Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-20 are pending.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 18-20 is rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter. The claim(s) does/do not fall within at least one of the four categories of patent eligible subject matter because the claimed medium can include non-transitory medium, which is non-statutory subject matter. Claim 18 claims a computer readable medium. The specification does not specifically clearly define or limit what this medium can comprise. Therefore, under BRI, one can interpret that the medium can be of any type, that can include transitory medium, a transmission media, which would make the invention non-statutory. Applicant should amend the claim to restrict the medium to non-transitory computer readable medium to put the invention into a patentable subject matter status.
Claims 19-20 are also rejected for incorporating the same deficiency as claim 18.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The filing of a terminal disclaimer by itself is not a complete reply to a nonstatutory double patenting (NSDP) rejection. A complete reply requires that the terminal disclaimer be accompanied by a reply requesting reconsideration of the prior Office action. Even where the NSDP rejection is provisional the reply must be complete. See MPEP § 804, subsection I.B.1. For a reply to a non-final Office action, see 37 CFR 1.111(a). For a reply to final Office action, see 37 CFR 1.113(c). A request for reconsideration while not provided for in 37 CFR 1.113(c) may be filed after final for consideration. See MPEP §§ 706.07(e) and 714.13.
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The actual filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely
online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/apply/applying-online/eterminal-disclaimer.
Claim 18 is rejected on the ground of nonstatutory double patenting as being unpatentable over claim 17 of U.S. Patent No. 12,210,464.
Claim(s) 17 of patent #12,210,464 contain(s) every element of claim(s) 18 of the instant application and as such anticipate(s) claim(s) 18 of the instant application.
“A later patent claim is not patentably distinct from an earlier patent claim if the later claim is obvious over, or anticipated by, the earlier claim. In re Longi, 759 F.2d at 896, 225 USPQ at 651 (affirming a holding of obviousness-type double patenting because the claims at issue were obvious over claims in four prior art patents); In re Berg, 140 F.3d at 1437, 46 USPQ2d at 1233 (Fed. Cir. 1998) (affirming a holding of obviousness-type double patenting where a patent application claim to a genus is anticipated by a patent claim to a species within that genus). “ ELI LILLY AND COMPANY v BARR LABORATORIES, INC., United States Court of Appeals for the Federal Circuit, ON PETITION FOR REHEARING EN BANC (DECIDED: May 30, 2001).
Below is the claim mapping between the current application and patent:
Current Application
18. A computer-readable medium comprising instructions that are executable by one or more processors to cause a computing system to:
store copies of first secrets in a cache storage in a first namespace, wherein the first namespace includes a unique identifier of a first entity, wherein the cache storage is part of a cloud-computing system and a first set of access controls authorizes a first entity to access the first secrets in the first namespace but not a second entity;
store copies of second secrets in the cache storage in a second namespace, wherein the second namespace includes a unique identifier of the second entity, wherein the second secrets are different from the first secrets and a second set of access controls authorizes the second entity to access the second secrets in the second namespace but not the first entity;
receive, within a first cluster of the cloud-computing system, a first call for the first secrets in the first namespace from a first service associated with the first entity, wherein the first service is running in a first container in the first cluster;
determine, based on the first call and the first set of access controls, that the first service is authorized to access the first secrets in the first namespace;
receive, within the first cluster, a second call for the second secrets in the second namespace from a second service associated with the second entity, wherein the second service is running in a second container in the first cluster;
determine, based on the second call and the second set of access controls, that the second service is authorized to access the second secrets in the second namespace;
retrieve, based on determining that the first service is authorized to access the first secrets, the first secrets from the first namespace in the cache storage;
retrieve, based on determining that the second service is authorized to access the second secrets, the second secrets from the second namespace in the cache storage;
provide the first secrets to the first service; and provide the second secrets to the second service.
Patent 12,210,464
17. A computer-readable medium comprising instructions that are executable by one or more processors to cause a computing system to:
store copies of first secrets in a cache storage, wherein the cache storage is part of a cloud-computing system, the first secrets are also stored at a first location different from the cache storage, and a first set of access controls authorizes a first entity to access the first secrets but not a second entity;
store copies of second secrets in the cache storage, wherein the second secrets are different from the first secrets, the second secrets are also stored in a second location different from the cache storage, and a second set of access controls authorizes the second entity to access the second secrets but not the first entity;
receive, within a first cluster of the cloud-computing system, a first call for the first secrets from a first service associated with the first entity, wherein the first service is running in a first container in the first cluster and the first container is closer to the cache storage than to the first location;
determine, based on the first call and the first set of access controls, that the first service is authorized to access the first secrets;
receive, within the first cluster, a second call for the second secrets from a second service associated with the second entity, wherein the second service is running in a second container in the first cluster and the second container is closer to the cache storage than to the second location;
determine, based on the second call and the second set of access controls, that the second service is authorized to access the second secrets;
retrieve, based on determining that the first service is authorized to access the first secrets, the first secrets from the cache storage;
retrieve, based on determining that the second service is authorized to access the second secrets, the second secrets from the cache storage;
provide the first secrets to the first service; and provide the second secrets to the second service.
As can be seen above, the only difference between claim 18 if the current application and claim 17 of patent 12,210,464 is that the current application uses the term “unique identifier” of a namespace while the patent uses the term location. It is obvious to one of ordinary skills in the art that the location indicated by the patent reads upon the unique identifier because the unique identifier indicates the location of a storage. One of ordinary skills can readily recognize that each storage location is associated with a specific address/unique identifier. Thus, the unique identifier of the instant application is read upon by the location of the patent. Since claim 17 of the patent includes all of the limitations of claim 18 of the instant application, claim 17 of the patent anticipates claim 18 of the instant application.
Allowable Subject Matter
Claims 1-17 are allowed.
The following is a statement of reasons for the indication of allowable subject matter:
As to claim 1, the closest prior art (US20190288995) teaches autonomous secrets renewal and distribution and may be implemented in a distributed computing environment. A secrets management service can be utilized to store, renew and distribute secrets such as certificates, storage account keys, shared access signatures, connection strings, custom types, and the like. In the context of distributed computing, a datacenter secrets management service can orchestrate secrets renewal and distribution within the distributed computing environment. When a customer sets up a desired service, the customer can onboard secrets for the service to the dSMS. In some embodiments, a corresponding service model and/or configuration file for the service references the secrets by their path in dSMS. The secrets are initially deployed, for example on a node or virtual machine running the service, after which, dSMS can automatically renew the secrets according to the specified rollover policy, and polling agents for an associated service can fetch updates from dSMS. In this manner, secrets can be automatically renewed without manual orchestration and/or the need to redeploy services.
The prior art teaches a cloud-computing system , the cloud-computing system comprising: a first absolute store containing first secrets associated with a first service, wherein the first absolute store enforces a first set of access controls on the first secrets and wherein the first set of access controls authorize the first service to access the first secrets; an L2 cache storage containing copies of the first secrets for performing warm-up operations or disaster recovery; and a first cluster of two or more servers, the first cluster comprising: a first container comprising the first service, wherein the first container is an isolated environment in the first cluster for running the first service. The prior art does not further suggest including a hot cache storage containing copies of the first secrets; and a cache service, wherein the cache service comprises instructions stored in memory that, when executed by one or more processors, cause the cache service to: receive a request to perform a warm-up operation for the first service; retrieve, from the L2 cache storage, copies of the first secrets and the first set of access controls for the first service; saving the copies of the first secrets and the first set of access controls to the hot cache storage; receive, from the first service, a first call for the first secrets; authenticate the first call based on the first set of access controls from the hot cache storage; retrieve, in response to authenticating the first call, the first secrets from the hot cache storage, wherein the first container is more proximate to the hot cache storage than to the L2 cache storage and more proximate to the L2 cache storage than the first absolute store.
As to claim 12, closest prior art (US20190288995) autonomous secrets renewal and distribution and may be implemented in a distributed computing environment. A secrets management service can be utilized to store, renew and distribute secrets such as certificates, storage account keys, shared access signatures, connection strings, custom types, and the like. In the context of distributed computing, a datacenter secrets management service can orchestrate secrets renewal and distribution within the distributed computing environment. When a customer sets up a desired service, the customer can onboard secrets for the service to the dSMS. In some embodiments, a corresponding service model and/or configuration file for the service references the secrets by their path in dSMS. The secrets are initially deployed, for example on a node or virtual machine running the service, after which, dSMS can automatically renew the secrets according to the specified rollover policy, and polling agents for an associated service can fetch updates from dSMS. In this manner, secrets can be automatically renewed without manual orchestration and/or the need to redeploy services.
The closest prior art teaches a cloud-computing system, the cloud-computing system comprising: a first absolute store containing first secrets, wherein the first absolute store enforces a first set of access controls on the first secrets and the first set of access controls authorize a first service to access the first secrets; a first cluster of two or more nodes having a first geographic location, the first cluster comprising a first L2 cache storage containing copies of the first secrets and the first set of access controls; a second cluster of two or more nodes having a first geographic location, the second cluster comprising; a first container comprising: a first instance of the first service a first L1 cache storage, a first cache service, wherein the first cache service comprises first instructions stored in memory that, when executed by one or more processors, cause the first cache service to: receive a request to warm-up the first instance of the first service; retrieve from the first L2 cache storage copies of the first secrets and the first set of access controls; save copies of the first secrets and the first set of access controls in the first L1 cache storage; receive, from the first instance of the first service, a first call for the first secrets; authenticate the first call based on the first set of access controls. The prior art does not further suggest retrieve, in response to authenticating the first call, the first secrets from the first L1 cache storage, wherein the first container is more proximate to the first L1 cache storage than to the first L2 cache storage and more proximate to the first L2 cache storage than to the first absolute store. The prior art teaches a third cluster of two or more nodes having a second geographic location different from the first geographic location, the third cluster comprising: a second container comprising: a second instance of the first service; a second L1 cache storage; and a second cache service. The prior art does not further suggest the second cache service comprises second instructions stored in memory that, when executed by one or more processors, cause the second cache service to: receive a request to warm-up the second instance of the first service; retrieve from the first L2 cache storage copies of the first secrets and the first set of access controls; save copies of the first secrets and the first set of access controls in the second L1 cache storage; receive, from the second instance of the first service, a second call for the first secrets, and authenticate the second call based on the first set of access controls. The prior art does not further suggest retrieve, in response to authenticating the second call, the first secrets from the second L1 cache storage, wherein the second container is more proximate to the second L1 cache storage than to the first L2 cache storage and more proximate to the first L2 cache storage than to the first absolute store.
Dependent claims 2-11 and 13-17 are allowable for incorporating the limitations of the parent claim, and further limitations.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to THAN NGUYEN whose telephone number is (571)272-4198. The examiner can normally be reached M-F 7:00am -4:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Tim Vo can be reached at (571)272-3642. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/THAN NGUYEN/Primary Examiner, Art Unit 2138