DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is in response to the preliminary amendment filed 4/7/2020.
Claims 2-20 have been amended.
Claim 1-20 remain pending and have been considered below.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 12/26/2019 is being considered by the examiner.

Claim Objections
Claim 1 is objected to because of the following informalities:  
a step of selecting: a hardware computer integrated into a closed case that isolates the hardware computer from the outside so as to make  hardware resources of the hardware computer structurally non-expandable because the hardware resources cannot be accessed from outside the case without damaging  the hardware resources, an operating system for managing containers in a generic, lightweight fashion, associated with the hardware computer, container templates, business-specific software and a step of deploying the business-specific software components in instantiated containers based on the container templates.
Appropriate correction is required as indicated above.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


Claims 6, 7, 8, 15 and 20 recites the limitation "the number of software components…", “the potential business-specific hardware component(s)”, “the business-specific hardware component or one of them…”, “the container management system is the Docker system” and “the number of software components” in body of the claims respectively.  There is insufficient antecedent basis for this limitation in the claim.  For examination purposes, Examiner interprets these limitation to be read as “a number of software components…”, “potential business-specific hardware components…”, “the potential business-specific hardware component”, “a container management system is a Docker system” and “a number of software components”

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 16-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  The claims do not fall within at least one of the 

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

 (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claims 16-20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by U.S. Patent No. 10,824,726 to Herman Saffar.

Per claim 16, Operating system capable of managing containers in a generic, lightweight fashion, intended to be used in a method for manufacturing a secure, modular business-specific hardware application (see at least FIG. 2, see also at least col.6, lines 22-27 “…an RMS kernel 230 operatively connected to a container registry 210, a retention tracker 240, and a container scanner 260.  Each of these components is described below… RMS kernel 230 may be a core application or computer program (e.g., an operating system) executing on the underlying hardware (e.g., one or more integrated circuits) of the RMS 200…”; see at least col.6, lines 65-67 “…a container 220 may be a template for all containers of a specific application type that implement at least a portion of a service deployed through the service platform…”), comprising: 
a generic mechanism for managing a non-predetermined number of containers, comprising: 
a function of installing container templates, a function of updating the container templates, a function of creating a container by instantiating a container template, a function of starting a container, a function of stopping a container, a function of destroying a container (see at least FIG. 2; see at least col.6, lines 26-41 “…the RMS kernel 230 may be a core application or computer program (e.g., an operating system) executing on the underlying hardware (e.g., one or more integrated circuits) of the RMS 200.  The RMS kernel 230 may include functionality to: (i) generate, store, and retrieve golden containers (described below); (ii) create containers based on a golden container of the same application type; (iii) delete or reassign containers as honeypots; (iv) generate and feed emulated network traffic to honeypot containers; (v) submit scan requests to, and receive scan responses from, the container scanner 260; and (vi) submit track requests to, and receive elapse notifications from, the retention tracker 240.  One of ordinary skill in the art will appreciate that the RMS kernel 230 may include other functionalities without departing from the scope of the disclosure…”), a mechanism for configuring said generic mechanism for managing containers, capable of CONTAINER 220A-N & CONTAINER PROFILE 250A-N”).

Per claim 17, Herman Saffar further teaches
wherein: said generic mechanism for managing containers comprises only: said function of installing container templates, said function of updating the container templates, said function of creating a container by instantiating a container template, said function of starting a container, said function of stopping a container, said function of destroying a container (see at least col.6, lines 26-41 “…the RMS kernel 230 may be a core application or computer program (e.g., an operating system) executing on the underlying hardware (e.g., one or more integrated circuits) of the RMS 200.  The RMS kernel 230 may include functionality to: (i) generate, store, and retrieve golden containers (described below); (ii) create containers based on a golden container of the same application type; (iii) delete or reassign containers as honeypots; (iv) generate and feed emulated network traffic to honeypot containers; (v) submit scan requests to, and receive scan responses from, the container scanner 260; and (vi) submit track requests to, and receive elapse notifications from, the retention tracker 240.  One of ordinary skill in the art will appreciate that the RMS kernel 230 may include other functionalities without departing from the scope of the disclosure…”).  


wherein: said configuration mechanism of said generic mechanism for managing containers is able to configure only: said list of containers to be managed, said additional components required for the operation of the containers to be managed (see at least FIG. 2 “CONTAINER 220A-N & CONTAINER PROFILE 250A-N”).

Per claim 19, Herman Saffar further teaches
wherein: said set of additional components required for the operation of the containers to be managed, comprises: virtual networks, and/or data volumes, and/or access to business-specific hardware components with the access rights of the various containers to said components (see at least FIG. 2 “CONTAINER PROFILE 250A-N”).

Per claim 20, Herman Saffar further teaches
Wherein:  a number of software components forming said operating system is less than 100 software components (see at least FIG. 2; see also at least col.6, lines 26-27 “…RMS kernel 230 may be a core application or computer program (e.g., an operating system) executing on the underlying hardware (e.g., one or more integrated circuits) of the RMS 200…”).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-9 and 11-15 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent No. 10,824,726 to Herman Saffar in view of U.S. Pub. No. 20060242409 to Reneris and in further view of U.S. 9,804,952 to Cohen et al.

Per claim 1, Herman Saffar teaches method for manufacturing a secure, modular business-specific hardware application, comprising: 
a step of selecting: 
a hardware computer integrated into a closed case that isolates the hardware computer from the outside so as to make the hardware computer structurally non-expandable because the hardware resources cannot be accessed from outside the case without damaging the hardware resources, 
an operating system for managing containers in a generic, lightweight fashion, associated with the hardware computer (see at least FIG. 2; see also at least col.6, lines 26-27 “…RMS kernel 230 may be a core application or computer program (e.g., an operating system) executing on the underlying hardware (e.g., one or more integrated circuits) of the RMS 200…”),
FIG. 2; see also at least col.6, lines65-67 “…a container 220 may be a template for all containers…”),
business-specific software components (see at least FIG. 2; see at least col.6, lines 65-67 “…a container 220 may be a template for all containers of a specific application type that implement at least a portion of a service deployed through the service platform…”), and
a step of deploying the business-specific software components in instantiated containers based on the container templates (see at least FIG. 2; see at least col.6, lines 65-67 “…a container 220 may be a template for all containers of a specific application type that implement at least a portion of a service deployed through the service platform…”).
Herman Saffar does not explicitly teach
a hardware computer integrated into a closed case that isolates the hardware computer from the outside so as to make the hardware computer structurally non-expandable because the hardware resources cannot be accessed from outside the case without damaging the hardware resources, and
a software development kit, associated with the operating system and with the hardware computer.

	Reneris teaches an analogous art relates to closed box system, comprising:
a hardware computer integrated into a closed case that isolates the hardware computer from the outside so as to make the hardware computer structurally non-expandable because the hardware resources cannot be accessed from outside the case without damaging the hardware resources (see at least paragraph [0025] “…While CE Device 150 may be a closed box system wherein it may be difficult for a hacker to replace graphics device 170 with a device capable of copying unprotected media 360…”).
	It would have been obvious for a person of an ordinary skill in the art as of the effective filing date of the claimed invention to modify the teaching of Herman Saffar to incorporate the teaching of Reneris to integrate the RMS 200 into a closed box.  One would have been motivated to integrated the RMS 200 into a closed box in order to protect the system from hacker to modify the system.
Neither Herman Saffar nor Reneris teaches:
a software development kit, associated with the operating system and with the hardware computer.

	However, Cohen teaches an analogous art relates to managing software containers, comprising:
a software development kit, associated with the operating system and with the hardware computer (see at least col.11, lines 31-40 “An integrated development environment (IDE) provides a set of tools such as editing and debugging software for programmers.  These tools are used to create and debug software programs.  The IDE supports software development by providing a windowed system for source file editing, project management, and file interdependency management and debugging…”).
	Therefore, it would have been obvious for a person of an ordinary skill in the art as of the effective filing date of the claimed invention to modify the teachings of Herman Saffar and Reneris to incorporate the teaching of Cohen to incorporate the integrated development environment to provide a set of tools for software development.  One would have been motivated to include an IDE in the system for developing application services.

Per claim 2, Herman Saffar in combination with Reneris and Cohen further teaches
wherein: the operating system capable of managing containers in a generic, lightweight fashion comprises: a generic mechanism for managing a non-predetermined number of containers, comprising: a function of installing container templates, a function of updating the container templates, a function of creating a container by instantiating a container template, a function of starting a container, a 4Docket No. 0600-1815 function of stopping a container, a function of destroying a container, a mechanism for configuring said generic mechanism for managing containers, capable of configuring: the list of containers to be managed, the set of additional components required for the operation of the containers to be managed (in Herman Saffar, see at least col.6, lines 26-41 “…the RMS kernel 230 may be a core application or computer program (e.g., an operating system) executing on the underlying hardware (e.g., one or more integrated circuits) of the RMS 200.  The RMS kernel 230 may include functionality to: (i) generate, store, and retrieve golden containers (described below); (ii) create containers based on a golden container of the same application type; (iii) delete or reassign containers as honeypots; (iv) generate and feed emulated network traffic to honeypot containers; (v) submit scan requests to, and receive scan responses from, the container scanner 260; and (vi) submit track requests to, and receive elapse notifications from, the retention tracker 240.  One of ordinary skill in the art will appreciate that the RMS kernel 230 may include other functionalities without departing from the scope of the disclosure…”).

Per claim 3, Herman Saffar in combination with Reneris and Cohen further teaches
wherein: said generic mechanism for managing containers comprises only: said function of installing container templates, said function of updating the container templates, said function of creating a container by instantiating a container template, said function of starting a container, said function of stopping a container, said function of destroying a container (in Herman Saffar, see at least col.6, lines 26-41 “…the RMS kernel 230 may be a core application or computer program (e.g., an operating system) executing on the underlying hardware (e.g., one or more integrated circuits) of the RMS 200.  The RMS kernel 230 may include functionality to: (i) generate, store, and retrieve golden containers (described below); (ii) create containers based on a golden container of the same application type; (iii) delete or reassign containers as honeypots; (iv) generate and feed emulated network traffic to honeypot containers; (v) submit scan requests to, and receive scan responses from, the container scanner 260; and (vi) submit track requests to, and receive elapse notifications from, the retention tracker 240.  One of ordinary skill in the art will appreciate that the RMS kernel 230 may include other functionalities without departing from the scope of the disclosure…”).

Per claim 4, Herman Saffar in combination with Reneris and Cohen further teaches
wherein: said configuration mechanism of said generic mechanism for managing containers is able to configure only: said list of containers to be managed, said set of additional components required for the operation of the containers to be managed (in Herman Saffar, see at least FIG. 2 “CONTAINER PROFILE”).

Per claim 5, Herman Saffar in combination with Reneris and Cohen further teaches
wherein: said set of additional components required for the operation of the containers to be managed, comprises: virtual networks, and/or data volumes, and/or access to business-specific hardware components with the access rights of the various containers to said components (in Herman Saffar, see at least FIG. 2 “CONTAINER PROFILE”).

Per claim 6, Herman Saffar in combination with Reneris and Cohen further teaches
wherein  a number of software components forming said operating system is less than 100 software components (in Herman Saffar, see at least FIG. 2; see also at least col.6, lines 26-27 “…RMS kernel 230 may be a core application or computer program (e.g., an operating system) executing on the underlying hardware (e.g., one or more integrated circuits) of the RMS 200…”).

Per claim 7, Herman Saffar in combination with Reneris and Cohen further teaches
wherein said hardware computer, integrated into a closed case that isolates it from the outside so as to make the hardware resources of this hardware computer structurally non-expandable because these resources cannot be accessed from outside the case without damaging them, already includes  potential business-specific hardware component (in Reneris, FIGS. 2 & 3 “CE Device or PC with Hardware Functionality Scan System”).

Per claim 8, Herman Saffar in combination with Reneris and Cohen further teaches
wherein the potential business-specific hardware component is a cryptographic card that is advantageously capable of in Reneris, FIGS. 2 & 3 “CE Device or PC with Hardware Functionality Scan System”).

Per claim 9, Herman Saffar in combination with Reneris and Cohen further teaches
wherein said hardware computer comprises at least: one or more microprocessors, one or more volatile memories, one or more persistent memories, one or more network interfaces (in Herman Saffar, see at least FIG. 9; see also at least col.16, lines 46 “The processing device 902-1 in the processing platform 900 comprises a processor 910 coupled to a memory 912.  The processor 910 may comprise a microprocessor, a microcontroller, an application specific integrated circuit (ASIC), a field programmable gate array (FPGA) or other type of processing circuitry, as well as portions or combinations of such circuitry elements, and the memory 912, which may be viewed as an example of a "processor-readable storage media" storing executable program code of one or more software programs…Also included in the processing device 902-1 is network interface circuitry 914…”).

Per claim 11, Herman Saffar in combination with Reneris and Cohen further teaches
in Herman Saffar, see at least col.6, lines 9-11 “…a container 140 may alternatively host a micro-service, which may structure an application as a collection of coupled services…”).  

Per claim 12, Herman Saffar in combination with Reneris and Cohen further teaches
wherein: additional security software components are implemented within said operating system, and/or specific configurations increasing the level of security are implemented within said operating system (in Herman Saffar, see at least col.5, lines 40-54 “…a back-end application type container 140-be may include functionality to: (i) validate received input from a user or other service;(ii) maintain service-wide security operations; (iii) communicate with external hosts to retrieve additional information; and (iv) process (i.e., execute algorithms on) the received input and additional information, if any, to generate output.  By way of example, a back-end application type container 140-be may implement at least a portion of a data processing algorithm, a validation rule, an internet security suite, a web-service (i.e., technology that allows services/applications to communicate with each other), etc…”).

Per claim 13, Herman Saffar in combination with Reneris and Cohen further teaches
in Herman Saffar, see at least FIG. 2).

Per claim 14, Herman Saffar in combination with Reneris and Cohen further teaches
Wherein: the configuration of the entire software portion of the business-specific hardware application is hardened to improve its 8Docket No. 0600-1815 security, and/or the configuration of the operating system is hardened to improve its security (in Herman Saffar, see at least col.5, lines 40-54 “…a back-end application type container 140-be may include functionality to: (i) validate received input from a user or other service;(ii) maintain service-wide security operations; (iii) communicate with external hosts to retrieve additional information; and (iv) process (i.e., execute algorithms on) the received input and additional information, if any, to generate output.  By way of example, a back-end application type container 140-be may implement at least a portion of a data processing algorithm, a validation rule, an internet security suite, a web-service (i.e., technology that allows services/applications to communicate with each other), etc…”).

Per claim 15, Herman Saffar in combination with Reneris and Cohen further teaches
 a container management system is  a Docker system (in Herman Saffar, see at least col.2, lines 50-55 “…containers are implemented as Docker containers or other types of Linux containers (LXCs).  Such Docker containers and other types of LXCs may be implemented on one or more Linux processing devices using Linux kernel control groups…”).

Claim 10 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent No. 10,824,726 to Herman Saffar in view of U.S. Pub. No. 20060242409 to Reneris and in further view of U.S. 9,804,952 to Cohen et al and in further view U.S. Pub. No. 20180331905 to Toledo.

Per claim 10, neither Herman Saffar, Reneris nor Cohen explicitly teaches
wherein the total capacity of the volatile memory(-ies) is between 5 and 30 GB, and the total capacity of the persistent memory(-ies) is between 50 and 500 GB.  

	However, Toledo teaches an analogous art relates to deploying microservices, comprising:
total capacity of volatile memory(-ies) is between 5 and 30 GB, and total capacity of persistent memory(-ies) is between 50 and 500 GB (see at least paragraph [0097] “…a microservice, for example `Sa` may be associated with resource requirements, such as 2 CPU shares, a memory of 2 GB and a disk space of 30 GB, whereas another microservice, for example `Sb` may be associated with resource requirements, such as 1 CPU share, a memory of 4 GB and a disk space of 100 GB, then a rule may be defined that two instances of these services can be scheduled on the same host if and only if the host has at least 3 cores, 6 GB on RAM and 130 GB of disk space…”).
	Therefore, it would have been obvious for a person of an ordinary skill in the art as of the effective filing date of the claimed invention to modify the teachings of Herman Saffar, Reneris and Cohen to incorporate the teaching of Toledo to provide minimum memory capacity requirements on the host for microservices.  One would have been motivated to make sure the host computer has enough RAM and disk space in order to host microservices.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
U.S. Pub. No. 20170322824 relates using containers for hardware resources partitioning.

U.S. Patent No. 9692666 relates to managing containers.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to PHILLIP H NGUYEN whose telephone number is (571)270-1070.  The examiner can normally be reached on Monday-Friday 9:00AM-5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Wei Zhen can be reached on (571) 272-3708.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/PHILLIP H NGUYEN/Primary Examiner, Art Unit 2191