DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
	This office action is in reply to amendment filed on December 20, 2021. Claims 1-3, 5-8, 11-13, 15-18 and 20 have been amended. Claims 1-20 are pending. 

Response to Arguments
Applicant’s arguments filed December 20, 2021 have been considered but are moot in view of a new ground of rejections. 
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-3, 5,7-12, 14-17 and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Stopel et al. US 2017/0116415 A1 [hereinafter Stopel] in view of Yemelianov, Andrej, “Containers and Security: Seccomp” 15 July 2017 [hereinafter Yemelianov].
 
As per claim 1, Stopel teaches an operation method of a system for generating a security profile of a security instance, comprising: 

performing binary static analysis for the executable code and the library file in order to generate a system call list [paragraphs 0045-0048 and 0087-0089]; and 
generating a Secure Computing Mode (SECCOMP) security profile based on the system call list which is expected to be used by an application [paragraphs 0049-0053 and 0088-0090].
In the same field of endeavor, Yemelianov teaches generating a system call list expected to be use by an application [sections Seccomp: An introduction and Seccomp in Docker]; and generating SECCOMP security profile based on the system call list to restrict use of system calls, which are invoked by a container instance and not necessary for operation of the container instance, while maximizing availability of the container instance [sections Seccomp: An introduction and Seccomp in Docker]. It would have been obvious to one having ordinary skill in the art before the filing date of the application to employ the teachings of Yemelianov within the system of Stopel in order to enhance security of the system by restricting access of unnecessary system calls. 

As per claim 11, Stopel teaches a system for generating a security profile of a security instance, comprising:
at least one processor [figure 3]; and 
memory for storing at least one instruction executed by the at least one processor [figure 3],

such that a binary static analysis subsystem performs binary static analysis for the executable code and the library file in order to generate a system call list [paragraphs 0045-0048 and 0087-0089], and 
such that a security profile generation subsystem generates a Secure Computing Mode (SECCOMP) security profile based on the system call list which is expected to be used by an application [paragraphs 0049-0053 and 0088-0090], 
wherein the analysis target identification subsystem, the binary static analysis subsystem, and the security profile generation subsystem are virtualized systems [figure 3, paragraphs 0037 and 0101].
In the same field of endeavor, Yemelianov teaches generating a system call list expected to be use by an application [sections Seccomp: An introduction and Seccomp in Docker]; and generating SECCOMP security profile based on the system call list to restrict use of system calls, which are invoked by a container instance and not necessary for operation of the container instance, while maximizing availability of the container instance [sections Seccomp: An introduction and Seccomp in Docker]. It would have been obvious to one having ordinary skill in the art before the filing date of the application to employ the teachings of Yemelianov within the system of Stopel in order to enhance security of the system by restricting access of unnecessary system calls.


a container host [fig 3]; and 
a security profile generation system, wherein the security profile generation system comprises: at least one processor [fig 3]; and 
memory for storing at least one instruction executed by the at least one processor,
wherein the at least one instruction is configured such that an analysis target identification subsystem identifies an analysis target by extracting executable code and a library file from a container [paragraphs 0045-0048 and 0087-0089],
such that a binary static analysis subsystem performs binary static analysis for the executable code and the library file in order to generate a system call list which is expected to be used by an application [paragraphs 0045-0048 and 0087-0089], and 
such that a security profile generation subsystem generates a Secure Computing Mode (SECCOMP) security profile based on the system call list [paragraphs 0049-0053 and 0088-0090].
In the same field of endeavor, Yemelianov teaches generating a system call list expected to be use by an application [sections Seccomp: An introduction and Seccomp in Docker]; and generating SECCOMP security profile based on the system call list to restrict use of system calls, which are invoked by a container instance and not necessary for operation of the container instance, while maximizing availability of the container instance [sections Seccomp: An introduction and Seccomp in Docker]. It would have been obvious to one having ordinary skill in the art before the filing date of the application to employ the teachings of Yemelianov within 
	
	As per claim 2, Stopel further teaches the method wherein identifying the target to be analyzed comprises: requesting image metadata and an image file, which correspond to the container, from container image storage, acquiring the image metadata and the image file from the container image storage, and running the container using the image metadata and the image file [figure 3, paragraphs 0045-0048 and 0087-0089].

	As per claim 3, Stopel further teaches the method wherein identifying the target to be analyzed further comprises: identifying the executable code and the library file, which are loaded together with the container when the container is run; and extracting the identified executable code and library file [paragraphs 0045-0048 and 0087-0089].

	As per claim 5, Stopel further teaches the method wherein performing the binary static analysis comprises: identifying a dynamic linking relationship between the executable code and the library file, identifying direct and indirect system calls, the direct system call being invoked in the executable code or the library file,  and the indirect system call being invoked through libraries referenced in corresponding files; and generating the system call list for the identified system calls [paragraphs 0049-0053 and 0088-0090].


	
As per claim 8, Stopel further teaches the method wherein generating the SECCOMP security profile further comprises: generating the SECCOMP security profile in a format applicable in a target container platform environment [paragraphs 0049-0053 and 0089-0090]. 
	As per claim 9, Stopel further teaches the method further comprising: adding the generated SECCOMP security profile in a security profile save location in a container host [paragraphs 0049-0053 and 0089-0090]. 
	As per claim 10, Stopel further teaches the method wherein, when the container is run, the container host filters system calls invoked by the container based on the SECCOMP security profile [paragraphs 0049-0053 and 0089-0090].

	As per claims 12 and 17, Stopel further teaches the system wherein the analysis target identification subsystem comprises: 
a container instance execution module for running the container after acquiring an image corresponding to the container from container image storage [paragraphs 0044, 0045 and 0079-0082];  
	an information collection module for collecting information about an application and a shared library executed inside the container [paragraphs 0045-0048 and 0087-0089]; and 

	
	As per claims 14 and 19, Stopel further teaches the system wherein the security profile generation subsystem comprises: 
	a security profile conversion module for receiving the system call list and generating a security profile in a format used in a container host [paragraphs 0049-0053 and 0088-0090];  
	a security profile delivery module for saving the security profile in a security profile save location in the container host [paragraphs 0049-0053 and 0088-0090];  and 
	a security profile database for storing the security profile [paragraphs 0049-0053 and 0088-0090].

	As per claims 15 and 20, Stopel further teaches the system wherein a record of the security profile database includes container instance information, information about an installed application, and the security profile [paragraphs 0049-0053 and 0088-0090]. 

Allowable Subject Matter
Claims 4, 6, 13 and 18 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BEEMNET W DADA whose telephone number is (571)272-3847. The examiner can normally be reached Monday-Friday, 9am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on 571-272-3685. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.


BEEMNET W. DADA
Primary Examiner
Art Unit 2435



/BEEMNET W DADA/Primary Examiner, Art Unit 2435