Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Terminal Disclaimer
The terminal disclaimer filed on 02-05-2021 disclaiming the terminal portion of any patent granted on this application which would extend beyond the expiration date of 10554675 has been reviewed and is accepted.  The terminal disclaimer has been recorded.

Response to Amendments
The amended claims 1, 4 – 8, 11 – 15 and 17 – 20 were considered under 35 USC 112 (b, f), 101 (abstract idea) and 103 for patentability over closest and analogous prior arts Woolward et al (US Pub. #: 9,525,697), hereafter Woolward and further in view of Park et al (US Pub. #: 20150113629), hereafter Park have been fully considered and are persuasive. Claims 2, 3, 9, 10 and 16 are cancelled.

Allowable Subject Matter
1.	Amended claims 1, 4 – 8, 11 – 15 and 17 – 20 are allowed in light of applicant’s arguments, approved examiner’s proposed amendments and in light of prior art(s) made of record. 

Examiner’s Amendment
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure 
1. (Currently Amended) A method for providing network intrusion detection and prevention service (NIDPS) capabilities to a microservice in a networked computing environment, comprising: 
retrieving a set of rules that are specific to the microservice for accessing the microservice, the microservice being a single function service that contains programmatic and data elements essential for performing a single function, while non-essential elements are not present in the microservice; 
creating a NIDPS microservice as a microservice within an environment of a microservice fabric that supports the microservice using the set of rules; 
establishing the NIDPS microservice as a proxy communications destination for communications to the microservice such that the communications that are intended for the microservice are rerouted to the NIDPS microservice, the establishing further including: locating an entry point for the microservice stored in the microservice fabric; 
replacing the entry point in the microservice fabric with a proxy location of the NIDPS microservice; and 
setting a forwarding location of the NIDPS microservice to the entry point for the microservice; and 
filtering the communications intended for the microservice by the NIDPS microservice according to the set of rules.

2.	(Cancelled).

3.	(Cancelled).

4.	(Original) The method of claim 1, the filtering further comprising:
	discarding, by the NIDPS microservice, a communication that is determined to be a threat based on the set of rules; and
	forwarding, by the NIDPS microservice, a communication that is determined not to be a threat based on the set of rules to the microservice. 

5. (Currently Amended) The method of claim 1, further comprising: establishing the NIDPS microservice as a proxy communications destination for communications to a second microservice in the microservice fabric, the second microservice operating separately from the microservice; and filtering a second set of communications intended for the second microservice by the NIDPS microservice according to the set of rules.

6.	(Original) The method of claim 1,
	wherein the microservice is one of a plurality of microservices in a microservice chain, and
	wherein the NIDPS microservice provides NIDPS capabilities to all of the plurality of microservices in the microservice chain.

7.	(Original) The method of claim 6, further comprising:

	wherein the second NIDPS microservice filters communications between the microservice and the subsequent microservice using the second set of rules.

8. (Currently Amended) A computer system for providing network intrusion detection and prevention service (NIDPS) capabilities to a microservice in a networked computing environment, the computer system comprising: a memory medium comprising instructions; a bus coupled to the memory medium; and a processor coupled to the bus, execution of the instructions cause the system to: 
retrieve a set of rules that are specific to the microservice for accessing the microservice, the microservice being a single function service that contains programmatic and data elements essential for performing a single function, while non-essential elements are not present in the microservice; 
create a NIDPS as a microservice within an environment of a microservice fabric that supports the microservice using the set of rules; 
establish the NIDPS microservice as a proxy communications destination for communications to the microservice such that the communications that are intended for the microservice are rerouted to the NIDPS microservice, the instructions that cause the system to establish further causing the system to: locating an entry point for the microservice stored in the microservice fabric; 
16/601,040Page 4 of 13replacing the entry point in the microservice fabric with a proxy location of the NIDPS microservice; and 
setting a forwarding location of the NIDPS microservice to the entry point for the microservice; and 
filter the communications intended for the microservice by the NIDPS microservice according to the set of rules.

9.	(Cancelled).

10.	(Cancelled).

11.	(Original) The system of claim 8, the SDN, the instructions that cause the system to filter further causing the system to:
	discard, by the NIDPS microservice, a communication that is determined to be a threat based on the set of rules; and
	forward, by the NIDPS microservice, a communication that is determined not to be a threat based on the set of rules to the microservice. 

12.	(Currently Amended) The system of claim 8, the instructions further causing the system to:
	establish the NIDPS microservice as a proxy communications destination for communications to a second microservice in the microservice fabric, the second microservice operating separately from the microservice; and
	filter a second set of communications intended for the second microservice by the NIDPS microservice according to the set of rules.


	wherein the microservice is one of a plurality of microservices in a microservice chain, and
	wherein the NIDPS microservice provides NIDPS capabilities to all of the plurality of microservices in the microservice chain.

14.	(Original) The system of claim 13, the instructions further causing the system to:
	insert a second NIDPS microservice having a second set of rules between the microservice and a subsequent microservice in the microservice chain, 
	wherein the second NIDPS microservice filters communications between the microservice and the subsequent microservice using the second set of rules.

15.	(Currently Amended) A computer program product embodied in a non-transitory computer readable storage device that, when executed by a computer device, performs a method for providing network intrusion detection and prevention service (NIDPS) capabilities to a microservice in a networked computing environment 
	retrieving a set of rules that are specific to the microservice for accessing the microservice, the microservice being a single function service that contains programmatic and data elements essential for performing a single function, while non-essential elements are not present in the microservice;
	creating a NIDPS as a microservice within a microservice fabric of the microservice using the set of rules; 
, the establishing further including: locating an entry point for the microservice stored in the microservice fabric; 
replacing the entry point in the microservice fabric with a proxy location of the NIDPS microservice; and setting a forwarding location of the NIDPS microservice to the entry point for the microservice; and 
filtering the communications intended for the microservice by the NIDPS microservice according to the set of rules.

16.	(Cancelled).

17.	(Original) The program product of claim 15, the filtering further comprising:
	discarding, by the NIDPS microservice, a communication that is determined to be a threat based on the set of rules; and
	forwarding, by the NIDPS microservice, a communication that is determined not to be a threat based on the set of rules to the microservice. 

18.	(Currently Amended) The program product of claim 15, the method further comprising:
	establishing the NIDPS microservice as a proxy communications destination for communications to a second microservice in the microservice fabric, the second microservice operating separately from the microservice; and


19.	(Original) The program product of claim 15, 
	wherein the microservice is one of a plurality of microservices in a microservice chain, and
	wherein the NIDPS microservice provides NIDPS capabilities to all of the plurality of microservices in the microservice chain.

20.	(Original) The program product of claim 19, the method further comprising:
	insert a second NIDPS microservice having a second set of rules between the microservice and a subsequent microservice in the microservice chain, 
	wherein the second NIDPS microservice filters communications between the microservice and the subsequent microservice using the second set of rules.

Reasons for Allowance
The following is an examiner’s statement of reasons for allowance: 
As to the independent claim 1, the prior art of reference Woolward teaches Col. 5 lines 34-40: the policy engine generates security policies, which includes rules, to protect the network; Col. 5 lines 15-26: the enforcement points are virtual machines (VMs) created and run by the hypervisor and (Col. 6 lines 45-57) the policy engine provides security policies to the enforcement points; Col. 5 lines 26-29: After receiving the data traffic sent to a server, the hypervisor may instruct a plurality of virtual machines (Col. 6 lines 6-20) acting as enforcement  

Further, a second prior art of record Shieh (US Pat. #: 10158672) teaches Abstract: a system includes a plurality of microservices, each of the plurality of microservices having a plurality of distributed microservice components. At least a portion of the distributed microservice components execute on different physical or virtual servers in a data center or a cloud. The system also includes a plurality of logical security boundaries, with each of the plurality of logical security boundaries being created by a plurality of enforcement points positioned in association with the plurality of distributed microservice components. Each of plurality of microservices is bounded by one of the plurality of logical security boundaries. Detailed Description: Provide security policies such as firewall policies that protect these distributed microservices. Rather than directing network traffic to a static firewall or other static appliance, the data center can employ the use of enforcement points, such as enforcement points that are disposed within the network communications path of the microservice components of a microservice. The director module is configured to implement and distribute security policies for microservices. The security policy may be in accordance with a security profile for a microservice. The security profile can define what types of network traffic anomalies indicate possible malware issues. These traffic anomalies can involve comparisons of network traffic volume over a period of time, network traffic volume at a given period of time, network traffic volume compared to application usage, network traffic input volume versus network traffic 
 
Further, a third prior art of record Cohen (US Pat. #: 9294415) teaches Abstract: a proxy server application that supports the dynamic modification of proxy rules implemented by a proxy server. The proxy rules implemented by the proxy server specify network behaviors to be performed at various points during the handling of requests from client applications. A proxy server implements the proxy rules by processing one or more user-generated network traffic filters for managing network traffic. Users generate network traffic filters by creating network traffic filter source code that specify processing steps to be performed by a proxy server relative to network messages the proxy server receives. User-generated network traffic filters may be added, removed, reordered, or otherwise modified in a proxy server application at runtime in order to respond to current network conditions or to achieve other desired proxy configurations. A proxy server application enables dynamic updating of proxy rules by periodically retrieving published filter source code files from a data repository and loading the filter source code files at runtime to be processed by the proxy server application as one or more network traffic filter objects, also referred to herein as network traffic filters. "Dynamic updating," in this context, includes loading a new network traffic filter into the proxy server application, or removing a particular network traffic filter in the proxy server application, or changing the processing order or other functionality of an existing network traffic filter in the proxy server application, or moving a particular network traffic filter from a first filter chain or set of network traffic filters to 

None of the other prior arts of record teach by themselves or in any combination, would have anticipated nor render obvious by combination the claimed invention of the present application at or before the time it was filed.  The prior arts of record fail to teach: the specific microservice is created as part of a microservice fabric, is a single function microservice where programmatic and data elements essential for performing a single function are contained within the specific microservice and non-essential elements are not present in it. The created microservice is a NIDPS microservice, is created using a set of rules that are specific to a given microservice that provides services to the requesting entity, and the NIDPS microservice is attached to secure the specific microservice(s) as a proxy and all the traffic is/are redirected to this proxy entry point after locating the proxy entry in the microservice fabric and performs filtering operations for communications according to the set of rules embodied into the NIDPS microservice.

Therefore, independent claim 1 and their corresponding dependent claims are allowed in light of applicant’s arguments, approved examiner’s amendments and prior arts of record. The same amendments and reasoning are applicable to independent claims 8 and 15 mutatis mutandis.  Claims 2, 3, 9, 10 and 16 are cancelled.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See PTO-892 Notice of References Cited.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Badri -- Champakesan whose telephone number is (571)270-3867.  The examiner can normally be reached on M-F: 7:45am-5pm (EST).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi T. Arani can be reached on 5712723787.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to 






/BADRINARAYANAN /Examiner, Art Unit 2438.