DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Objections
Claims 1, 8, and 15 objected to because of the following informalities:  "the container image" lacks antecedent basis.  Appropriate correction is required.
Claim 1 objected to because of the following informalities:  there is no specific hardware or software executing the steps.  Appropriate correction is required.
Claims 2, 9 and 16 are objected to because of the following informalities:  they recite the limitation "a salt file” needs to be changed to "the salt file" as the term is already cited in the independent claims in order to clearly establish proper antecedent basis.  Appropriate correction is required.
The term “capable” recited in claim 8 and “executable” recited in claim 15 is not positively recited limitation. Appropriate correction is required.
Claims 3, 10, and 17 objected to because of the following informalities:  "the hash" and "the hash file" lacks antecedent basis.  Appropriate correction is required.
Claims 4, 11, and 18 objected to because of the following informalities:  "the hash file" lacks antecedent basis.  Appropriate correction is required.
Claims 5, 12, and 19 objected to because of the following informalities:  "the container configuration" lacks antecedent basis.  Appropriate correction is required.
Claims 7 and 14 objected to because of the following informalities:  "a container" lacks antecedent basis.  Appropriate correction is required.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim 1, 5, 8, 12, 15, and 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Stopel et al. (US 20170116415 hereinafter Stopel) in view of Edwards (US 20180054314).
Re. claim 1, Stopel teaches a method comprising: configuring a container within a microservice framework (Stopel teaches the host device 310 is configured to host and execute a detector container 315 [0040]. the host device 310 (and the detector container 315) are configured to interface with a continuous integration (CI) system (not shown) [0041]); receiving a generated salt file (Stopel teaches the detector container 315 is configured to create a unique signature for each executable file (Interpreted as salt (cryptographic) file)[0054]); injecting the salt file into the container (Stopel teaches Each generated signature is saved (interpreted as inject) with the security profile of the container image 301-C together with the name of the respective spawned process [0054]. The security profile may include (interpreted as inject), but is not limited to, a list of allowed system calls, a list of permissible network actions, a list of permissible filesystem actions, signatures of executable files of spawned processes, or a combination thereof [0046]).
Although Stopel discloses hashing and salt file, Stopel does not explicitly disclose but Edwards discloses hashing the container image and the salt file (Edwards teaches verification may be accomplished by taking a cryptographic hash of the files of the verification information associated with the container image and verifying the hashes against a database of correct hashes [0020])
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Edwards into the invention (Edwards [0009]).
Re. claim 5, Stopel-Edwards teach method of claim 1, wherein the container configuration receives an environment variable from the microservice framework (Stopel teaches Each such action defines which network resources can be accessed by the APP container during runtime and which network resources can be access the APP container during runtime. A network resource may include an IP address, a URL, a domain, a connection port, an inbound connection, an outbound connection, and so on [0056]).  
Re. claim 8, Stopel teaches a computer system comprising: one or more processors (Stopel teaches general-purpose microprocessors [0074]), one or more computer-readable memories (Stopel teaches memory [0074]), one or more computer-readable tangible storage media, and program instructions stored on at least one of the one or more computer-readable tangible storage media for execution by at least one of the one or more processors via at least one of the one or more computer-readable memories (Stopel teaches computer readable instructions to implement one or more embodiments disclosed herein may be stored in the storage. The storage may also store other computer readable instructions to implement an operating system, an application program, and the like. Computer readable instructions may be loaded in the memory for execution by the processing system 510 [0075]), wherein the computer system is capable of performing a method comprising: configuring a container within a microservice framework (Stopel teaches the host device 310 is configured to host and execute a detector container 315 [0040]. the host device 310 (and the detector container 315) are configured to interface with a continuous integration (CI) system (not shown) [0041]); receiving a generated salt file (Stopel teaches the detector container 315 is configured to create a unique signature for each executable file (Interpreted as salt (cryptographic) file)[0054]); injecting the salt file into the container (Stopel teaches Each generated signature is saved (interpreted as inject) with the security profile of the container image 301-C together with the name of the respective spawned process [0054]. The security profile may include (interpreted as inject), but is not limited to, a list of allowed system calls, a list of permissible network actions, a list of permissible filesystem actions, signatures of executable files of spawned processes, or a combination thereof [0046]).
Although Stopel discloses hashing and salt file, Stopel does not explicitly disclose but Edwards discloses hashing the container image and the salt file (Edwards teaches verification may be accomplished by taking a cryptographic hash of the files of the verification information associated with the container image and verifying the hashes against a database of correct hashes [0020])
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Edwards into the invention of Stopel for the purpose of verifying the security of the container and container image. Delivering services without being compromised (Edwards [0009]).
Re. claim 12, rejection of claim 8 is included and claim 12 is rejected with the same rationale as applied in claim 5 above. 
Re. claim 15, Stopel teaches a computer program product comprising: one or more computer-readable tangible storage media and program instructions stored on at least one of the one or more computer-readable tangible storage media (Stopel teaches computer readable instructions to implement one or more embodiments disclosed herein may be stored in the storage. The storage may also store other computer readable instructions to implement an operating system, an application program, and the like. Computer readable instructions may be loaded in the memory for execution by the processing system 510 [0075]), the program instructions executable by a processor to cause the processor to perform a method comprising: configuring a container within a microservice framework (Stopel teaches the host device 310 is configured to host and execute a detector container 315 [0040]. the host device 310 (and the detector container 315) are configured to interface with a continuous integration (CI) system (not shown) [0041]); receiving a generated salt file (Stopel teaches the detector container 315 is configured to create a unique signature for each executable file (Interpreted as salt (cryptographic) file)[0054]); injecting the salt file into the container (Stopel teaches Each generated signature is saved (interpreted as inject) with the security profile of the container image 301-C together with the name of the respective spawned process [0054]. The security profile may include (interpreted as inject), but is not limited to, a list of allowed system calls, a list of permissible network actions, a list of permissible filesystem actions, signatures of executable files of spawned processes, or a combination thereof [0046]).
Although Stopel discloses hashing and salt file, Stopel does not explicitly disclose but Edwards discloses hashing the container image and the salt file (Edwards teaches verification may be accomplished by taking a cryptographic hash of the files of the verification information associated with the container image and verifying the hashes against a database of correct hashes [0020])
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Edwards into the invention of Stopel for the purpose of verifying the security of the container and container image. Delivering services without being compromised (Edwards [0009]).
Re. claim 19, rejection of claim 15 is included and claim 19 is rejected with the same rationale as applied in claim 5 above. 
Claims 2, 3, 6, 9, 10, 13, 16, 17 and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Stopel et al. (US 20170116415 hereinafter Stopel) in view of Edwards (US 20180054314) and in further view of Atta et al. (US 20180091484 hereinafter Atta).
Re. claim 2, Stopel-Edwards teach the method of claim 1, further comprising: Although Stopel-Edwards discloses salt file and microservice framework, Stopel-Edwards does not explicitly disclose but (Atta teaches The compute services provider can verify that the IP is authentic and unmodified by verifying that the signature is valid [0013]); receiving, by the software service, authentication initiation from the container (Atta teaches the signed and encrypted configuration data can be downloaded in response to a request to configure an instance of the configurable logic platform [0012]); generating, by the software service, a salt file (Atta teaches the cryptography engine 245 can be used for cryptographically signing the design source code files and/or the CHI files. Signing a file can include applying a cryptographic hash function to the file to create a hash value or digest [0042]); transmitting, by the software service, the generated salt file to the microservice framework (Atta teaches the validated configuration data can be signed and encrypted before it is transmitted to an end-user (such as when launching an instance) or a developer [0051]); and initiating a key exchange between the software service and a client (Atta teaches the compute service provider 400 (i.e., the cloud provider) is capable of delivery of computing and storage capacity as a service to a community of end recipients. In an example embodiment, the compute service provider can be established for an organization by or on behalf of the organization [0052]).  
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Atta into the invention of Stopel-Edwards for the purpose of increasing the security and the availability of the computing resource. Prevent malformed transactions or transactions to out-of-bounds locations (Atta [0014]).
Re. claim 3, Stopel-Edwards teach the method of claim 1, further comprising: Although Stopel-Edwards discloses salt file and microservice framework, Stopel-Edwards does not explicitly disclose but Atta discloses generating, by a software service, the salt file (Atta teaches the cryptography engine 245 can be used for cryptographically signing the design source code files and/or the CHI files. Signing a file can include applying a cryptographic hash function to the file to create a hash value or digest [0042]. the logic repository service 110 can transmit the generated configuration data 136 in an encrypted or an unencrypted format to one or more recipients [0025]); hashing, by the software service, the salt file (Atta teaches The digest can be encrypted using a private key of the logic repository service 205 to create at least a portion of the signature for the file. The signature can also include additional information such as a public key for decrypting the encrypted digest and a name or reference to the cryptographic hash function used to create the digest for the file [0042]); transmitting, by the software service, the salt file to microservice framework (Atta teaches the validated configuration data can be signed and encrypted before it is transmitted to an end-user (such as when launching an instance) or a developer [0051]); transmitting, by the microservice framework, the hash to the software service (Atta teaches the signed and encrypted configuration data can be communicated to the application function 515 which can forward the data to a cryptographic engine 517 of the host logic. [0078]); and validating, by the software service, the hash file (Atta teaches The server computer 140 can include a cryptographic engine 146. The cryptographic engine 146 can be used to authenticate a cryptographic digital signature and/or to decrypt encrypted information (such as encrypted configuration data) [0019]).  
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Atta into the invention of Stopel-Edwards for the purpose of increasing the security and the availability of the computing resource. Prevent malformed transactions or transactions to out-of-bounds locations (Atta [0014]).
Re. claim 6, Stopel-Edwards teach the method of claim 1, Although Stopel-Edwards discloses salt file and microservice framework, Stopel-Edwards does not explicitly disclose but Atta discloses wherein the salt file is generated by a software service (Atta teaches the cryptography engine 245 can be used for cryptographically signing the design source code files and/or the CHI files. Signing a file can include applying a cryptographic hash function to the file to create a hash value or digest [0042]. The logic repository service 110 can transmit the generated configuration data 136 in an encrypted or an unencrypted format to one or more recipients [0025]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Atta into the invention of Stopel-Edwards for the purpose of increasing the security and the availability of the computing resource. Prevent malformed transactions or transactions to out-of-bounds locations (Atta [0014]).
Re. claim 9, rejection of claim 8 is included and claim 9 is rejected with the same rationale as applied in claim 2 above. 
Re. claim 10, rejection of claim 8 is included and claim 10 is rejected with the same rationale as applied in claim 3 above. 
Re. claim 13, rejection of claim 8 is included and claim 13 is rejected with the same rationale as applied in claim 6 above. 
Re. claim 16, rejection of claim 15 is included and claim 16 is rejected with the same rationale as applied in claim 2 above. 
Re. claim 17, rejection of claim 15 is included and claim 17 is rejected with the same rationale as applied in claim 3 above. 
Re. claim 20, rejection of claim 15 is included and claim 20 is rejected with the same rationale as applied in claim 6 above. 
Claim 4, 11, and 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Stopel et al. (US 20170116415 hereinafter Stopel) in view of Edwards (US 20180054314) and in further view of Cooper et al. (US 20190332579 hereinafter Cooper).
Re. claim 4, Stopel-Edwards teach the method of claim 1, further comprising: Although Stopel-Edwards discloses salt file and software service, Stopel-Edwards does not explicitly disclose but Cooper discloses hashing, by the container, the salt file and a target file (Cooper teaches a replication engine may be arranged provide fingerprint information associated with the source file system to the target file system and provide fingerprint information associated with the target file system to the source file system [0097]); transmitting, by the container, the hashed salt file and target file to a software service (Cooper teaches a replication engine may be arranged provide fingerprint information associated with the source file system to the target file system and provide fingerprint information associated with the target file system to the source file system [0097]); and validating, by the software service, the hash file (Cooper teaches some or all of the authentication information may be fingerprint information rather than copies of the authentication information. For example, if the source file system and target file system use cryptographic certificates to authenticate exchanged messages, the authentication information may be fingerprint information associated with meta-data associated with the certificates rather than the certificates themselves [0097]).  
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Cooper into the invention of Stopel-Edwards for the purpose of establishing a secure communication channel (Cooper [0022]).
Re. claim 11, rejection of claim 8 is included and claim 11 is rejected with the same rationale as applied in claim 4 above. 
Re. claim 18, rejection of claim 15 is included and claim 18 is rejected with the same rationale as applied in claim 4 above. 
Claims 7 and 14 is/are rejected under 35 U.S.C. 103 as being unpatentable over Stopel et al. (US 20170116415 hereinafter Stopel) in view of Edwards (US 20180054314) and in further view of Ford et al. (US 20170041296 hereinafter Ford).
Re. claim 7, Stopel-Edwards teach the method of claim 1, Although Stopel-Edwards discloses salt file and software service, Stopel-Edwards does not explicitly disclose but Ford discloses wherein the salt file is transmitted for key exchanges between the microservice framework, a software service, a (Ford teaches enable exchange of messages, data, metadata and the like with a particular service, engine, module, function, application or the like on the enterprise premises system 110, at the intermediate host's secure exchange system 102, on a user device 120, by orchestration services 165, or in some other location, such as in a cloud storage system 118. The interfaces 160 may include application programming interfaces (APIs), such as REST APIs, websocket APIs, APIs for wrappers and containers and the like, as well as other elements, such as queue binding services, message brokers, bridges, gateways, sockets and the like [0081]).  
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Ford into the invention of Stopel-Edwards for the purpose of sharing information securely and improve secure exchange system (Ford [0004]).
Re. claim 14, rejection of claim 8 is included and claim 14 is rejected with the same rationale as applied in claim 7 above. 
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KEVIN A AYALA whose telephone number is (571)270-3912.  The examiner can normally be reached on Monday-Thursday 8AM-5PM; Friday:Variable EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on 571-272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.







/K.A./Examiner, Art Unit 2436                                                                                                                                                                                                        /SHEWAYE GELAGAY/Supervisory Patent Examiner, Art Unit 2436