Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

DETAILED ACTION
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 12/04/2018 are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 7 rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
similar behavior" in claim 7 is a relative term which renders the claim indefinite.  The term "similar" is not defined by the claim, the specification does not provide a standard for ascertaining the requisite degree, and one of ordinary skill in the art would not be reasonably apprised of the scope of the invention.  


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1-5, 10-15 and 17-20 are rejected under 35 U.S.C. 103 as being unpatentable over US 20160269425 to Shieh et al. (hereinafter “Shieh”) in view of US 9521115 to Woolward 

Claim 1
Shieh teaches a method comprising:
at a server [e.g. Shieh; Fig. 1 Item 126]  in communication with a plurality of microservices [e.g. Shieh; Fig. 1 Item 132, 134]in a microservices mesh environment, [e.g. Shieh; Fig. 1; Para. 0037– The network can further include or interface with any one or more of an RS-232 serial connection, an IEEE-1394 (Firewire) connection, a Fiber Channel connection, an IrDA (infrared) port, a SCSI (Small Computer Systems Interface) connection, a USB (Universal Serial Bus) connection or other wired or wireless, digital or analog interface or connection, mesh or Digi® networking..] …
causing, by the server [e.g. Shieh;Fig. 2 Item 126], a micro-firewall [e.g. Shieh;Fig. 2 Item 136] to be instantiated for the first microservice, the micro-firewall configured to apply the firewall rule set to inbound communications to the first microservice and outbound communications from the first microservice. [e.g. Shieh; Para. 0019, 0045, 0057, 0058, 0063 – Firewall ruleset is distributed to the enforcement points (e.g. microfirewalls) and applied to inbound and outbound communications of the microservice.]
 

While Shieh teaches the method of claim 1 and further teaches creating the policies used by the enforcement points are based on security profiles specifically for the different types of microservices as disclosed in paragraph 0057 Shieh fails to explicitly teach receiving data regarding communications of a microservice and analyzing that data to determine a firewall rule to apply. More specifically Shieh fails to teach the claimed limitations of: 
“obtaining data about inbound communications to a first microservice and outbound communications from the first microservice of the plurality of microservices;” 
“analyzing, by the server, the data to learn an operational behavior of the first microservice and determine a firewall rule set to be applied associated with the first microservice based on the operational behavior learned for the first microservice”
however, Woolward teaches generating security policies (e.g. firewall rules) to be applied to the security of a container that includes a microservice. The rules are generated based on metadata 
“obtaining data about inbound communications to a first microservice and outbound communications from the first microservice of the plurality of microservices;” [e.g. Woolward; Col 5 Ln53-Col 6 Ln 37, Col 7 Ln 6- Col 8 Ln 2 – Woolward teaches obtaining data regarding communications, analyzing the data and generating (e.g. determining) firewall rules. ]
“analyzing, by the server, the data to learn an operational behavior of the first microservice and determine a firewall rule set to be applied associated with the first microservice based on the operational behavior learned for the first microservice” [e.g. Woolward; Col 5 Ln53-Col 6 Ln 37, Col 7 Ln 6- Col 8 Ln 2 – Woolward teaches obtaining data regarding communications, analyzing the data and generating (e.g. determining) firewall rules. ]


Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to include, the features above in the invention as disclosed by Shieh with the advantage of providing secure and reliable firewall rules while removing cumbersome complexity of generation as specified by Woolward Para. Col 3 Ln 9-21.

Claim 2:
Shieh as modified by Woolward teaches the method of claim 1, wherein the inbound communications are from a second microservice to the first microservice, and the outbound communications are from the first microservice to the second microservice. [e.g. Woolward; Col 6 Ln 23-Col 6 Ln 34, Col 7 Ln 6- Col 8 Ln 2 – Woolward teaches the data includes expected (network communications) behaviors can include at least one of: protocols and/or ports that should be used by a container and who the container should talk to (e.g., relationships between containers, such as other applications and/or services the container should talk to), and the like.]

Claim 3:
Shieh as modified by Woolward teaches the method of claim 1, wherein the inbound communications are from an entity outside the microservices mesh to the first microservice, and the outbound communications are from the first microservice to the entity outside the microservices mesh. . [e.g. Woolward; Col 6 Ln 23-Col 6 Ln 34, Col 7 Ln 6- Col 8 Ln 2 – Woolward teaches the data includes expected (network communications) behaviors can include at least one of: protocols and/or ports that should be used by a container and who the container should talk to (e.g., relationships between containers, such as other applications and/or services the container should talk to), and the like. ]]

Claim 4:
Shieh as modified by Woolward teaches the method of claim 1, wherein analyzing to determine the operational behavior of the first microservice comprises determining a type of application running in the first microservice. [e.g. Woolward; Col 5 Ln53-Col 6 Ln 37, Col 7 Ln 6- Col 8 Ln 2 – Woolward teaches obtaining data regarding a type of application running ]

Claim 5:
Shieh as modified by Woolward teaches the method of claim 4, wherein analyzing includes determining the firewall rule set according to rules associated with normal behavior of a microservice that performs the type of application running in the first microservice. [e.g. Woolward; Col 5 Ln53-Col 6 Ln 37, Col 7 Ln 6- Col 8 Ln 2 – Woolward teaches obtaining data is associated with normal behavior and generating rules based on this determination. ]

Claim 10:
Shieh as modified by Woolward teaches the method of claim 1, wherein the firewall rule set is a limited set of rules based on communications expected for the first microservice. [e.g. Woolward; Col 5 Ln53-Col 6 Ln 37, Col 7 Ln 6- Col 8 Ln 2 – Woolward teaches rules are based on expected communications. ]


Claim 11:
Shieh teaches the method of claim 1, wherein causing comprises causing micro-firewalls to be created and removed as microservice containers are dynamically created and removed. [e.g. Shieh; Para. 0056 – Shieh teaches the enforcement points can be deployed and redeployed (e.g. created and removed).]

Claim 12:
Shieh teaches the method of claim 12, further comprising: when a new microservice container is created that includes a microservice that is similar to the first microservice, causing comprises causing the micro-firewall to be instantiated for the new microservice container without performing the analyzing for the new microservice container. [e.g. Shieh; Para. 0057 – Shieh teaches using a security profile that are distributed to the enforcement points (e.g. instantiated without requiring an analysis of the container)]

Regarding claims 13-15 and 17-20 they are device and manufacture claims essentially corresponding to the above recitations, and they are rejected, at least, for the same reasons.

Claims 6-8 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over US 20160269425 to Shieh et al. (hereinafter “Shieh .”) in view of US 9521115 to Woolward  and further in view of US 20190394219 to Huang et al. (hereinafter “Huang)

Claim 6
While Shieh and Woolward teaches the method of claim 1 and further teaches that the metadata is captured using an API in Col 8 Line10-13 the combination fails to explicitly teach receiving data via a sidecar. More specifically the combination fails to teach the claimed limitations of: 
“wherein obtaining data comprises obtaining application behavior data and metadata captured by a first sidecar function attached to a container for the first microservice”
however, Huang
wherein obtaining data comprises obtaining application behavior data and metadata captured by a first sidecar function attached to a container for the first microservice” [e.g. Huang; Para. 0025-0027]


Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to include, the features above in the invention as disclosed by Shieh and Woolward with the advantage of effectively enforcing data security and other policies within a container environment as disclosed by Huang Para. Para. 0003

Regarding claims 16 they are device claims essentially corresponding to the above recitations, and they are rejected, at least, for the same reasons.



Claim 7:
Shieh as modified by Woolward teaches the method of claim 6, wherein analyzing comprises comparing the application behavioral data and the metadata obtained for the first microservice with stored information about microservices in order to find a match to a microservice with similar behavior. [e.g. Woolward; Col 7 Ln 6-20, Col 8 Ln 27-33.]
Claim 8:
Shieh teaches the method of claim 6, wherein causing the micro-firewall to be instantiated comprises instructing a mesh orchestrator that manages the plurality of microservices to instantiate the micro-firewall between the first microservice and a second microservice in communication with the first microservice. [e.g. Shieh; Para. 0045-0048]



Allowable Subject Matter
Claims 9 is objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Conclusion



The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Please check attached PTO-892 form for any additional references.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHRISTOPHER C HARRIS whose telephone number is (571)270-7841.  The examiner can normally be reached on Monday through Friday between 8:00 AM to 4:00 PM CST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/CHRISTOPHER C HARRIS/Primary Examiner, Art Unit 2432