Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

	DETAILED ACTION

Claims 1 to 21, filed on 8/4/2020, have been examined

Priority

Acknowledgment is made of applicant's claim for the priority to Provisional Application No. 62/966,383, filed on Jan. 27, 2020.

Drawings
The drawings filed on 8/4/2020 are accepted.

Claim Rejections - 35 U.S.C. 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.  

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
Determining the scope and contents of the prior art.
Ascertaining the differences between the prior art and the claims at issue.
Resolving the level of ordinary skill in the pertinent art.
Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1, 7, 11-13, and 20-21 are rejected under 35 U.S.C. 103 as being unpatentable over Kumatagi et al. (USPub: 2020/0356397, hereinafter referred to as Kumatagi) in view of Li et al. (USPat: 10,922,386 B1, hereinafter referred to as Li). 

Regarding claim 1,  Kumatagi discloses a monitoring system for monitoring a container network interface of a container network namespace, the container network namespace associated with a container of one or more containers, each container having a corresponding namespace (para. 117, lines 8-11, FIG. 5, wherein the computer node has multiple containers), the monitoring system comprising:
at least one memory configured to store instructions (para. 49, lines 18-22, the instructions are stored in the memory); and 
at least one processor disposed in communication with the at least one memory, wherein the at least one processor upon execution of the instructions is configured to (para. 123): 
receive the container network namespace assigned to the container as established in a container runtime (para. 119, lines 6-9, wherein the received the namespace is based on the container runtimes); 
switch from a host container network namespace to the container network namespace of the container (para. 120, lines 9-12, switching the namespace).
Although Kumatagi discloses everything as applied above, Kumatagi does not explicitly disclose to open the container network interface of the container network namespace for allowing access to packets received or transmitted by the container network interface.  However, this concept is well known in the art as disclosed by Li. In the same field of endeavor, Li discloses to
open the container network interface of the container network namespace for allowing access to packets received or transmitted by the container network interface (col. 3, lines 63 to col. 4, lines 2, wherein the namespace is opened and pointed by the access handle); and 
access the packets (col, 7, lines 17-18, where in the packets are in the files within the container is accessed).
It would have been obvious to one of ordinary skill in the art before the effective filing data of the applicant’s claimed invention to include Li’s method into Kumatagi’s invention. One of ordinary skill in the art would have been motivated to provide effective solutions to security inspection and monitoring of operations within security containers (col. 1, lines 42-44). 

Regarding claim 7, Kumatagi and Li disclose everything as applied above. Kumatagi and Li further disclose 
wherein the at least one processor is further configured to share the packets with a monitoring processor that monitors the packets (Kumatagi’s para. 117, lines 8-11 and para. 123).
It would have been obvious to one of ordinary skill in the art before the effective filing data of the applicant’s claimed invention to include Li’s method into Kumatagi’s invention. One of ordinary skill in the art would have been motivated to provide effective solutions to security inspection and monitoring of operations within security containers (col. 1, lines 42-44). 

Regarding claim 11, Kumatagi and Li disclose everything as applied above. Kumatagi and Li further disclose 
wherein the main thread is further configured to receive user input instructing the main thread which containers are selected and/or what to process in the packets (Kumatagi’s para. 35, lines 6-10 and para. 59, lines 6-7, wherein the consumer selects a container to run).  
It would have been obvious to one of ordinary skill in the art before the effective filing data of the applicant’s claimed invention to include Li’s method into Kumatagi’s invention. One of ordinary skill in the art would have been motivated to provide effective solutions to security inspection and monitoring of operations within security containers (col. 1, lines 42-44). 

Regarding claim 12, Kumatagi and Li disclose everything as applied above. Kumatagi and Li further disclose 
wherein the at least one processor is further configured to switch from the container network namespace back to the host network namespace (Kumatagi’s para. 120, lines 9-12, switching the namespace).
It would have been obvious to one of ordinary skill in the art before the effective filing data of the applicant’s claimed invention to include Li’s method into Kumatagi’s invention. One of ordinary skill in the art would have been motivated to provide effective solutions to security inspection and monitoring of operations within security containers (col. 1, lines 42-44). 

Regarding claim 13, it is substantially the same as claim 1, except claim 13 is in a method claim format. Because the same reasoning applies, claim 13 is rejected under the same reasoning as claim 1.

Regarding claims 20-21, they are substantially the same as claims 11-12, except claims 20-21 are in a method claim format. Because the same reasoning applies, claims 20-21 are rejected under the same reasoning as claims 11-12.

Claims 2-6, 8, 14-17 are rejected under 35 U.S.C. 103 as being unpatentable over Kumatagi in view of Li as applied to claim 1 above, and further in view of Yu et al. (USPub: 2017/0147522, hereinafter referred to as Yu). 

Regarding claim 2, Kumatagi and Li disclose everything as applied above. Kumatagi and Li do not explicitly disclose to establish a main thread configured to receive the container network namespace assigned to respective established containers.  However, this concept is well known in the art as disclosed by Yu. In the same field of endeavor, Yu discloses to
establish a main thread configured to receive the container network namespace assigned to respective established containers (para. 21, lines 1-4 and para.12, lines 22-26), the main thread being configured to:
dispatch a packet capture thread for selected containers of the established containers, wherein the respective packet capture threads are configured to switch to the container network namespace of the container for which they were dispatched (para. 15, lines 20-22 and para. 12, lines 22-26, wherein to receive the packets is to dispatch a packet capture thread); and
execute the respective dispatched packet capture threads (para. 15, lines 20-22, where in the process the packets is to execute the respective dispatched packet).
It would have been obvious to one of ordinary skill in the art before the effective filing data of the applicant’s claimed invention to include Yu’s method into Kumatagi and Li’s invention. One of ordinary skill in the art would have been motivated to “facilitate configuration changes to an NIC teaming device while enabling multiple I/O threads continue to run through the NIC teaming device concurrently without the need of synchronization and locking on the NIC teaming device” (para. 4, lines 1-5).
Regarding claim 3, Kumatagi, Li and Yu disclose everything as applied to claim 2 above. Yu further discloses 
wherein the respective packet capture threads are further configured to access the packets and share the packets with the main thread (para. 15, lines 22-26, wherein the received packets is from the I/O thread, i.e., a main thread); 
wherein the main thread is further configured to:
receive the packets accessed by the respective packet captured threads (para. 15, lines 22-26, to receive the packet); and
process the packets (para. 15, lines 22-26, to process the packets).
It would have been obvious to one of ordinary skill in the art before the effective filing data of the applicant’s claimed invention to include Yu’s method into Kumatagi and Li’s invention. One of ordinary skill in the art would have been motivated to “facilitate configuration changes to an NIC teaming device while enabling multiple I/O threads continue to run through the NIC teaming device concurrently without the need of synchronization and locking on the NIC teaming device” (para. 4, lines 1-5).

Regarding claim 4, Kumatagi, Li and Yu disclose everything as applied to claim 2 above. Yu further discloses
wherein the respective packet capture threads are further configured to open a container network interface of the container for which they were dispatched and provide a handle for accessing packets received or transmitted by the container network interface to the main thread (para. 14, lines 11-13 and para. 21, lines 1-4, wherein creating a NIC teaming device 114-0 is to open a container network interface); 
wherein the main thread is further configured to:
receive the handle provided by the respective packet captured threads (para. 15, lines 22-26, to receive the packet)); 
using the handle received by the respective packet captured threads, access the packets received or transmitted by the container network interface (para. 21, lines 1-4); and
process the packets (para. 15, lines 22-26, to process the packets).
It would have been obvious to one of ordinary skill in the art before the effective filing data of the applicant’s claimed invention to include Yu’s method into Kumatagi and Li’s invention. One of ordinary skill in the art would have been motivated to “facilitate configuration changes to an NIC teaming device while enabling multiple I/O threads continue to run through the NIC teaming device concurrently without the need of synchronization and locking on the NIC teaming device” (para. 4, lines 1-5).

Regarding claim 5, Kumatagi and Li disclose everything as applied above. Kumatagi and Li do not explicitly disclose wherein the packet capture threads dispatched are all included in one memory space of the at least one memory.  However, this concept is well known in the art as disclosed by Yu. In the same field of endeavor, Yu discloses to
wherein the packet capture threads dispatched are all included in one memory space of the at least one memory (para. 11, lines 1-5 and para. 10, lines 10-13). 
It would have been obvious to one of ordinary skill in the art before the effective filing data of the applicant’s claimed invention to include Yu’s method into Kumatagi and Li’s invention. One of ordinary skill in the art would have been motivated to “facilitate configuration changes to an NIC teaming device while enabling multiple I/O threads continue to run through the NIC teaming device concurrently without the need of synchronization and locking on the NIC teaming device” (para. 4, lines 1-5).

Regarding claim 6, Kumatagi, Li and Yu disclose everything as applied to claim 2 above. Yu further discloses
wherein the packet capture threads dispatched are all included in one memory space of the at least one memory (para. 11, lines 1-5 and para. 10, lines 10-13). 
It would have been obvious to one of ordinary skill in the art before the effective filing data of the applicant’s claimed invention to include Yu’s method into Kumatagi and Li’s invention. One of ordinary skill in the art would have been motivated to “facilitate configuration changes to an NIC teaming device while enabling multiple I/O threads continue to run through the NIC teaming device concurrently without the need of synchronization and locking on the NIC teaming device” (para. 4, lines 1-5).
Regarding claim 8, Kumatagi, Li and Yu disclose everything as applied to claim 2 above. Kumatagi, Li and Yu further disclose
wherein the main thread is further configured to share the packets with a remote central processor that monitors the packets (Kumatagi’s para. 45, lines 7-10).  
It would have been obvious to one of ordinary skill in the art before the effective filing data of the applicant’s claimed invention to include Yu’s method into Kumatagi and Li’s invention. One of ordinary skill in the art would have been motivated to “facilitate configuration changes to an NIC teaming device while enabling multiple I/O threads continue to run through the NIC teaming device concurrently without the need of synchronization and locking on the NIC teaming device” (para. 4, lines 1-5).

Regarding claims 14-16, they are substantially the same as claims 2-4, except claims 14-16 are in a method claim format. Because the same reasoning applies, claims 14-16 are rejected under the same reasoning as claims 2-4.

Regarding claim 17, it is substantially the same as claim 8, except claim 17 is in a method claim format. Because the same reasoning applies, claim 17 is rejected under the same reasoning as claim 8.

Claims 9-10 and 18-19 are rejected under 35 U.S.C. 103 as being unpatentable over Kumatagi in view of Li and Yu as applied to claim 2 above, and further in view of Gupta et al. (USPub: 2021/0029170, hereinafter referred to as Gupta). 

Regarding claim 9, Kumatagi, Li and Yu disclose everything as applied above. Kumatagi, Li and Yu do not explicitly disclose wherein the respective packet capture threads are further configured to shut themselves down when the container for they were respectively dispatched is no longer available.  However, this concept is well known in the art as disclosed by Gupta. In the same field of endeavor, Gupta discloses to terminate the thread when on entry is found (i.e., to shut down the thread when the entry is no longer available) (para. 98, lines 8-12)
It would have been obvious to one of ordinary skill in the art before the effective filing data of the applicant’s claimed invention to include Gupta’s method into Kumatagi,  Li and Yu’s invention. One of ordinary skill in the art would have been motivated “to detect malicious attacks in real-time on a computer network (customer endpoint)” (para. 4, lines 2-3).
Hence, Kumatagi, Li, Yu and Gupta disclose
wherein the respective packet capture threads are further configured to shut themselves down when the container for they were respectively dispatched is no longer available (para. 98, lines 8-12 and Li’s para. 21, lines 1-4 and para.12, lines 22-26). 

Regarding claim 10, Kumatagi, Li, Yu and Gupta disclose everything as applied above. Kumatagi, Li, Yu and Gupta further disclose
wherein the main thread is further configured to clean up the packet capture thread once it is shutdown (para. 98, lines 8-12 and element 1115 in FIG. 11 illustrate the clean-up step).
It would have been obvious to one of ordinary skill in the art before the effective filing data of the applicant’s claimed invention to include Gupta’s method into Kumatagi,  Li and Yu’s invention. One of ordinary skill in the art would have been motivated “to detect malicious attacks in real-time on a computer network (customer endpoint)” (para. 4, lines 2-3).

Regarding claims 18-19, they are substantially the same as claims 9-10, except claims 18-19 are in a method claim format. Because the same reasoning applies, claims 18-19 are rejected under the same reasoning as claims 9-10.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ANTHONY L LUO whose telephone number is (571)272-2602.  The examiner can normally be reached on M-F: 8 am to 5 pm.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Marsha Banks-Harold can be reached on 571 272 7905.  The fax phone 

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/A. L./
Examiner, Art Unit 2465

/WALTER J DIVITO/Primary Examiner, Art Unit 2419