Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

The instant office action is in response to communication filed on April 30, 2019.

Claims 1-20 are pending of which claims 1, 12 and 17 are independent.

Drawings

4.	The drawings filed on April 30, 2019 are accepted. 

Specification

5.	The specification filed on April 30, 2019 is also accepted.


Information Disclosure Statement

6.	The information disclosure statement (IDS) submitted on 11/30/2020, the submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 101
7.	35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

8.	Claims 17-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter because of claims 17-20 being directed to a "machine-readable storage medium ". There is not found within the Applicant's Specification support for said “computer readable storage media” being limited to a statutory embodiment. The broadest reasonable interpretation of a claim drawn to a computer readable medium (also called machine readable medium and other such variations) typically covers forms of non-transitory tangible media (or non-transitory media) and transitory propagating signals per se in view of the ordinary and customary meaning of computer readable media, particularly when the specification is silent (or absent of a controlling definition in the specification). See MPEP §2111.01. 
9.	When the broadest reasonable interpretation of a claim covers a signal per se, the claim must be rejected under 35 U.S.C. § 101 as covering non-statutory subject matter. See In re Nuijten, 500 F.3d 1346, 1356-57 (Fed. Cir. 2007) (transitory embodiments are not directed to statutory subject matter). Appropriate correction is required.


Internet Communications

10.	Applicant is encouraged to submit a written authorization for Internet communications (PTO/SB/439, http://www.uspto.gov/sites/default/files/documents/sb0439.pdf) in the instant patent application to authorize the examiner to communicate with the applicant via email. The authorization will allow the examiner to better practice compact prosecution. The written authorization can be submitted via one of the following methods only: (1) Central Fax which can be found in the Conclusion section of this Office action; (2) regular postal mail; (3) EFS WEB; or (4) the service window on the Alexandria campus. EFS web is the recommended way to submit the form since this allows the form to be entered into the file wrapper within the same day (system dependent). Written authorization submitted via other methods, such as direct fax to the examiner or email, will not be accepted. See MPEP § 502.03.

Claim Rejections – 35 USC §103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:


11.	Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Arad et al. (U.S. Pub.  No.: 2018/0373885 A1, hereinafter refer as to “Arad”) in view of Maitland et al. (U.S. Pub. No.: 2019/0287146 A1, hereinafter refer as to “Maitland”).

Arad provides a process, including: obtaining, within a trusted computing environment, data comprising confidential values and non-confidential values; replacing, within the trusted computing environment, the confidential values with obfuscated identifiers; sending, from the trusted computing environment, into an untrusted computing environment, an obfuscated representation of the data; transforming, in the untrusted computing environment, the obfuscated representation of the data; sending, from the untrusted computing environment, the obfuscated transformed data into the trusted computing environment; and replacing, within the trusted computing environment, obfuscated identifiers in the obfuscated transformed data with confidential values.

Maitland provides a system, method, and computer program product are provided for implementing a license ledger in a Network Function Virtualization based (NFV-based) communication network. In operation, a license ledger system identifies information corresponding to one or more usage transactions associated with one or more virtual network functions (VNFs) in a NFV-based network. The license ledger system stores the information associated with the one or more usage transactions utilizing blockchain technology such that the information associated with the one or more usage transactions is unalterable. Additionally, the license ledger system communicates with one or more license reporters to provide access to usage data corresponding to the one or more usage transactions associated with the one or more VNFs to provide a trusted source for real-time usage data.

As per claim 1, Arad discloses a system, comprising: a processor; and a memory that stores executable instructions that, when executed by the processor (para. 0007 discloses a system, including: one or more processors; and memory storing instructions that when executed by the processors cause the processors to effectuate operations, for example), facilitate performance of operations, comprising: receiving request data indicative of a request to assign, to a device of a communication network, a container image to facilitate an instantiation of a container (para. 0044 discloses the orchestration manager 40 is configured to elastically scale a number of load generators 46, instantiating load generators 46, configuring load generators 14, and spinning down load generators 46 as needed to apply loads to the target application 34  … the orchestration manager 40 may be configured to access a repository of container or virtual machine images and a composition record specifying how to compose various containers or virtual machines  and the process 50 includes operations executed within a trusted environment and operations executed within an un-trusted environment, for example). 

Arad failed to explicitly discloses wherein the container image represents a virtual network function associated with a user plane network element of the communication network; and in response to determining that the request data has been authenticated, facilitating a generation of cryptographic block data that is to be appended to the container, wherein the cryptographic block data comprises a blockchain ledger that is employable to record activity associated with the container.   

Htay discloses wherein the container image represents a virtual network function associated with a user plane network element of the communication network (para. 0021 discloses, a number of VPNs (virtual private networks) associated with the corresponding VNF, a number of routes associated with the corresponding VNF, a VNFC instance (VM or container) associated with the corresponding VNF, memory usage associated with the corresponding VNF, CPU consumption associated with the corresponding VNF, a number of vCPUs associated with the corresponding VNF, a disk access rate associated with the corresponding VNF, for example); and in response to determining that the request data has been authenticated, facilitating a generation of cryptographic block data that is to be appended to the container (para. 0080 discloses applications are managed simply by wrapping them as block devices and registering them to the cloud provider (for example Amazon Machine Image AMI for Amazon EC2), for example), wherein the cryptographic block data comprises a blockchain ledger that is employable to record activity associated with the container (para. 0080 discloses ledger module 413 is operable to: identify one or more usage transactions associated with one or more VNFs in the NFV-based network; store information associated with the usage transactions utilizing blockchain technology such that the information is unalterable; and communicate with one or more license reporters to provide access to usage data corresponding to the usage transactions (to provide a trusted source for real-time usage metrics, etc.) … license ledger module 413 may communicate with the accounting and licensing module 442 to coordinate licensing/billing associated with VNFs, for example).  

Arad and Htay are analogous art because they both are directed to network function virtualization (NFV) of telecommunications networks and one 

Therefore, it would have been obvious to one ordinary skilled in the art before the effective filing date of applicant’s claimed invention to combine the teachings of Htay with the teaching of Arad in order to  network function virtualization (NFV) of telecommunications networks (Maitland: Para. [0001]).

Regarding claim 2, the combination of Arad as modified by Htay discloses wherein the operations further comprise: facilitating an authentication of the request data based on an exchange of public key data and private key data with a control plane network device of the communication network (fig. 6 of Arad show Network interface 1040 may include a network adapter that provides for connection of computer system 1000 to a network. Network interface may 1040 may facilitate data exchange between computer system 1000 and other devices connected to the network. Network interface 1040 may support wired or wireless communication and further see para. 0072 of Arad, for example).  

Regarding claim 3, the combination of Arad as modified by Htay discloses wherein the operations further comprise: based the cryptographic block data, validating the container image (para. 0057 of Htay discloses the orchestration manager 40 or other component, to validate received authentication tokens, for example). 
 	The same motivational statement applies as set forth above in claim 1. 

Regarding claim 4, the combination of Arad as modified by Htay discloses wherein the operations further comprise: facilitating the instantiation of the container to allocate defined resources of the communication network to a specified subscriber entity (para. 0057 of Htay discloses the communication is over the secure communication channel furthermore para. figs. 13 of Htay illustrates a specific example in JSON for a request to generate two unikernels, for example).  
The same motivational statement applies as set forth above in claim 1.

Regarding claim 5, the combination of Arad as modified by Htay discloses wherein the operations further comprise: in response to determining that the container is to be terminated, storing archived image data that comprises the container image and the cryptographic block data (para. 0044 discloses the orchestration manager 40 is configured to elastically scale a number of load generators 46, instantiating load generators 46, configuring load generators 14, and spinning down load generators 46 as needed to apply loads to the target application 34 , and furthermore, para. 0046 of Arad discloses Examples of test loads include requesting a resource (like an image or data), requesting a webpage, querying a database, requesting a service from an API, and configuring state of a session, for example, in an online shopping application by adding items to a shopping cart, selecting flights, or configuring flights in an airline website, and the like, for example).

Regarding claim 6, the combination of Arad as modified by Htay discloses wherein the cryptographic block data comprises a hash value, (para. 0055 of Arad discloses a hash value produced by inputting the sent instructions into a hash function or other one-way function, such as an SHA 256 hash function, for example). 

Regarding claim 7, the combination of Arad as modified by Htay discloses wherein the hash value represents a timestamp associated with the request data (para. 0057 of Arad discloses upon sending the authentication token, or upon creating an authentication token … may store a timestamp or expiration time associated with the sent authentication token within the trusted computing environment, for example). 

Regarding claim8, the combination of Arad as modified by Htay discloses wherein the hash value represents identifier data indicative of a user equipment that is served via the user plane network element (para. 0055 of Arad discloses hash calculation within the trusted computing environment and compare the sent hash value with the calculated hash value to determine whether the instructions have been modified in transit, as indicated by a difference in the hash values, for example).   

Regarding claim 9, the combination of Arad as modified by Htay discloses wherein the hash value represents identifier data indicative of the device (para. 0054 of Arad discloses   the confidential values with obfuscated identifiers to form an obfuscated representation of the data, wherein a first obfuscated identifier is paired with the first confidential value in the obfuscated representation of the data; sending, with one or more processors, from the trusted computing environment, into an untrusted computing environment, via a network, the obfuscated representation of the data; transforming, with one or more processors, for example).  

Regarding claim 10, the combination of Arad as modified by Htay discloses wherein the hash value represents identifier data indicative of a requesting entity, from which the request data has been received (see para. 0055, 0068 of Arad, for example).   

Regarding claim 11, the combination of Arad as modified by Htay discloses wherein the operations further comprise: analyzing the cryptographic block data and based on a result of the analyzing, detecting malware (para. 0002 of Htay discloses NFV include virtualized load balancers, firewalls, intrusion detection devices and Wide Area Network (WAN) accelerators, for example).

As per claim 12, Arad discloses a method, comprising: determining, by a system comprising a processor (para. 0007 discloses a system, including: one or more processors; and memory storing instructions that when executed by the processors cause the processors to effectuate operations, for example), that a container image is to be moved to a device of a communication network to facilitate an instantiation of a container, wherein the container image represents a virtual network function associated with a user plane network element of the communication network (para. 0044 discloses the orchestration manager 40 may be configured to create, coordinate among, and destroy containers, virtual machines, or other computing entities. In some embodiments, the orchestration manager 40 may be configured to access a repository of container or virtual machine images and a composition record specifying how to compose various containers or virtual machines and instruct a plurality of different computing devices to instantiate a plurality of instances of the load generators 46, in some cases with each load generator 46 corresponding to a different container executing in a different thread, and in some cases with a plurality of different containers executing within a container engine on a single computing device, for example).

Arad failed to explicitly disclose in response to determining that the container image has been validated, determining, by the system, cryptographic block data that is to be written to the container, wherein the cryptographic block data comprises a blockchain ledger that is employable to record activity associated with the container 

Htay discloses in response to determining that the container image has been validated, determining, by the system, cryptographic block data that is to be written to the container  (para. 0080 discloses applications are managed simply by wrapping them as block devices and registering them to the cloud provider (for example Amazon Machine Image AMI for Amazon EC2), for example), wherein the cryptographic block data comprises a blockchain ledger that is employable to record activity associated with the container (para. 0080 discloses ledger module 413 is operable to: identify one or more usage transactions associated with one or more VNFs in the NFV-based network; store information associated with the usage transactions utilizing blockchain technology such that the information is unalterable; and communicate with one or more license reporters to provide access to usage data corresponding to the usage transactions (to provide a trusted source for real-time usage metrics, etc.) … license ledger module 413 may communicate with the accounting and licensing module 442 to coordinate licensing/billing associated with VNFs, for example).  

Arad and Htay are analogous art because they both are directed to network function virtualization (NFV) of telecommunications networks and one of ordinary skill in the art would have had a reasonable expectation of success to modify Htay with the specified features of Arad because they are from the same field of endeavor.

Therefore, it would have been obvious to one ordinary skilled in the art before the effective filing date of applicant’s claimed invention to combine the teachings of Htay with the teaching of Arad in order to  network function virtualization (NFV) of telecommunications networks (Maitland: Para. [0001]).

Regarding claim 13, the combination of Arad as modified by Htay discloses wherein the determining the cryptographic block data comprises determining a hash value indicative of a timestamp associated with a movement of the container image to the device (para. 0057 of Arad discloses upon sending the authentication token, or upon creating an authentication token … may store a timestamp or expiration time associated with the sent authentication token within the trusted computing environment, for example).

Regarding claim 14, the combination of Arad as modified by Htay discloses wherein the determining the cryptographic block data comprises determining a hash value indicative of identifier data that represents a user equipment that is served via the user plane network element (para. 0055 of Arad discloses a hash value produced by inputting the sent instructions into a hash function or other one-way function, such as an SHA 256 hash function, for example).

Regarding claim 15, the combination of Arad as modified by Htay discloses wherein the determining the cryptographic block data comprises determining a hash value indicative of identifier data that represents the device (para. 0054 of Arad discloses   the confidential values with obfuscated identifiers to form an obfuscated representation of the data, wherein a first obfuscated identifier is paired with the first confidential value in the obfuscated representation of the data; sending, with one or more processors, from the trusted computing environment, into an untrusted computing environment, via a network, the obfuscated representation of the data; transforming, with one or more processors, for example).  

As per claim 17, Arad discloses a machine-readable storage medium, comprising executable instructions that, when executed by a processor of a control plane device, facilitate performance of operations, comprising: (para. 0007 discloses a system, including: one or more processors; and memory storing instructions that when executed by the processors cause the processors to effectuate operations, for example), determining that a container image is to be moved to a network device of a communication network to facilitate an instantiation of a container that implements a virtual network function associated with a user plane network element of the communication network (para. 0044 discloses the orchestration manager 40 is configured to elastically scale a number of load generators 46, instantiating load generators 46, configuring load generators 14, and spinning down load generators 46 as needed to apply loads to the target application 34  … the orchestration manager 40 may be configured to access a repository of container or virtual machine images and a composition record specifying how to compose various containers or virtual machines  and the process 50 includes operations executed within a trusted environment and operations executed within an un-trusted environment, for example). 

Arad failed to explicitly disclose in response to determining that the container image is validated, determining cryptographic block data comprising a blockchain ledger that is employable to record activity associated with the container; and writing, to the container, the cryptographic block data.

Htay disclose in response to determining that the container image is validated (para. 0057 discloses the orchestration manager 40 or other component, to validate received authentication tokens, for example), determining cryptographic block data comprising a blockchain ledger that is employable to record activity associated with the container; and writing, to the container, the cryptographic block data (para. 0080 discloses ledger module 413 is operable to: identify one or more usage transactions associated with one or more VNFs in the NFV-based network; store information associated with the usage transactions utilizing blockchain technology such that the information is unalterable; and communicate with one or more license reporters to provide access to usage data corresponding to the usage transactions (to provide a trusted source for real-time usage metrics, etc.) … license ledger module 413 may communicate with the accounting and licensing module 442 to coordinate licensing/billing associated with VNFs, for example).  

Arad and Htay are analogous art because they both are directed to network function virtualization (NFV) of telecommunications networks and one of ordinary skill in the art would have had a reasonable expectation of success to modify Htay with the specified features of Arad because they are from the same field of endeavor.

Therefore, it would have been obvious to one ordinary skilled in the art before the effective filing date of applicant’s claimed invention to combine the Maitland: Para. [0001]).

Regarding claim 18, the combination of Arad as modified by Htay discloses wherein the cryptographic block data is employable to improve a performance of devices of the communication network (fig. 1 of Arad show that   the target application 34 and measure performance of the target application 34 under load, for example). 

Regarding claim 19, the combination of Arad as modified by Htay discloses wherein the cryptographic block data is employable to detect a malicious attack  (para. 0002 of Htay discloses NFV include virtualized load balancers, firewalls, intrusion detection devices and Wide Area Network (WAN) accelerators, for example).
The same motivational statement applies as set forth above in claim 17.

Regarding claim 20, the combination of Arad as modified by Htay discloses wherein the cryptographic block data comprises a hash value representing information associated with the instantiation of the container (para. 0055 of Arad discloses hash value produced by inputting the sent instructions into a hash function or other one-way function, such as an SHA 256 hash function  and furthermore , para. 0057 of Htay discloses the communication is over the secure communication channel furthermore para. figs. 13 of Htay illustrates a specific example in JSON for a request to generate two unikernels, for example).   

Pertinent Art 

12.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure Song et al. (US 2017/0330179 A1) provide the method involves providing authentication information and identifying information of a specified user. A transaction is produced based on the identifying information that is transmitted to a block chain. A transaction ID is obtained by an authentication information management server for showing location information that is recorded on the block chain. The transaction is provided with destruction off-axis cost offload information that is transferred to a virtual money address. The block chain base authentication information is indicated based on the block chain, Htay (US 2020/0351077 A1) provide systems and methods for control-data plane partitioning in virtual distributed ledger networks. In one embodiment, a processor-implemented method is disclosed, comprising receiving a request for a microservice at a virtual distributed ledger technology node associated with a virtual distributed ledger technology network; identifying operations on user data to be performed related to the request for the microservice; retrieving the user data from a data storage memory external to the virtual distributed ledger technology network; performing the identified operations on the user data; executing the microservice based on performing the identified operations on the user data, to virtual distributed ledger technology network; and committing the generated control information to a distributed ledger associated with the virtual distributed ledger technology network.) and Uhr (US 10,333,721 B2) provides secure information transmitting system and method for personal identity authentication, which, on the basis of a user public key, encrypt and transmit an authentication number transmitted from a server that provides a service to a user to a mobile communication terminal of the user, thereby preventing an unauthorized user who obtained the authentication number from being recognized even if an authentication number is externally exposed through hacking.

Conclusion
13.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to ABIY GETACHEW whose telephone number is (571)272-6932.  The examiner can normally be reached on Mon.-Fri. 9:00 AM - 5:30 PM.

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.



Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






A.G.
March 13, 2021
/ABIY GETACHEW/Primary Examiner, Art Unit 2434