Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

            DETAILED ACTION

1.	This action is responsive to:  an original application filed on 3 July 2019.	
2.	Claims 1-20 are currently pending and claims 1, 8 and 15 are independent claims. 

Information Disclosure Statement

3.	The information disclosure statement (IDS) submitted on 3 July 2019. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.

          Priority

4.	No Priority claimed.
         Drawings

5.	The drawings filed on 3 July 2019 are accepted by the examiner. 

Claim Rejections - 35 USC § 103
	
6.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1-20 are rejected under 35 U.S.C §103 as being unpatentable over Eberlein et al. (US Publication No. 20180316685), hereinafter Eberlein and in view of Gueron et al. (US Patent No. 11184157), hereinafter Gueron.  

In regard to claim 1: 
retrieving a configuration file for an application from a first repository, wherein the configuration file stores a configuration value and a link to a secret value in a second repository (Eberlein, ¶4, 6).
retrieving the secret value from the second repository using the link to the secret value in the configuration file (Eberlein, ¶16-17, 71).
Eberlein does not explicitly suggest, hashing the configuration value to output a hashed configuration value and the secret value to output a hashed secret value; however in a same field of endeavor Gueron discloses this hashing method (Gueron, col 7, lines 22-39).

Eberlein does not explicitly suggest, and storing the configuration value, the secret value, the hashed and signed configuration value, and the hashed and signed secret value in a release file, wherein the configuration value; however in a same field of endeavor Gueron discloses this method (Gueron, col 3, lines 22-46).
and the secret value are environment variables (Eberlein, ¶40-41). 
and executing the application using the release file (Eberlein, ¶79).
It would have been obvious to one of ordinary skill in the art at the time the invention was made filed to include the method of determining and retrieving secret value for configuration file of hashing and signing method disclosed in Gueron in order to have extra layer of data and internet security stated by Gueron at col 16, lines47-53.

In regard to claim 2: 
wherein the configuration file stores a plurality of links, and further comprising operations for: determining that a link of the plurality of links includes a macro (Eberlein, ¶90).  
and executing the macro to modify the secret value retrieved using the link (Eberlein, ¶29).

In regard to claim 3:


In regard to claim 4: 
Eberlein does not explicitly suggest, wherein the application: decrypts, with a public key, the hashed and signed configuration value to obtain a decrypted and hashed configuration value and the hashed and signed secret value to obtain a decrypted and hashed secret value; compares the hashed configuration value with the decrypted and hashed configuration value to determine whether the configuration value is valid; and compares the hashed secret value with the decrypted and hashed secret value to determine whether the secret value is valid; however in a same field of endeavor Gueron discloses this method (Gueron, col 16, lines 51-67 and col 17, lines 1-13).
Same motivation for combining the respective features of Eberlein and Gueron applies herein, as discussed in the rejection of claim 1.

In regard to claim 5: 
urther comprising operations for: accessing the second repository using a token with read-only permission (Eberlein, ¶16-17).

In regard to claim 6: 


In regard to claim 7: 
wherein a Software as a Service (SaaS) is configured to perform the operations of the method (Eberlein, ¶34).

In regard to claim 8:
retrieving a configuration file for an application from a first repository, wherein the configuration file stores a configuration value and a link to a secret value in a second repository (Eberlein, ¶4, 6).
retrieving the secret value from the second repository using the link to the secret value in the configuration file (Eberlein, ¶16-17, 71).
Eberlein does not explicitly suggest, hashing the configuration value to output a hashed configuration value and the secret value to output a hashed secret value; however in a same field of endeavor Gueron discloses this hashing method (Gueron, col 7, lines 22-39).
Eberlein does not explicitly suggest, and signing, with a private key, the hashed configuration value to output a hashed and signed configuration value and the hashed secret value to output a hashed and signed secret value; however in a same field of endeavor Gueron discloses this signing method (Gueron, col 17, lines 25-42).
Eberlein does not explicitly suggest, and storing the configuration value, the secret value, the hashed and signed configuration value, and the hashed and signed secret 
and the secret value are environment variables (Eberlein, ¶40-41).
and executing the application using the release file (Eberlein, ¶79).
It would have been obvious to one of ordinary skill in the art at the time the invention was made filed to include the method of determining and retrieving secret value for configuration file of hashing and signing method disclosed in Gueron in order to have extra layer of data and internet security stated by Gueron at col 16, lines47-53.

In regard to claim 9: 
wherein the configuration file stores a plurality of links, and wherein the program code is executable by the at least one processor to perform operations for: determining that a link of the plurality of links includes a macro; and executing the macro to modify the secret value retrieved using the link (Eberlein, ¶90, 29).

In regard to claim 10: 
wherein the configuration file stores a plurality of links, wherein a first link of the plurality of links comprises a reference to a second link of the plurality of links in the second repository, and wherein the second link is used to retrieve the secret value in a third repository (Eberlein, ¶27-28).

In regard to claim 11: 
Eberlein does not explicitly suggest, wherein the application: decrypts, with a public key, the hashed and signed configuration value to obtain a decrypted and 
Same motivation for combining the respective features of Eberlein and Gueron applies herein, as discussed in the rejection of claim 8.

In regard to claim 12: 
wherein the program code is executable by the at least one processor to perform operations for: accessing the second repository using a token with read-only permission (Eberlein, ¶16-17).

In regard to claim 13: 
wherein the program code is executable by the at least one processor to perform operations for: invoking a release command with parameters for a location of the configuration file and a location of the release file (Eberlein, ¶2, 4).

In regard to claim 14: 
wherein a Software as a Service (SaaS) is configured to perform the operations of the computer program product (Eberlein, ¶34).

claim 15: 
A computer system, comprising: one or more processors, one or more computer-readable memories and one or more computer-readable, tangible storage devices (Eberlein, ¶5).
and program instructions, stored on at least one of the one or more computer-readable, tangible storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, to perform operations comprising (Eberlein, ¶5).
retrieving a configuration file for an application from a first repository, wherein the configuration file stores a configuration value and a link to a secret value in a second repository (Eberlein, ¶4, 6).
retrieving the secret value from the second repository using the link to the secret value in the configuration file (Eberlein, ¶16-17, 71).
Eberlein does not explicitly suggest, hashing the configuration value to output a hashed configuration value and the secret value to output a hashed secret value; however in a same field of endeavor Gueron discloses this hashing method (Gueron, col 7, lines 22-39).
Eberlein does not explicitly suggest,and signing, with a private key, the hashed configuration value to output a hashed and signed configuration value and the hashed secret value to output a hashed and signed secret value; however in a same field of endeavor Gueron discloses this signing method (Gueron, col 17, lines 25-42).
Eberlein does not explicitly suggest, and storing the configuration value, the secret value, the hashed and signed configuration value and the hashed and signed secret 
wherein the configuration value and the secret value are environment variables (Eberlein, ¶40-41).
and executing the application using the release file (Eberlein, ¶79).

In regard to claim 16:
wherein the configuration file stores a plurality of links, and wherein the operations further comprise: determining that a link of the plurality of links includes a macro; and executing the macro to modify the secret value retrieved using the link (Eberlein, ¶90, 29).
 
In regard to claim 17:
wherein the configuration file stores a plurality of links, wherein a first link of the plurality of links comprises a reference to a second link of the plurality of links in the second repository, and wherein the second link is used to retrieve the secret value in a third repository (Eberlein, ¶27-28).

In regard to claim 18:
Eberlein does not explicitly suggest, wherein the application: decrypts, with a public key, the hashed and signed configuration value to obtain a decrypted and hashed configuration value and the hashed and signed secret value to obtain a decrypted and hashed secret value; compares the hashed configuration value with the decrypted and hashed configuration value to determine whether the configuration value is valid; and compares the hashed secret value with the decrypted and hashed 
Same motivation for combining the respective features of Eberlein and Gueron applies herein, as discussed in the rejection of claim 15.

In regard to claim 19:
wherein the operations further comprise: accessing the second repository using a token with read-only permission (Eberlein, ¶16-17). 

In regard to claim 20:
wherein a Software as a Service (SaaS) is configured to perform the operations of the computer system (Eberlein, ¶34).

   Conclusion

7.	The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure. Any inquiry concerning this communication or earlier communications from the examiner should be directed to Monjour Rahim whose telephone number is (571)270-3890. 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on 571-272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.


/Monjur Rahim/
Patent Examiner
United States Patent and Trademark Office
Art Unit: 2436; Phone: 571.270.3890
E-mail: monjur.rahim@uspto.gov
Fax: 571.270.4890