DETAILED ACTION

1. 	This Office Action is in response to the amendment filed on May. 17, 2021. No claims have been amended. Therefore claims 1-20 are pending.

Notice of Pre-AIA  or AIA  Status
2.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

Response to Applicant Arguments
3.	Applicant arguments on pages 8 to middle of the page 10 of section a of applicant remarks that “Shulman fails to disclose the "transmitting" element of claim 1 … "transmitting
requests for the security operation to a central security controller for the communications
from the different microservices/serverless functions of the microservices-based/serverless application so that the security operation is executed at the central security controller for the different microservices/serverless functions"” are not persuasive for the following reasons:
	Firstly, Examiner thanks the applicant for applicant’s interpretations regarding the reference Shulman. For limitation “transmitting requests for the security operation to a central security controller for the communications from the different microservices/serverless functions of the microservices-based/serverless application so that the security operation is executed at the central security controller for the different microservices/serverless functions” Examiner refers applicants to the communication with items 404 (controller) where receives the event requests and manages the handling of the request into event queue item 406 (event queue that triggers invoker) and vice versa to item 410 for the limitation "transmitting requests for the security operation to a central security controller” as it is depicted in FIG. 4 and ¶ [0133], furthermore, see for details of controller item 404 in ¶ [0132], and for the limitation “for the communications from the different microservices/serverless functions of the  microservices-based/serverless application so that the security operation is executed at the central security controller for the different microservices/serverless functions” Examiner refer applicant to item 404 communication and executes different invoker item 408 for different item 410 where each invoker implemented security operation according to event source 402a and 402b that is controlled by item 404 and 406 that is assigned for different item 408 for different item 410 as it is depicted in FIG. 4 and ¶ [0133] that reads on applicant’s limitation. Furthermore, security operation controller 404 is executing different functions of serverless runtime environment such as items 412, 414, or 416 of the different item 410 that includes function code that is executed, serverless application firewall and behavioral protection engine by invoking proper invoker item 408 according to the results of items 404, 406, and final different invoker 408 is triggered to different item 410 to function according to invoker 408.
4.	Applicant arguments on pages 10 to middle of the page 12 of section b of applicant remarks that “Shulman fails to disclose the "receiving" element and the "executing" element of claim 1 … "receiving results of the security operation from the central security controller at the different microservices/serverless functions of the microservices-based/serverless application" (emphasis added) and "executing a task associated with the communications at the different microservices/serverless functions of the microservices-based/serverless application based on the results of the security operation from the central security controller"” are not persuasive for the following reasons:
receiving results of the security operation from the central security controller at the different microservices/serverless functions of the microservices-based/serverless application" (emphasis added) and "executing a task associated with the communications at the different microservices/serverless functions of the microservices-based/serverless application based on the results of the security operation from the central security controller” Examiner points out where receiving or transmitting with items 404 (controller) where receives the event requests and manages the handling of the request into event queue item 406 (event queue that triggers invoker) and vice versa to item 410 as it was discussed in part a above and furthermore, Shulman in ¶¶ [0006 and 0070] discloses the common programing for serverless applications is referred to as event-driven computing where codes is executed as a result of an event trigger and its known in the art where as the result of security operation from central controller 404 and event queue 406 that invokes different  invoker 408 for different serverless runtime environment 410 which reads on applicant’s limitations and the remaining argument of applicant that executing a task based on the results of security operation from central security controller is addressed in ¶¶ [0132 and 0142] where discloses based on event trigger occurs with the result that at step 302, event data is input into the runtime environment in order to investigate whether the event data is safe or not which reads on applicant’s limitations. 
5.	Applicant arguments on pages 12 to page 13 of section c of applicant remarks continues the same arguments foe independent claims 8 and 15 are not persuasive for the same reasons that was responded in sections a and b above, in addition applicant’s arguments in section 2 also not persuasive since independent claims 1, 8 and 15 are being rejected based on above sections a and b, therefore, all the dependent claims are rejected based on dependency to independent claims 1, 8, and 15.

¶ 7.37.12    Unpersuasive Argument: Novelty Not Clearly Pointed Out
Applicant’s arguments do not comply with 37 CFR 1.111(c) because they do not clearly point out the patentable novelty which he or she thinks the claims present in view of the state of the art disclosed by the references cited or the objections made. Further, they do not show how the amendments avoid such references or objections.
Therefore, the rejection of claims 1-20 under 35 USC 102/103 is maintained.

Claim Rejections - 35 USC § 102
6.	The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

7.	Claims 1-4, 6-11, 13-18 and 20 are rejected under 35 U.S.C. 102 (a) (2) as being anticipated by Shulman et al. U.S. 2019/0312899 hereinafter “Shulman” Filed Oct. 16, 2018.

Regarding claim 1, Shulman teaches: A computer-implemented method for executing a security operation for microservices/serverless functions of a microservices-based/serverless application running on a physical infrastructure (Shulman teaches method for protecting serverless applications running on computers, see abstract and ¶ [0132]), the method comprising:
receiving communications at different microservices/serverless functions of the microservices-based/serverless application (Shulman in FIG. 4 teaches receiving communications at different serverless applications, function code, see FIG. 4 in conjunction with ¶¶ [0052 and 0132-0133], “The serverless runtime environment, upon receiving a related event, triggers the execution of the serverless function, providing the function with the event data”; “the event requests into an event queue 406. For each event, an invoker 408, that invokes a runtime environment 410”); 
transmitting requests for the security operation to a central security controller for the communications from the different microservices/serverless functions of the microservices-based/serverless application so that the security operation is executed at the central security controller for the different microservices/serverless functions (Shulman first see FIG. 4 and related texts, then see ¶¶ [0097 and 0133], “one of the steps employed by the Firewall is to inspect the serverless function input and output”; “The controller organizes the event requests into an event queue 406. For each event, an invoker 408, that invokes a runtime environment 410 … Each serverless runtime environment 410 includes the function code 412 that is be executed, a serverless application firewall 414 and a behavioral protection engine 416”);
receiving results of the security operation from the central security controller at the different microservices/serverless functions of the microservices-based/serverless application; and executing a task associated with the communications at the different microservices/serverless functions of the microservices-based/serverless application based on the results of the security operation from the central security controller (Shulman first see FIG. 3 items 306-314 and related texts, then see ¶¶ [0142 and 0133], “the Serverless Application Firewall inspects the event data (input) of the serverless function so as to ascertain whether the input contains malicious, suspicious or abnormal data. At decision step 306 the firewall determines whether the input is safe. If the input is unsafe, then at step 308 an action (security action) is taken”; “the Behavioral Protection Engine monitors the behavior and actions of the … function during execution thereof. At decision step 312, the engine decides whether the behavior is safe/normal or unsafe/abnormal”).
Regarding claim 2, Shulman further teaches: wherein the different microservices/serverless functions are coded using different computer programming languages (Shulman see ¶ [0009], “serverless function is typically programmed and deployed using command line interface (CLI) tools, an example of which is a serverless framework. In most cases, the deployment is automatic and the function's code is merely uploaded to the FaaS platform. A serverless function can be written in different programming languages, such as JavaScript, Python, Java, and the like”).

Regarding claim 3, Shulman further teaches: wherein each of the different microservices/serverless functions is not programmed to execute the security operation (Shulman discloses that code functions are executed by runtime environment and protection engine monitor the original serverless function that are different functions that are programed differently that reads on applicant’s limitations, see ¶ [0053], “When code of a serverless function is executed by the serverless runtime environment, the serverless Behavioral Protection Engine monitors the behavior of the original serverless function” also see ¶ [0055-0064], “the instant serverless application firewall, inspects serverless functions' event data, when an event trigger occurs, in serverless runtime environments. Event data is the raw input that the function receives upon execution-these are arguments related to the event trigger type, used for the function's execution”, also see ¶ [0133]).

Regarding claim 4, Shulman further teaches: wherein the requests for the security operation are application programming interface (API) calls for the security operation (Shulman, see ¶ [0140], “The behavioral engine monitors the incoming data that arrives in response to the outbound API call”).

Regarding claim 6, Shulman further teaches: further comprising executing the security operation at the central security controller in response to each of the requests to produce the results of the security operation (Shulman, first see FIG. 4 item 404 and FIG. 3 item 306 and 312 validation operation), “Serverless Application Firewall inspects the event data (input) of the serverless function so as to ascertain whether the input contains malicious, suspicious or abnormal data. At decision step 306 the firewall determines whether the input is safe”).

Regarding claim 7, Shulman further teaches: further comprising monitoring data in the central security controller to collect data traffic information regarding the different microservices/serverless functions of the microservices-based/serverless application (Shulman, first see FIG. 3 item 310 along with ¶¶ [0131-0135], “providing a set of unwanted behaviors and actions; (c) categorizing the monitored behaviors and actions as belonging or not belonging to the set of predefined unwanted behaviors; (d) taking an action when the monitored behaviors and actions are included in the set of unwanted behaviors and actions”; “there is provided a system for protecting a serverless application, the system including: (a) a serverless application firewall configured to inspect input of the serverless function so as to ascertain whether the input contains malicious, suspicious or abnormal data; and (b) a behavioral protection engine configured to monitor behaviors and actions of the serverless functions during execution thereof”).

Regarding claim 8, this claim defines a computer readable storage medium claim that corresponds to method claim 1 and does not define beyond limitations of claim 1. Therefore, claim 8 is rejected with the same rational as in the rejection of claim 1. Furthermore, Shulman in 

Regarding claim 9, this claim defines a computer readable storage medium claim that corresponds to method claim 2 and does not define beyond limitations of claim 2. Therefore, claim 9 is rejected with the same rational as in the rejection of claim 2. Furthermore, Shulman in para. [0110] discloses storage medium where the storage medium executes instructions from a storage medium.

Regarding claim 10, this claim defines a computer readable storage medium claim that corresponds to method claim 3 and does not define beyond limitations of claim 3. Therefore, claim 10 is rejected with the same rational as in the rejection of claim 3. Furthermore, Shulman in para. [0110] discloses storage medium where the storage medium executes instructions from a storage medium.

Regarding claim 11, this claim defines a computer readable storage medium claim that corresponds to method claim 4 and does not define beyond limitations of claim 4. Therefore, claim 11 is rejected with the same rational as in the rejection of claim 4. Furthermore, Shulman in para. [0110] discloses storage medium where the storage medium executes instructions from a storage medium.

Regarding claim 13, this claim defines a computer readable storage medium claim that corresponds to method claim 6 and does not define beyond limitations of claim 6. Therefore, claim 13 is rejected with the same rational as in the rejection of claim 6. Furthermore, Shulman in para. [0110] discloses storage medium where the storage medium executes instructions from a storage medium.

Regarding claim 14, this claim defines a computer readable storage medium claim that corresponds to method claim 7 and does not define beyond limitations of claim 7. Therefore, claim 14 is rejected with the same rational as in the rejection of claim 7. Furthermore, Shulman in para. [0110] discloses storage medium where the storage medium executes instructions from a storage medium.

Regarding claim 15, this claim defines a system claim that corresponds to method claim 1 and does not define beyond limitations of claim 1. Therefore, claim 15 is rejected with the same rational as in the rejection of claim 1. Furthermore, Shulman in para. [0110] discloses memory and processor.

Regarding claim 16, this claim defines a system claim that corresponds to method claim 2 and does not define beyond limitations of claim 2. Therefore, claim 16 is rejected with the same rational as in the rejection of claim 2. Furthermore, Shulman in para. [0110] discloses memory and processor.

Regarding claim 17, this claim defines a system claim that corresponds to method claim 3 and does not define beyond limitations of claim 3. Therefore, claim 17 is rejected with the same rational as in the rejection of claim 3. Furthermore, Shulman in para. [0110] discloses memory and processor.

Regarding claim 18, this claim defines a system claim that corresponds to method claim 4 and does not define beyond limitations of claim 4. Therefore, claim 18 is rejected with the same rational as in the rejection of claim 4. Furthermore, Shulman in para. [0110] discloses memory and processor.

Regarding claim 20, this claim defines a system claim that corresponds to method claim 6 and does not define beyond limitations of claim 6. Therefore, claim 20 is rejected with the same rational as in the rejection of claim 6. Furthermore, Shulman in para. [0110] discloses memory and processor.

Claim Rejections - 35 USC § 103
8.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
9.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the 


10.	The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
11.	This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
12.	Claims 5, 12, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Shulman et al. U.S. 2019/0312899 hereinafter “Shulman” Filed Oct. 16, 2018 in view of Ford et al. US 2019/0034625 hereinafter “Ford” Filed Jul. 25, 2018. 

Regarding claim 5, Shulman teaches all the limitations of claim 1. Shulman teaches security operation but Shulman does not explicitly discloses: wherein the security operation is one of a data validation operation and a data sanitization operation 
However Ford teaches: wherein the security operation is one of a data validation operation and a data sanitization operation (Ford, first see FIG. 2 item 218 along with ¶ [0034] where Ford discloses data sanitization, then see ¶¶ [0075 and 0076] where Ford discloses data validation, “the ).
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Shulman with the teaching of Ford because the use of Ford’s idea (Ford, see abstract) could provide Shulman (Shulman, see abstract) the ability to perform communication analysis, when the services architecture is capable of performing data sanitization and data validation as part of services architecture, “the pluggable capabilities 212 may include capability '1' 214 ( e.g., basic firewall), capability '2' 216 (e.g., general web protection), capability '3' 218 (e.g., data sanitization), and so forth through capability 'n' 220 … As used herein, data validation broadly refers to various operations and processes associated with data cleansing to ensure data quality” (Ford, ¶¶ [0034 and 0075]).

Regarding claim 12, this claim defines a computer readable storage medium claim that corresponds to method claim 5 and does not define beyond limitations of claim 5. Therefore, claim 12 is rejected with the same rational as in the rejection of claim 5. Furthermore, Shulman in para. [0110] discloses storage medium where the storage medium executes instructions from a storage medium.

Regarding claim 19, this claim defines a system claim that corresponds to method claim 5 and does not define beyond limitations of claim 5. Therefore, claim 19 is rejected with the same rational as in the rejection of claim 5. Furthermore, Shulman in para. [0110] discloses memory and processor.

Examiner note:
13.	In the case of amending the Claimed invention, Applicant is respectfully requested to indicate the portion(s) of the specification which dictate(s) the structure relied on for proper interpretation and also to verify and ascertain the metes and bounds of the claimed invention. This will assist in expediting compact prosecution.  MPEP 714.02 recites: “Applicant should also specifically point out the support for any amendments made to the disclosure. See MPEP § 2163.06. An amendment which does not comply with the provisions of 37 CFR 1.121(b), (c), (d), and (h) may be held not fully responsive. See MPEP § 714.”  Amendments not pointing to specific support in the disclosure may be deemed as not complying with provisions of 37 C.F.R.  1.131(b), (c), (d), and (h) and therefore held not fully responsive.  Generic statements such as “Applicants believe no new matter has been introduced” may be deemed insufficient.

Conclusion
14.	Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.	
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KHALIL NAGHDALI whose telephone number is (571) 272-9884. The examiner can normally be reached on M-F 8 AM-5 PM.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272- 1000.
/KHALIL NAGHDALI/
Primary Examiner, Art Unit 2437