Notice of Pre-AIA  or AIA  Status
1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
Information Disclosure Statement
2.	The information disclosure statement (IDS) submitted on 09/26/2019 is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.


3.	Claim(s) 1, 2, 4,9-10, 12, 16-17, and 18 are rejected under 35 U.S.C. 102(a1) as being anticipated by IPCOM0002442590 (IP.com Electronic Publication Date: November 26, 2015) (Applicant admitted prior art NPL, item no. 1, cited on IDS submission dated 09/26/2019), herein referred as IPCOM590.

Regarding independent claim 1, IPCOM0002442590 teaches, a computer-implemented method comprising: identifying, by one or more computer processors (Fig. 1 Host system has its processor. Each virtual machine has its own processor. Page 1. provide a method and an implementing system, for a compute optimized and TCO-optimized solution of discovering software inventory in the virtualized environments running Linux Containers ), one or more sets of filesystem structure information for an active container (Page 2, step 1. SAM (Software asset management) discovery agent interrogates the Docker Engine host to list the running containers, saving for future use those container identifiers (container-ID) (i.e., running container is equated to active containers);
creating, by one or more computer processors, a virtual filesystem based on the one or more identified sets of filesystem structure information (Fig. 1 Page 2, steps 2. SAM discovery agent runs the file-system scan of the Docker Engine host, returning the list of ALL files present on the Docker Engine host file system. Each of the container's virtual filesystem content is represented as '/var/lib/docker/containers/<container-ID>' path, e.g. '/var/lib/docker/containers/d2a0d04239deb725449290b7a42c86fa96b99777ad951aca9902b10262b01201'for container of ID='d2a0d04239deb725449290b7a42c86fa96b99777ad951aca9902b10262b01201' (i.e., creating virtual file system based on the identified sets of file system structure)
discovering, by one or more computer processors, one or more sets of software by comparing a set of catalog entries to the created virtual filesystem; and reporting, by one or more computer processors, the one or more sets of discovered software (Fig. 1 Page 2, steps 3. The SAM discovery agent interprets the list of files retrieved in step #2 to create a mapping between the containers and their virtualized file system. This process extracts all the file entries following the pattern '/var/lib/docker/containers/<container-ID>' and substitute each of the '<container-ID>' with the value of each of the container identifiers retrieved in step#1 (i.e., discovering one or more sets of software). (Page 2, steps 4. Once the filesystem mapping is created, each unique container-ID has the list of files of the running container and such data is being sent to the SAM Tool processing server. Each of such data set is equivalent to the discovery scan of the container, as if the same scan was run directly from within the container by itself (ie. Displaying the details of the discovered software such as software file information such as title, product ID, size, date, path, and version)).

    PNG
    media_image1.png
    560
    1186
    media_image1.png
    Greyscale


Regarding dependent claim 2, IPCOM590 teaches, the method of claim 1. 
IPCOM59 further teaches, wherein filesystem structure information is selected from the group consisting of: filenames, folder names, parent folders, subfolders, associated permissions, creation dates, modified dates, symbolic links, file sizes, folder sizes, file types, hidden files, hidden folders, associated inodes, and v-nodes (2. SAM discovery agent runs the file-system scan of the Docker Engine host, returning the list of ALL files (ie., file names) present on the Docker Engine host file system).

Regarding dependent claim 4, IPCOM590 teaches, the method of claim 1. 
IPCOM590 further teaches, further comprising: calculating, by one or more computer processors, a discovery score for each software in the one or more sets of software based on a level of similarity between one or more files in the created virtual filesystem and a plurality of software contained in a software repository (Fig.1 Page 2, steps 4. Once the filesystem mapping is created, each unique container-ID has the list of files of the running container and such data is being sent to the SAM Tool processing server. Each of such data set is equivalent to the discovery scan of the container, as if the same scan was run directly from within the container by itself (i.e., by comparing the files from the virtual file system and the SAM (i.e., software Asset Management) will know the score of each software such as software file information such as title, product ID, size, date, path, and version).

Regarding independent claim 9, IPCOM0002442590 teaches, a computer program product comprising: one or more computer readable storage media and program instructions stored on the one or more computer readable storage media, the stored program instructions comprising: program instructions to identify one or more sets of filesystem structure information for an active container (Page 2, step 1. SAM (Software asset management) discovery agent interrogates the Docker Engine host to list 
program instructions to create a virtual filesystem based on the one or more identified sets of filesystem structure information (Fig. 1 Page 2, steps 2. SAM discovery agent runs the file-system scan of the Docker Engine host, returning the list of ALL files present on the Docker Engine host file system. Each of the container's virtual filesystem content is represented as '/var/lib/docker/containers/<container-ID>' path, e.g. '/var/lib/docker/containers/d2a0d04239deb725449290b7a42c86fa96b99777ad951aca9902b10262b01201'for container of ID='d2a0d04239deb725449290b7a42c86fa96b99777ad951aca9902b10262b01201' (i.e., creating virtual file system based on the identified sets of file system structure);
program instructions to discover one or more sets of software by comparing a set of catalog entries to the created virtual filesystem; and program instructions to report the one or more sets of discovered software (Fig. 1 Page 2, steps 3. The SAM discovery agent interprets the list of files retrieved in step #2 to create a mapping between the containers and their virtualized file system. This process extracts all the file entries following the pattern '/var/lib/docker/containers/<container-ID>' and substitute each of the '<container-ID>' with the value of each of the container identifiers retrieved in step#1 (i.e., discovering one or more sets of software). (Page 2, steps 4. Once the filesystem mapping is created, each unique container-ID has the list of files of the running container and such data is being sent to the SAM Tool processing server. Each of such data set is equivalent to the discovery scan of the container, as if the same scan was run directly from within the container by itself (ie. Displaying the details of the discovered software file information such as title, product ID, size, date, path, and version)).

    PNG
    media_image1.png
    560
    1186
    media_image1.png
    Greyscale


Regarding dependent claim 10, IPCOM590 teaches, the computer program product of claim 9. 
IPCOM59 further teaches, wherein filesystem structure information is selected from the group consisting of: filenames, folder names, parent folders, subfolders, associated permissions, creation dates, modified dates, symbolic links, file sizes, folder sizes, file types, hidden files, hidden folders, associated inodes, and v-nodes (Fig. 1 Page 2, steps 2. SAM discovery agent runs the file-system scan of the Docker Engine host, returning the list of ALL files (ie., file names) present on the Docker Engine host file system).

Regarding dependent claim 12, IPCOM590 teaches, the computer program product of claim 9. 
IPCOM590 further teaches, wherein the program instructions, stored on the one or more computer readable storage media, comprise: program instructions to calculate a discovery score for each software in the one or more sets of software based on a level of similarity between one or more files in the created virtual filesystem and a plurality of software contained in a software repository (Fig.1 Page 2, steps 4. Once the filesystem mapping is created, each unique container-ID has the list of files of the running container and such data is being sent to the SAM Tool processing server. Each of such data set is equivalent to the discovery scan of the container, as if the same scan was run directly from within the container by itself (i.e., by comparing the files from the virtual file system and the SAM (i.e., software Asset Management) will know the score of each software such as software file information such as title, product ID, size, date, path, and version).

Regarding independent claim 16, IPCOM0002442590 teaches, a computer system comprising: one or more computer processors (Fig. 1 Host system has its processor. Each virtual machine has its own processor. Page 1. provide a method and an implementing system, for a compute optimized and TCO-optimized solution of discovering software inventory in the virtualized environments running Linux Containers); 
one or more computer readable storage media; and program instructions stored on the computer readable storage media for execution by at least one of the one or more processors, the stored program instructions comprising: program instructions to identify one or more sets of filesystem structure information for an active container (Page 2, step 1. SAM (Software asset management) discovery agent interrogates the Docker Engine host to list the running containers, saving for future use 
program instructions to create a virtual filesystem based on the one or more identified sets of filesystem structure information  (Fig. 1 Page 2, steps 2. SAM discovery agent runs the file-system scan of the Docker Engine host, returning the list of ALL files present on the Docker Engine host file system. Each of the container's virtual filesystem content is represented as '/var/lib/docker/containers/<container-ID>' path, e.g. '/var/lib/docker/containers/d2a0d04239deb725449290b7a42c86fa96b99777ad951aca9902b10262b01201'for container of ID='d2a0d04239deb725449290b7a42c86fa96b99777ad951aca9902b10262b01201' (i.e., creating virtual file system based on the identified sets of file system structure);
program instructions to discover one or more sets of software by comparing a set of catalog entries to the created virtual filesystem; and program instructions to report the one or more sets of discovered software (Fig. 1 Page 2, steps 3. The SAM discovery agent interprets the list of files retrieved in step #2 to create a mapping between the containers and their virtualized file system. This process extracts all the file entries following the pattern '/var/lib/docker/containers/<container-ID>' and substitute each of the '<container-ID>' with the value of each of the container identifiers retrieved in step#1 (i.e., discovering one or more sets of software). (Page 2, steps 4. Once the filesystem mapping is created, each unique container-ID has the list of files of the running container and such data is being sent to the SAM Tool processing server. Each of such data set is equivalent to the discovery scan of the container, as if the same scan was run directly from within the container by itself (ie. Displaying the details of the discovered software file information such as title, product ID, size, date, path, and version)).

    PNG
    media_image1.png
    560
    1186
    media_image1.png
    Greyscale


Regarding dependent claim 17, IPCOM590 teaches, the computer system of claim 16. 
IPCOM59 further teaches, wherein filesystem structure information is selected from the group consisting of: filenames, folder names, parent folders, subfolders, associated permissions, creation dates, modified dates, symbolic links, file sizes, folder sizes, file types, hidden files, hidden folders, associated inodes, and v-nodes (Fig. 1 step 2. SAM discovery agent runs the file-system scan of the Docker Engine host, returning the list of ALL files (ie., file names) present on the Docker Engine host file system).

Regarding dependent claim 19, IPCOM590 teaches, the computer system of claim 16. 
IPCOM590 further teaches, wherein the program instructions, stored on the one or more computer readable storage media, comprise: program instructions to calculate a discovery score for each software in the one or more sets of software based on a level of similarity between one or more files in the created virtual filesystem and a plurality of software contained in a software repository (Fig.1 Page 2, steps 4. Once the filesystem mapping is created, each unique container-ID has the list of files of the running container and such data is being sent to the SAM Tool processing server. Each of such data set is equivalent to the discovery scan of the container, as if the same scan was run directly from within the container by itself (i.e., by comparing the files from the virtual file system and the SAM (i.e., software Asset Management) will know the score of each software such as software file information such as title, product ID, size, date, path, and version).

Claim Rejections - 35 U.S.C. § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

4. 	Claims 3, 11 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over IPCOM0002442590 (IP.com Electronic Publication Date: November 26, 2015) (Applicant admitted prior art NPL, item no. 1, cited on IDS submission dated 09/26/2019), herein referred as IPCOM590 in view of Piccinini; Sandro (US 20190250835 A1).

Regarding dependent claim 3, IPCOM590 teaches, the method of claim 1. 
IPCOM590 fails to explicitly teach, wherein creating a virtual filesystem based on the one or more sets of filesystem structure information, comprises: grafting (Examiner interprets grafting as a copy/sharing tool), by one or more computer processors, a virtual filesystem subtree onto a logical filesystem tree of a container.
Piccinini; Sandro (US 20190250835 A1) wherein creating a virtual filesystem based on the one or more sets of filesystem structure information, comprises: grafting, by one or more computer processors (Paragraph [0095]), a virtual filesystem subtree onto a logical filesystem tree of a container (Paragraph [0035] As far as relevant to the present disclosure, the virtualization engine 115 emulates a (virtual) filesystem 325 for each container 110 defining a memory space thereof; the filesystem 325 provides a logical view of the data available to the container 110 independently of their actual structure in a filesystem 330 of the operating system 105 (i.e., grafting a virtual file system subtree onto a logical file system tree of a container); in turn, the filesystem 330 provides a logical view of the data available to the operating system 105 independently of their physical structure).
and creating, by one or more computer processors, a v-node in the grafted virtual filesystem subtree for one or more file references in the logical filesystem tree of the container (Paragraph [0035] Whenever any container 110 is instantiated, it mounts its software image in read-only mode, by combining all the image layers of the software image via their union mounting into the filesystem 325. Moreover, the container 110 mounts a working layer (initially empty) in read-write mode, by adding this working layer (i.e. creating a virtual node) to the filesystem 325 via its union mounting thereto. The virtualization engine 115 is provided with a default memory driver 335 for mapping the filesystem 325 onto the filesystem 330. Particularly, any writing (access) command involving the creation of new data is implemented directly onto the working layer. Any writing command involving the updating of data stored in the image layer is implemented with a copy-on-write technique; for this purpose, at first the data are copied into the working layer (i.e. virtual node. A virtual node (v-node) represents access to an object within a virtual file system) and then always accessed therein (so that any other containers 110 instantiated from the same software image continue to access the original version of the data in the software image). Any reading (access) command involving the reading of data is implemented onto the working layer if possible or onto the image layer otherwise (so that the container 110 always receives the most recent version of the data). Whenever any container 110 is deleted, its working layer is deleted along with it (so that any data written by the container 110 are lost).
Therefore it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention, to have modified the teachings of IPCOM590 by providing grafting, by one or more computer processors ([0095]), a virtual filesystem subtree onto a logical filesystem tree of a container; and creating, by one or more computer processors, a v-node in the grafted virtual filesystem subtree for one or more file references in the logical filesystem tree of the container, as taught by Piccinini et al (Paragraphs [0035]).
  One of the ordinary skill in the art would have been motivated to make this modification which reduces storage usage by the containers and improves their performance at start time, as taught by Piccinini et al (Paragraphs [0014]).

Regarding dependent claim 11, IPCOM590 teaches, the computer program product of claim 9.
IPCOM590 fails to explicitly teach, wherein the program instructions, to create a virtual filesystem based on the one or more sets of filesystem structure information the one or more computer readable storage media, comprise: program instructions to graft a virtual filesystem subtree onto a logical filesystem tree of a container; and program instructions to create a v-node in the grafted virtual filesystem subtree for one or more file references in the logical filesystem tree of the container.
Piccinini; Sandro (US 20190250835 A1) teaches, wherein the program instructions, to create a virtual filesystem based on the one or more sets of filesystem structure information the one or more computer readable storage media, comprise: program instructions to graft a virtual filesystem subtree onto a logical filesystem tree of a container (Paragraph [0035] As far as relevant to the present disclosure, the virtualization engine 115 emulates a (virtual) filesystem 325 for each container 110 defining a memory space thereof; the filesystem 325 provides a logical view of the data available to the container 110 independently of their actual structure in a filesystem 330 of the operating system 105 (i.e., grafting a virtual file system subtree onto a logical file system tree of a container); in turn, the filesystem 330 provides a logical view of the data available to the operating system 105 independently of their physical structure);
and program instructions to create a v-node in the grafted virtual filesystem subtree for one or more file references in the logical filesystem tree of the container (Paragraph [0035] Whenever any container 110 is instantiated, it mounts its software image in read-only mode, by combining all the image layers of the software image via their union mounting into the filesystem 325. Moreover, the container 110 mounts a working layer (initially empty) in read-write mode, by adding this working layer (i.e. creating a virtual node) to the filesystem 325 via its union mounting thereto. The virtualization engine 115 is provided with a default memory driver 335 for mapping the filesystem 325 onto the filesystem 330. Particularly, any writing (access) command involving the creation of new data is implemented directly onto the working layer. Any writing command involving the updating of data stored in the image layer is implemented with a copy-on-write technique; for this purpose, at first the data are copied into the working layer (i.e. virtual node. A virtual node (v-node) represents access to an object within a virtual file system) and then always accessed therein (so that any other containers 110 instantiated from the same software image continue to access the original version of the data in the software image). Any reading (access) command involving the reading of data is implemented onto the working layer if possible or onto the image layer otherwise container 110 always receives the most recent version of the data). Whenever any container 110 is deleted, its working layer is deleted along with it (so that any data written by the container 110 are lost).
Therefore it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention, to have modified the teachings of IPCOM590 by providing grafting, by one or more computer processors ([0095]), a virtual filesystem subtree onto a logical filesystem tree of a container; and creating, by one or more computer processors, a v-node in the grafted virtual filesystem subtree for one or more file references in the logical filesystem tree of the container, as taught by Piccinini et al (Paragraphs [0035]).
  One of the ordinary skill in the art would have been motivated to make this modification which reduces storage usage by the containers and improves their performance at start time, as taught by Piccinini et al (Paragraphs [0014]).

Regarding dependent claim 18, IPCOM590 teaches, the computer system of claim 16. 
IPCOM590 fails to explicitly teach, wherein the program instructions, to create a virtual filesystem based on the one or more sets of filesystem structure information the one or more computer readable storage media, comprise: program instructions to graft a virtual filesystem subtree onto a logical filesystem tree of a container; and program instructions to create a v-node in the grafted virtual filesystem subtree for one or more file references in the logical filesystem tree of the container.
wherein the program instructions, to create a virtual filesystem based on the one or more sets of filesystem structure information the one or more computer readable storage media, comprise: program instructions to graft a virtual filesystem subtree onto a logical filesystem tree of a container (Paragraph [0035] As far as relevant to the present disclosure, the virtualization engine 115 emulates a (virtual) filesystem 325 for each container 110 defining a memory space thereof; the filesystem 325 provides a logical view of the data available to the container 110 independently of their actual structure in a filesystem 330 of the operating system 105 (i.e., grafting a virtual file system subtree onto a logical file system tree of a container); in turn, the filesystem 330 provides a logical view of the data available to the operating system 105 independently of their physical structure);
and program instructions to create a v-node in the grafted virtual filesystem subtree for one or more file references in the logical filesystem tree of the container (Paragraph [0035] Whenever any container 110 is instantiated, it mounts its software image in read-only mode, by combining all the image layers of the software image via their union mounting into the filesystem 325. Moreover, the container 110 mounts a working layer (initially empty) in read-write mode, by adding this working layer (i.e. creating a virtual node) to the filesystem 325 via its union mounting thereto. The virtualization engine 115 is provided with a default memory driver 335 for mapping the filesystem 325 onto the filesystem 330. Particularly, any writing (access) command involving the creation of new data is implemented directly onto the working layer. Any writing command involving the updating of data stored in the image layer is implemented containers 110 instantiated from the same software image continue to access the original version of the data in the software image). Any reading (access) command involving the reading of data is implemented onto the working layer if possible or onto the image layer otherwise (so that the container 110 always receives the most recent version of the data). Whenever any container 110 is deleted, its working layer is deleted along with it (so that any data written by the container 110 are lost).
Therefore it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention, to have modified the teachings of IPCOM590 by providing grafting, by one or more computer processors ([0095]), a virtual filesystem subtree onto a logical filesystem tree of a container; and creating, by one or more computer processors, a v-node in the grafted virtual filesystem subtree for one or more file references in the logical filesystem tree of the container, as taught by Piccinini et al (Paragraphs [0035]).
  One of the ordinary skill in the art would have been motivated to make this modification which reduces storage usage by the containers and improves their performance at start time, as taught by Piccinini et al (Paragraphs [0014]).

5. 	Claims 3 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over IPCOM0002442590 (IP.com Electronic Publication Date: November 26, 2015) (Applicant admitted prior art NPL, item no. 1, cited on IDS submission dated 09/26/2019), herein .

Regarding dependent claim 5, IPCOM590 teaches, the method of claim 1. 
IPCOM590 fails to explicitly teach, further comprising: responsive to discovering a plurality of software on a container, creating, by one or more computer processors, a new container for each discovered software in the plurality of software; and isolating, by one or more computer processors, each software process in the plurality of software into a respective created container.
BANGALORE; Prashanth Nagabhushana (US 20180137139 A1) teaches, further comprising: responsive to discovering a plurality of software on a container, creating, by one or more computer processors, a new container for each discovered software in the plurality of software (Paragraph [0343], [0366] “…two distinct software containers 323 can be created one for each respective version of Oracle DBMS software…” (i.e., creating different containers for each discovered software and isolating each software based on versions));
and isolating, by one or more computer processors, each software process in the plurality of software into a respective created container (Paragraph [0343] In regard to containerized operations on proxy server 323, depending upon the particular DBMS software 521 in the container (e.g., Oracle version 1.1), a suitable Oracle data agent 142 would be activated to run in the container and help perform the testing/storage 
Therefore it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention, to have modified the teachings of IPCOM590 by providing, responsive to discovering a plurality of software on a container, creating, by one or more computer processors, a new container for each discovered software in the plurality of software; and isolating, by one or more computer processors, each software process in the plurality of software into a respective created container, as taught by BANGALORE et al (Paragraph [0343], [0366]).
  One of the ordinary skill in the art would have been motivated to make this modification, by using software containers that operate independently of each other on the same proxy server, storage operations and/or testing can be executed in each respective software container without regard to what other software containers are doing. Moreover, all the container-based operations on the proxy server occur without involving any of the DBMS production servers that use and generate "live" data, such as database data. Thus, the illustrative proxy server and the techniques associated with it insulate the DBMS production environment from the testing and storage operations hosted by the proxy server, as taught by BANGALORE et al (Paragraph [0006], [0007]).

Regarding dependent claim 13, IPCOM590 teaches, the computer program product of claim 9. 
IPCOM590 fails to explicitly teach, wherein the program instructions, stored on the one or more computer readable storage media, comprise: program instructions to, responsive to discovering a plurality of software on a container, create a new container for each discovered software in the plurality of software; and program instructions to isolate each software process in the plurality of software into a respective created container.
BANGALORE; Prashanth Nagabhushana (US 20180137139 A1) teaches, wherein the program instructions, stored on the one or more computer readable storage media, comprise: program instructions to, responsive to discovering a plurality of software on a container, create a new container for each discovered software in the plurality of software (Paragraph [0343], [0366] “…two distinct software containers 323 can be created one for each respective version of Oracle DBMS software…” (i.e., creating different containers for each discovered software and isolating each software based on versions));
and program instructions to isolate each software process in the plurality of software into a respective created container (Paragraph [0343] In regard to containerized operations on proxy server 323, depending upon the particular DBMS software 521 in the container (e.g., Oracle version 1.1), a suitable Oracle data agent 142 would be activated to run in the container and help perform the testing/storage operation tasked to the container (i.e.,  isolating each container based on software version and tasks)).
Therefore it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention, to have modified the teachings of IPCOM590 by providing, responsive to discovering a plurality of software on a container, creating, by one or more computer processors, a new container for each discovered 
  One of the ordinary skill in the art would have been motivated to make this modification, by using software containers that operate independently of each other on the same proxy server, storage operations and/or testing can be executed in each respective software container without regard to what other software containers are doing. Moreover, all the container-based operations on the proxy server occur without involving any of the DBMS production servers that use and generate "live" data, such as database data. Thus, the illustrative proxy server and the techniques associated with it insulate the DBMS production environment from the testing and storage operations hosted by the proxy server, as taught by BANGALORE et al (Paragraph [0006], [0007]).

6. 	Claims 6-8, 14-15 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over IPCOM0002442590 (IP.com Electronic Publication Date: November 26, 2015) (Applicant admitted prior art NPL, item no. 1, cited on IDS submission dated 09/26/2019), herein referred as IPCOM590 in view of Griffin; Leigh (US 20190146772 A1).

Regarding dependent claim 6, IPCOM590 teaches, the method of claim 1. 
IPCOM590 fails to explicitly teach, further comprising: identifying, by one or more computer processors, one or more vulnerabilities associated with the one or more sets of discovered software; hardening, by one or more computer processors, the virtual filesystems of each to harden and correct the one or more identified security vulnerabilities; and creating, by one or more computer process, an image based on the hardened virtual filesystem.
Griffin; Leigh (US 20190146772 A1) teaches, further comprising: identifying, by one or more computer processors, one or more vulnerabilities associated with the one or more sets of discovered software (Paragraph  [0017] The alert engine 102 can access a database 108 to detect an alert related to a piece of software. The alert can indicate a problem with the piece of software (i.e., problems is equated to vulnerabilities));
hardening, by one or more computer processors, the virtual filesystems of each to harden and correct the one or more identified security vulnerabilities (Paragraph [0017] The update engine 104 can then monitor a repository 132 for an updated version of the container image 120a in which the issue raised by the alert has been mitigated (i.e., When you mitigate a vulnerability, you attempt to lessen the impact of the vulnerability, but you do not eliminate it). In some examples, the update engine 104 can then communicate the updated version of container image 120b to the testing engine 106. The testing engine 106 can provision a test environment 128, perform one or more tests on the updated version of container image 120b to ensure that the updated version of container image 120b complies with one or more predefined criteria (i.e., correcting the mitigated issues). Paragraph [0024] the alert engine 102 can indicate that container image 120a is impacted by the alert to the update engine 104, which can then monitor the repository 132 for updates to the container image 120a.If a fix (e.g., a patch) for the piece of software in the alert becomes available, then container image 120a may be rebuilt (e.g., by its developers) using the fix and an updated version of the container image 120a may be stored in the repository 132 (i.e., automatically creating and storing the 
and creating, by one or more computer process, an image based on the hardened virtual filesystem [0017] If the update engine 104 detects the updated version of the container image 120a, the update engine 104 can update one or more other container images, such as container image 120b, that depend on container image 120a. The testing engine 106 can provision a test environment 128, perform one or more tests on the updated version of container image 120b to ensure that the updated version of container image 120b complies with one or more predefined criteria, and transmit the results of the tests to a client device 130 of a developer (i.e. transmitting the corrected image)). 
Therefore it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention, to have modified the teachings of IPCOM590 by identifying, by one or more computer processors, one or more vulnerabilities associated with the one or more sets of discovered software; hardening, by one or more computer processors, the virtual filesystems of each to harden and correct the one or more identified security vulnerabilities; and creating, by one or more computer process, an image based on the hardened virtual filesystem, as taught by Griffin et al (Paragraphs, [0017, [0024]).
  One of the ordinary skill in the art would have been motivated to make this modification, so that updating and testing of container images 118 can be performed 

Regarding dependent claim 7, IPCOM590 and Griffin et al teach, the method of claim 6. 
Griffin et al further teaches, further comprising: pushing, by or more computer processors, automatically, the created image to an image registry (Paragraph [0024] If a fix (e.g., a patch) for the piece of software in the alert becomes available, then container image 120a may be rebuilt (e.g., by its developers) using the fix and an updated version of the container image 120a may be stored in the repository 132 (i.e., automatically creating and storing the image in the image registry/repository). This may make the updated version of the container image 120a accessible to customers or other users. The update engine 104 can detect the updated version of the container image 120a in the repository 132 and responsively perform one or more operations).

Regarding dependent claim 8, IPCOM590 and Griffin et al teach, the method of claim 7. 
Griffin et al further teaches, further comprising; deploying, by one or more computer processors, automatically, the pushed image to one or more hosts (Paragraph [0024] the updated version of the container image 120a accessible to customers or other users. The update engine 104 can detect the updated version of the container image 120a in the repository 132 and responsively perform one or more operations (i.e., pushing the updates to the other customers/hosts)).

Regarding dependent claim 14, IPCOM590 teaches, the computer program product of claim 9. 
IPCOM590 fails to explicitly teach, wherein the program instructions, stored on the one or more computer readable storage media, comprise: program instructions to identify one or more vulnerabilities associated with the one or more sets of discovered software; program instructions to harden the virtual filesystems of each to harden and correct the one or more identified security vulnerabilities; and program instructions to create an image based on the hardened virtual filesystem.
Griffin; Leigh (US 20190146772 A1) teaches, wherein the program instructions, stored on the one or more computer readable storage media, comprise: program instructions to identify one or more vulnerabilities associated with the one or more sets of discovered software (Paragraph  [0017] The alert engine 102 can access a database 108 to detect an alert related to a piece of software. The alert can indicate a problem with the piece of software (i.e., problems is equated to vulnerabilities));
program instructions to harden the virtual filesystems of each to harden and correct the one or more identified security vulnerabilities(Paragraph [0017] The update engine 104 can then monitor a repository 132 for an updated version of the container image 120a in which the issue raised by the alert has been mitigated (i.e., When you mitigate a vulnerability, you attempt to lessen the impact of the vulnerability, but you do not eliminate it). In some examples, the update engine 104 can then communicate the updated version of container image 120b to the testing engine 106. The testing engine 106 can provision a test environment 128, perform one or more tests on the updated 
and program instructions to create an image based on the hardened virtual filesystem (Paragraph [0017] If the update engine 104 detects the updated version of the container image 120a, the update engine 104 can update one or more other container images, such as container image 120b, that depend on container image 120a. The testing engine 106 can provision a test environment 128, perform one or more tests on the updated version of container image 120b to ensure that the updated version of container image 120b complies with one or more predefined criteria, and transmit the results of the tests to a client device 130 of a developer (i.e. transmitting the corrected image)). 
Therefore it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention, to have modified the teachings of IPCOM590 by identifying, by one or more computer processors, one or more 
  One of the ordinary skill in the art would have been motivated to make this modification, so that updating and testing of container images 118 can be performed automatically and can greatly expedite the efficiency with which updates are made to container images the as taught by Griffin et al (Paragraph [0031]).

Regarding dependent claim 15, IPCOM590 and Griffin et al teach, the computer program product of claim 9. 
Griffin et al further teaches, wherein the program instructions, stored on the one or more computer readable storage media, comprise: program instructions to push, automatically, the created image to an image registry (Paragraph [0024] If a fix (e.g., a patch) for the piece of software in the alert becomes available, then container image 120a may be rebuilt (e.g., by its developers) using the fix and an updated version of the container image 120a may be stored in the repository 132 (i.e., automatically creating and storing the image in the image registry/repository). This may make the updated version of the container image 120a accessible to customers or other users. The update engine 104 can detect the updated version of the container image 120a in the repository 132 and responsively perform one or more operations).

Regarding dependent claim 20, IPCOM590 teaches, the computer system of claim 16. 
IPCOM590 fails to explicitly teach, wherein the program instructions, stored on the one or more computer readable storage media, comprise: program instructions to identify one or more vulnerabilities associated with the one or more sets of discovered software; program instructions to harden the virtual filesystems of each to harden and correct the one or more identified security vulnerabilities; and program instructions to create an image based on the hardened virtual filesystem.
Griffin; Leigh (US 20190146772 A1) teaches, wherein the program instructions, stored on the one or more computer readable storage media, comprise: program instructions to identify one or more vulnerabilities associated with the one or more sets of discovered software (Paragraph  [0017] The alert engine 102 can access a database 108 to detect an alert related to a piece of software. The alert can indicate a problem with the piece of software (i.e., problems is equated to vulnerabilities));
program instructions to harden the virtual filesystems of each to harden and correct the one or more identified security vulnerabilities (Paragraph [0017] The update engine 104 can then monitor a repository 132 for an updated version of the container image 120a in which the issue raised by the alert has been mitigated (i.e., When you mitigate a vulnerability, you attempt to lessen the impact of the vulnerability, but you do not eliminate it). In some examples, the update engine 104 can then communicate the updated version of container image 120b to the testing engine 106. The testing engine 106 can provision a test environment 128, perform one or more tests on the updated version of container image 120b to ensure that the updated version of container image 
and program instructions to create an image based on the hardened virtual filesystem (Paragraph [0017] If the update engine 104 detects the updated version of the container image 120a, the update engine 104 can update one or more other container images, such as container image 120b, that depend on container image 120a. The testing engine 106 can provision a test environment 128, perform one or more tests on the updated version of container image 120b to ensure that the updated version of container image 120b complies with one or more predefined criteria, and transmit the results of the tests to a client device 130 of a developer (i.e. transmitting the corrected image)). 
Therefore it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention, to have modified the teachings of IPCOM590 by identifying, by one or more computer processors, one or more vulnerabilities associated with the one or more sets of discovered software; hardening, 
  One of the ordinary skill in the art would have been motivated to make this modification, so that updating and testing of container images 118 can be performed automatically and can greatly expedite the efficiency with which updates are made to container images the as taught by Griffin et al (Paragraph [0031]).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SUMAN RAJAPUTRA whose telephone number is (571) 272-4669. The examiner can normally be reached between 8:00 AM - 5:00 PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashish Thomas (571) 272-0631 can be reached. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only.
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).

/S. R./
Examiner, Art Unit 2164

/William B Partridge/           Primary Examiner, Art Unit 2183