DETAILED ACTION

Currently pending claims are 1 – 20.

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  


Claim Rejections - 35 USC § 102

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.


Claims 1 – 8 & 11 – 20 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Bahl et al. (U.S. Patent 2021/0019194). 


As per claim 1, 11 & 16, Bahl teaches a method comprising: 
5obtaining, by a computing device, a plurality of request records, each request record corresponding to a request sent from a sending service of a plurality of services to a receiving service of the plurality of services (Bahl: Figure 1 & Para [0012] Line 12 – 20, Para [0048] Line 1 – 4 / Last sentence and Para [0047]: (a) a service mesh application can be divided (partitioned) into a plurality of microservice containers by a service mesh orchestration platform (FIG. 1) and (b) obtaining by a container orchestrator a request from one of the plurality of microservice containers to forward / reach another microservice via a respective microservice container’s TCP/UDP port (Bahl: Para [0048] Line 1 – 4 / Last sentence)), and each request record identifying the sending service and the receiving service, wherein the plurality of services comprises a plurality of interrelated services (Bahl: see above & Para [0047] Line closely related (interrelated) microservice containers can be further organized and effectively managed together by the container orchestrator); 
10determining a first subset of the request records wherein a service of the plurality of services sent a request to a first service (Bahl: see above & Para [0012] Last sentence: during a specific time interval, determinig, by the container orchestrator, a first subset of the requests to perform specific actions (services));
determining a first subset of services based on the first subset of request records (see above);
causing the generation of an authorization policy that permits requests to 15the first service from only those services in the first subset of services (Bahl: see above & Para [0012] Last sentence, Para [0017] Line 12 – 19, Para [0016], Para [0041] / [0046] and Para [0025]: adapting (i.e. dynamically generating) a reinforcement authorization policy (e.g.) by prioritizing and selecting (allowing) only those microservices such as having low throughput (i.e. predetermined SLA requirements) relative to other microservices to perform the requested services so as to provide an efficient load balancing and secure runtime environment by the container orchestrator (i.e. as one type of authorization management systems)).

As per claim 2, 12 & 17, Bahl teaches wherein each request record in the first subset of request records identifies a port number of the first service to which a respective service identified in the request record sent a request, and wherein causing the 20generation of the authorization policy that permits the requests to the first service from only those services in the first subset of services further comprises causing the generation of the authorization policy that permits the requests to the first service from only those services in the first subset of services that are sent to a same port number of the first service to which each respective service sent a 25request (Bahl: see above & Para [0048] Line 1 – 4 / Last sentence and Para [0047]: via a particular port number).  

As per claim 3, 13 & 18, Bahl teaches initiating a timer that expires after a predetermined time period; determining that the timer has expired; and 30wherein the plurality of request records consists of those request records generated during the predetermined time period (Bahl: see above & Para [0012] /[0055] / [0041]: (a) a timer for a 1st, 2nd time interval and etc, (b) also including a scheduling mechanism).  

As per claim 4, Bahl teaches wherein the plurality of interrelated services comprises a service mesh (Bahl: see above & Para [0054]).  

5As per claim 5, Bahl teaches a service mesh, wherein each service comprises a corresponding sidecar proxy container, and wherein each service communicates with other services via the corresponding sidecar proxy container (Bahl: see above & Para [0054]).  

10As per claim 6, Bahl teaches determining, by an authorization management system, that a second service has sent a request to the first service; accessing, by the authorization management system, the authorization policy; and 15based on the authorization policy, rejecting the request from the second service to the first service (Bahl: see above & Para [0012] Last sentence, Para [0017] Line 12 – 19, Para [0016], Para [0041] / [0046] and Para [0025]: adapting (i.e. dynamically generating) a reinforcement authorization policy (e.g.) by prioritizing and selecting (allowing) only those microservices such as having low throughput (i.e. predetermined SLA requirements) relative to other microservices to perform the requested services so as to provide an efficient load balancing and secure runtime environment by the container orchestrator (i.e. as one type of authorization management systems)).  

As per claim 7, 14 and 19, Bahl teaches in response to a new service being added to the plurality of interrelated 20services, initiating a timer that expires after a predetermined time period; determining that the timer has expired; accessing a set of request records generated during the predetermined time period (Bahl: see above & Para [0012] /[0055] and Para [0041]: (a) a timer for a 1st, 2nd time interval and etc, (b) also including a scheduling mechanism and (c) starting up a new service of a new pod (i.e.) to be added into a plurality of interrelated 20services (Para [0041])); 
determining a second subset of request records of the set of request 25records wherein a service of the plurality of services sent requests to the new service; determining a second subset of services based on the second subset of request records; and causing the generation of an authorization policy that permits requests to 30the new service from only those services in the second subset of services (Bahl: see above & Para [0012] Last sentence, Para [0017] Line 12 – 19, Para [0016], Para [0041] / [0046] and Para [0025]: adapting (i.e. dynamically generating) a reinforcement authorization policy (e.g.) by prioritizing and selecting (allowing) only those microservices such as having low throughput (i.e. predetermined SLA requirements) relative to other microservices to perform the requested services so as to provide an efficient load balancing and secure runtime environment by the container orchestrator (i.e. as one type of authorization management systems)).  

As per claim(s) 8, 15 & 20, the claims contain(s) similar limitations to claim(s) 1 – 7 and thus is/are rejected with the same rationale.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.



Claims 9 – 10 are rejected under 35 U.S.C.103 as being unpatentable over Bahl et al. (U.S. Patent 2021/0019194), in view of Segal et al. (U.S. Patent 2020/0267155).  

As per claim 9, Segal (& Bahl) teaches accessing configuration information associated with the first service; 20determining that the configuration information identifies a particular restriction associated with the first service (Bahl: see above & Para [0033] Last sentence, Para [0012] and Para [0014]: configuration information such as Service Level Agreement (SLA) to determine whether a service meets the SLA requirements as is a low priority or high priority instances) || (Segal: Para [0007], Para [0044] / [0025]: implementing a micro-services design, wherein a (service-mesh) application can be broken down into small logic pieces (micro-services) (Segal: Para [0007]) and each micro-service (i.e. serverless function) can be configured with security permission to identify a particular restriction associated with a given service (Segal: Para [0044])). 
and wherein causing the generation of the authorization policy that permits requests to the first service from only those services in the first subset of services further comprises causing the generation of an authorization policy that permits 25requests to the first service from only those services in the first subset of services and that satisfy the particular restriction (Bahl: see above & Para [0012] Last sentence, Para [0017] Line 12 – 19, Para [0016], Para [0041] / [0046] and Para [0025]: adapting (i.e. dynamically generating) a reinforcement authorization policy (e.g.) by prioritizing and selecting (allowing) only those microservices such as having low throughput (i.e. predetermined SLA requirements) relative to other microservices to perform the requested services so as to provide an efficient load balancing and secure runtime environment by the container orchestrator (i.e. as one type of authorization management systems)) || (Segal: see above).  
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention was made to propose the modification of accessing configuration information associated with the first service; 20determining that the configuration information identifies a particular restriction associated with the first service because Segal teaches to alternatively, effectively and securely implement a micro-services design, wherein a (service-mesh) application can be broken down into small logic pieces (micro-services) (Segal: Para [0007]) and each micro-service (i.e. serverless function) can be configured with security permission to identify a particular restriction associated with a given service (see above) within the Bahl’s system of providing a service mesh application which can be divided (partitioned) into a plurality of microservice containers by a service mesh orchestration platform, as one type of authorization management systems, to perform the corresponding services so as to support an efficient load balancing and secure runtime environment (see above). 

As per claim 10, Segal (& Bahl) the first service comprises a plurality of functions that are configured to be invoked by a service, and wherein the 30particular restriction identifies a particular function of the plurality of functions, and wherein causing the generation of the authorization policy that permits the20201115US20 requests to the first service from only those services in the first subset of services and that satisfy the particular restriction comprises causing the generation of the authorization policy that permits the requests to the first service from only those services in the first subset of services and that only invoke the particular function (Bahl: see above) || (Segal: see above & Para [0040] / [0039] / [0007]: each micro-service (i.e. serverless function) can be configured with security permission to identify a particular restriction associated with a given service such as restricting to invoke a particular function to access a 
resource (Segal: Para [0040] / [0039])).  
Any inquiry concerning this communication or earlier communications from the examiner should be directed to LONGBIT CHAI whose telephone number is (571)272-3788. The examiner can normally be reached Monday - Friday 9:00am-5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn D. Feild can be reached on 571-272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



---------------------------------------------------
                  /Longbit Chai/
           Longbit Chai E.E. Ph.D.
    Primary Examiner, Art Unit 2431
                   No. #2335 – 2022
---------------------------------------------------