DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Priority
Applicant’s claim for the benefit of a prior-filed application under 35 U.S.C. 119(e) or under 35 U.S.C. 120, 121, 365(c), or 386(c) is acknowledged. 

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 3 December 2020 has been considered by the examiner.
Double Patenting
Claims 1-6, 8-13 and 17-20 rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 10,862,904. Although the claims at issue are not identical, they are not patentably distinct from each other because the claimd of the instant application represent a broadening of the subject matter of the claims of the ‘904 Patent and as a result the claims of the ‘904 Patent anticipate the claims of the instant application.
As to claim 1, the ‘904 Patent discloses a method comprising (Claim 1: A method comprising): 

creating, by the scanner, a first tag of the first container (Claim 1: creating, by the image scanner, a first image tag of the first container); 
creating, by the scanner, a first set of generic rules for the first container (Claim 1: creating, by the image scanner, a first set of generic rules for the first container, wherein the first set of generic rules is a set of descriptions of intrusion detection and prevention rules written in plain language); 
packaging, by the scanner, the first tag of the first container with the first set of generic rules to form a first tuple (Claim 1: packaging, by the image scanner, the first image tag of the first container with the first set of generic rules to form a first tuple); and 
storing, by the scanner, the first tuple in an application rule registry (Claim 1: and storing, by the image scanner, the first tuple in an application rule registry).
As to claim 2, the ‘904 Patent discloses the method of claim 1, wherein the first set of generic rules are customized for the first container (Implicit from Claim 1: creating, by the image scanner, a first set of generic rules for the first container, wherein the first set of generic rules is a set of descriptions of intrusion detection and prevention rules written in plain language).
As to claim 3, the ‘904 Patent discloses the method of claim 1, further comprising (Claim 2: The method of claim 1, further comprising[Wingdings font/0x4A]: 

creating, by the scanner, a second tag of the second container (Claim 2: creating, by the image scanner, a second image tag of the second container); 
creating, by the scanner, a second set of generic rules for the second container (Claim 2: creating, by the image scanner, a second set of generic rules for the second container); 
packaging, by the scanner, the second tag of the second container with the second set of generic rules to form a second tuple (Claim 2: packaging, by the image scanner, the second image tag of the second container with the second set of generic rules to form a second tuple); and 
storing, by the scanner, the second tuple in the application rule registry (Claim 2: and storing, by the image scanner, the second tuple in the application rule registry).
As to claim 4, the ‘904 Patent discloses the method of claim 3, wherein the second set of generic rules are customized for the second container (Implicit from Claim 2: creating, by the image scanner, a second set of generic rules for the second container). 
As to claim 5, the ‘904 Patent discloses the method of claim 1, further comprising, in response to the scanning, generating, by the scanner, information about at least one of a type of the first application, a version of the first application, a configuration of the first application, and a dependency of the first application (Claim 3: 
As to claim 6, the ‘904 Patent discloses the method of claim 5, wherein the scanner creates the first set of generic rules based on the information (Claim 4: identical).
As to claim 8, the ‘904 Patent discloses the method of claim 6, wherein the scanner creates the first set of generic rules by selecting, based on the information, a set of rules for the first container from a rule database, wherein the set of rules are translatable for use with a plurality of different intrusion detection systems (Claim 5: The method of claim 4, wherein the image scanner creates the first set of generic rules by selecting, based on the information, a set of rules for the first container from a rule database, wherein the set of rules are translatable for use with a plurality of different intrusion detection systems). 
As to claim 9, the ‘904 Patent discloses the method of claim 1, further comprising: checking, by a network agent in a container system, the first tuple of the first container in the application rule registry; determining, by the network agent, that the first tag of the first container is associated with the first set of generic rules; and pulling, by the network agent, the first set of generic rules based on the first tag (Claim 7: The method of claim 1, further comprising: checking, by a network agent in a container system, the first tuple of the first container in the application rule registry; determining, by the network agent, that the first image tag of the first container is associated with the 
  As to claim 10, the ‘904 Patent discloses the method of claim 9, further comprising: determining, by the network agent, a type of an intrusion detection system (IDS) associated with the network agent; in response to the determination, translating, by the network agent, the first set of generic rules into a set of IDS specific rules based on the determination of the type of the IDS; and executing, by the network agent, the IDS using the set of IDS specific rules to monitor the first container to detect a malicious attack (Claim 8: The method of claim 7, further comprising: determining, by the network agent, a type of an intrusion detection system (IDS) associated with the network agent; in response to the determination, translating, by the network agent, the first set of generic rules into a set of IDS specific rules based on the determination of the type of the IDS; and executing, by the network agent, the IDS using the set of IDS specific rules to monitor the first container to detect a malicious attack). 
As to claim 11, the ‘904 Patent discloses the method of claim 8, wherein the network agent translates the first set of generic rules into the set of IDS specific rules when the first container starts executing or after the first container starts executing (Claim 9: identical). 
As to claim 12, the ‘904 Patent discloses the method of claim 1, further comprising: creating, by the scanner, a first signature for the first container; and packaging, by the scanner, the first signature of the first container in the first tuple (Claim 11: identical).
claim 13, the ‘904 Patent discloses the method of claim 12, further comprising: checking, by a network agent in a container system, the first tuple of the first container in the application rule registry; determining, by the network agent, that the first tag of the first container is associated with the first signature; pulling, by the network agent, the first signature based on the first tag; and creating, by the network agent, a set of intrusion detection system (IDS) specific rules based on the first signature (Claim 12: identical).
As to claim 17, the ‘904 Patent discloses the method of claim 1, wherein the first application is a microservice (Claim 13: identical).
Claims 18 and 19 recite a system commensurate in scope to the methods of claims 1, 5, 6 and 8 and are rejected under a substantially similar basis in view of claims 1-19.
Claim 20 recites a system commensurate in scope to the method of claim 1 and is rejected under a substantially similar basis in view of claims 1-20.

Claim 14 is rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 10,862,904 in view of U.S. Patent Application Publication No. 2003/0074567 by Charbonncau. 
As to claim 14, the ‘904 Patent discloses all recited elements of claim 12 from which claim 14 depends.
The ‘904 Patent does not expressly disclose wherein the first signature is created using a hash function.  
Charbonncau discloses wherein the first signature is created using a hash function (Charbonncau :Page 4, Sec 43).  
It would have been obvious to one of ordinary skill in the art, at or before the effective filing date to use the analogous arts of the ‘904 Patent and Charbonncau to arrive at the claimed invention.  The rationale would have been that hashing data for signatures is a well-known and established means of generating a signature (Charbonncau :Page 4, Sec 43).  

Allowable Subject Matter
Claims 7, 15 and 16 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL S MCNALLY whose telephone number is (571)270-1599. The examiner can normally be reached Monday-Friday, 8:30 AM - 5:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

MICHAEL S. MCNALLY
Primary Examiner
Art Unit 2432



/Michael S McNally/Primary Examiner, Art Unit 2432