DETAILED ACTION

1. 	This Office Action is in response to an application filed on Aug. 29, 2019. The original filing includes claims 1-20. Claims 17-20 have been cancelled. Therefore, Claims 1-16 are presented for examination. Now claims 1-16 are pending.

Election/Restrictions
2.	Applicant’s election without traverse of claims 1-16 in the reply filed on May 12, 2021 is acknowledged.

Notice of Pre-AIA  or AIA  Status
3.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Drawings
4. 	The drawing filed on Aug. 29, 2019 are accepted.

Oath/Declaration
5. 	For the record, the Examiner acknowledges that the Oath/Declaration submitted on Aug. 29, 2019 has been accepted. 
Information Disclosure Statement
6.	The information disclosure statements (IDSs) submitted on 08/29/2019, 11/23/2020, and 04/15/2021 have been considered. The submissions are in compliance with the provisions of 37 CFR 1.97. Forms PTO-1449 are signed and attached hereto.

Priority
7.	Acknowledgment is made of applicant’s claim for priority under 35 U.S.C. 119 (a)-(d). The certified copy of Korean Application KR1020190077954 filed on Jun. 28, 2019 has been received on 10/08/2019.

Claim Rejections - 35 USC § 112
8.	The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

	Claims 10, 11, and 13 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph as being indefinite for failing to particularly point out and distinctly claim the subject matter which applicant regards as the invention.
9.	Claim 11 recites, “when the response is security confirmation”; and lacks antecedent basis. Since it is not clear to which of “a response” of claims 9 or 10 (claim 6 is also citing “a response” since it’s not referenced by proceeding claims examiner excluded claim 6). Claim 13 have the same issue as claim 11 and rejected with the same rationale as claim 11.
Any claim not specifically addressed above is being rejected as incorporating the deficiencies of a claim upon which it depends.
Claim Rejections - 35 USC § 102
10.	The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

11.	Claims 1, 3-7, and 9-14 are rejected under 35 U.S.C. 102 (a) (2) as being anticipated by Nagaratnam et al. US 2018/0027022 hereinafter “Nagaratnam” Published Jan. 25 2018 (according to applicant’s IDS filed 11/23/2020 Cite No. 1).

Regarding claim 1, Nagaratnam teaches: A method for interworking of a security tool and a cloud platform (Nagaratnam, see claim 1 along with abstract) comprising:
checking whether there is a record of confirming or applying security related to a target identifier when a cloud platform client calls a platform interface module (Nagaratnam, see FIG. 7 along with ¶¶ [0091 and 0094] where discloses by user queries the security assurance service to identify by tag-like identifiers to check security levels (applying security related to a target identifier) such as high or medium through user requests item 702 and 704 from security assurance 700, “such application relationship information may be specified by tag-like identifiers that describe the application's purpose”); determining whether to interwork with the security tool when the record is not present (Nagaratnam, see ¶¶ [0112-0113], “The security assurance service could also run as a web service, where apps define what they need, and the service identifies which clouds match the requirements and are endorsed by that provider. This information can be used to identify which zones need to be created based, for example, on application requirements that cannot be satisfied at a point-in-time”); 
requesting a resource required for running the security tool to the cloud platform when invoking the security tool (Examiner note: Nagaratnam in ¶ [0072 and 0112] discloses security tool (see  firewall configuration to open ports, and so forth. Preferably, the service invokes remote interfaces … the assurance templates 602 are modules within the service that provide easy-to-understand security categories or profiles, and their associated security levels, such as ''high/medium/ low internal network security" and "high/medium/low firewall security," and the like. The service 600 also includes an assurance configuration broker 604, which identifies the security goals of selected templates, and that operates to translate selection of a template into detailed configuration”); and 
obtaining the resource from the cloud platform and storing the resource (Nagaratnam first see FIG. 2-3 (item 304 resource provisioning) along with ¶ [0062], “This physical security enables the appliance to serve as a secure vault for credentials, which can be tied to virtual images throughout their entire lifecycle (in storage, being dispensed, running in the cloud … as a dedicated store for both pre-loaded and customized middleware virtual images and patterns. The appliance also includes advanced compression and storage techniques that enable a large number of these virtual images ( each of which may be sizeable) to be stored”; then for more details see ¶¶ [0009, 0065-0066, 0080] then see ¶ [0096], “At step (1), the administrator 800 deploys the application 802 on or to the cloud platform 806. At step (2), the application 802 is provisioned and installed in the cloud platform”).

Regarding claim 3, Nagaratnam discloses all the limitations of claim 1. Further Nagaratnam teaches: determining whether the target identifier is existed in a list managed by a result management module (Nagaratnam, see ¶ [0076] where discloses the security assurance templets 602 are modules within the service that provides categories and profiles associated with security levels that reads on applicant’s limitations, “the assurance templates 602 are modules within the service that provide easy-to-understand security categories or profiles, and their associated security levels, such as ''high/medium/ low internal network security" and "high/medium/low firewall security," and the like. The service 600 also includes an assurance configuration broker 604, which identifies the security goals of selected templates, and that operates to translate selection of a template into detailed configuration steps”).

Regarding claim 4, Nagaratnam discloses all the limitations of claim 1. Further Nagaratnam teaches: terminating calling the platform interface module when the record of confirming or applying security is present (Nagaratnam, see ¶¶ [0096-0097] where discloses the security assurance assesses if the security environment capability is provided is sufficient the application does not start from deploying the application on or cloud platform and continues to execute within security zone rather than request level of security from security assurance service that reads on applicant’s limitations, “the administrator 800 deploys the application 802 on or to the cloud platform 806. At step (2), the application 802 is provisioned and installed in the cloud platform… the security assurance service 804 provisions and installs the security zone in the manner previously described or, alternatively, identifies an existing security zone that provides the requested level of security … the application 802 then queries the security assurance service 802 regarding the security environment that has been provisioned…  the security assurance service assesses the security environment to assess whether the security capabilities provided by the service are sufficient or better than the application's security rights. If so, the application 802 continues to execute within the security zone as if nothing is remiss”; “the security .

Regarding claim 5, Nagaratnam discloses all the limitations of claim 1. Further Nagaratnam teaches: determining whether to interwork with the security tool according to an interworking decision value in security tool configuration information (Nagaratnam, see ¶ [0082], “the security assurance level he or she desires (for a particular category) be "high" or "low" or some other such classification (however delineated). Thus, the term "high" (in reference to a particular coarse security assurance level) may be designated in the alternative by a numerical value, some other identifier or designation”).

Regarding claim 6, Nagaratnam discloses all the limitations of claim 5. Further Nagaratnam teaches: transmitting a response containing failure to confirm/apply security to the cloud platform client when the interworking decision value is indicated termination (Nagaratnam, see ¶ [0096], “If, however, the outcome of the analysis at step ( 6) indicates that the security environment is insufficient for the application 802, the application reports back to the administrator 800 of the need to take one or more remediation steps. This is also indicated at step (7) as an alternative to reporting compliance”).

Regarding claim 7, Nagaratnam discloses all the limitations of claim 5. Further Nagaratnam teaches: assessing a consumed time in the security tool configuration information when the interworking decision value is indicated response time assessment (Nagaratnam, first see ¶ [0094] where discloses that application relationship information is being specified and identified via ; 
And determining whether to interwork with the security tool according to a result of assessing (Nagaratnam, see ¶¶ [0096-0097], “regarding the security environment that has been provisioned. Step (5) typically involves the application passing to service 804 its then current ABSR (as provisioned by the administrator). Typically, the ABSR is passed in the application payload. At step (6), the security assurance service assesses the security environment to assess whether the security capabilities provided by the service are sufficient or better than the application's security rights”).

Regarding claim 9, Nagaratnam teaches all the limitations of claim 1. Nagaratnam further teaches: invoking the security tool by providing the obtained resource as input; and receiving a response as a result of interworking with the invoked security tool  (Nagaratnam, see ¶ [0073] disclosing based on user inquiry deploying templets (invokes security tool) that are set of security configuration that provide recommendation to the user that based on user selections as input, in respond generate security reconfiguration).

Regarding claim 10, Nagaratnam teaches all the limitations of claim 9. Nagaratnam further teaches: when the response is security confirmation, transmitting a response containing a security confirmation result to the cloud platform client (Nagaratnam, see FIG. 6 along with ¶ 0073], “the service then interprets the requested one or more security assurance templates and, in response, generates a concrete list of one or more security configuration changes (typically . 

Regarding claim 11, Nagaratnam discloses all the limitations of claim 9. Further Nagaratnam teaches: when the response is security application, distributing output of the security tool to the cloud platform; and transmitting a response containing a security application result to the cloud platform client (Nagaratnam, first see FIG. 6 and related texts, then see ¶ 0115], “application to invoke reconfiguration of the security environment by security assurance service to enforce the application's security service requirements. The security assurance service responds as needed, e.g., to re-locate the application, upgrade the environment, or, in extreme cases, enable application deactivation or start inhibition. The approach works in real-time, even as application security requirements (or the security resources in the cloud platform) change. The security environment is reconfigured in response to these changing security requirements. The approach enables continual monitoring of changes in the cloud environment and notification to the application to evaluate its security requirements even as conditions change”). 

Regarding claim 12, Nagaratnam discloses all the limitations of claim 9. Further Nagaratnam teaches: storing the received response (Nagaratnam, see ¶ [0073] discloses when the update is complete for deployment the deployment platform is called back (storing the receive response) to deploy the secure application, “Based on the user selections … the security assurance service creates a context specific secure cloud application zone for the application being-deployed. The application deployment platform is called-back when the security configuration update completes; the platform then completes the deployments, and activates the newly-deployed and secured application”).

Regarding claim 13, Nagaratnam discloses all the limitations of claim 12. Further Nagaratnam teaches: wherein, when the response is received, a method of processing the result is determined according to a value of a result-processing method in security tool configuration information (Nagaratnam, see ¶ [0082], “It is sufficient for the user in this circumstance to know only that the security assurance level he or she desires (for a particular category) be "high" or "low" or some other such classification (however delineated). Thus, the term "high" (in reference to a particular coarse security assurance level) may be designated in the alternative by a numerical value, some other identifier or designation”). 

Regarding claim 14, this claim defines an apparatus claim that corresponds to method claims 3, 9, and 12. Therefore, claim 14 is rejected with the same rational as in the rejection of claims 3, 9, and 12. Furthermore, Nagaratnam in ¶ [0142] disclose processor and a memory configured to store at least one instruction executed by the at least one processor. 

Claim Rejections - 35 USC § 103
12.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
13.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


14.	The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:

2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
15.	This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

16.	Claims 2 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Nagaratnam et al. US 2018/0027022 hereinafter “Nagaratnam” Published Jan. 25 2018 (according to applicant’s IDS filed 11/23/2020 Cite No. 1) in view of Lee et al. U.S. 10,333,981 hereinafter “Lee” Patented June 25, 2019 (according to applicant’s IDS filed 08/29/2019 foreign patent document Cite No. 1).


Regarding claim 2, Nagaratnam discloses all the limitations of claim 1. Further Nagaratnam teaches in previous claim identified security level as target identifier, but does not explicitly discloses: wherein the target identifier includes a container image identifier
However Lee teaches: wherein the target identifier includes a container image identifier (Lee in col. 2, lines 20-23 discloses security checking method receiving an image to create container, first see FIG. 1 items 15 and 21 along with col. 6 lines 59-67, “The security checking unit 100 may parse the received 60 image 21 and may identify one or more layers composing the image 21 (S200). Specifically, the security checking unit 100 may parse the image on the basis of an update log of the received image 21 . 
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Nagaratnam with the teaching of Lee because the use of Lee’s idea (Lee, see col. 1, lines 15-19) could provide Nagaratnam (Nagaratnam, see abstract) the ability to include a security checking method where receiving an image to create a container for an application by identifying security levels by parsing image that comprises layers such as security configuration, security check object and etc., in order to collect path and checking if any violation of security policy, “a security checking method comprises, receiving an image for creating a container, wherein the container is an isolation region for an application executable on a host operating system, identifying one or more layers composing the image by parsing the image, collecting a path of a security configuration file, a security check object, from the one or more layers, and searching the collected path and checking whether a security configuration file violating a predetermined security policy is present” (Lee, col. 2 lines 19-27).

Regarding claim 15, Nagaratnam discloses all the limitations of claim 14. Nagaratnam does not explicitly discloses: wherein the platform interface module obtains privileges to access a container image repository or a host in the cloud platform and distributes output to the cloud platform, thereby applying a result of interworking with the security tool
However Lee teaches: wherein the platform interface module obtains privileges to access a container image repository or a host in the cloud platform and distributes output to the cloud platform, thereby applying a result of interworking with the security tool (Lee see col. 10 lines 63-67 and col. 11 lines 1-4 discloses access though access accounts of the container which reads on applicant’s application). 
.

Allowable subject matter
17.	Claims 8 and 16 are objected to as being dependent upon a rejected base claim, but would be allowable (in view of other limitations of the independent claims) if rewritten in independent form including all of the limitations of the base claim and any intervening claims, and further overcoming other rejections or objections that might have been rendered above. The detail reason for allowance will be furnished upon allowance of the application.


Examiner note:
18.	In the case of amending the Claimed invention, Applicant is respectfully requested to indicate the portion(s) of the specification which dictate(s) the structure relied on for proper Amendments not pointing to specific support in the disclosure may be deemed as not complying with provisions of 37 C.F.R.  1.131(b), (c), (d), and (h) and therefore held not fully responsive.  Generic statements such as “Applicants believe no new matter has been introduced” may be deemed insufficient.
Conclusion
19.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Bendersky et al. US 20200052889 discloses implementing by a security service provider operating between the user and the secured resource, access control may also be guaranteed to run through the security service provider by requiring its intermediation, thus providing stronger levels of security.
Barboi et al. US 20200050749 discloses identifying a request by a user to access an access-restricted target resource, the user operating on a client computing device and the request being associated with a network address for the access-restricted target resource; intercepting the request before the request can reach the access-restricted target resource; generating a unique session identifier for the user.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KHALIL NAGHDALI whose telephone number is (571) 272-9884.  The examiner can normally be reached on M-F 8-5.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272- 1000.
/KHALIL NAGHDALI/
Primary Examiner, Art Unit 2437