Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


DETAILED ACTION

Notice to Applicants
This communication is in response to the RCE filed on 01/05/2021.


EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such amendment, it MUST be submit no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in a telephone conversation with Applicant’s representative Ryan Davis, and followed by Email confirmation dated 02/12/2021.

Please replace the current listing of claims with the following:


one or more processors;
a network interface coupled to the one or more processors; and
a computer-readable memory coupled to the one or more processors, the memory comprising instructions configured to cause the one or more processors to perform operations comprising:
instantiating a first microservice and a second microservice in a shared namespace of a cloud environment, wherein the first microservice is associated with a first attribute label and the second microservice is associated with a second attribute label that identifies a position of the second microservice in a service chain that comprises the first microservice;
generating a first key based on the first attribute label and a second key based on the second attribute label; 
associating a first data store with the first microservice, wherein the first data store is encrypted using the first key and the first microservice is configured to access first data stored in the first data store through the first key based on the first attribute label; 
associating a second data store with the second microservice, wherein the second data store is encrypted using the second key and the second microservice is configured to access second data stored in the second data store through the second key based on the second attribute label, wherein either or both the first data store and the second data store are associated with a plurality of different microservices based on one or more attributes associated with each of the plurality of different microservices; and
receiving an application request from a client, wherein the application request is filled based on both the first data and the second data and the first microservice and the second microservice fill the application request for the first data and the second data while refraining from providing the client access to the first data and the second data.


	identifying one or more client attributes associated with the client;	 and		
	generating a third key based on the one or more client attributes, wherein the third key permits access by the client to at least a portion of the first data store, and wherein the third key does not permit the client to access the second data store.

3.	(Original) The system of claim 2, wherein the one or more processors are further configured to perform operations comprising:
generating a derivative application request by the first microservice in response to the application request, wherein the derivative application request comprises a fourth key based on the first attribute label associated with the first microservice; and
accessing, by the first microservice, the second data store associated with the second microservice using the fourth key.

4.	(Original) The system of claim 3, wherein the one or more processors are further configured to perform operations comprising:
	providing an application response to the client, wherein the application response comprises data from the first data store that is accessed by the client using the third key, and data from the second data store that is accessed by the first microservice using the fourth key.

5.	(Original)  The system of claim 1, wherein the first attribute label identifies a function type associated with the first microservice.

6.	(Canceled) 

7.	(Currently Amended) The system of claim 1, wherein the second attribute label identifies a priority of the second microservice in the[[a]] service chain that comprises the first microservice.


instantiating a first microservice and a second microservice in a shared namespace of a cloud environment, wherein the first microservice is associated with a first attribute label and the second microservice is associated with a second attribute label;
generating a first key based on the first attribute label and a second key based on the second attribute label that identifies a position of the second microservice in a service chain that comprises the first microservice;
associating a first data store with the first microservice, wherein the first data store is encrypted using the first key and the first microservice is configured to access first data stored in the first data store through the first key based on the first attribute label;
associating a second data store with the second microservice, wherein the second data store is encrypted using the second key and the second microservice is configured to access second data stored in the second data store through the second key based on the second attribute label, wherein either or both the first data store and the second data store are associated with a plurality of different microservices based on one or more attributes associated with each of the plurality of different microservices; and
receiving an application request from a client, wherein the application request is filled based on both the first data and the second data and the first microservice and the second microservice fill the application request for the first data and the second data while refraining from providing the client access to the first data and the second data.

9.	(Previously Presented) The computer-implemented method of claim 8, further comprising:
	identifying one or more client attributes associated with the client;	 and		
generating a third key based on the one or more client attributes, wherein the third key permits access by the client to at least a portion of the first data store, and wherein the third key does not permit the client to access the second data store.


generating a derivative application request by the first microservice in response to the application request, wherein the derivative application request comprises a fourth key based on the first attribute label associated with the first microservice; and
accessing, by the first microservice, the second data store associated with the second microservice using the fourth key.

11.	(Previously Presented) The computer-implemented method of claim 10, further comprising:
	providing an application response to the client, wherein the application response comprises data from the first data store that is accessed by the client using the third key, and data from the second data store that is accessed by the first microservice using the fourth key.

12.	(Previously Presented)  The computer-implemented method of claim 8, wherein the first attribute label identifies a function type associated with the first microservice.

13.	(Canceled)

14.	(Currently Amended) The computer-implemented method of claim 8, wherein the second attribute label identifies a priority of the second microservice in the[[a]] service chain that comprises the first microservice.

15.	(Currently Amended) A non-transitory computer-readable storage medium comprising instructions stored therein, which when executed by one or more processors, cause the one or more processors to perform operations comprising:
instantiating a first microservice and a second microservice in a shared namespace of a cloud environment, wherein the first microservice is associated with a first attribute label and the  that identifies a position of the second microservice in a service chain that comprises the first microservice;
generating a first key based on the first attribute label and a second key based on the second attribute label;
associating a first data store with the first microservice, wherein the first data store is encrypted using the first key and the first microservice is configured to access first data stored in the first data store through the first key based on the first attribute label;
associating a second data store with the second microservice, wherein the second data store is encrypted using the second key and the second microservice is configured to access second data stored in the second data store through the second key based on the second attribute label, wherein either or both the first data store and the second data store are associated with a plurality of different microservices based on one or more attributes associated with each of the plurality of different microservices; and
receiving an application request from a client, wherein the application request is filled based on both the first data and the second data and the first microservice and the second microservice fill the application request for the first data and the second data while refraining from providing the client access to the first data and the second data.

16.	(Original) The non-transitory computer-readable storage medium of claim 15, wherein the instructions are further configured to cause the one or more processors to execute operations comprising:
	identifying one or more client attributes associated with the client;	 and		
	generating a third key based on the one or more client attributes, wherein the third key matches the first key, thereby permitting access by the client to the first data store, and wherein the third key does not match the second key, thereby preventing access by the client to the second data store.


generating a derivative application request by the first microservice in response to the application request, wherein the derivative application request comprises a fourth key based on the first attribute label associated with the first microservice; and
accessing, by the first microservice, the second data store associated with the second microservice using the fourth key.

18.	(Original) The non-transitory computer-readable storage medium of claim 17, wherein the instructions are further configured to cause the one or more processors to execute operations comprising:
	providing an application response to the client, wherein the application response comprises data from the first data store that is accessed by the client using the third key, and data from the second data store that is accessed by the first microservice using the fourth key.

19.	 (Original) The non-transitory computer-readable storage medium of claim 15, wherein the first attribute label identifies a function type associated with the first microservice.

20.	(Canceled)

21.	(New) The non-transitory computer-readable storage medium of claim 15, wherein the second attribute label identifies a priority of the second microservice in the service chain that comprises the first microservice.



Allowable Subject Matter
Claims 1-5, 7-12, 14-19 and 21 are allowed.
The following is an examiner's statement of reasons for allowance: The following is an examiner's statement of reasons for allowance: This communication warrants No Examiner's Reason for Allowance, applicant's reply make evident the reasons for allowance, satisfying the “record as a whole” proviso of the rule 37 CFR 1.104(e). Specifically, applicant’s amendments and arguments filed on 01/05/2021 and Examiner’s amendment make the record clear as to the reasons for allowance for this application, as such the reasons for allowance are in all probability evident from the record and no statement is deemed necessary (see MPEP 1302.14).
Any comments Applicants considers necessary must be submitted no later than the payment of the Issue Fee and to avoid processing delays, should preferable accompany the Issue Fees. Such submission should be clearly labeled "Comments on Statement of Reasons for Allowance". In event of any post-allowance papers (e.g. IDS, 312 amendment, petition, etc.), Applicant is exhorted to mail papers to the Production Control branch in Publications or faxed to post-allowance papers correspondence branch at (703) 308-5864 to expedite issuing process or call PUB's Customer Service if any questions at (703) 305-8497.



Conclusion
The prior art made of record and not relied upon is considered pertinent to Applicant’s disclosure: 
US 20140108794 A1		CONTROLLING MOBILE DEVICE ACCESS TO SECURE DATA
US 20170374145 A1		REPLICATION PROTOCOL WITH CONSENSUS FOR A DECENTRALIZED CONTROL PLANE IN A COMPUTER SYSTEM
US 20180254901 A1		METHOD AND SYSTEM FOR SECURE DELEGATED ACCESS TO ENCRYPTED DATA IN BIG DATA COMPUTING CLUSTERS
US 20190197148 A1		REDUCING FRONTEND COMPLEXITY FOR MULTIPLE MICROSERVICES WITH CONSISTENT UPDATES
US 20160342786 A1		METHOD AND APPARATUS FOR APPLYING APPLICATION CONTEXT SECURITY CONTROLS FOR SOFTWARE CONTAINERS
US 20150358436 A1		NETWORK NODE AND METHOD OF OPERATING THE NETWORK NODE
US 9838376 B1		Microservices based multi-tenant identity and data security management cloud service
US 20160171222 A1		INFORMATION RIGHTS MANAGEMENT USING DISCRETE DATA CONTAINERIZATION
US 20180109387 A1		CONTINUED VERIFICATION AND MONITOR OF APPLICATION CODE IN CONTAINERIZED EXECUTION ENVIRONMENT

Any inquiry concerning this communication or earlier communications from the examiner should be directed to JASON CHIANG whose telephone number is (571)270-3393.  The examiner can normally be reached on 9 AM to 6 PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571) 272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.








/JASON CHIANG/Primary Examiner, Art Unit 2431