DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

This is in Response to REMARKS, and Amendments filed on 03/09/2021.
CLAIMS 1—17 filed on 11/09/2018 are pending.

Response to Arguments
Claim 17 is rewritten as independent claim; and therefore, Objection to claim 17 withdrawn.
Applicant's arguments filed with respect to 35 USC 103(a), prior art; and Non-Statutory Obviousness Rejection have been fully considered but they are not persuasive.

Regarding the Prior Art Rejection: 
It is argued that, the cited art (specifically Wagner) failing to disclose receiving and generating; or comparing the two profiled; i.e., “a baseline profile” and “a runtime profile” for the same software component. Examiner respectfully disagrees and notes that, with broadest but reasonable claim interpretation Wagner teach the above features; because Wagner receive/load and compare execution profile for “same task call”. As best understood from the detail specification of applicant’s application, software component are broadly defined as 

(b) Regarding the Double Patenting Rejection:
It is argued that this application recite does not disclose “flagging…” which is disclosed in the co-pending (16/300,169); examiner respectfully disagrees and notes that in the co-pending application the software component is flagged for execution and they are permitted in the instant application; however, flagging and permitting are not different to each other because to flag is to permit, etc.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1—5, 16 and 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over “Wagner” [US 9830449 B1] in view of “Chinta” et al. [US 8326943 B2].

REGARDING CLAIM 1.   Wagner disclose An access control method for a restricted resource in a computer system having an operating system providing isolation between software processes 
receiving a baseline profile for the software component defining characteristics of the software component at a runtime for identifying performance of the software component [see LOAD EXEC PROFILE 404 (Fig.4 of Wagner); note that the execution profile 404 is loaded for the task call obtained @402];

Wagner does not; but, Chinta, analogues art, disclose receiving a software component for execution as an isolated process in the operating system [see FIGS.1 (Operating System), 4B, (OS 8100) 8A; 8C (for isolated execution) of Chinta]; 
Therefore. It would have been obvious to a person having ordinary skill in the art before the effective filing date of applicant’s invention was made to modify the system of Wagner by incorporating the process OS isolation teaching of Chinta for the benefit of remotely executing applications in isolation environments on a computing machine.

Wagner in view of Chinta further disclose:
generating a runtime profile of the software component in execution in the operating system defining characteristics of the software component in execution [see LOAD EXEC PROFILE 404 (Fig.4 of Wagner) ; note that a risk profile of the task is loaded @410]; and permitting access by the software component to the restricted resource based on a comparison of the baseline profile and the runtime profile such that the software component exhibiting see EXECUTE TASK … 414, 416 and END ROUTINE 418 (Fig.4 of Wagner)].

REGARDING CLAIMS 16 AND 17. They are A computer system and A non-transitory computer-readable storage medium comprising similar limitations as that of the Method claim; and therefore, they have been rejected for the same rationale applied in rejecting claim 1 above.

Wagner in view of Chinta further disclose Claims 2—4.  The method of claim 1, wherein the restricted resource is a cryptographic key for accessing restricted data; wherein the resources include one or more of: processing resources: storage resources: or input/output resources; , wherein the resources include one or more of: thread; task; memory; data store; library; network protocol; network connection; network port; stack; heap; peripheral; or an input/output device [see Figs.1, 3A—3C of Wagner; See also FIGS.1B, 1C of Chinta]. The motivation to combine is the same as that of claim 1 above.

Wagner in view of Chinta further disclose Claim 5.   The method of any preceding claim 1, wherein the isolation includes namespace isolation [see FIGS.1 (Operating System), 4B, (OS 8100) 8A; 8C (for isolated execution) of Chinta]. The motivation to combine is the same as that of claim 1 above.

Claims 6—15 is/are rejected under 35 U.S.C. 103 as being unpatentable over “Wagner” [US 9830449 B1] in view of “Chinta” et al. [US 8326943 B2], and further in view of “Muddu” et al. [US 10419450 B2].

Wagner in view of Chinta further disclose Claims 6 and 7.  The method claim 1, wherein the one or more characteristics of the baseline profile define performance criteria for identifying undesirable performance of the software component [see Fig.4 of Wagner]; 

Wagner/Chinta may not; but, Muddu, analogues art, disclose wherein the characteristics of the software component include one or more of: an extent or degree of storage consumption of the software component; an extent or degree of processor consumption of the software component; an extent or degree of communication between the software component and another computing component; or a duration of a runtime of the software component [see FIGS.2, 7AA-B, 12—13B, …29 of Muddu]. 
Therefore. It would have been obvious to a person having ordinary skill in the art before the effective filing date of applicant’s invention was made to modify the system of Wagner/Chinta by incorporating the teachings of Muddu for the benefit of intelligence generation and activity discovery from events in a distributed data processing system.

Wagner in view of Chinta, and further in view of Muddu further disclose Claim 8.     The method of claim 1, wherein an undesirable performance of the software component includes one or more of: an extent or degree of storage consumption of the software component; an extent or degree of processor consumption of the software component; an extent or degree of communication between the software component and another computing component; or a see FIGS.2, 7AA-B, 12—13B, …29 of Muddu]. The motivation to combine is the same as that of claims 5 and 6 above.

Wagner in view of Chinta, and further in view of Muddu further disclose Claim 9.    The method according to claim 1, further comprising: suspending or terminating execution of the flagged software component; and transitioning execution of the flagged software component to an alternative computer system [Wagner disclose shutting down (terminating) virtual instance 150 (Fig.1). Chinta disclose suspend state process launching, FIG.8C @882]. The motivation to combine is the same as that of claim 1.

Wagner in view of Chinta, and further in view of Muddu further disclose Claims 10 and 11.    The method according claim 1, wherein the software component is a software container for execution in a container software environment; wherein the container software environment is a Docker environment [Wagner disclose (e.g., in FIG.1) software container].

Wagner in view of Chinta, and further in view of Muddu further disclose Claims 12.     The method of claim 1, wherein the software component is modifiable by a user or software by one or more of: inclusion of one or more other software components; or configuration of the software component for execution in the computer system [see LOAD EXEC PROFILE 404 (Fig.4 of Wagner)].

Claims 13 and 14.    The method of claim 1, wherein the baseline profile is generated based on profiling of one or more executions of the software component [see LOAD EXEC PROFILE 404 (Fig.4 of Wagner)]; wherein the baseline profile is learned by a machine learning algorithm from multiple executions of the software component [Muddu disclose machine learning (Abstract) and ML Algorithm 110 (FIG.2)]. The motivation to combine is the same as that of claims 5 and 6 above.

Wagner in view of Chinta, and further in view of Muddu further disclose Claim 15.     The method of claim 1, further comprising: in response to the identification of undesirable performance of the software component, communicating the identification to one or more other computer systems suitable for executing the software component [see Fig.4 of Wagner].

Double Patenting
Claims 1—17 are provisionally rejected on the ground of non-statutory double patenting as being unpatentable over claims 1—16 of co-pending Application No. 16/600,169 (reference application). Although the claims at issue are not identical, they are not patentably distinct from each other because both applications recite substantially similar limitations; wherein restricted resources are either permitting or precluding for access.

Please see the following Claim-Comparison Table:

Instant Application
Co-pending Application No. 16/300,169
1. An access control method for a restricted resource in a computer system having an operating system providing isolation between software processes executable in the operating system such that a first process executing in the operating system is prevented from accessing resources of a second process executing in the operating system, the method comprising:
receiving a software component for execution as an isolated process in the operating system;
receiving a baseline profile for the software component defining characteristics of the software component at a runtime for identifying performance of the software component;
generating a runtime profile of the software component in execution in the operating system defining characteristics of the software component in execution; and
permitting access by the software component to the restricted resource based on a comparison of the baseline profile and the runtime profile such that the software component exhibiting undesirable performance is precluded from accessing the restricted resource.
1. A method in a computer system having an operating system providing isolation between software processes executable in the operating system such that a first process executing in the operating system is prevented from accessing resources of a second process executing in the operating system, the method comprising:

receiving a software component for execution as an isolated process in the operating system;
receiving a baseline profile for the software component defining one or more characteristics of the software component at a runtime for identifying performance of the software component;
generating a runtime profile of the software component in execution in the operating system defining characteristics of the software component in execution; and
flagging the software component in execution based on a comparison of the baseline profile and the runtime profile so as to identify an undesirable performance of the software component.


This is a provisional non-statutory double patenting rejection because the patentably indistinct claims have not in fact been patented.



Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of 

Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to AMARE F TABOR whose telephone number is (571)270-3155.  The examiner can normally be reached on Mon.—Fri.: 8:00 AM to 5:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, KAMBIZ ZAND can be reached on (571) 272-3811.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access 






/AMARE F TABOR/Primary Examiner, Art Unit 2434