at least one processor, the at least one memory having program instructions stored thereon that, upon execution by the at least one processor (Nichols: [Col 8 lines 61-67, Col 9 lines 1-2] states that "FIG. 4 shows an exemplary computing device 400 implemented as the cloud server 102 suitable as an environment for practicing aspects of the subject matter, for example to upload software into software/applications library component 104. The components of cloud server 102 can include, but are not limited to, a processing unit 402, a system memory 404, and a system bus 406 that couples various system components including the system memory 404 to the processing unit 402." [Col 9 lines 51-54] states, "RAM 410 typically contains data and/or program modules that are immediately accessible to and/or presently being operated on by processing unit 402." Examiner's note: any computing system is an IHS.), cause the IHS to: receive a request to migrate an application from a first of the computing devices to a second of the computing devices (Nichols: [col 5 lines 37 and 38] states that "receive a request for the migration of the applications and data from the client 114-1."), but fails to explicitly disclose: deploy a first side-car module on the first computing device and a second side-car module on the second computing device, the first side-car module and the second side-car module stored in and deployed from a utility that is stored in the computing environment of the plurality of computing devices.
However, Mestery further discloses: deploy a first side-car module on the first computing device and a second side-car module on the second computing device, the first side-car module and the second side-car module stored in and deployed from a utility that is stored in the computing environment of the plurality of computing devices (Mestery: Col 5 lines 12-15 states, "The orchestrator may also integrate with platforms such as open-source systems for automating the deployment and management of containerized applications." Col 8 lines 20-25 state, "The endpoints 130 can include general purpose computing devices (e.g., servers, workstations, desktop computers, etc.), mobile computing devices (e.g., laptops, tablets, mobile phones, etc.), wearable devices (e.g., watches, glasses or other head-mounted displays (HMDs), ear devices, etc.), and so forth." Col 8 lines 43-44 state, "Any endpoint can be configured with an agent or a sidecar proxy." Col 12 lines 53-57 states, "To provide connectivity to microservice workloads in a heterogeneous environment, this disclosure focuses on a solution in which an agent or a sidecar proxy is deployed with, within or close to microservice workloads." Col 12 lines 59-61 states, "Agents can have different form factors depending on the microservice deployment type such as whether it is a container, virtual machine, or bare metal." Col 21 lines 8-10 states, "The memory 606 could also hold various software containers and virtualized execution environments and data."); establish a secure communication tunnel with the first and second side-car modules (Mestery: [Col 16 lines 51-54] and [col 11 lines 13-20] in text mode. [Col 16 lines 51-54] states that "the table shown in FIG. 5C can be accessed for determining whether each individual tunnel between two respective endpoints should be direct or indirect." [Col 11 lines 13-20] states that "the sidecar proxy 324a of the container 330a may handle communication of the service instance 328a with the service instance 328b of the container 330b. The sidecar proxies 324a-c can also support capabilities such as discovery of service instances, load balancing, authentication and authorization, secure communications, etc., in the service mesh 302." Examiner's note: it is shown in fig. 3 that the containers are connected to each other and each container has a sidecar proxy.).
Nichols further discloses: and using the [secure] tunnel, migrate the application from the first computing device to the second computing device (Nichols: Col 5 lines 17-23 states, "The system configurator component 108 can include a processing unit (not shown) that acts as a control unit for application installation system of the network environment 100. The application installation system is a process of migrating the applications and data (e.g., requested settings and customizations) by the cloud server 102 to the target computing device such as the client 114-2." Examiner's note: Mestery teaches a secure communication tunnel.), but fails to explicitly disclose: using the secure tunnel.
However, Mestery further discloses: using the secure tunnel (Mestery: [Col 4 lines 13-16] and [col 18 lines 48-40]. [Col 4 lines 13-16] states, "Containers are a lightweight, efficient and standard way for applications to move between different environments (e.g., an on-premises site, a remote site, etc.) and run independently." [col 18 lines 48-40] mentions, "A server or system for enabling end-to-end secured connectivity and global reachability in a constellation of microservices.").
Regarding claim 9, the combination of Nichols as modified by Mestery discloses: The secure application migration system of claim 1, wherein the program instructions, upon execution, further cause IHS to continually update the program instruction at ongoing intervals (Mestery: Col 5 lines 18-22 state that "features and updates to a microservice may be delivered to the service mesh, sometimes in a rapid and incremental fashion, such that newer versions of microservices may be continually integrated into the cloud-native platform.").
The same motivation to modify with Mestery, as in claim 1, applies.
Claim 11 recites feature similar to those in claim 1, therefore they are rejected in a similar manner.
Claim 15 recites feature similar to those in claim 9, therefore they are rejected in a similar manner.
Claim 17 recites feature similar to those in claim 1, therefore they are rejected in a similar manner.
Claim(s) 2, 10, 12, 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Nichols (US 10642593 B2, hereinafter referred to as Nichols) in view of Mestery (US 10764244 B1, hereinafter referred to as Mestery) in further view of Guim (DE 112020000054 T5, hereinafter referred to as Guim).
Regarding claim 2, The combination of Nichols as modified by Mestery discloses: The secure application migration system of claim 1, but fails to disclose: wherein the program instructions, upon execution, further cause the IHS to establish the secure tunnel, generate a secure key and send the generated secure key to first and second side-car modules.
However, in the same field of endeavor, Guim discloses: wherein the program instructions, upon execution, further cause the IHS [to establish the secure tunnel], generate a secure key and send the generated secure key to first and second side-car modules (Guim: Paragraph [0075] and Paragraph [0633]. Paragraph [0075] states that "sidecars can provide trustworthy execution environments for the support of security functions such as generation, storage and use of cryptographic keys." Paragraph [0633] states, "Using an asymmetric secure link, the temporal private key is sent to the devices so that the devices can securely read from and write to a buffer location in the edge base station using the symmetric key. Using the symmetric key, secure access to mass storage, main memory, functions and other resources of the edge base station can be provided, which the respective devices can access. Such an approach can be widely applicable to device-to-device and node-to-node communication environments.").
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify the teaching of Nichols as modified by Mestery and include the above limitation with the teaching of Guim in order to ensure that computing devices "belong to or are linked to the same tenant and consent to a connection," and authentication and a secure communication are carried out. (Guim: Paragraph [0633]).
Guim does not explicitly disclose: to establish the secure tunnel.
However, Mestery discloses: to establish the secure tunnel (Mestery: same citation, as in claim 1, applies).
The same motivation to modify with Mestery, as in claim 1, applies.
Regarding claim 10, the combination of Nichols as modified by Mestery discloses: The secure application migration system of claim 1, but fails to explicitly disclose: wherein the program instructions, upon execution, further cause IHS to send data associated with the migration to a machine learning (ML) process, wherein the ML process is configured to perform analytics on the data to learn how to improve ensuing migrations.
However, in the same field of endeavor, Guim discloses: wherein the program instructions, upon execution, further cause IHS to send data associated with the migration to a machine learning (ML) process, wherein the ML process is configured to perform analytics on the data to learn how to improve ensuing migrations (Guim: Paragraph [0352] states that "The method includes a third operation to determine based on the available resources of the second edge location at the first edge location that the Request at the second edge location of the edge cluster can be executed. In one example, determining that the request can be executed at the second edge location includes determining that executing the request at the second edge location requires fewer computing resources or takes less time than executing the request at that first edge location (for example, it is more efficient to execute the request at the second edge location than at the first edge location). The efficiency can be based on a predicted utilization of the first edge location for a period of time or based on a distance from the second edge location to the first edge location. The efficiency can be determined with the help of a machine learning element in order to predict requests that will arrive at the first edge location.").
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify the teaching of Nichols as modified by Mestery and include the above limitation with the teaching of Guim in order to utilize AI to ensure that data communication “requires fewer computing resources or takes less time” (Guim: Paragraph [0352]).
Claims 12, 16 recite features similar to those in claims 2 and 10 respectively, therefore they are rejected in a similar manner.
Claim(s) 3, 13, 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Nichols (US 10642593 B2, hereinafter referred to as Nichols) in view of Mestery (US 10764244 B1, hereinafter referred to as Mestery) in further view of Guim (DE 112020000054 T5, hereinafter referred to as Guim) in further view of Ramen (US 10903999 B1, hereinafter referred to as Ramen).
Regarding claim 3, the combination of Nichols as modified by Mestery and Guim discloses: The secure application migration system of claim 2, but fails to explicitly disclose: wherein the program instructions, upon execution, further cause IHS to generate the secure key using a current timestamp.
However, in the same field of endeavor, Ramen discloses: wherein the program instructions, upon execution, further cause IHS to generate the secure key using a current timestamp (Column 11, lines 28-32 which states, "The auth-token can include the Application interface key, a current timestamp with some amount of time added (e.g., a current UNIX timestamp with 10 minutes added, and an AES encryption key, collectively values in the auth-token.").
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify the teaching of Nichols as modified by Mestery and Guim and include the above limitation with the teaching of Ramen in order ensure that third parties "cannot decrypt the PKI encrypted token to open the payload blob due to private key inaccessibility, and cannot modify and replay due to the HMAC hash in the payload number" (Ramen: Col 12 lines 2-5).
Claim 13 recites features similar to those in claim 3, therefore it is rejected in a similar manner.
Claim 18 recites features similar to those in claims 2 and 3, therefore it is rejected in a similar manner.
Claim(s) 4, 14, 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Nichols (US 10642593 B2, hereinafter referred to as Nichols) in view of Mestery (US 10764244 B1, hereinafter referred to as Mestery) in further view of Guim (DE 112020000054 T5, hereinafter referred to as Guim) in further view of Kalley (US 20220413903 A1, hereinafter referred to as Kalley).
Regarding claim 4, the combination of Nichols as modified by Mestery and Guim discloses: The secure application migration system of claim 2, but fails to explicitly disclose: wherein the program instructions, upon execution, further cause IHS to generate a new secure key each time the application is migrated.
However, in the same field of endeavor, Kalley discloses: wherein the program instructions, upon execution, further cause IHS to generate a new secure key each time the application is migrated (Kalley: Paragraph [0070] states, "the generated key pair is ephemeral in nature i.e., the key pair is valid for a short time-duration (e.g., an amount of time corresponding to an estimated time required for completion of the PaaS application migration process) and is associated uniquely with the migration request.").
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify the teaching of Nichols as modified by Mestery and Guim and include the above limitation with the teaching of Kalley in order to provide a secure migration each time an application is migrated (Kalley: Paragraph [0070]).
Claims 14, 19 recite features similar to those in claim 4, therefore they are rejected in a similar manner.
Claim(s) 5-7 is/are rejected under 35 U.S.C. 103 as being unpatentable over Nichols (US 10642593 B2, hereinafter referred to as Nichols) in view of Mestery (US 10764244 B1, hereinafter referred to as Mestery) in further view of Ackerly (WO 2021173716 A1, hereinafter referred to as Ackerly).
Regarding claim 5, the combination of Nichols as modified by Mestery discloses: The secure application migration system of claim 1, wherein each of the side-car modules comprise a second memory coupled to a second processor, the second memory has logic stored thereon that (Mestery: Col 20 lines 27-33 states, "The CPU 604 may include one or more processors 608, such as a processor from the INTEL X86 family of microprocessors. In some cases, processor 608 can be specially designed hardware for controlling the operations of the network device 600. In some cases, a memory 606 (e.g., non-volatile RAM, ROM, etc.) also forms part of the CPU 604."), but fails to explicitly disclose upon execution by the at least one processor, cause each of the first and second side-car modules to validate data sent to and from its respective computing device.
However, in the same field of endeavor, Ackerly discloses: upon execution by the at least one processor, cause each of the first and second side-car modules to validate data sent to and from its respective computing device (Ackerly: Page 8 lines 20-23 "In some embodiments, the system may leverage a container validation framework (such as the Docker Content Trust framework provided by provided by Docker, Inc., of Palo Alto, CA) to strongly assert that data is decrypted only for the containers specified by data owners.").
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify the teaching of Nichols as modified by Mestery to include the above limitation with the teaching of Ackerly in order to validate the data and ensure that the “data is decrypted only for the containers specified by data owners” (Ackerly: Page 8 lines 20-23).
Regarding claim 6, the combination of the combination of Nichols as modified by Mestery and Ackerly discloses: The secure application migration system of claim 5, wherein the logic, upon execution, further cause IHS to validate the data by performing at least one of a flow control test, a session management test, or validation of read/write locks used (Ackerly: Page 8 lines 20-23 "In some embodiments, the system may leverage a container validation framework (such as the Docker Content Trust framework provided by provided by Docker, Inc., of Palo Alto, CA) to strongly assert that data is decrypted only for the containers specified by data owners.").
The same motivation to modify with Ackerly, as in claim 5, applies.
Regarding claim 7, the combination of the combination of Nichols as modified by Mestery discloses: The secure application migration system of claim 1, but fails to explicitly disclose: wherein the program instructions, upon execution, further cause IHS to, when the validation fails, add information associated with the failed source to a blacklist.
However, in the same field of endeavor, Ackerly discloses: wherein the program instructions, upon execution, further cause IHS to, when the validation fails, add information associated with the failed source to a blacklist (Page 13 lines 12-15 state that "an app developer may want to blacklist a corrupted dataset or an abusive customer. These developers can optionally include system-specific configuration in their container image or registry metadata to indicate access controls the sidecar should impose.").
The same motivation to modify with Ackerly, as in claim 5, applies.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHREYAJ RAM BHANDARI whose telephone number is (571)272-0727. The examiner can normally be reached 7:30-5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ali Shayanfar can be reached at (571) 270-1050. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/SHREYAJ RAM BHANDARI/ Examiner, Art Unit 2434
/NOURA ZOUBAIR/Primary Examiner, Art Unit 2434