Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
This Examiner’s Amendment and Examiner’s Reasons for Allowance is in response to the filing of 09/02/2021. Claims 1-27 are presently pending in the application and have been considered as follows.
EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in an interview with D Andrew Floam (Reg. No. 34597) on 12/16/2021.

The application has been amended as follows: 

 
1. 	(Currently Amended)  A method comprising:
at a system in communication with a plurality of microservices communicating via a service mesh, receiving first data and metadata relating to inbound and outbound communications from a first microservice from the plurality of microservices;
, wherein analyzing includes determining a type of application component being provided by the first microservice; 
determining a firewall rule set to be applied to the first microservice based on the normal operational behavior learned for the first microservice; and 
causing, by the system, a micro-firewall to be instantiated for the first microservice, the micro-firewall configured to apply the firewall rule set to inbound communications to the first microservice and outbound communications from the first microservice.

2. 	(Original)  The method of claim 1, wherein the inbound communications are from a second microservice to the first microservice.

3. 	(Original)  The method of claim 1, wherein the outbound communications are from the first microservice to a second microservice.

4. 	(Original)  The method of claim 1, wherein the inbound communications are from an entity outside the service mesh to the first microservice.

5. 	(Original)  The method of claim 1, wherein the outbound communications are from the first microservice to an entity outside the service mesh.

6. 	(Canceled)  

1[[6]], wherein analyzing the first data and metadata to learn the normal operational behavior of the first microservice includes determining the firewall rule set according to rules associated with normal behavior of a microservice that includes the type of application component being provided by the first microservice. 

8. 	(Currently Amended)  The method of claim 1, wherein analyzing the first data and metadata to learn the normal operational behavior of the first microservice includes applying a machine learning process to the first data and/or metadata.

9. 	(Original)  The method of claim 1, wherein the first data and metadata are received from a first sidecar process logically attached to the first microservice.

10. 	(Original)  The method of claim 9, wherein analyzing comprises comparing the first data and metadata obtained for the first microservice with stored information about microservices in order to find a match to a microservice with similar behavior.

11. 	(Original) The method of claim 9, wherein causing the micro-firewall to be instantiated comprises instructing a mesh orchestrator that manages the plurality of microservices to instantiate the micro-firewall between the first microservice and a second microservice in communication with the first microservice.

12. 	(Original) The method of claim 11, wherein causing the micro-firewall to be instantiated further comprises the mesh orchestrator programming the first sidecar process and a second 

13.	 (Original) The method of claim 1, wherein the firewall rule set is a limited set of rules based on communications expected for the first microservice.

14. 	(Original) The method of claim 1, wherein causing comprises causing micro-firewalls to be created and removed as microservice containers are dynamically created and removed.

15. 	(Original) The method of claim 14, further comprising:
when a new microservice container is created that includes a microservice that is similar to the first microservice, causing comprises causing the micro-firewall to be instantiated for the new microservice container without performing the analyzing for the new microservice container.

16. 	(Original) The method of claim 1, wherein determining a firewall rule set to be applied to the first microservice further comprises: 
generating a security policy for the first microservice based upon analysis of the normal operational behavior of the first microservice; and 
creating a firewall rule set that implements the generated security policy.

17. 	(Currently Amended) The method of claim 1, wherein determining a firewall rule set to be applied to the first microservice further comprises: 

creating a firewall ruleset that reflects the learned intent.

18. 	(Currently Amended)  An apparatus comprising:
a communication interface configured to enable network communications including communications with a plurality of microservices communicating via a service mesh; 
a memory storing program instructions; and
a processor coupled to the communication interface and to the memory, wherein the processor is configured to execute the program instructions to perform operations including:
receiving first data and metadata relating to inbound and outbound communications from a first microservice from the plurality of microservices;
analyzing the first data and metadata to learn normal operational behavior of the first microservice, wherein analyzing includes determining a type of application component being provided by the first microservice;
determining a firewall rule set to be applied to the first microservice based on the normal operational behavior learned for the first microservice; and
causing a micro-firewall to be instantiated for the first microservice, the micro-firewall configured to apply the firewall rule set to inbound communications to the first microservice and outbound communications from the first microservice.



20. 	(Original) The apparatus of claim 18, wherein the outbound communications are from the first microservice to a second microservice or from the first microservice to an entity outside the service mesh.

21. 	(Canceled) 

22. 	(Currently Amended)  The apparatus of claim 18[[21]], wherein the processor is configured to execute the program instructions to generate a firewall rule set according to rules associated with normal behavior of a microservice that includes the type of application component being provided by the first microservice.

23. 	(Currently Amended)The apparatus of claim 18[[21]], wherein the processor is [[receives]] configured to execute the program instructions to receive information generated by a first sidecar process logically attached to the first microservice.

24. 	(Currently Amended)  The apparatus of claim 18, wherein the processor is configured to execute the program instructions to cause micro-firewalls to be created and removed as microservice containers are dynamically created and removed.


receiving first data and metadata relating to inbound and outbound communications from a first microservice from the plurality of microservices;
analyzing the first data and metadata to learn normal operational behavior of the first microservice, wherein analyzing includes determining a type of application component being provided by the first microservice;
determining a firewall rule set to be applied to the first microservice based on the normal operational behavior learned for the first microservice; and
causing a micro-firewall to be instantiated for the first microservice, the micro-firewall configured to apply the firewall rule set to inbound communications to the first microservice and outbound communications from the first microservice.

26. 	(Currently Amended)  The computer readable storage media of claim 25, wherein the instructions to perform the analyzing include instructions to determine the operational behavior of the first microservice by 

27. 	(Original)  The computer readable storage media of claim 25, wherein the instructions are further operable for, when a second microservice container is created that includes a 

28.	(New)  The computer readable storage media of claim 25, wherein the inbound communications are from a second microservice to the first microservice.

29.	(New)  The computer readable storage media of claim 25, wherein the outbound communications are from the first microservice to a second microservice.


Information Disclosure Statement
The information disclosure statement (IDS) submitted on 09/02/2021 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Allowance
Claims 1-5, 7-20 and 22-29 are allowed.

Examiner’s Statement of Reasons for Allowance
The following is an examiner’s statement of reasons for allowance: although the prior art of record (such as Shieh et al. (US20160269425)) directed to a system providing secure virtual boundaries for microservices, the system comprising: (a) at least one microservice, the at least one microservice comprising a plurality of distributed microservice components communicating with one another so as to provide a service; (b) a plurality of enforcement points positioned in association with the plurality of distributed microservice components to define a secure virtual boundary around the plurality of distributed microservice components; and (c) a director module that manages sessions and settings of the plurality of distributed microservice components within the secure virtual boundary. (Para. 0002)

none of the prior art, alone or in combination, teaches

 Independent Claim 1:  “…at a system in communication with a plurality of microservices communicating via a service mesh, receiving first data and metadata relating to inbound and outbound communications from a first microservice from the plurality of microservices; analyzing, by the system, the first data and metadata to learn normal operational behavior of the first microservice, wherein analyzing includes determining a type of application component being provided by the first microservice;  determining a firewall rule set to be applied to the first microservice based on the normal operational behavior learned for the first microservice; and causing, by the system, a micro-firewall to be instantiated for the first microservice, the micro-firewall configured to apply the firewall rule set to inbound communications to the first microservice and outbound communications from the first microservice”.


in view of other limitations of claim 1.

Independent Claims 18 and 25 are allowed based on reasons mentioned above in regards to independent claim 1.

Dependent claims are allowed as they depend from an allowable independent claim.

The closest prior art made of record are:
Shieh et al. (US20160269425) Systems for providing security to distributed microservices are provided herein. In some embodiments, a system includes a plurality of microservices, each of the plurality of microservices having a plurality of distributed microservice components. At least a portion of the distributed microservice components execute on different physical or virtual servers in a data center or a cloud. The system also includes a plurality of logical security boundaries, with each of the plurality of logical security boundaries being created by a plurality of enforcement points positioned in association with the plurality of distributed microservice components. Each of plurality of microservices is bounded by one of the plurality of logical security boundaries.
Surcouf et al. (US 20190020665) A computing device running a local enforcement agent is configured to instantiate at least one application container at the computing device, where the at least one application container is part of a containerized application. The computing device is also configured to associate the local enforcement agent with the least one application container so that the 
Woolward et al. (US 9521115) Methods, systems, and media for producing a firewall rule set are provided herein. Exemplary methods may include: receiving metadata about a deployed container from a container orchestration layer; determining an application or service associated with the container from the received metadata; retrieving at least one model using the determined application or service, the at least one model identifying expected network communications behavior of the container; and generating a high-level declarative security policy associated with the container using the at least one model, the high-level declarative security policy indicating at least an application or service with which the container can communicate.
 Huang et al. (US 20190394219)   A container system monitors one or more activities of an application container in a container system by intercepting data from the one or more activities of the application container. The application container includes computer-readable instructions and initiated via a container service and isolated using operating system-level virtualization. The monitoring is performed at a layer between the app container and the container service. The .

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance”.

Conclusion



Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHRISTOPHER C HARRIS whose telephone number is (571)270-7841.  The examiner can normally be reached on Monday through Friday between 8:00 AM to 4:00 PM CST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey L Nickerson can be reached on (469) 295-9235.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.






/CHRISTOPHER C HARRIS/Primary Examiner, Art Unit 2432