DETAILED ACTION
This office action is a response to an application filed on 12/23/2021 in which claims 13-25 are pending for examination.

Notice of Pre-AIA  or AIA  Status
2.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Argument
3.	The applicant’s arguments have been carefully considered.
Response to applicant’s arguments on page 7 regarding 101 rejection, the applicant’s amendment has overcome the rejection. The examiner has withdrawn the 101 rejection.
Response to applicant’s arguments on pages 8 and 9 regarding 103 rejection, the applicant argues that the prior arts Levin and Gerebe do not disclose “said administrative service operable to install in said instantiated application at least one selected security module during runtime of said instantiated application in the container, said selected at least one security module being selected by said design time agent from a plurality of security modules based on at least in part on parameters of the container” and the applicant further argues that neither Levin or Gerebe teach or suggest selecting security module that is to be installed during runtime from a plurality of security modules based on container parameters. However, the first embodiment of Gerebe discloses “said administrative service operable to install in said instantiated application at least one security module during runtime of said instantiated application in the container” in Fig.1; 18, 18A-18N, the paragraph [0017] and [0018] which discloses the security agent is configured to 
Response to applicant’s arguments regarding newly added claims and dependent claims, the applicant’s arguments have been carefully considered. For the above stated reasons, the cited prior arts disclose the amended limitations. Therefore, the applicant’s arguments are not persuasive.

Claim Objections
4.	Claim 21 is objected to because of the following informalities: the claim recites “said at least one security module” in lines 2-3. It is suggested to change “said at least one selected . Appropriate correction is required.

Claim Rejections - 35 USC § 103
5.	The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.


6.	Claim(s) 13, 15 and 20 is/are rejected are rejected under 35 U.S.C. 103(a) as being unpatentable over LEVIN et al (US 2018/0129803 A1) in view of Gerebe et al (US 2019/0156023 A1).

Regarding claim 13, LEVIN discloses a system for securing a container, the system comprising: (a) a non-transitory computer readable storage medium for storing computer components and (b) a processor for executing the computer components comprising:
(i) a design time agent (Fig.3; 310, 315) operable for: (1) accessing an application image (Fig.5; S530; extracting contents of the container image), (2) examining said application image (Fig.5; S540; analyzing content of the container image), and (3) generate, based on said examining, an administrative service to said application image (paragraph [0033]; the security profile is created based on analysis of all layers in a container image; paragraph [0072]; the generated security profile includes a list of permissible file system actions, paragraph [0079]; a cluster admin user 
The embodiment of LEVIN discloses generating an administrative service to said application image.
However, the embodiment of LEVIN does not explicitly disclose adding an administrative service to said application image.
The other embodiment of LEVIN discloses adding an administrative service to said application image. (paragraph [0054]; updating the content of the existing security profile for the container image; paragraph [0072]; the generated security profile includes a list of permissible file system actions, paragraph [0079]; a cluster admin user service is permitted to read and write; giving permission read and write to the user to perform administrative service to the application of container image. Therefore, the generated security profile includes administrative service access to application of a container image)
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify the method of generating administrative service for container image of one embodiment of LEVIN with the method adding administrative service to container image of other embodiment of LEVIN in order to improve security in accessing permissible file taught by LEVIN.

The first embodiment of Gerebe et al discloses said administrative service operable to install in said instantiated application at least one security module during runtime of said instantiated application in the container. (Fig.1; 18, 18A-18N, paragraph [0017] and [0018]; the security agent is configured to download the security policy at runtime when the software container image is instantiated wherein security agent can be considered as said instantiated application because it is one of the applications of instantiated container image, security policy can be considered as security module)
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify the method of accessing application image, examining application image, adding administrative service to an instantiated application of said application image of LEVIN with the method installing security policy or module to the instantiated application of the instantiated container image of Gerebe in order to control operation of the application taught by Gerebe.
The embodiments of LEVIN and the first embodiment of Gerebe does not explicitly disclose selecting security module from a plurality of security modules, said selected at least one security module being selected by said design time agent from a plurality of security modules based at least in part on parameters of the container.
The second embodiments of Gerebe discloses selecting security module (paragraph [0015]; selecting security policy (i.e. security module)) from a plurality of security modules (paragraph [0060]; line 3; looking up security policies, paragraph [0049]; line 2-4; look up the security 
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify the method of accessing application image, examining application image, adding administrative service to an instantiated application of said application image and installing security policy or module to the instantiated application of the instantiated container of some embodiments of LEVIN in view of Gerebe with selecting security policy from the plurality of security policies of repository of Gerebe in order to provide appropriate security module for the application taught by Gerebe. (Gerebe; paragraph [0049] and [0050]).

Regarding claim 15, The embodiments of LEVIN and Gerebe discloses the system of claim 13 wherein said adding gives administrator access by a technique selected from the group consisting of: 
(a) altering original image files,
(b) altering original image instance access rights credentials, and
(c) altering original image instance accounts. (LEVIN; paragraph [0072]; updating existing security profile which includes cluster administrator access to file please see paragraph [0079])

Regarding claim 20, claim 20 is rejected for the same reason as set forth in claim 1.

7.	Claim(s) 14 is/are rejected are rejected under 35 U.S.C. 103(a) as being unpatentable over LEVIN et al (US 2018/0129803 A1) in view of Gerebe et al (US 2019/0156023 A1) and Do et al (US 10,691, 480 B2).

Regarding claim 14, The embodiments of LEVIN and Gerebe discloses the system of claim 13 wherein said application image is selected from the group consisting of: a container image to be instantiated as said instantiated application, (LEVIN; paragraph [0069]; a container image is scanned from an image registry; paragraph [0058]; detecting is performed on an instantiated container image; paragraph [0074]; instantiating container image of application container)
The embodiments of LEVIN and Gerebe does not explicitly disclose a container image file system to be altered in order to provide said instantiated application.
Do et al discloses a container image file system to be altered in order to provide said instantiated application. (column 2; lines 30-40; virtual machine image and virtual application deployment descriptor are modified for instantiated virtual application)
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify the method of accessing application image, examining application image, adding administrative service to an instantiated application of said application image of LEVIN and the method installing security policy or module to the instantiated application of the instantiated container image of Gerebe with the method modifying the virtual machine image and virtual application descriptor of Do in order to deploy in cloud environment taught by Do.

(s) 16, 21 and 25 is/are rejected are rejected under 35 U.S.C. 103(a) as being unpatentable over LEVIN et al (US 2018/0129803 A1) in view of Gerebe et al (US 2019/0156023 A1) and ZAVESKY et al (US 2019/0342187 A1).

Regarding claim 16, the embodiments of LEVIN and Gerebe discloses the system of claim 13, the embodiment of LEVIN discloses said design time agent additionally is operable for: generate, based on said examining, an administrative service to said application image (paragraph [0033]; the security profile is created based on analysis of all layers in a container image; paragraph [0072]; the generated security profile includes a list of permissible file system actions, paragraph [0079]; a cluster admin user service is permitted to read and write SSH keys therefore, the generated security profile includes administrative service ), 
The embodiments of LEVIN do not explicitly discloses adding said at least one security module to said application image and selecting at least one security module.
Gerebe discloses adding said at least one security module to said application image (paragraph [0028]; adding a layer which includes security agent to the container image) and selecting at least one security module. (paragraph [0015]; selecting security policy (i.e. security module))
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify the method of accessing application image, examining application image, adding administrative service to an instantiated application of said application image of LEVIN with the method installing security policy or module to the instantiated application of the instantiated container image  and selecting security module of Gerebe in order to control operation of the application and provide specific security for the application of the container taught by Gerebe. (Gerebe; paragraph [0017], [0049] and [0050]).

(a) prior to instantiation, and
(b) after instantiation.
ZAVESKY et al discloses the time that modifying to said application image and a time selected from the group consisting of:
(a) prior to instantiation, and
(b) after instantiation. (paragraph [0056]; modifying to the application before instantiation or after instantiation ;)
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify the method of accessing application image, examining application image, adding administrative service to an instantiated application of said application image of LEVIN and the method installing security policy or module to the instantiated application of the instantiated container image of Gerebe with the method modifying to the application either before instantiation or after instantiation of ZAVESKY in order to improve network function taught by ZAVESKY.

Regarding claim 21, claim 21 is rejected for the same reason as set forth in claim 16 as the method of the system claim 16.

Regarding claim 25, claim 25 is rejected for the same reason as set forth in claim 13 and claim 16.

(s) 17, 18, 22 and 23 is/are rejected are rejected under 35 U.S.C. 103(a) as being unpatentable over LEVIN et al (US 2018/0129803 A1) in view of Gerebe et al (US 2019/0156023 A1), Plate et al (US 9959111 B2), Matsuzaki et al (US 2003/0237065 A1) and Flynn et al (US 2020/0358870 A1).

Regarding claim 17, The embodiments of LEVIN in view of Gerebe discloses the system of claim 13, wherein said selected at least one security module is selected by said design time agent based further on a pre-defined set of rules including configuration preferences (Gerebe; paragraph [0050]; selecting security policy (i.e. security module) based on container ID of the software container image and based on application type of the application within the software container image wherein container ID of software container image and application type within the container image can be considered as configuration preferences of pre-defined set of rules.
The embodiments of LEVIN in view of Gerebe does not disclose prioritizes which said at least one module to add based on a pre-defined set of rules including configuration preferences.
Plate discloses prioritizes which said at least one module to add based on a pre-defined set of rules including configuration preferences. (abstract; priorities the software patches or module based on the pre-defined policy and add or install the module or software patches)
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify the method of accessing application image, examining application image, adding administrative service to an instantiated application of said application image of LEVIN in view of Gerebe with the method installing module based on predefined policy of Plate in order to fix the security vulnerabilities taught by Plate et al.

Matsuzaki et al discloses configuration such as prioritizing speed (paragraph [0005]; configuration for the priority of speed)
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify the method of accessing application image, examining application image, adding administrative service to an instantiated application of said application image of LEVIN in view of Gerebe and Plate with the method of Matsuzaki in order to enhance functionalities taught by Matsuzaki.
The embodiments of LEVIN in view of Gerebe, Plate and Matsuzaki discloses configuration preferences as stated above.
However, the embodiments of LEVIN in view of Gerebe, Plate and Matsuzaki does not explicitly disclose configuration such as less intrusive operating system mechanism.
Flynn et al discloses less intrusive operating system mechanism. (paragraph [0015]; running OS without intrusive protocols or mechanism)
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify the method of accessing application image, examining application image, adding administrative service to an instantiated application of said application image of LEVIN in view of Gerebe and Plate, Matsuzaki with the method Flynn in order to enhance security taught by Flynn.

Regarding claim 18, The embodiments of LEVIN, Gerebe, Plate, Matsuzaki and Flynn discloses the system of claim 17 wherein LEVIN discloses said pre-defined set of rules includes 

Regarding claim 22, claim 22 is rejected for the same reason as set forth in claim 17 as the method of the system claim 17.

Regarding claim 23, claim 23 is rejected for the same reason as set forth in claim 18 as the method of the system claim 18.

10.	Claim(s) 19 and 24 is/are rejected are rejected under 35 U.S.C. 103(a) as being unpatentable over LEVIN et al (US 2018/0129803 A1) in view of Gerebe et al (US 2019/0156023 A1) and LeVine (US 2008/0243696 A1).

Regarding claim 19, The embodiments of LEVIN in view of Gerebe discloses the system of claim 13, the embodiments of LEVIN does not explicitly disclose said design time agent adds an 
Gerebe discloses said design time agent adds an additional layer to said application image, said additional layer containing a runtime agent (paragraph[0028]; add a layer that includes the agent to the software container image) operable to control said at least one module or operation of software application. (paragraph [0026]; lines 1-9; the agent is configured to control operation of software application) and selecting at least one security module (paragraph [0050]; selecting security policies (i.e. security module))
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify the method of accessing application image, examining application image, adding administrative service to an instantiated application of said application image of LEVIN with the method installing security policy or module to the instantiated application of the instantiated container image and selecting security policy of Gerebe in order to control operation of the application  and provide specific security for application type taught by Gerebe.
The embodiments of LEVIN in view of Gerebe does not explicitly disclose additional layer operable to control at least security module.
LeVine discloses additional layer operable to control at least security module. (paragraph [0034]; additional layer of authenticating security that means additional layer is operating to control security module)
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify the method of accessing application image, examining application image, adding administrative service to an instantiated application 

Regarding claim 24, claim 24 is rejected for the same reason as set forth in claim 19 as the method of the system claim 19.

Conclusion  
11. 	The prior art made of record (see attached PTO-892) and not relied upon is considered pertinent to applicant's disclosure.
Chen et al. US 2020/0065124 A1 (Shortening Just-in Time code warm up time of Docker containers) which discloses a container used to deploy the application may require security policies or configuration settings.
Thomas et al. US 2017/0212830 A1 which discloses container image with the policy is checked before launching.
Du et al. US 2019/0354389 A1 which discloses check for updates on container images, review metadata associated with container images.

12.	THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after 

/A. M. A./
Examiner, Art Unit 2452

/THU V NGUYEN/Supervisory Patent Examiner, Art Unit 2452