Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 5/18/21 has been entered.

Response to Arguments
1.	Applicant’s arguments, filed 5/18/2021, with respect to the rejection(s) of claim(s) 1-19 and 21 under 103 have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made in view of Vandervort.
2.	Examiner has withdrawn the 101 rejection from the previous office action dated 5/7/21.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any 
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-2, 5-12, 15-19 and 21 are rejected under 35 U.S.C. 103 as being unpatentable over Sprunk (US Patent Pub. 20080049942) in view of Sinor (US Patent Pub. 20160335451) and in view of Vandervort (US Patent Pub. 20130166914).


As per claims 1, 11 and 19:  Sprunk discloses a computer-implemented lifecycle management method implemented via a processor and a memory, the memory storing instructions for the processor, the method comprising (see abstract):
establishing, via the processor, a public-key infrastructure (PKI) for end-to-end encryption of control plane (Paragraph 40; The inner vault 42 then encrypts the private key using an end-to-end encryption key, e.g., using HSM-based RSA encryption of a random advanced encryption standard (AES) key generated only for one set of PKI data and then subsequent AES encryption of the private key. Such encryption is shown generally as end-to-end encryption 62. The encrypted private key then is loaded or securely transferred to the outer vault 44 via a secure network therebetween).
Sprunk does not specifically disclose data plane communications by providing encryption via public key/private key pairs between arbitrary components for application execution where an interaction pattern is specified for isolated and secure execution in a multi-tenant environment.
Sinor discloses sending a public key of a public/private encryption key pair to the multi-tenant computing platform; and decrypting the first set of elements of the received encrypted data record using a private key of the public/private encryption key pair (claim 37).
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains, having the teachings of Sprunk and Sinor in it’s entirety, to modify the technique of Sprunk for encrypts the private key using an end-to-end encryption key, e.g., using HSM-based RSA encryption of a random advanced encryption standard (AES) key by adopting Sinor's teaching for sending a public key of a public/private encryption key pair to the multi-tenant computing platform. The motivation would have been to improve lifecycle management method.
The combination of Sprunk and Sinor do not specifically disclose wherein a cluster-level certificate authority digitally signs and distributes a public key of each component.
Vanderfort discloses sender 110 may digitally sign an original message 210 using a private PKI key that has been issued by a trusted third-party Certificate Paragraph 75).
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains, having the teachings of Sprunk, Sinor and Vandervort in it’s entirety, to modify the technique of Sprunk for encrypts the private key using an end-to-end encryption key, e.g., using HSM-based RSA encryption of a random advanced encryption standard (AES) key by adopting Vandervort's teaching for digitally sign an original message using a private PKI key that has been issued by a trusted third-party Certificate Authority. The motivation would have been to improve lifecycle management method.
As per claims 2, 12:  The computer-implemented lifecycle management method of claim 1, wherein the multi-tenant environment includes an environment in which each tenant of the multi-tenant environment is separate from each other (See Sprunk; Paragraph 40; using HSM-based RSA encryption of a random advanced encryption standard (AES) key generated only for one set of PKI data and then subsequent AES encryption of the private key).
As per claims 5, 15:  The computer-implemented lifecycle management method of claim 1, further comprising automatically generating and maintaining an audit trail of the PKI for compliance (See Sinor; claim 37 sending a public key of a public/private encryption key pair to the multi-tenant computing platform; and decrypting the first set of elements of the received encrypted data record using a private key of the public/private encryption key pair).
As per claims 6, 16:  The computer-implemented lifecycle management method of claim 1, further comprising automatically selecting a parameter and a configuration of the PKI based on a desired regulatory compliance (See Sprunk; Paragraph 56; Upon receipt of the data request message, the PKI server 16 retrieves an appropriate set of PKI data from its database 36, and generates a random key agreement key pair based on a set of pre-determined system key agreement parameters).
As per claims 7, 17:  The computer-implemented lifecycle management method of claim 5, further comprising automatically selecting a parameter and a configuration of the PKI based on a desired regulatory compliance (See Sprunk; Paragraph 56; Upon receipt of the data request message, the PKI server 16 retrieves an appropriate set of PKI data from its database 36, and generates a random key agreement key pair based on a set of pre-determined system key agreement parameters).
As per claim 8, 18:  The computer-implemented lifecycle management method of claim 1, further comprising performing a secure delete of main memory and storage based on the encryption (See Sinor; claim 37 sending a public key of a public/private encryption key pair to the multi-tenant computing platform; and decrypting the first set of elements of the received encrypted data record using a private key of the public/private encryption key pair).
As per claim 9:  The computer-implemented lifecycle management method of claim 7, further comprising performing a secure delete of main memory and storage based on the encryption (See Sinor; claim 37 sending a public key of a public/private encryption key pair to the multi-tenant computing platform; and decrypting the first set of elements of the received encrypted data record using a private key of the public/private encryption key pair).
As per claim 10:  The computer-implemented lifecycle management method of claim 1, embodied in a cloud-computing environment (See Sprunk; Paragraph 40; The inner vault 42 then encrypts the private key using an end-to-end encryption key, e.g., using HSM-based RSA encryption of a random advanced encryption standard (AES) key generated only for one set of PKI data and then subsequent AES encryption of the private key. Such encryption is shown generally as end-to-end encryption 62. The encrypted private key then is loaded or securely transferred to the outer vault 44 via a secure network therebetween).
As per claim 21:  The computer-implemented lifecycle management method of claim 1, wherein the distribution of the public key is from each component to every other component of the arbitrary components (See Sinor; claim 37 sending a public key of a public/private encryption key pair to the multi-tenant computing platform; and decrypting the first set of elements of the received encrypted data record using a private key of the public/private encryption key pair).



Claims 3-4 and 13-14 are rejected under 35 U.S.C. 103 as being unpatentable over Sprunk (US Patent Pub. 20080049942) in view of Sinor (US Patent Pub. 20160335451) and in further view of Vandervort (US Patent Pub. 20130166914) and Mehta (US Patent Pub. 20200097653).


As per claims 3, 13:  The computer-implemented lifecycle management method of claim 1, further comprising establishing a public-key infrastructure (PKI) for end-to-end encryption of control plane and data plane communications by providing encryption between arbitrary components for application execution where an interaction pattern is specified for isolated and secure execution in a multi-tenant environment (Paragraph 40; The inner vault 42 then encrypts the private key using an end-to-end encryption key, e.g., using HSM-based RSA encryption of a random advanced encryption standard (AES) key generated only for one set of PKI data and then subsequent AES encryption of the private key. Such encryption is shown generally as end-to-end encryption 62. The encrypted private key then is loaded or securely transferred to the outer vault 44 via a secure network therebetween).
Sprunk in view of Sinor and Vandervort do not specifically disclose outlining and establishing a network policy on-demand restricting a communication in a distributed machine or deep learning job by restricting a communication from each job component only to another job component of the same job.
Mehta discloses the file analysis can be accomplished by using a novel featureless or deep learning machine learning layer, which may combine with a heuristic layer to check the byte distribution in the file content. This deep file analysis provides advantages over existing solutions that are often purely heuristic models or frameworks for taking a data backup or establishing access control policies to restricted folders (Paragraph 30).

As per claims 4, 14:  The comp liter-implemented lifecycle management method of claim 3, wherein the multitenant environment includes an environment in which each tenant of the multi-tenant environment is separate from each other (See Sprunk, Paragraph 5; The public key may be widely published or distributed across a communications network, while the corresponding private key is held by the authorized end user device or product. In public key encryption, information encrypted with a public key can be decrypted only with the corresponding private key).


Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ANTHONY D BROWN whose telephone number is (571)270-1472.  The examiner can normally be reached on 730-330pm.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on 571-272-6798.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/ANTHONY D BROWN/Primary Examiner, Art Unit 2433