DETAILED ACTION
This action is in response to the amendment/request for reconsideration filed 25 September 2021.
Claims 4, 11, and 18 are original.
Claims 1, 8, and 15 are previously presented.
Claims 2-3, 5-7, 9-10, 12-14, 16-17, and 19-20 are currently amended.
Claims 1-20 are pending.

The label “EN” indicates an examiner’s note.

 Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 1-2, 7-9, and 14-16 are rejected under 35 U.S.C. 103 as being unpatentable over Aderholdt [NPL reference V on PTO-892 filed 9 October 2019] (ADERHOLDT, ET AL. "Review of enabling technologies to facilitate secure compute customization." OAK RIDGE NATIONAL LABORATORY, Oak Ridge, Tennessee, USA, ORNL/TM-2015/210 (2014). 58 pages) in view of Prasad (ARAVINDA PRASAD, perf: Container-aware tracing support, message for linux kernel patch, 14 June 2016, 2 pages, obtained from https://lwn.net/Articles/691298/ on 8 May 2021) and Almeida [NPL reference X on PTO-892 filed 9 October 2019] (ALMEIDA, ET AL. “Energy measurement tools for ultrascale computing: A survey.” Supercomputing frontiers and innovations 2, no. 2 (2015): 64-76).

Regarding claim 1, Aderholdt discloses a method operative in a multi-tenant cloud compute system host machine (P3:§1:¶2: “the report provides insights into ways that available protection mechanisms may be used to better isolate use of shared resources in a multi-tenant environment”; P3:§1.1.1:¶1: “this project is focused on a multi-tenant environment that allows users to customize the computing platform specific to their needs, while still sharing some physical network and storage resources.”), comprising:
(P10:§3.1: “3.1 OS level virtualization With respect to this work, all user-level tools will be leveraging mechanisms present within the Linux kernel. The Linux kernel has two primary mechanisms that are used to implement isolation for container-based, single-OS kernel virtualization: (i) namespaces and (ii) control groups (cgroups).”), a set of containers that share the operating system kernel (P15:§3.1.5:¶¶1-2: “Linux containers (LXC) [32] is a collection of user-level tools that assist in the creation, management, and termination of containers. The tools leverage the feature-set presented by the Linux kernel including namespaces and cgroups. By leveraging these features, it is possible for LXC to remove the burden of knowledge with respect to virtual environment creation from the user. Instead, customization of the environment is eased and can be the primary goal of the user. Because LXC leverages features present in Linux, the scheduling of CPU resources is provided by the default scheduler and the use of cgroups. Likewise, user, filesystem, and process isolation is provided through the use of namespaces.”);
configuring the operating system kernel with a namespace that isolates and virtualizes system resources reflecting [namespace] data (P6:§2.1:¶4: “Resources within the host’s kernel are only virtualized in the sense of separate namespaces.”; P10:§3.1.1:¶1: “Namespaces provide isolations for various resources as well as users.”);
using the power management namespace to defend the host machine (p1:¶2: “The isolation mechanisms in the system software are the basic building blocks for enabling secure compute enclaves.”; P1:¶4: “Therefore, future “zero day attacks” are likely to be in the same regions, which suggests that protecting these areas can simplify the protection of the host and maintain the isolation between users.”) by:
(p13:Table 3.2: “cpu acct [:] automatic reports on CPU resources used by tasks in a cgroup. It is mounted together with cpu on the same mount” and “perf_event [:] allows to monitor cgroups with the perf tool”); and
responsive to a read request initiated from a particular container (p10:§3.1: “The Linux kernel has two primary mechanisms that are used to implement isolation for container-based, single-OS kernel virtualization: (i) namespaces and (ii) control groups (cgroups).”; p12:§3.1.2:¶2: “All query and modify operations are done via this cgroup file system [10]” EN: “query” is a read request and may be associated with a particular container via the container’s cgroup)  and directed to a kernel module of the operating system (p12:¶1: “When any user performs a system call (e.g. open(), mount(), write()), the host kernel will evaluate whether to allow the operation by mapping the UID in the calling namespace to the UID in the namespace where the target resource resides (and check the capabilities set within the target’s namespace).” EN: A “read” op like “write”, “open”, etc is a system call), the kernel module being shared by each container in the set of containers (P6:§2.1:¶4: “Resources within the host’s kernel are only virtualized in the sense of separate namespaces.”; P8:§2.3.1: “A VE employs a single kernel instance, which manages the isolation for the “containers” where processes execute.”; P15:§3.1.5:¶¶1-2: “The tools leverage the feature-set presented by the Linux kernel including namespaces and cgroups. … Because LXC leverages features present in Linux, the scheduling of CPU resources is provided by the default scheduler and the use of cgroups. Likewise, user, filesystem, and process isolation is provided through the use of namespaces.”), the kernel module returning the per-container [resource] usage that has been computed for the particular container (p13:Table 3.2: “cpu acct [:] automatic reports on CPU resources used by tasks in a cgroup. It is mounted together with cpu on the same mount” and “perf_event [:] allows to monitor cgroups with the perf tool”) and withholding information about any other container in the set (as shown above, the use of cgroups and namespaces “isolates” container information; P10:§3.1.1:¶1: “Namespaces provide isolations for various resources as well as users.”).
Aderholdt does not explicitly disclose a power management namespace isolating/virtualizing resources reflecting power consumption data;
[to defend the host machine] against a power-based attack vector;
and, for each container associated with the power management namespace, computing a per-container power usage;
power consumption [kernel module for] power usage.
However, Prasad teaches a [perf] namespace isolating and virtualizing resources reflecting [perf] data (P1:¶¶1-2: “The RFC patch set supports filtering container specific events when perf tool is executed inside a container. However, unlike the previous approach [1], this requires containers to be created with a new namespace "perf-namespace" (introduced in patch 1). The basic idea is analogous to other namespaces: if event isolation is required when running perf tool inside a container, then the container should be created with perf-namespace.”);
for each container associated with the [perf] namespace, computing a per-container power usage (P1:¶3: “The perf tool executed inside a container created with perf-namespace reports only those events that are triggered within the container. For example "perf record -a" inside a container reports container-wide events; the "-a" flag which stands for system-wide event collection takes the meaning of container-wide event collection when executed inside a container.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date to combine the teachings of Aderholdt in view of the teachings of Prasad to include “a [perf] namespace isolating and virtualizing resources reflecting [perf] data; and for each container associated with the [perf] namespace, computing a per-container power usage” by using the perf namespace for containers since as Aderholdt reports (at P1:¶5) “We have identified Linux namespaces as a promising mechanism to isolate shared resources, while maintaining good performance” and the addition to the Linux kernel of Prasad’s perf namespace handling allows for isolating perf related events among container (as expressed by Prasad at P1:¶2 – “The basic idea is analogous to other namespaces: if event isolation is required when running perf tool inside a container, then the container should be created with perf-namespace.” More briefly, it is the addition of a known element (a perf namespace) to a known system (the Linux kernel namespace system) to yield a predictable result (a namespace for performance event monitoring, e.g. use of the perf tool to gather information only for the container).	
Aderholdt and Prasad do not explicitly disclose that the perf namespace is a power management namespace for collecting power consumption/usage data.
However, Almeida teaches that the perf data includes power consumption/usage data [and accordingly, the perf namespace is a power management namespace reporting power usage/consumption] (P70:¶1: “Some profiling frameworks focused on CPU performance counters support CPU-based energy metrics. For example, the likwid [46] profiler, as well as the perf events [26] Linux kernel subsystem (a tool designed for profiling CPU performance counters) both directly implement measurement through the RAPL interface.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date to combine the teachings of Aderholdt and Prasad in view of the teachings of Almeida to include “that the perf data includes power consumption/usage data [and accordingly, the perf namespace is a power management namespace reporting power usage/consumption]” by using the perf_events subsystem in the perf namespace for containers since “To enable energy optimization across the whole stack, it is desirable to gain insight into the consumption of existing systems at all levels possible. Ideally, system designers and operators, as well as application developers, should be able to easily access precise power data ranging from whole systems to individual components inside a computation node. It should also be easily attributable to the code being executed, again ranging from entire processes to parts of specific threads.” (Almeida at P64:¶2) More briefly it combines known elements (the RAPL/perf_events and a perf namespace for containers to yield a predictable result (per container power usage information via a power management namespace)..
As regards [to defend the host machine] against a power-based attack vector, this result follows as evidenced by Applicant’s specification at P27:LL1-5 – “According to this disclosure, emerging power attacks in container cloud offerings are defended by implementing in the operating system (OS) kernel a power-based namespace. The namespace partitions the power consumption information for each container. In this manner, each container can only retrieve the power usage data for itself. As a corollary, the mechanism ensures that host power consumption (in the aggregate) cannot be leaked”.

Regarding claim 2, Aderholdt discloses the method as described in claim 1 wherein the per-container performance data is collected from cpuacct and perf_event cgroups (p13:Table 3.2: “cpu acct [:] automatic reports on CPU resources used by tasks in a cgroup. It is mounted together with cpu on the same mount” and “perf_event [:] allows to monitor cgroups with the perf tool”) to approximate the per-container power usage (with Prasad and Almeida as shown for claim 1, i.e. Aderholdt teaches containers via cgroups/namespaces with Prasad providing for a namespace to for per-container power usage with Almeida showing that the “perf” subsystem is for power usage via RAPL.).

Regarding claim 7, Aderholdt discloses the method as described in claim 1 the operating system kernel is Linux, and the read request is initiated from a Running Average Power Limit (RAPL) module to provide the collecting, computing and withholding (with Prasad and Almeida as for claim 1, Almeida teaches “as well as the perf events [26] Linux kernel subsystem (a tool designed for profiling CPU performance counters) both directly implement measurement through the RAPL interface.).
Aderholdt does not explicitly disclose [module] that is modified [for per container usage].
However, Prasad teaches [module] that is modified [for per container usage] (P1:¶1: “The RFC patch set supports filtering container specific events when perf tool is executed inside a container.” EN: a “patch” is a modification. As previously shown the perf subsystem uses RAPL and accordingly this is a modification to perform the per-container operations associated with collect, compute, and withhold operations made obvious as shown above.).


Regarding claims 8-9 and 14, the claims recite the same substantive limitations as found among those of claims 1-2 and 7, and are rejected under the same reasoning. Regarding the processor, memory, and instructions/code, Shen discloses that the method is implemented as “a new operating system facility” (p65:§1:¶3) and “a prototype power container facility including per-request hardware counter sampling, power modeling, and statistics maintenance in Linux 2.6.30 … We measure its overhead on a machine with a quad-core Sandy-Bridge processor.” (p70:§3.5:¶1)

Regarding claims 15-16, the claims recite the same substantive limitations as found among those of claims 8-9, and are rejected under the same reasoning

Claims 3-6, 10-13, and 17-20 are rejected under 35 U.S.C. 103 as being unpatentable over Aderholdt, Prasad, and Almeida as applied to claims 2, 9, and 16 above, and further in view of Shen [NPL reference U on PTO-892 filed 9 October 2019] (SHEN, ET AL. "Power containers: an OS facility for fine-grained power and energy management on multicore servers." ACM SIGPLAN Notices 48, no. 4 (2013): 65-76).

Regarding claim 3, Aderholdt discloses the method as described in claim 2 (in combination as shown above).
Aderholdt, Prasad, and Almeida do not explicitly disclose wherein the per-container power usage is computed based on accumulated energy usages over a time window and using one or more models of energy usage.
However, Shen teaches wherein the per-container power usage is computed based on accumulated energy usages over a time window and using one or more models of energy usage (pp66-67:§3.1: e.g. “Example metrics of interests include the core utilization or the ratio of non-halt core cycles over elapsed cycles (Mcore), retired instructions per CPU cycle (Mins), floating point operations per cycle (Mfloat), last-level cache requests per cycle (Mcache), and memory transactions per cycle (Mmem). … The remaining active (full minus idle) power can be modeled as: Pactive = Ccore ·Mcore + Cins ·Mins + Cfloat ·Mfloat + Ccache ·Mcache + Cmem ·Mmem (1) where C’s are coefficient parameters for the linear model that can be calibrated offline (once for each target machine configuration). Equation 1 models the full system active power if M’s capture the summed event metrics over all cores. We can also use it to account for the active power of an individual task if M’s capture the metrics on the CPU core where the target task is currently running.” EN: “over elapsed cycles” and “per cycle” are time windows.).
It would have been obvious to one of ordinary skill in the art before the effective filing date to combine the teachings of Aderholdt, Prasad, and Almeida in view of the teachings of Shen to include “wherein the per-container power usage is computed based on accumulated energy usages over a time window and using one or more models of energy usage” by using energy models with energy metrics of RAPL since “Energy efficiency and power capping are critical concerns in server and cloud computing systems. They face growing challenges due to dynamic power variations from new client-directed web applications, as well as complex behaviors due to multicore resource sharing and hardware heterogeneity” (Shen:Abstract) and “On these machines, extreme power-consuming tasks (or “power viruses”) [19] may appear accidentally or be devised maliciously. Isolating per client power attribution to identify such tasks so as to cap the system power draw in a fair fashion is highly desirable” (Shen:§1:¶2) and the methods of the Shen disclosure address this problem (e.g. “Our results demonstrate the high accuracy of our request power accounting (no more than 11% errors) and the effectiveness of container-enabled power virus isolation and throttling. Our request distribution case study shows up to 25% energy saving compared to an alternative approach that recognizes machine heterogeneity but not fine-grained workload affinity.” (Shen:Abstract) and “Power containers enable the OS to better manage online applications with dynamic power profiles as well as new hardware platforms with resource sharing and heterogeneity.” [Shen:§5:¶2]).
	
Regarding claim 4, Aderholdt discloses the method as described in claim 3 (in combination as shown above).
Aderholdt, Prasad, and Almeida do not explicitly disclose wherein the one or more models are one of: a core usage model, a package usage model, and a memory usage model.
However, Shen teaches wherein the one or more models are one of: a core usage model (p67:eq 1 “Ccore ·Mcore + Cins ·Mins + Cfloat ·Mfloat + Ccache ·Mcache” EN: Interpreted in view of Applicant’s specification at p29 describing the core model as accounting for CPU instructions and cache statistics.), a memory usage model (p67:eq1 “Cmem ·Mmem”and accompanying text), and a package usage model (p67:eq 1. EN: Interpreted in view of Applicant’s specification at p29 describing the package model as the sum of the core and memory models.).
It would have been obvious to one of ordinary skill in the art before the effective filing date to combine the teachings of Aderholdt, Prasad, and Almeida in view of the teachings of Shen to include “wherein the one or more models are one of: a core usage model, a package usage model, and a memory usage model” by using energy models with energy metrics of RAPL since “Energy efficiency and power capping are critical concerns in server and cloud computing systems. They face growing challenges due to dynamic power variations from new client-directed web applications, as well as complex behaviors due to multicore resource sharing and hardware heterogeneity” (Shen:Abstract) and “On these machines, extreme power-consuming tasks (or “power viruses”) [19] may appear accidentally or be devised maliciously. Isolating per client power attribution to identify such tasks so as to cap the system power draw in a fair fashion is highly desirable” (Shen:§1:¶2) and the methods of the Shen disclosure address this problem (e.g. “Our results demonstrate the high accuracy of our request power accounting (no 

Regarding claim 5, Aderholdt discloses the method as described in claim 4 (in combination as shown above).
Aderholdt, Prasad, and Almeida do not explicitly disclose further including modeling power consumption information for the host machine and using the modeled power consumption information for the host machine to calibrate power consumption information that is exposed to the particular container.
However, Shen teaches further including modeling power consumption information for the host machine and using the modeled power consumption information for the host machine to calibrate power consumption information (p67:left:¶1: “where C’s are coefficient parameters for the linear model that can be calibrated offline (once for each target machine configuration).”; pp67-68:§3.2: e.g. from the last ¶ - “We perform online least-square-fit linear regression to recalibrate the model parameters when new online samples are available. Our parameter recalibration includes both offline workload samples and current online measurements, weighed equally in the square error minimization target.”) that is exposed to the particular container (Aderholdt/Prasad/Almeida as for claim 1).


Regarding claim 6, Aderholdt discloses the method as described in claim 1 (in combination as shown above).
Aderholdt, Prasad, and Almeida do not explicitly disclose further including associating a power consumption for a particular container to a particular tenant, wherein the association facilitates an invoicing operation for the particular tenant's usage of the multi-tenant cloud compute system.
However, Shen teaches further including associating a power consumption for a particular container to a particular tenant (p65:§1:¶2: “Isolating per-client power attribution”; p68:§3.3:¶1: “We construct operating system mechanisms to support request-level power containers in a server system.”), wherein the association facilitates an invoicing operation for the particular tenant's usage of the multi-tenant cloud compute system (this intended result necessarily follows, see Applicant’s specification at p30:ll20-21).
It would have been obvious to one of ordinary skill in the art before the effective filing date to combine the teachings of Aderholdt, Prasad, and Almeida in view of the teachings of Shen to include “further including associating a power consumption for the particular container to a particular tenant, wherein the association facilitates an invoicing operation for the particular tenant's usage of the multi-tenant cloud compute system” by using energy models with energy metrics of RAPL since “Energy efficiency and power capping are critical concerns in server and cloud computing systems. They face growing challenges due to dynamic power variations from new client-directed web applications, as well as complex behaviors due to multicore resource sharing and hardware heterogeneity” (Shen:Abstract) and “On these machines, extreme power-consuming tasks (or “power viruses”) [19] may appear accidentally or be devised maliciously. Isolating per client power attribution to identify such tasks so as to cap the system power draw in a fair fashion is highly desirable” (Shen:§1:¶2) and the methods of the Shen disclosure address this problem (e.g. “Our results demonstrate the high accuracy of our request power accounting 

Regarding claims 10-13, the claims recite the same substantive limitations as found among those of claims 3-6, and are rejected under the same reasoning. Regarding the processor, memory, and instructions/code, Shen discloses that the method is implemented as “a new operating system facility” (p65:§1:¶3) and “a prototype power container facility including per-request hardware counter sampling, power modeling, and statistics maintenance in Linux 2.6.30 … We measure its overhead on a machine with a quad-core Sandy-Bridge processor.” (p70:§3.5:¶1)

Regarding claims 17-20, the claims recite the same substantive limitations as found among those of claims 10-13, and are rejected under the same reasoning

Response to Arguments
Examiner’s note:
Reference to “prior Action” are to the Office Action filed 27 May 2021.
References to “PGPUB” are to pre-grant publication US 20190004917 A1, the pre-grant publication for the instant application.
Applicant (P9:¶¶4-7):
First, and regarding Prasad, which is newly-cited, the reference does not meet the following element as identified by the Examiner, namely: "for each container associated with the [perf] namespace, computing a per-container power usage." (See, Office action, at pages 6-7, emphasis supplied). In Prasad, a performance monitoring tool is executed within a container and for the purpose of reporting "only those events that are triggered within the container." That said, "performance" events - in of and themselves - are not a computed "power usage." At most, what Prasad teaches here is per-container event monitoring, but the reference does not go further in "computing" anything, let alone "power usage."
In this regard, the Examiner is reminded that the clause in question is part of a larger phrase, namely:
"collecting per-container performance data and, for each container associated with the power management namespace, computing a per-container power usage." Thus, and as phrased, per-container power consumption is computed based on collected per-container performance data. As noted above, Prasad (and for that matter Aderholdt) at most teaches the first half of the claim phrase, but not the second half. Neither Aderholdt nor Prasad, alone or in combination, teach per-container power usage being computed at all, let alone based on the per-container performance data collected.
To the extent the Examiner is interpreting Prasad's "performance data" collected for "power usage," this is error, as there is nothing in the teachings themselves that would support such a finding. Indeed, container performance may be monitored for many reasons, and the data collected may itself have no relation whatsoever to power consumption.
Examiner’s response:

The examiner respectfully submits that the assertion that “Thus, and as phrased, per-container power consumption is computed based on collected per-container performance data” does not follow from the claimed "collecting per-container performance data and, for each container associated with the power management namespace, computing a per-container power usage", i.e. there are two actions “collecting” and “computing” but no requirement that the computing be based on the data collected. Nevertheless, as discussed herein below, the examiner respectfully submit that, as shown in the prior Action, the prior art makes obvious the claimed limitation.
In particular, as described in the PGPUB at [0068] – ‘Running Average Power Limit [examiner: that is RAPL], can report the power consumption for several ''power planes" of the processor’ and at [0072] – “The RAPL interface in each container is a user-kernel sysfs interface, and it is designed for users to read power usage”, i.e. RAPL itself is “designed for users to read power usage”. Further, as shown in the prior Action at page 8, Almeida teaches at P70:¶1 – “Some profiling frameworks focused on CPU performance counters support CPU-based energy metrics. For example, … the perf events [26] Linux kernel subsystem (a tool designed for profiling CPU performance counters) both directly implement measurement through the RAPL interface”, i.e. the prior art also shows this. Accordingly, Prasad’s teaching of ‘"perf record -a" inside a container reports container-wide events; the "-a" flag which stands for system-wide event collection takes the meaning of container-wide event collection when executed inside a container’ is reasonably interpreted as “computing a per-container power usage”, i.e. using the “perf record –a” is the computing of per container (“-a” indicates “container-wide”) power usage (as retrieved through RAPL via perf).

Applicant (P9:¶1-P11:¶1):
Second, the combined teachings also do not for the following subject matter (with claim 1 being representative):
"using the power management namespace to defend the host machine against a power-based attack vector by:
…
responsive to a read request initiated from a particular container and directed to a power consumption kernel module of the operating system, the power consumption kernel module being shared by each container in the set of containers, the power consumption kernel module returning the per-container power usage that has been computed for the particular container and withholding power consumption information about any other container in the set; ...
Thus, the "power consumption kernel module" that is "shared by each container in the set of containers" receives "a read request initiated from a particular container ... ," and in response (a) returns the "per-container power usage" that it - the power consumption kernel module – has computed for that container, while (b) also "withholding power consumption information about any other container in the set." The "withholding ... " phrase is an affirmative requirement here (as opposed to some by-product or benefit of container isolation per se), and the reason the "power consumption kernel module" is operated in this manner is because ( as the claim element also recites) it is "shared by each container in the set of containers." Because of this sharing, the power consumption kernel module has available to it the power consumption data from all of the containers; thus, when a particular "read request" is initiated to that module from a "particular 
This notion of a "power consumption kernel module" that is shared by the containers but that operates to respond to container-specific requests while "withholding information about any other container in the set" is not disclosed or suggested by the prior art. In the rejection, the Examiner cites to Aderholt' s basic notion that namespaces can be used to provide "isolations for various resources and users." That teaching - in of and itself - is not disputed, but it is also irrelevant to what is being claimed. When namespaces such as in Aderholt are implemented, by definition they provide isolation. As a corollary, and when isolation is configured and enforced, there is no need for "withholding" anything because data does not end up anywhere that it is not otherwise intended to be in the first instance. In the claim element, it is the "shared by each  container in the set of containers" predicate (with respect to the "power consumption kernel module") that sets up thea need to provide "withholding." Aderholt's generalized use of namespaces or cgroups are just known isolation mechanisms. There is no active notion of "withholding" required under these circumstances, let alone disclosed in the Aderholt reference. Stated perhaps another way, in Aderholdt ( or Prasad for the matter) the fact of isolation makes withholding unnecessary.
All claim elements are material, and the notion of "withholding" as an active operation is not present in the Aderholt teaching, alone or in combination.
Examiner’s response:
‘(a) returns the "per-container power usage" that it - the power consumption kernel module – has computed for that container’, this is discussed in the examiner’s response herein above.
As regards the arguments regarding ‘(b) also "withholding power consumption information about any other container in the set." The "withholding ... " phrase is an affirmative requirement here (as opposed to some by-product or benefit of container isolation per se), and the reason the "power consumption kernel module" is operated in this manner is because ( as the claim element also recites) it is "shared by each container in the set of containers" and ‘the notion of "withholding" as an active operation’ the examiner respectfully submits that the withholding limitation was introduced to the claims with the filing of 9 January 2020 and the accompanying remarks (also filed 9 January 2020) indicate support found at (in part) [0072], [0073], and [0075] of the PGPUB. Please consider the description found in these paragraphs as follows:
 [0072] - “The RAPL driver is a kernel module running on the host that provides an ability to monitor power consumption. … Each container has associated therewith an RAPL interface 512. The RAPL interface in each container is a user-kernel sysfs interface, and it is designed for users to read power usage.”
[0073] – “According to this disclosure, the application 505 in each container 504 reads the power usage in its respective RAPL interface 512 mounted in the container … As depicted, a read operation is directed from the RAPL interface 512 to the RAPL driver 506 in the kernel. When a read occurs, preferably the whole-system power usage, however, is not returned to the application inside the container; rather, the approach herein is to have per-container performance data collected (by the RAPL driver 506) 
[0075] – “The namespace partitions the power consumption information for each container. In this manner, each container can only retrieve the power usage data for itself.”
Accordingly, the “active operation” of “withholding” is using RAPL driver (kernel module) to collect data and then reporting only the data for the “container” (withholding information about any other container in the set). Now consider the prior art cited (in part) as follows:
Aderholdt - P6:§2.1:¶4: “Resources within the host’s kernel are only virtualized in the sense of separate namespaces.” And P15:§3.1.5:¶¶1-2: “The tools leverage the feature-set presented by the Linux kernel including namespaces and cgroups. … Because LXC leverages features present in Linux, the scheduling of CPU resources is provided by the default scheduler and the use of cgroups. Likewise, user, filesystem, and process isolation is provided through the use of namespaces.”
Prasad - P1:¶¶1-2: “The RFC patch set supports filtering container specific events when perf tool is executed inside a container. However, unlike the previous approach [1], this requires containers to be created with a new namespace "perf-namespace" (introduced in patch 1). The basic idea is analogous to other namespaces: if event isolation is required when running perf tool inside a container, then the container should be created with perf-namespace.”
Prasad - P1:¶3: “The perf tool executed inside a container created with perf-namespace reports only those events that are triggered within the container. For example "perf record -a" inside a container reports container-wide events; the "-a" flag which stands for 
Almeida - P70:¶1: “Some profiling frameworks focused on CPU performance counters support CPU-based energy metrics. For example, the likwid [46] profiler, as well as the perf events [26] Linux kernel subsystem (a tool designed for profiling CPU performance counters) both directly implement measurement through the RAPL interface.”
Accordingly, with the reasoning presented in the rejection, the prior art makes obvious the “active operation” of “withholding” by using RAPL driver (via perf) to collect data and then reporting only the data for the “container” (actively withholding information about any other container in the set – data isolation and reporting via namespaces/cgroups taught by Aderholdt and Prasad).
Note, as regards the claimed “shared” kernel module and “withholding” in particular, that Aderholdt discloses “Resources within the host’s kernel are only virtualized in the sense of separate namespaces” and ‘A VE employs a single kernel instance, which manages the isolation for the “containers” where processes execute’, i.e. a shared kernel instance managing “isolation”, while Prasad discloses “The RFC patch set supports filtering container specific events when perf tool is executed inside a container” and ‘The perf tool executed inside a container created with perf-namespace reports only those events that are triggered within the container. For example "perf record -a" inside a container reports container-wide events; the "-a" flag which stands for system-wide event collection takes the meaning of container-wide event collection when executed inside a container’ [emphasis added in all citations], i.e. filtering container events from system-wide events when “executed inside a container”. The examiner respectfully submits that both Aderholdt and Prasad are congruous as regards the 
To conclude, contrary to Applicant’s assertion that “Stated perhaps another way, in Aderholdt ( or Prasad for the matter) the fact of isolation makes withholding unnecessary”, the examiner respectfully submits that the “managing” via namespaces/cgroups (Aderholdt) and “filtering” via namespaces (Prasad) demonstrate that “withholding” is that which effects the “isolation”, i.e. the managing/filtering of information is the withholding which result in the isolation itself.

Applicant (P11:¶3):
Fourth, the combined teachings do not account for "a read request initiated from a particular container," let alone directed to the particular "kernel module" specified. In Aderholdt, the system calls are initiated from user actions, and not from the containers, but even then. they are simply directed to the kernel generally. Relatedly, the "query and modify operations" identified by the Examiner concern the "cgroup file system" and do not appear to be "read" requests from the containers themselves.
Examiner’s response:
The examiner respectfully disagrees. In particular, as shown in the rejection, Arnholdt discloses “The Linux kernel has two primary mechanisms that are used to implement isolation for container-based, single-OS kernel virtualization: (i) namespaces and (ii) control groups (cgroups)”, “All query and modify operations are done via this cgroup file system [10]”, and “When any user performs a system call (e.g. open(), mount(), write()), the host kernel will evaluate whether to allow the operation by mapping the UID in the calling namespace to the UID 
As regards the “power consumption kernel module” this is made obvious by the combination. Please consider, in response to applicant's arguments against the references individually, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986).

Applicant (P11:¶4):
Fifth, and regarding Almeida, the finding that the reference teaches a "power management namespace" (Office action, at page 8) is based on what Applicant is claiming and not what the reference teaches. This is impermissible. See, e.g., Kinetic Concepts, Inc. v. Smith & Nephew, Inc., 688 F.3d 1342, 1369 (Fed. Cir. 2012). With respect to power, Almeida simply states that CPU performance counters can support "CPU-based energy metrics." This statement - in of and itself - does not thereby transform Prasad's new [perf] namespace into a "power management" namespace. Rather, the CPU-based energy metrics are just other data collected by the container-specific performance monitoring tool that the [perf] namespace configures. Further, Almeida's disclosure of "RAPL functionality for accessing power performance counters" (Office 
Examiner’s response:
The examiner respectfully disagrees. In response to applicant's argument that the examiner's conclusion of obviousness is based upon improper hindsight reasoning, it must be recognized that any judgment on obviousness is in a sense necessarily a reconstruction based upon hindsight reasoning.  But so long as it takes into account only knowledge which was within the level of ordinary skill at the time the claimed invention was made, and does not include knowledge gleaned only from the applicant's disclosure, such a reconstruction is proper.  See In re McLaughlin, 443 F.2d 1392, 170 USPQ 209 (CCPA 1971).
In particular, as shown in the rejection, Prasad discloses using the perf namespace for isolating and virtualizing resources while Almeida shows that the perf subsystem itself is for “CPU-based energy metrics” via the RAPL interface. The examiner respectfully submits that this is not a teaching to ‘transform Prasad's new [perf] namespace into a "power management" namespace’ (Applicant’s terminology) but rather demonstrates that the perf subsystem is for power management and accordingly, the perf namespace itself is a power management namespace, i.e. no transformation required.

Applicant (P11:¶5-P12):
Examiner: Applicant’s remaining arguments regarding 1, 8, and 15 ultimately rely on those discussed herein above.

Regarding Claims 2, 9 and 16, Claims 7 and 14, Claims 3, 10 and 17 - Applicant (P12:last ¶-P13:¶5):
Examiner: The arguments rely on newly added limitation and the examiner respectfully submits that the prior art makes obvious the claimed invention as shown in the rejections herein above.

Regarding Claims 5, 12 and 19 – Applicant (P13:¶6):
While Shen describes recalibration, the authors do so in the context of changing (recalibrating) the "model parameters," and not using "modeled power consumption information for the host machine to calibrate power consumption information exposed to the particular container." In other words, Shen's calibration occurs within a respective model only, and it just changes the model itself.
Examiner’s response:
The examiner respectfully disagrees. Please consider, in response to applicant's arguments against the references individually, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986).
As shown in the rejection, Shen discloses (see citation for claim 3 from which claim 5 depends) “We can also use it to account for the active power of an individual task if M’s capture the metrics on the CPU core where the target task is currently running” and as further shown in claim 5 this is part of the calibration process for the host machine and that such calibration is ongoing (recalibration). As regards the “particular container” in this context, it is the 

Conclusion
Claims 1-20 are rejected.
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
US 20210263779 A1	Haghighat; Mohammad R. et al.
Discussing using namespaces, control groups, and hardware containers for “fine-grained” resource accounting.
GUO, LIWEI, TIANTU XU, MENGWEI XU, XUANZHE LIU, AND FELIX XIAOZHU LIN. "Power sandbox: Power awareness redefined." In Proceedings of the Thirteenth EuroSys Conference, pp. 1-15. 2018.
Discussing the risks associated with having power information (e.g. side-channel attacks) and solutions to isolate power information (a “power sandbox”)

THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to ROBERT S BROCK whose telephone number is (571)270-3052. The examiner can normally be reached Monday-Friday 6:30am-3pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Boris Gorney can be reached on (571) 270-5626. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/R.S.B./Examiner, Art Unit 2147                                                                                                                                                                                                        
/BORIS GORNEY/Supervisory Patent Examiner, Art Unit 2147