DETAILED ACTION

Notice of AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

The present office action is responsive to communications received on 1/25/2022. Claims 1-8 are pending.

Response to Arguments
The arguments/remarks filed by the applicant on 1/25/2022 have been fully considered and are responded in the following.

Applicant's amendments to the specification and claims have overcome most of the objections previously set forth in the Non-Final Office Action mailed 10/26/2021 except for claim 3. All objections except for claim 3 have been withdrawn. In addition, claim 4 is objected to because of new informalities.

Applicant's arguments regarding the 35 USC § 103 rejection of amended independent claim 1 have been fully considered but they are not persuasive. Applicant states that ‘Claim 1 recites, in part, "securely communicating an identifier of the software container, the application installation path, the application data path and the generated encryption key for secure storage by a security component external to the software container." This is neither disclosed nor suggested by Levy or Creasman, regardless whether they are considered individually or combined as suggested in the Office Action. In particular, the Office Action states: "Here the encryption key, i.e., the public key of the application key, is stored externally to the containers, indexed by project name, volume id, and application id, hence implying storage of the application id, which identifies the application container. The security of the storage is disclosed by the authorization tokens mechanism." P. 6. The Office Action does not identify any disclosure in Levy that its encryption key "is stored externally to the containers" and admits that it is relying on an "implied" disclosure of secure storage. (p. 12, ¶3 and ¶5)’ In response to applicant's arguments, the examiner respectfully disagrees. First, Levy discloses “encryption key is stored externally to the containers” by reciting “both the public and the private keys are then stored on the IVKM, indexed by the project name, volume id, and the application id” (¶130). Keys are “indexed” by “volume id, and the application id“ in IVKM, which means keys from multiple applications across multiple volumes are store together in IVKM. Therefore, this IVKM is shared among multiple applications and must be external to individual container. Second, “for secure storage” is intended use and is disclosed by the “authorization tokens mechanism” in “application keys are also authenticated using IDPS authorization tokens mechanism, which allows coupling protected items with specific authorization tokens. Once this mechanism is used, access to the application keys is allowed only when an authorization token is supplied by the caller” (Levy ¶130), even if given any patentable weight.

Next, regarding “securely communicating”, Levy discloses this limitation by reciting the computing environments being secure through the use of Secure Sockets Layer (SSL) protocols, virtual private network (VPN), and firewalls (¶30-32, 35,39). Applicant is encouraged to include detail mechanism used to achieve secure communication to overcome prior art and expedite prosecution. In summary, reference Levy discloses that certain elements, such as identifier of container and encryption key, are (1) securely communicated (2) for secure storage (3) by a security component external to the software container (Argument p. 13, ¶1; p. 14, ¶1).

‘Creasman also fails to disclose that for which the Office Action cites it. In particular, the Office Action refers to paragraph [0036] and argues that "Creasman discloses 'securely communicating the application path for external storage' by reciting that installation path for product 350 (in client) may be stored as install path data 324 (in server). Creasman discloses 'securely communicating the data path for external storage' by reciting that feedback data 360 (in client, which can be directories for files/components) is delivered to server 302." None of this apparent disclosure in Creasman is what is actually recited in claim 1, which is "securely communicating... the application installation path[ and] the application data path... for secure storage by a security component external to the software container." Like for Levy, there is no disclosure in paragraph [0036] or elsewhere in Creasman that an application installation path or an application data path are (1) securely communicated (2) for secure storage (3) by a security component external to the software container. (p. 13, ¶2-3; p. 14, ¶1)’ In response to applicant's arguments, the examiner respectfully disagrees. As stated earlier, reference Levy discloses that certain elements, such as identifier of container and encryption key, are (1) securely communicated (2) for secure storage (3) by a security component external to the software container. Reference Creasman discloses that certain elements can be application installation path and application data path by citing that feedback data 360 (directories for files/components) is delivered to server 302 for analysis and storage (¶36). Therefore, the combination discloses the entire limitation.

Finally, applicant states that ‘the Office Action leaps to a conclusion based on this terminology and (hindsight) consideration in light of claim 1. (p. 13, ¶2) it would not have been obvious to modify Levy by Creasman as suggested in the Office Action. In fact, the reasoning in the Office Action for such a combination in fact would have lead one of ordinary skill in the art away from the suggested combination. Levy is concerned with "providing enhanced security and access controls... that is effective and can be efficiently implemented in existing architectures and operating systems." Para. [0007]. Thus, one of ordinary skill in the art would certainly not have considered Creasman. (p. 14, ¶2)’ In response to applicant's arguments, "[a]ny judgment on obviousness is in a sense necessarily a reconstruction based on hindsight reasoning, but so long as it takes into account only knowledge which was within the level of ordinary skill in the art at the time the claimed invention was made and does not include knowledge gleaned only from applicant’s disclosure, such a reconstruction is proper." In re McLaughlin, 443 F.2d 1392, 1395, 170 USPQ 209, 212 (CCPA 1971). See MPEP 2145(X)(A). It would have been obvious to one of ordinary skill in the art to obtain the custom/actual application installation path and data path, instead of relying on any default/assumed value for analysis. Communicating dynamic product installation information (accurate application installation path and data path) disclosed by Creasman enhances access control disclosed by Levy, so security control can be applied to the exact location of the application program/data.

Claim Objections
Claims 3-4 are objected to because of the following informalities: 
Claim 3 recites “The computer implemented method claim 1...”, which should be “The computer implemented method of claim 1”.
Claim 4 recites “The computer implemented method of claim 1, further comprising: in response to a restart, g redeployment...”, which should be “a redeployment”.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:


Claim 1, 3 and 7-8 are rejected under 35 U.S.C. 103 as being unpatentable over Levy (US 20170249472 A1) in view of Creasman (US 20150172232 A1).

Regarding claim 1, Levy teaches a computer implemented method of securing an application executing in a software container deployed in a computer system, the method comprising:
identifying at least one application executing in the software container; ([0009] generates a plurality of application containers each associated with a respective user. Each application container includes a list of files and processes that the user is authorized to access. [0118] Each executable defines an Xid, a path, and a description. The Xid is a string representing the ID of the process.) Here Levy discloses that applications being executed are identified by their Xid.
determining an application installation path for the application as a location in a container data storage facility at which code for the application at least partially resides; ([0123] The processes can include Xid: mysql, path: /usr/bin/mysql*, description: mysql and friends, Xid: splunk, path: /usr/bin/splunkd, and description: Splunk daemon.) Here Levy discloses two examples of application installation path.
generating an encryption key for the application; ([0130] The application keys are used for encrypting a file's file encryption key by the public key.) Here the encryption key is the public key of the 
determining an application data path for the application as a location in the container data storage facility at which data processed or generated by the application at least partially resides; ([0123] The application containers can further include app_id: MySQL, description: all mysql related, files: /mysql/data/** and /logs/mysql/*.log.) Here Levy discloses examples of data path.
securely communicating an identifier of the software container, … and the generated encryption key for secure storage by a security component external to the software container; ([0119] The App_id is a string representing the ID of the application container. [0130] For each application defined in the policy, an asymmetric encryption key is generated, such as RSA 2048. Both the public and the private keys are then stored on the IVKM, indexed by the project name, volume id, and the application id. Application keys are also authenticated using IDPS authorization tokens mechanism, which allows coupling protected items with specific authorization tokens. Once this mechanism is used, access to the application keys is allowed only when an authorization token is supplied by the caller.) Here the encryption key, i.e., the public key of the application key, is stored externally to the containers, indexed by project name, volume id, and application id, hence implying storage of the application id, which identifies the application container. The security of the storage is disclosed by the authorization tokens mechanism.
securely receiving, from the security component, one or more access control rules defining computing components authorized to access the application; ([0116-0117] In one example a 20 GB disk device has been added on with /dev/sdb: mkfs −t xfs/dev/sdb, mount −t xfs/dev/sdb/mnt/my-backend, and idps_agent secure-fs/mnt/my-backend/mnt/my-secure-fs./my-policy. Now, any access to/mnt/my-secure-fs/ will be controlled by the IDPS file system 430 and the policy, although all “real” data will actually be written to /mnt/my-backend/. In one embodiment, the IDPS agent 415 depends on a user-defined policy, which describes the access-control entities and rules.) Here Levy discloses that the 
encrypting the application installation path and the application data path using the generated encryption key; and ([0009] The resource management module hosts a virtual file system that includes a plurality of directories, folders, and files representing the data stored in the one or more storage containers. The access control and encryption module encrypts every file in the virtual file system with a respective file encryption key.) Levy discloses that all files are encrypted; therefore, the application path contents and the data path contents are encrypted. Moreover, Levy provides details in ¶130 that this encryption is different from full disk encryption since it allows for fine-grained access control.
providing access to the application selectively in accordance with the access control rules by sharing the generated encryption key with authorized accessors. ([0100- 0106] Fig. 3, 314-320: receive, with the access control and encryption module, a request from a user to access a selected file in the virtual file system; deny, with the access control and encryption module, the request if the selected file is not listed in the application container associated with the user; decrypt, with the access control and encryption module, the selected file if the selected file is listed in the container application associated with the user; output, with the access control and encryption module, the selected file to the user after decrypting the selected file.) Here Levy discloses sharing of the encryption key with callers (i.e., accessors) by reciting “Once this mechanism is used, access to the application keys is allowed only when an authorization token is supplied by the caller.” (¶130)

Levy teaches securely communicating an identifier of the software container, and the generated encryption key for secure storage by a security component external to the software container, but does not explicitly teach securely communicating the application installation path, the application data path 
However, Creasman in an analogous art explicitly teaches
securely communicating the application installation path, the application data path for secure storage by a security component external to the software container. ([0036] install module 352 may invoke certain feedback prompts/requests in response to a "custom" installation being selected by a user. The "custom" installation may include providing the user/installer with various options for the installation and/or otherwise enabling the user to customize the installation of product 350 (e.g., installing only select modules/components, selecting certain directories for files/components, selecting various installation/operating parameters, etc.). Feedback data 360 is delivered to server 302 for analysis by install module 320. The modification information for the installation path for product 350 may be stored as install path data 324.) Here Creasman discloses “securely communicating the application path for external storage” by reciting that installation path for product 350 (in client) may be stored as install path data 324 (in server). Creasman discloses “securely communicating the data path for external storage” by reciting that feedback data 360 (in client, which can be directories for files/components) is delivered to server 302.
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the “access control encryption” concept of Levy, and the “dynamic product installation” approach of Creasman. One of ordinary skill in the art would have been motivated to perform such a modification to analyze installation path and install feedback data for a product. During the installation process , user is request/prompt to input feedback data reflecting whether various features, options and/or steps of the installation process were as expected, successful, liked, disliked, etc. Once the data is delivered and stored in the server, server may assess the information over time to determine which installation steps where most liked and/or most disliked and (Creasman [0036]).

Regarding claim 3, Levy in view of Creasman teaches all the features with respect to claim 1, as outlined above. The combination further teaches 
periodically securely receiving updates to the access control rules from the security component; and ([Levy 0114, 0134] once an IDPS agent 415 is installed, a new user “idps_admin” is created. the main role of the idps_admin is to update the policy according to the warnings issued on would-be-denied access attempts.)
responsive to receiving updated rules, providing access to the application selectively in accordance with the updated access control rules. ([Levy 0134] the new policy is evaluated, accepted and updated (assuming it's valid).)

Regarding claims 7-8, the scope of the claims are similar to that of claim 1, respectively. Accordingly, the claims are rejected using a similar rationale.

Claim 2 is rejected under 35 U.S.C. 103 as being unpatentable over Levy (US 20170249472 A1) in view of Creasman (US 20150172232 A1) and Martel (US 20150347746 A1).

Regarding claim 2, Levy in view of Creasman teaches all the features with respect to claim 1, as outlined above. But the combination does not teach wherein the software container is a software process executable in an operating system of the computer system in which operating system software 
However, Martel in an analogous art explicitly teaches 
wherein the software container is a software process executable in an operating system of the computer system in which operating system software processes are prevented from accessing resources of other second processes executing in the operating system. ([0033] Sandboxing of an application or process can be achieved using operating system level protection to provide containment and to enforce security policies, such as policies that restrict the ability of the application to take actions beyond those functions needed for it to provide its intended functionalities. When an application has been sandboxed during execution, the application is executed as a sandboxed process or thread within the system that is contained within a sandbox (also referred to as an application container), in which it cannot access certain system resources or another territory (e.g., sandbox) of another application.)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the “access control encryption” concept of Levy, and the “restricting resources used by application” approach of Martel. One of ordinary skill in the art would have been motivated to perform such a modification to provide security. An application may be contained by restricting its functionality to a subset of operations and only allowing operations that are necessary for the proper operation, i.e., operation according to its intended functionality, which yields ramifications of various types of attacks made upon computing devices through malicious code (Martel [0033, 0002]).

Claim 4-5 are rejected under 35 U.S.C. 103 as being unpatentable over Levy (US 20170249472 A1) in view of Creasman (US 20150172232 A1) and Walrath (US 20120017097 A1).

Regarding claim 4, Levy in view of Creasman teaches all the features with respect to claim 1, as outlined above. But the combination does not teach in response to a restart, a redeployment or resumption of execution of the software container following a cessation of execution, generating a new encryption key for the application and re-encrypting the application installation path and the application data path using the new encryption key. This aspect of the claim is identified as a difference.
However, Walrath in an analogous art explicitly teaches 
in response to a restart, a redeployment or resumption of execution of the software container following a cessation of execution, generating a new encryption key for the application and re-encrypting the application installation path and the application data path using the new encryption key. ([0015] a secure communication path may be initiated by generating a random encryption key when the computer system 100 is rebooted or otherwise receives a system reset. Secure communication could be initiated by generating a random encryption key when the computer system 100 resumes operation after hibernation, whether a system reset is needed to resume operation or not. Similarly, a random encryption key could be generated when the computer system 100 resumes operation following a standby state. [0017] the random encryption key is used to encrypt data that is written to the system memory 106.) Here reference Walrath discloses generating an encryption key which can be used to encrypt data, in response to a system restart. Reference Levy discloses that the data can be application path/data path content, and the system can be the application container. Therefore, the combination discloses the entire limitation.
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the “access control encryption” concept of Levy, and the “securely storing data” approach of Walrath. One of ordinary skill in the art would have been motivated (Walrath [0031]).

Regarding claim 5, Levy in view of Creasman and Walrath teaches all the features with respect to claim 4, as outlined above. The combination further teaches securely communicating the new encryption key to the security component. ([Walrath 0015-0016] a secure communication path may be initiated by generating a random encryption key when the computer system 100 is rebooted or otherwise receives a system reset. a random encryption key is generated and transmitted to the memory controller 104.) In addition, reference Levy also discloses securely communicating the new encryption key to the security component in ¶130.

Allowable Subject Matter
Claim 6 is objected to over prior art as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims and further amended to overcome claim objections set forth in this office action. The reasons for allowance remains the same as the Non-Final Rejection mailed 10/26/2021.

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HAN YANG whose telephone number is (408)918-7638.  The examiner can normally be reached on Monday to Friday, 9:00-5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on 571-272-3862.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic 

/H.Y./Examiner, Art Unit 2493


/CHAU LE/Primary Examiner, Art Unit 2493