DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Amendments
	This office action responds to the amendments filed on February 18, 2021 for application 15/934,412.  Claims 1, 7, 10, 15, and 19-20 were amended, and claims 1, 3, 5-15, and 17-21 remain pending in the application.
Response to Arguments
	The Applicant’s arguments filed on February 18, 2021 have been fully considered, and the Examiner responds as provided below.
	Regarding the Applicant’s response at page 6 of the Remarks that concerns the § 112(b) rejection of independent claims 1, 10, and 19 (and thus the dependents), the amendments to the claims cure the deficiencies and the rejection is withdrawn.
	Regarding the Applicant’s response at page 6 of the Remarks that concerns the § 101 rejection of claims 19 and 20, the amendment to the claim 19 adequately addresses the issue and the rejection is withdrawn.
	Regarding the Applicant’s response at pages 6-12 of the Remarks that concerns the § 103 rejection of independent claims 1, 10, and 19, the Examiner respectfully disagrees with the Applicant’s arguments and the § 103 rejection is maintained.
	The Applicant introduces their argument at page 7 by opining, “The Office Action is citing irrelevant art and impermissibly hunting and pecking through the references for elements taken out of context in an attempt to stitch together assignee’s claimed subject rd party untrusted plugins against guest containers on a shared cloud…” (emphasis added).  However, none of the claims recite the limitation of “a shared cloud.”  While the Applicant bemoans the application of “irrelevant art” obtained through “impermissibl[e] hunting and pecking,” the Applicant has seemingly overlooked the principle that claim limitations may not be imported from the specification.  See MPEP § 2111.01(II) (stating “It is improper to import claim limitations from the specification”).   Thus, while the Applicant believes the prior art is irrelevant because it relates to a settop box, the opposite is true – the cited prior art is relevant because the claims possess a greater breadth than the Applicant realizes or acknowledges.  
	In attempting to distinguish the claimed subject matter from the cited references, the Applicant also argues, “A sidecar service is not necessarily part of the application but is connected to the guest container and follows the parent application. A sidecar is independent from its primary application in terms of runtime environment and programming language.”  Remarks p. 7. Again, the claims are devoid of limitations involving a “parent application,” “runtime environment,” and “programming language.”  Thus, the Examiner respectfully concludes the Applicant’s arguments are inapposite.   
Applicant argues, “Assignee’s claimed innovation implements a sidecar container sandbox concept to address security.”  Remarks p. 9.  However, Fig. 8 of Kellerman readily depicts two containers, one of which hosts a plug-in for an “untrusted user mode environment,” where it easy to conclude that this system is created to “address security.”  Given the breadth of the claims where the Applicant has failed to provide as claimed by Applicant. 
The Applicant also argues, “The kernel constructs which imitate a configurable filter, controls and regulates all communications between the sidecar contain (running the plugin) and the guest container (both running on the host).”  Remarks p. 9.  Again, the claims fail to recite a “configurable filter,” and the Examiner maintains that Schultz at ¶ [0004] teaches or suggests the regulation or control by seccomp that is associated with a “kernel construct.”  
The Applicant also argues that “Schultz not only does not disclose or suggest assignee’s innovation but teaches away from it by executing potentially undesirable code in the container as evinced by the sections of Schultz…”  Remarks. p. 10.  The Examiner respectfully disagrees with the premise of this argument because one skilled in the art within the computer sciences would modify or eliminate the “undesirable code” to create a workable system.  Schultz was relied upon to establish the teaching or suggestion of controlling the plugin via seccomp to prevent it from “conducting unauthorized acts,” and the Examiner respectfully finds that extending Schultz to negate this teaching or suggestion is not persuasive.
While the Applicant concludes that “Neither Kellerman et al., Degioanni nor Schultz, alone or in combination disclose” the claimed subject matter of independent claims 1, 10, and 19, see Remarks p. 9-10, the Examiner respectfully disagrees with the Applicant for the reasons previously presented above.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

(NOTE: within the Examiner’s parenthetical explanations below, material within quotation marks is language quoted from the prior art reference, underlined material is language quoted from the claims, and material within brackets is material altered from either a prior art reference or a claim.  Regarding the reconstruction of the claims, a numbered footnote indicates a primary phrase to be first moved upwards to the first cited reference, while a lettered footnote indicates a secondary phrase to be moved after the movement of the primary phrase from which it was lifted.  Or more succinctly, move numbered material first, lettered material last.)
A.	Claims 1, 6, 10, 19 and 21 are rejected under 35 U.S.C. 103 as being unpatentable over Kellerman et al. (US 2014/0115718, “Kellerman”) in view of Degioanni (US 2018/0255100, “Degioanni”), and further in view of Schultz et al. (US 2018/0314846, “Schultz”).
Regarding Claim 1
Kellerman discloses
A system (Fig. 8, ¶¶ [0067]-[0070]), comprising: a memory (Fig. 10, ¶¶ [0074]-[0075], i.e., “shared memory” and/or “segrated regions of memory) that stores computer executable components (¶ [0075], “set of instructions”); 
a processor (Fig. 10, ¶¶ [0074]-[0075], i.e., “CPU2”) that executes computer executable components stored in the memory (¶¶ [0074]-[0075], i.e., “CPU2 may be dedicated to execution of non-secure functionality and untrusted applications”), 
wherein the computer executable components (¶¶ [0074]-[0075]) comprise: 
a …1 container (Fig. 8, ¶ [0069], i.e., the “second VM host Linux container 832”); 
a sandbox component (Fig. 8, ¶ [0068], i.e., collectively the “first virtual machine (VM) guest Linux container(s) 830” and the “minimal guest Linux services access interface 826,” where the container 830 is sandboxed by the limited functionality imposed by the interface 826; see also “The Android framework 802 further includes platform or operating system access functionality 824 that enables limited access to necessary components of the secure Linux kernel environment 806 through a minimal guest Linux services access interface 826,” i.e., the “limited access to necessary components” indicates the “creat[ion]” of a sandbox; see also Schultz ¶ [0004], “The Docker Engine uses the seccomp facility [of Linux] to limit which system calls can be called from within a container, thus making it more difficult for a container to access or alter objects outside the container,” which further suggests the creation of a container that is sandboxed by imposing restrictions on its possible actions) 
created from at least a sidecar container (Fig. 8, ¶ [0069], i.e., “a first virtual machine (VM) guest Linux container(s) 830” acts as a sidecar container that is combined with the “interface 826” to create the sandbox), and separate from the guest container (Fig. 8, i.e., the container 830 and interface 826, that create the sandbox, are separate from the container 832 that acts as the guest container), 
wherein the sandbox component is operatively coupled between a host (Fig. 8, ¶ [0067], “access server 816” acts as a host) and the guest container (Fig. 8, ¶¶ [0067]-[0069], i.e., the sandbox (container 830 and interface 826) is coupled with the access server 816 and container 832) and securely extends system data collection software (Fig. 8, ¶ [0068], i.e., the software to implement the “operating system access functionality 824”) with potentially untrusted third-party code (Fig. 8, ¶ [0068], “certified/untrusted applications 820,” where “the untrusted Android framework 802 [that operates within the container 830 and includes interface 820] is executed in a first virtual machine (VM) guest Linux container(s) 830 (such as an “LXC” or Linux resource container) to provide further isolation from secure processes and resources,” which thus securely extends the OS features used by the untrusted software), 
wherein the sandbox (Fig. 8, ¶ [0068]) component comprises: 
a plugin within the sidecar container (Fig. 8, ¶ [0068], i.e., the plug-in as illustrated or the untrusted application that may also be a plug-in, both of which reside within the container 830); and 
a kernel construct (¶ [0068], i.e., those aspects of the “secure Linux kernel environment” that are accessed via the “minimal guest Linux access interface 826) operatively connected between the plugin and the guest container (Fig. 8, ¶¶ [0067]-operatively connected with the kernel environment 806 and interface 826 (that cumulatively implement the kernel) as illustrated by the vertical arrows within Fig. 8) and …2.
Kellerman doesn’t disclose
	1 …guest container…
	2 …that provides the plugin with level of access rights and constraints so that the plugin is prevented from conducting unauthorized acts on the host or inside the guest container.	
Degioanni, however, discloses
	1 …guest container…(¶¶ [0027], [0040], i.e., the claim is silent of what makes the container a “guest” container.  Noting that the specification indicates a guest container exists on a cloud platform, see ¶ [0001] of the specification, the guest container is interpreted to exist on a cloud platform; accordingly such a circumstance is disclosed by the “virtual computer management service” (i.e., container service) and the “cloud service provider,” recognizing one skilled in the art would recognize implementation of containers on cloud platforms)
Schultz, however, discloses
2 …that provides the plugin with level of access rights and constraints so that the plugin is prevented from conducting unauthorized acts on the host or inside the guest container (¶ [0004], “The Docker Engine uses the seccomp facility to limit which system calls can be called from within a container [that includes the plugin or untrusted application Kellerman], thus making it more difficult for a container to access or alter host and the “container 832” of Kellerman that acts as the guest container)
Regarding the combination of Kellerman and Schultz, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the container system of Kellerman to have included the technique for restricting the operation of containers. One of ordinary skill in the art would have been motivated to incorporate the technique for restricting the operation of containers because Kellerman alludes to “limited access,” see ¶ [0068], and Schultz furthers this concept of security by fully teaching that the “Docker Engine … mak[es] it more difficult for a container to access or alter objects outside the container,” see Schultz ¶ [0004]. 
Regarding the combination of Kellerman-Schultz and Degioanni, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the container system of Kellerman-Schultz to have adopted the container system for a cloud platform (or services) within Degioanni. One of ordinary skill in the art would have been motivated to adopted the container system for a cloud platform because Kellerman alludes to a “cloud based source,” see Kellerman ¶ [0068]; Degioanni collectively teaches the container services within the context of cloud providers; and one skilled in the art would recognize the broad application of a container within a set top box platform to a cloud platform.
Regarding Claim 6
Kellerman in view of Schultz, and further in view of Degioanni (“Kellerman-Schultz-Degioanni”) discloses the system of claim 1, and Schultz further discloses
wherein the system data collection software (Fig. 3, ¶¶ [0029]-[0030]) comprises system state extraction software (¶ [0029], i.e., the “container engine 142” can “save[e] the state of containers” by extract[ing] the state of part of the system).
Regarding Claim 21
Kellerman-Schultz-Degioanni discloses the system of claim 1, and Schultz further discloses
wherein the sandbox component performs an evaluation to determine whether the guest container and the host are protected from the plugin (¶ [0007], “The security policy of a GRE [guest runtime environment] specifies restrictions and/or permissions for activities that may be performed within the scope of execution of the GRE;” Fig. 1, ¶¶ [0029], [035]-[0036], i.e., the “policy monitor 106” operates within a “guest runtime engine” (GRE); and ¶¶ [0032]-[0034], i.e., “monitoring execution of the GRE” is an evaluation of the security of the GRE, that can similarly be employed by the sandbox, to ensure protection from the plugin), wherein the evaluation comprises:
Degioanni further discloses 
a determination of whether there is a capability to bypass file read permission checks and directory read and to execute permission checks (Fig. 2, ¶ [0028], i.e., the Linux container/kernel includes Linux functions, including CAP_DAC_READ_SEARCH upon which the relevant limitation depends, and it would be obvious to one skilled in the art to employ a Linux function to achieve its intended result; see MPEP 2141(III) stating, “Prior art is not limited just to the references being applied, but includes the understanding of one of ordinary skill in the art. The prior art reference (or references when combined) need not teach or suggest all the claim limitations, however, Office ; 
a determination of whether a defined process is able to traced using ptraceo function (Fig. 2, ¶ [0028], i.e., the Linux container/kernel includes Linux functions, including CAP_SYS_PTRACE upon which the limitation depends, and it would be obvious to one skilled in the art to employ a Linux function to achieve its intended result; see MPEP 2141(III)); and 
a determination of whether a defined secure computing mode is employed in which only a defined number of available system calls are employed (Fig. 2, ¶ [0028], i.e., the Linux container/kernel includes Linux functions, including SecComp upon which the limitation depends, and it would be obvious to one skilled in the art to employ a Linux function to achieve its intended result; see MPEP 2141(III))).
	Regarding the combination of Kellerman-Schultz and Degioanni, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the container system of Kellerman-Schultz to have adopted the Linux capabilities suggested within Degioanni. One of ordinary skill in the art would have been motivated to adopt the Linux capabilities within Degioanni because Degioanni teaches the use of LXC (Linux containers), and more specifically, “Examples of mandatory access control include Security-Enhanced Linux (SELinux) which is a Linux kernel security module that provides a mechanism for supporting access control security policies,” see ¶ [0007].
Regarding Independent Claims 10 and 19
With respect to independent claims 10 and 19, a corresponding reasoning as mutatis mutandis, to the subject matter of claims 10 and 19. Therefore, claims 10 and 19 are rejected, for similar reasons, under the grounds set forth for claims 1 and 2.
B.	Claims 3 and 11 are rejected under 35 U.S.C. 103 as being unpatentable over Kellerman in view of Schultz and Degioanni, and further in view of Anonymous NPL Document, “Sidecar-container-based-crawler plugin sandbox,” Jan. 22, 2018 (hereinafter “Anonymous NPL Document I,” see attached NPL document).
Regarding Claim 3
Kellerman-Schultz-Degioanni discloses the system of claim 1 (see § A), and Schultz further discloses
the sandbox component comprises the following kernel constructs: …; namespaces (¶ [0021]); …; seccomp (¶¶ [0004], [0029], i.e., seccomp via Docker); and….
Kellerman-Schultz-Degioanni doesn’t disclose
…privilege separation; capabilities; and iptables.
Anonymous NPL Document I, however, discloses
	…privilege separation; capabilities; and iptables (p. 3).
Regarding the combination of Kellerman-Schultz-Degioanni and the Anonymous NPL Document I, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the container system of Kellerman-Schultz-Degioanni to have included the kernel constructs within the Anonymous NPL Document I.  One of ordinary skill in the art would have been 
Regarding Claim 11
	With respect to claim 11, a corresponding reasoning as given earlier for claim 3 applies, mutatis mutandis, to the subject matter of claim 11. Therefore, claim 11 is rejected, for similar reasons, under the grounds set forth for claim 3.
C.	Claims 5, 8, 12, and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Kellerman in view of Schultz and Degioanni, and further in view of Fadel et al. (US 2015/0347200, “Fadel”).
Regarding Claim 5
Kellerman-Schultz-Degioanni discloses the system of claim 1 (see § A), and Kellerman further discloses
wherein the sandbox component (Fig. 8, ¶ [0068]) provides the plugin…1 (Fig. 8, ¶ [0068]) 
Kellerman-Schultz-Degioanni doesn’t disclose
1 …with secure access to a memory of the guest container and a disk state of the guest container
Fadel, however, discloses
1 …with secure access to a memory of the guest container and a disk state of the guest container (Fig. 2A, ¶¶ [0047]-[0050] , “Application 204 and application extension 205 communicates with each other via an inter-process communications (IPC) framework (not shown),” and “When an application has been sandboxed during access exists to “sandbox 2” (or the guest container and its accompanying memory and disk state) from the plugin in “sandbox 2,” and the “sandboxed process” that limits certain acts ensures that it is secure).
Regarding the combination of Kellerman-Schultz-Degioanni and Fadel, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the container system of Kellerman-Schultz-Degioanni to use a sandbox to run untrusted third-party code. One of ordinary skill in the art would have been motivated to use a sandbox to run untrusted code because Fadel teaches that “[r]estricting execution of a program within a restricted operating environment can reduce the changes of the program interfering or causing damages to 
other components or resources of an electronic device.” See Fadel ¶ [0056].
Regarding Claim 8
Kellerman-Schultz-Degioanni discloses the system of claim 1 (see § A), and Kellerman further discloses
wherein executing the plugin in the sidecar container…1(Fig. 8, ¶ [0068])
Kellerman-Schultz-Degioanni doesn’t disclose
1 …provides host security, guest security, and guest visibility.
Fadel, however, discloses
1 …provides host security, guest security (¶ [0048], “One of the purposes of sandboxing an application is to isolate the application from accessing other unnecessary or unrelated system resources of another application or a system component, such that any damage caused by the application would not spill over to other areas of system 100,” and thus the plugin doesn’t affect the guest container (i.e., the “container 140” of Schultz) or the host (i.e., “host OS/kernel 104 of Schultz”)) and guest visibility (Fig. 4A, ¶ [0074], i.e., “GUI content 405” that is “presented by application 204” which acts analogously or substitutes for the guest container 140 of Schultz ).
Regarding the combination of Kellerman-Schultz-Degioanni and Fadel, the 
rationale to combine is the same as provided for claim 5.
Regarding Claim 12
Kellerman-Schultz-Degioanni discloses the method of claim 10, and Kellerman further discloses 
wherein executing the plugin inside the sidecar…1 (Fig. 8, ¶ [0068]) 
Kellerman-Schultz-Degioanni doesn’t disclose
1 …protects the host and the guest container.
Fadel, however, discloses
1 …protects the host and the guest container (¶ [0051], “A sandboxed process is the application or other program for which security containment will be implemented,” and through “containment” the “plugin” cannot conduct unauthorized acts on the host or inside the guest container, thus protect[ing] the host and the guest container).
	Regarding the combination of Kellerman-Schultz-Degioanni and Fadel, the rationale to combine is the same as provided for claim 5.
Regarding Claim 13
	With respect to claim 13, a corresponding reasoning as given earlier for claim 5 applies, mutatis mutandis, to the subject matter of claim 13. Therefore, claim 5 is 
rejected, for similar reasons, under the grounds set forth for claim 5.
D.	Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over Kellerman in view of Schultz and Degioanni, and further in view of Fadel and Ghosh et al. (US 2010/0122343, “Ghosh”)
Regarding Claim 7
Kellerman-Schultz-Degioanni discloses the system of claim 1 (see § A), and Kellerman further discloses
wherein the sandbox component…1 (Fig. 8, ¶ [0068)
Kellerman-Schultz-Degioanni doesn’t disclose
1 …determines access rights and constraints in connection with the plugin without modifying the kernel construct.
Fadel, however, discloses
1 …determines access rights and constraints in connection with the plugin…a (¶ [0048], “A sandboxed process refers to a process that has been restricted within a restricted operating environment (e.g., sandbox) that limits the process to a set of predefined resources,” i.e., the “restricted operating environment” involves restricting access rights from applications outside of the sandbox and constrain[ing] the application within the sandbox; see also Schultz ¶ [0007], “The security policy of a GRE specifies restrictions and/or permissions for activities that may be performed within the scope of execution of the GRE”) 
Ghosh, however, discloses
a…without modifying the kernel (¶ [0033], “,” i.e., the employment of a single kernel amongst multiple containers is that the kernel is not modified).
Regarding the combination of Kellerman-Schultz-Degioanni and Fadel, the rationale to combine is the same as provided for claim 5 as the subject matter of claim 5 as it relates to claim 1 is similar to the subject matter of claim 7 as it relates to claim 1.
Regarding the combination of Kellerman-Schultz-Degioanni-Fadel and Ghosh, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the container system of Kellerman-Schultz-Degioanni-Fadel to have included the kernel functionality of Ghosh.  One of ordinary skill in the art would have been motivated to incorporate the kernel functionality of Ghosh because the sharing of a single kernel offers performance benefits (as compared to hardware virtualization).  See Ghosh ¶ [0033].
E.	Claim 15 is rejected under 35 U.S.C. 103 as being unpatentable over Kellerman in view of Schultz and Degioanni, and further in view of Ghosh.
Regarding Claim 15
Kellerman-Schultz-Degioanni discloses the system of claim 1 (see § A), and Schultz further discloses
wherein the sandbox component (of Kellerman) adjusts access rights and constraints with the plugin…1 (¶ [0007], “The security policy of a GRE [guest runtime environment] specifies restrictions and/or permissions for activities that may be performed within the scope of execution of the GRE;” Fig. 1, ¶¶ [0029], [035]-[0036], i.e., the “policy monitor 106” operates within a “guest runtime engine” (GRE); and ¶¶ adjusts access rights and constraints “may be reversing an access to a resource, denying the corresponding request…”) 
Kellerman-Schultz-Degioanni doesn’t disclose
1…without modifying the kernel.
Ghosh, however, discloses
1…without modifying the kernel (¶ [0033], “It may use a single OS kernel to provide an illusion of multiple operating systems for the user level applications,” i.e., the employment of a single kernel amongst multiple containers is that the kernel is not modified).
	The rationale to combine Kellerman-Schultz-Degioanni and Ghosh is the same as provided for claim 7.
F.	Claims 9 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Kellerman in view of Schultz, Degioanni, and Fadel, and further in view of Tan et al. (US 2015/0356294, “Tan”).
Regarding Claim 9
Kellerman-Schultz-Degioanni-Fadel discloses the system of claim 5 (see § C), and Fadel further discloses
wherein the plugin access to a state of the guest container state is…1 (Fig. 2A, ¶¶ [0047]-[0050]) 
Kellerman-Schultz-Degioanni-Fadel doesn’t disclose
1 …read-only to mitigate side effects and protect the guest container.
Tan, however, discloses
1 …read-only to mitigate side effects and protect the guest container (¶ [0299], “To address this security concern, CFI sets the GOT.PLT table to be always read-only inside the sandbox…” with the mitigate[ion of] side-effects and the protect[ion of] the guest container being the result of restricting the sandbox to a read only functionality).
Regarding the combination of Kellerman-Schultz-Degioanni-Fadel and Tan, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the container system of Kellerman-Schultz-Degioanni-Fadel to have included the read-only feature of Tan.  One of ordinary skill in the art would have been motivated to incorporate the read-only feature of Tan because Tan teaches that security issues can be addressed by making data read-only.  See Tan at ¶ [0299].   
Regarding Claim 17
With respect to claim 17, a corresponding reasoning as given earlier for claim 9 applies, mutatis mutandis, to the subject matter of claim 17. Therefore, claim 17 is rejected, for similar reasons, under the grounds set forth for claim 9. 
G.	Claim 14 is rejected under 35 U.S.C. 103 as being unpatentable over Kellerman in view of Schultz and Degioanni, and further in view of Anonymous NPL Document, “Safe System State Extraction Extensibility via Plugin Sandboxing” Dec. 19, 2017 (hereinafter “Anonymous NPL Document II,” see attached NPL document).
Regarding Claim 14
Kellerman-Schultz-Degioanni discloses the system of claim 1 (see § A), and Kellerman further discloses
wherein the plugin (Fig. 8, ¶ [0068]) is for…1 
Kellerman-Schultz-Degioanni doesn’t disclose
1 …system state extraction software
Anonymous NPL Document II, however discloses
1 …system state extraction software (at least p. 1, “At the core, the specific problem we target is plugin sandboxing for system state extraction software.”).
	Regarding the combination of Kellerman-Schultz-Degioanni and Anonymous NPL Document II, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the container system of Kellerman-Schultz-Degioanni to have included the system-state extraction feature of Anonymous NPL Document II.  One of ordinary skill in the art would have been motivated to incorporate the system-state extraction feature of Anonymous NPL Document II because Anonymous NPL Document II discusses the security problems of running third-party plugins and states, “These observations motivate our work – developing a sandbox environment for plugin execution, so that the monitored endpoint (as well as the monitoring software core) can be protected from the plugins’ side-effects,” see p. 1.   
H.	Claim 18 is rejected under 35 U.S.C. 103 as being unpatentable over Kellerman in view of Schultz and Degioanni, and further in view of Yamada et al. (US 2014/0281376, “Yamada”).
Regarding Claim 18
Kellerman-Schultz-Degioanni discloses the system of claim 1 (see § A), where Kellerman further discloses 
wherein the plugin (Fig. 8, ¶ [0068]) is…1 
Kellerman-Schultz-Degioanni doesn’t disclose
1…granted a minimal set of privileges to perform its defined purpose.
Yamada, however, discloses
	1…granted a minimal set of privileges to perform its defined purpose (¶ [0025], “the BT [binary translation] container is given minimal privileges and priority appropriate to operate” ).
	Regarding the combination of Kellerman-Schultz-Degioanni and Yamada, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the container system of Kellerman-Schultz-Degioanni to have included the privilege feature of Yamada.  One of ordinary skill in the art would have been motivated to incorporate the privilege feature of Yamada because Yamada teaches, that minimizing the privileges “significantly reduc[es] the security risk and system impact such as latency exposures to the operating system.”  See Yamada at ¶ [0025].
I.	Claim 20 is rejected under 35 U.S.C. 103 as being unpatentable over Kellerman in view of Schultz, Degioanni and Fadel, and further in view of Ghosh, Tan and Yamada.
Regarding Claim 20
Kellerman-Schultz-Degioanni discloses the computer program product of claim 19, and Schultz further discloses
further comprising program instructions executable by processor to cause the processor (Figs. 1 & 7; ¶¶ [0017], [0044], i.e., “processing hardware 226” that “cooperate[s]” via the execut[ion] of the computer executable components) to: 
provide the plugin with secure access to a memory and a disk state of the guest container (Fig. 2A, ¶¶ [0047]-[0050] , “Application 204 and application extension 205 communicates with each other via an inter-process communications (IPC) framework (not shown),” and “When an application has been sandboxed during execution, the application is executed as a sandboxed process or thread within the system that is contained within a sandbox (also referred to as an application container), in which it cannot access certain system resources or another territory (e.g., sandbox) of another application, subject to a security profile associated with the sandboxed application;” i.e., access exists to “sandbox 2” (or the guest container and its accompanying memory and disk state) from the plugin in “sandbox 2,” and the “sandboxed process” that limits certain acts ensures that it secure), 
wherein the plugin is for system state extraction software (¶ [0046], i.e., Adobe Acrobat acts as a plugin for a web browser that acts as system state extraction software, noting system state extraction software is not a term within the art nor explicitly defined within the specification; thus, this abstract term is construed broadly to include any software that extracts a resource, such as memory, and consequently affects the system state, with the Examiner noting the statements within ¶ [0027] that relate to the memory of the guest container may be useful in overcoming this rejection and broad interpretation of the claim; see also the rejection of claim 14 where Anonymous NPL Document II more explicitly teaches this limitation); 
balance access rights and constraints in connection with the plugin…1 (¶ [0048], “A sandboxed process refers to a process that has been restricted within a restricted operating environment (e.g., sandbox) that limits the process to a set of predefined resources,” i.e., the predefined resources represent constraints (i.e., an imposed definition is a constraint), and the “restrict[ion]” of the “process” represents fine-tuning to ensure the sandboxes are secure), 
wherein executing the plugin in the sidecar container provides host security, guest security ¶ [0048], “One of the purposes of sandboxing an application is to isolate the application from accessing other unnecessary or unrelated system resources of another application or a system component, such that any damage caused by the application would not spill over to other areas of system 100,” and thus the plugin doesn’t affect the guest container (i.e., the “container 140” of Schultz) or the host (i.e., “host OS/kernel 104 of Schultz”)) and guest visibility (Fig. 4A, ¶ [0074], i.e., “GUI content 405” that is “presented by application 204” which acts analogously or substitutes for the guest container 140 of Schultz ); 
restricting the plugin access to state of the guest container…2 (Fig. 2A, ¶¶ [0047]-[0050]); and 
grant the plugin…3 (Fig. 2A, ¶¶ [0046]-[0047], “application extension 205” as a plugin).
Kellerman-Schultz-Degioanni doesn’t disclose
	1…without modifying the kernel construct,
	2 …as read-only to mitigate side-effects and protect the guest container; and
3 … a minimal set of privileges to perform its defined purpose.
Ghosh, however, discloses
 	1…without modifying the kernel construct (¶ [0033], i.e., the employment of a single kernel amongst multiple containers is that the kernel is not modified),
Tan, however, discloses
	2 …as read-only to mitigate side-effects and protect the guest container (¶ [0299], “To address this security concern, CFI sets the GOT.PLT table to be always read-only inside the sandbox…” with the mitigate[ion of] side-effects and the protect[ion of] the guest container being the result of restricting the sandbox to a read only functionality); and
Yamada, however, discloses
3 … a minimal set of privileges to perform its defined purpose (¶ [0025], “the BT [binary translation] container is given minimal privileges and priority appropriate to operate”).
Regarding the combination of Kellerman-Schultz-Degioanni and Ghosh, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the container system of Kellerman-Schultz-Degioanni to have included the kernel functionality of Ghosh.  One of ordinary skill in the art would have been motivated to incorporate the kernel functionality of Ghosh because the sharing of a single kernel offers performance benefits (as compared to hardware virtualization).  See Ghosh ¶ [0033].
Regarding the combination of Kellerman-Schultz-Degioanni-Ghosh and Tan, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the container system of Kellerman-
Regarding the combination of Kellerman-Schultz-Degioanni-Ghosh-Tan and Yamada, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the container system of Kellerman-Schultz-Degioanni-Ghosh-Tan to have included the privilege feature of Yamada.  One of ordinary skill in the art would have been motivated to incorporate the privilege feature of Yamada because Yamada teaches, that minimizing the privileges “significantly reduc[es] the security risk and system impact such as latency exposures to the operating system.”  See Yamada ¶ [0025].
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to D'ARCY WINSTON STRAUB whose telephone number is (303)297-4405.  The examiner can normally be reached on Monday-Friday 8:00-5:00 MT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, ASHOKKUMAR B PATEL can be reached on (571)272-3972.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access 



/D'Arcy Winston Straub/Examiner, Art Unit 2491                                                                                                                                                                                                        


/ASHOKKUMAR B PATEL/Supervisory Patent Examiner, Art Unit 2491