DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 6/4/2021 has been entered.

Response to Amendment / Arguments
Regarding claims rejected under 35 USC 103:
Applicant’s arguments have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Claim Objections
Claims 1 and 5 are objected to because of the following informalities: they each recite “manger,” which is believed to be a typographical error.  Appropriate correction is required.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:


Claims 1-8 is/are rejected under 35 U.S.C. 103 as being unpatentable over Aithal (US 10,298,577 B1) in view of Koushik (US 2016/0134616 A1).

Regarding claim 1, Aithal discloses: A method for a container manager (e.g., container manager service 404 and VM agent 420 in FIG. 4 of Aithal) to manage access to resources (e.g., remote services 112 in FIG. 1 of Aithal) within a virtualization platform with the use of application tokens (i.e., credentials in Aithal), where an application token includes information identifying a primary application (i.e., application processes such as A, B, and C in at least FIG. 1 of Aithal; ), and where the application token can be used to manage access to the resources for the primary application, the method comprising: 
generating, by the container manager, the application token for the primary application, where the primary application is executing in a first container of the virtualization platform; 
Refer to at least FIG. 6 and Col. 5, Ll. 19-42 of Aithal with respect to the agent obtaining container definitions and providing respective credentials for each containerized application process.
Refer to at least FIG. 1 and Col. 2, Ll. 32-55 of Aithal with respect to the containers.
instantiating, by the container manager, an application helper; and 
Refer to at least Col. 7, Ll. 60-64 of Aithal with respect to deploying, starting, and stopping containers.
Refer to at least FIG. 6 of Aithal with respect to the agent launching a credential provider.
providing, by the container manager, the application token to the application helper to manage access to the resources.
Refer to at least Col. 3, Ll. 3-28, Col. 5, Ll. 2-12, and Col. 13, Ll. 45-Col. 14, LL. 21 of Aithal with respect to providing credentials for accessing the services via the credential provider and proxies. The agent provides the credentials to the credential provider (e.g., FIG. 7 of Aithal). 
Aithal does not disclose: and a second container of the virtualization platform for the application helper to execute within, the second container separate from the first container; on behalf of the primary application. However, Aithal in view of Koushik discloses: and a second container of the virtualization platform for the application helper to execute within, the second container separate from the first container; on behalf of the primary application.
Refer to at least FIG. 1, the abstract, and [0208] of Koushik with respect to an application delivery agent which submits requests on behalf of an end user.
Refer to at least [0105] and [0127] of Koushik with respect to separate isolated containers.
The teachings of Aithal and Koushik concern network access control with credentials and virtualized applications, and are considered to be within the same field of endeavor and combinable as such.
Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Aithal to further include a separate application delivery agent for at least the purpose of securely managing credentials such as described in [0152] of Koushik (allowing subscription and unsubscribing). 

Regarding claim 2, Aithal-Koushik discloses: The method of claim 1, further comprising: initiating the primary application and the first container.
Refer to at least Col. 2, Ll. 53-Col. Col. 3, Ll. 2 and Col. 7, Ll. 60-64 of Aithal with respect to initiating containers and associated application processes.  

Regarding claim 3, Aithal-Koushik discloses: The method of claim 1, further comprising: receiving a renewal request for the application token from the application helper.
Refer to at least Col. 5, Ll. 48-62 of Aithal with respect to renewing credentials. 
Refer to at least [0212] and [0219] of Koushik with respect to the application delivery agent issuing a renewal request.
This claim would have been obvious for substantially the same reasons as claim 1 above.

Regarding claim 4, it is rejected for substantially the same reasons as claim 3 above (i.e., the citations comprising obtaining the renewed credentials).

Regarding independent claim 5, it is substantially similar to independent claim 1 above, and is therefore likewise rejected (i.e., see the citations and obviousness rationale).

Regarding claims 6-8, they are substantially similar to claims 2-4 above, and are therefore likewise rejected.

Claims 9-18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Koushik (US 2016/0134616 A1) in view of Aithal (US 10,298,577 B1).

Regarding claim 9, Koushik discloses: A method for an application helper (e.g., at least FIG. 1, the abstract, and [0208] of Koushik with respect to an application delivery agent) to assist a primary application (e.g., end user / remote computing application 430—see FIG. 1 and 4 of Koushik) to access resources within a virtualization platform (e.g., “services on the with the use of application tokens (e.g., security token in the abstract of Koushik; [0147] of Koushik), and where the application token that can be used to manage access to the resources for the primary application (e.g., the abstract, [0125], and [0147] of Koushik with respect to use of the token for access), the method comprising: 
receiving, by the application helper, an application programming interface (API) request from the primary application; 
Refer to at least [0038] of Koushik, wherein “For example, clients of the service provider may access one or more services of the provider network via application programming interfaces (APIs) to the services.”
Refer to at least [0035] of Koushik, wherein “ Application delivery agent… may be configured to… fulfill requests… through another user interface mechanism… to allow the end user to interact with application fulfillment platform 120 through application delivery agent.”
inserting, by the application helper, the application token of the primary application into the API request; and 
Refer to at least [0160] of Koushik, wherein “All subsequent requests from… application delivery agent… may require the security tokens to be passed along with all requests. ”
Refer to at least [0153] of Koushik, wherein “The… application delivery agent… may interact with the proxy service to satisfy any API requests.”
sending, by the application helper, the API request to an API server with the application token.
Refer to at least [0102] of Koushik, wherein “the application delivery agent… may, on behalf of an end user, communicate… though proxy service 628… the proxy service may pass or dispatch requests received from the end user to the appropriate backend 
Refer to at least [0093] and [0145] of Koushik with respect to, e.g., the fulfillment service and entitlement service APIs.
Koushik discloses user and device level tokens, but does not specify: where an application token includes information identifying the primary application. However, Koushik in view of Aithal discloses: where an application token includes information identifying the primary application.
Refer to at least Col. 8, Ll. 60-Col. 9, Ll. 36 and Col. 14, Ll. 7-21 of Aithal with respect to tokens identifying containers and container processes. 
The teachings of Aithal and Koushik concern network access control with credentials and virtualized applications, and are considered to be within the same field of endeavor and combinable as such.
Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Koushik to further include identifying information of, e.g., the remote computing application for at least the purpose of allowing for greater access control granularity for increased security (e.g., an application may be considered less secure than another used by the same user, and is therefore provided less access to ensure greater security).

Regarding claim 10, Koushik-Aithal discloses: The method of claim 9, further comprising: receiving response from the API server; and determining whether the received response indicates an error.
Refer to at least 1120-1155 in FIG. 11 of Koushik with respect to receiving an indication of failure. 

The method of claim 10, further comprising: checking whether the error indicates that the application token is invalid or expired; and returning the error to the primary application in response to the error not indicating an invalid or expired application token.
Refer to at least [0222]-[0225] of Koushik, wherein a determination of whether a token is expired is made. 
Refer to at least [0095] of Koushik, wherein “when a message is put in a queue 632 that is intended for a particular end user device or computing resource instance, a notification may be sent to the end user device or computing resource instance indicating that there is a message to be retrieved from the queue.”

Regarding claim 12, Koushik-Aithal discloses: The method of claim 9, further comprising: requesting, by the application helper, renewal of the application token from a container manager; and receiving, by the application helper, a renewed application token from the container manager.
Refer to at least [0212] of Koushik with respect to the delivery agent submitting a request to renew the token. 
Refer to at [0059] and [0072] of Koushik with respect to instance managers.

Regarding claim 13, Koushik-Aithal discloses: The method of claim 9, further comprising: sending a response from the API server to the primary application.
Refer to at least 1120-1155 in FIG. 11 of Koushik with respect to receiving an indication of failure. 
Refer to at least [0035] of Koushik, wherein “ Application delivery agent… may be configured to…  to allow the end user to interact with application fulfillment platform 120 through application delivery agent.”

Regarding independent claim 14, it is substantially similar to independent claim 9, but is in system form. Accordingly, it is rejected for substantially the same reasons as claim 9 above.

Regarding claims 15-18, they are substantially similar to claims 10-13 above, and are therefore likewise rejected. Further regarding “the application helper executing in a container instantiated by the container manager” in claim 17, refer to at least 136 and 138 in FIG. 1 and [0127] of Koushik with respect to the delivery agent and execution within a container. 

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to VADIM SAVENKOV whose telephone number is (571)270-5751. The examiner can normally be reached 12PM-8PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey L Nickerson can be reached on (469) 295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: 





/V.S/Examiner, Art Unit 2432                                                                                                                                                                                                        
/DAO Q HO/Primary Examiner, Art Unit 2432