DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-16 and 19-21 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent Publication No. 2021/0019194 A1 to Bahl et al. (“Bahl”) in view of U.S. Patent Publication No. 2021/0144517 A1 to Guim Bernat et al. (“Guim Bernat”).  
As to claim 1, Bahl discloses a method of managing cluster resources within an application environment (Bahl: fig 1-7), the method comprising:
identifying a group of cluster resources from a plurality of cluster resources of the application environment (Bahl: fig 2 & 6, [0039-53; 115-120]: fig 2 … container orchestrator 200 comprises one or more clusters of processing, memory, storage, network and other computing resources that can be used to run various workloads of the network (… a plurality of cluster resources of the application environment) … a cluster includes a master and workers [0040] … container orchestrator may employ a service model e.g. Kubernetes service abstraction which definer a logical set of pods and a policy by which to access them, each Kubernetes instance a microservice, and set of pods targeted by a Kubernetes service determined by a label selector [0052] … scheduler 208 e.g. Kubernetes scheduler can monitor newly created pods that have no worker node assigned to them and select a worker node for them to run on (cluster(s)) and this can involve evaluation of individual and collective resource requirements (see with [0040] - identifying a group of cluster resources …) [0044] ), 
the plurality of cluster resources being constructed and arranged to provide a plurality of services (Bahl: fig 2 & 6, [0039-53; 115-120]: fig 2 … pods help to manage groups of closely related microservice containers 228 that may depend on each other and may need to cooperate on same host to accomplish their tasks (plurality of cluster resources being constructed and arranged to provide a plurality of services)… microservice containers 228 in each of pods 226 can have same IP address and port space; they can communicate via localhost or standard inter-process communication [0047]).
Bahl did not explicitly disclose forming an application slice having the group of cluster resources; and deploying the application slice to provide services (emphasis added).   
Guim Bernat discloses forming an application slice having the group of cluster resources; and deploying the application slice to provide services (emphasis added) (Guim Bernat: section I & IV, fig 3-22d, [93-106; 720-940]: … use of dynamic security policy enables wider range of sharing and collaboration use cases … especially as finer grained slices of resources are kept together and coordinated per tenant, application or service (see with [105; 728] - forming an application slice having the group of cluster resources …) and once these groups or clusters of resources are identified, other security policies and collaboration may be deployed … these fine slices of resources can be managed to allow inter-slice interactions in a controlled way (see with [105;728] -  … deploying the application slice to provide services) [727] … considerations may involve definition and use of “domain” or similar security context that captures the cluster (group) tenants who are authorized to share resources or interact … these domains may be dynamically adapted with the deployment, redeployment or additions of nodes or node resources and these domains may enable a workload to interoperate on same or related nodes … these domains may enable parallel groups to be created (to enable workloads to be distributed to multiple locations) to increase throughput  [0728] … the term “cluster” refers to a set or grouping of entities as part of an edge computing system(s) in the form of physical entities e.g. different computing system(s) or group(s), logical entities e.g. applications, functions, security constructs, containers … a “cluster” is also referred to as a “group” or “domain” … membership of cluster may be modified or affected based on conditions or functions including dynamic or property-based membership … cluster may include or be associated with multiple layers, levels or properties [0105]).
Bahl and Guim Bernat are analogous art because they are from the same field of endeavor with respect to cluster deployments.
Before the effective filing date, for AIA , it would have been obvious to a person of ordinary skill in the art to incorporate the strategies by Guim Bernat into the method by Bahl.  The suggestion/motivation would have been to use of dynamic security policies that enable a wider range of sharing and collaboration of finer grained slices of resources kept together and coordinated per tenant, application or service (Guim Bernat: [0727]) and define dynamic “domains” adapted with deployment, redeployment or addition of nodes or node resources to enable a workload to interoperate on same or related nodes (Guim Bernat: [0728]).
As to claim 2, see similar rejection to claim 1 where the method is taught by the method.
As to claim 2, Bahl and Guim Bernat further disclose wherein forming the application slice includes: providing respective applications specific overlay network components at the cluster resources of the group to provide network connectivity between the cluster resources of the group (Guim Bernat: section III  IV, fig 3-22d & 23-42 & 75-78, [370-719; 720-940]: the term Telecommunication Service Providers (TSPs) is used as comprehensive of all vendors that can offer connectivity and content [0686] … TSPs compose computational infrastructure from virtual machines or secure containers hosted at home and small business customers with orchestration from base stations or CPE infrastructure and TSPs use wireless routers or other communication intermediaries under their direct control to overlay a private network (see with [0105; 686; 707] - respective applications specific overlay network components) over which the TSPs may stitch together the needed dynamic resilient computation plane for scheduling computations in lieu of investing in TSP owned computers (see with [0105; 686; 707] –  … at the cluster resources of the group to provide network connectivity between the cluster resources of the group) [0693] … hardware may provide secure points of control on the customer devices to the TSPs proxy components … this allows logical partitioning of customer device capabilities for flexible aggregation into an overlay compute network that is isolated from customer [0707] … fig 11 … arrangement 1120 demonstrates side car (SC) loading used to operate aspects of the edge mesh (overlay) with microservices (MS) … a micro-service offered by the edge computing nodes may be treated as a function (see with [0105; 686; 707] - respective applications specific overlay network components) while side-cars are functions that support connectivity with other functions (see with [0105; 686; 707] –  … at the cluster resources of the group to provide network connectivity between the cluster resources of the group) [0165] … a valuable feature of a side-car is that it offers an LSM ([0126]- loadable security modules) or other security policy point with an environment that has a “trusted path” relationship with its paired container environment [0157]).
For motivation, see rejection of claim 1.
As to claim 3, see similar rejection to claim 2.
As to claim 2, Bahl and Guim Bernat further disclose wherein the group of cluster resources includes first cluster resources that provide a first service and second cluster resources that provide a second service that is different from the first service (Guim Bernat: section II III  IV, fig 3-22d & 23-42 & 75-78, [107-369; 370-719; 720-940]:  … some of the devices in fig 7 710 are multi-tenant devices where tenant 1 may function within tenant1 slice (see with [0105] - first cluster resources that provide a first service) while tenant 2 may function within tenant 2 slice (see with [0105] - second cluster resources that provide a second service) and, in further examples additional or sub-tenants may exist and each tenant may be specifically entitled and transactionally tied to a specific set of features all the way to specific hardware features (see with [0105] - second cluster resources that provide a second service that is different from the first service) [0146]); and
wherein forming the application slice further includes (Guim Bernat: section II III  IV, fig 3-22d & 23-42 & 75-78, [107-369; 370-719; 720-940]: edge computing system 800 of fig 8 is extended to provide orchestration of multiple applications through use of containers (a contained, deployable unit of software that provides code and needed dependencies) in a multi-owner, multi-tenant environment  … a multi-tenant orchestrator performs functions related to the trusted “slice” concept in fig 7 … to create a root of trust context(s) specific to tenant(s)  [0148] …): 
configuring the respective applications specific overlay network components at the cluster resources of the group to provide inter-cluster communications among the first cluster resources and the second cluster resources over a private address space to provide traffic isolation and control (Guim Bernat: section II III  IV, fig 3-22d & 23-42 & 75-78, [107-369; 370-719; 720-940]: … fig 11 … arrangement 1120 demonstrates side car (SC) loading used to operate aspects of the edge mesh (overlay) with microservices (MS) … a micro-service offered by the edge computing nodes may be treated as a function (see with [0105; 148; 686; 707] - configuring the respective applications specific overlay network components at the cluster resources of the group) while side-cars are functions that support connectivity with other functions (see with [0105; 148; 686; 707] … to provide inter-cluster communications among the first cluster resources and the second cluster resources) [0165] … a valuable feature of a side-car is that it offers an LSM or other security policy point with an environment that has a “trusted path” relationship with its paired container environment (to provide inter-cluster communications among the first cluster resources and the second cluster resources over a private address space to provide traffic isolation and control) [0157] and see more on LSM ([0126]- loadable security modules)).
For motivation, see rejection of claim 1.
As to claim 4, see similar rejection to claims 2-3.
As to claim 4, Bahl and Guim Bernat further disclose wherein the group of cluster resources includes first cluster resources that provide a same service (Guim Bernat: section II III  IV, fig 3-22d & 23-42 & 75-78, [107-369; 370-719; 720-940]: fig 8-9 … containerized pods e.g. pod 912 functions e.g. functions 913, VNFs 922, 936 and functions-as-a-service instances e.g. FaaS 915 launched within VMs specific to respective tenants which provides containers 942, 943 or execution of the various functions, applications as coordinated by a container-based orchestration system 941 (the group of cluster resources includes first cluster resources that provide a same service) [0151] … tenant isolation may be orchestrated where resources allocated to a tenant are distinct from resources allocated to a second tenant, but edge owners cooperate to ensure resource allocations are not shared across tenant boundaries [0153]); and 
wherein forming the application slice further includes: configuring the respective applications specific overlay network components at the cluster resources of the group to provide inter-cluster communications among the first cluster resources that provide the same service (Guim Bernat: section II III  IV, fig 3-22d & 23-42 & 75-78, [107-369; 370-719; 720-940]: … for example, interactions within domain C can be controlled by LSM ([0126]- loadable security modules) and security policies for intra-domain traffic as well as inter-domain traffic and intra-domain tenants may require isolation/sharing that differs from inter-domain isolation/sharing policy (… to provide inter-cluster communications among the first cluster resources that provide the same service) [0737] … tenant isolation may be orchestrated where resources allocated to a tenant are distinct from resources allocated to a second tenant, but edge owners cooperate to ensure resource allocations are not shared across tenant boundaries (see with [0737] - configuring the respective applications specific overlay network components at the cluster resources of the group …) [0153] … fig 4 example  … “service” is a broad term applied to various contexts in general refers to relationship between two entities where one offers and performs work for the benefit of another [0128] … there are several services and transaction layers 400 in operation and dependent on each other – these services create a service chain (see with [0153; 737] - configuring the respective applications specific overlay network components at the cluster resources of the group …) … systems or resources communicate and collaborate with each other in order to provide a multitude of services to each other … these entities provide human-consumable services (see with [0153; 737]  … to provide inter-cluster communications among the first cluster resources that provide the same service)  [0129] … one type of service offered in fig 4 is Silicon Level Services, for instance, Software Defined Silicon (SDSi)-type hardware … use of SDSi and similar hardware controls provide capability to associate features and resources within a system to specific tenant … use of such features is among one way to bring the compute resources to the workload [0130]).
As to claim 5, see similar rejection to claims 2-5.
As to claim 6, Bahl and Guim Bernat disclose wherein identifying the group of cluster resources from the plurality of cluster resources of the application environment includes: receiving a set of organization parameters for the application (Bahl: fig 5-6, [0095-121]: step 602 multi-cloud service mesh orchestration receives request to deploy application as a service mesh application (receiving …)  … tags the service mesh with governance information including criteria governing how to provision computing resources from multiple CSP networks for deploying and operating the mesh application … an administrator can define an application profile to deploy a corresponding application or to update application profile and modify existing application … allow administrator to define TCO constraints, SLA and other governance information that sets forth the application’s provisioning, deployment, and operational requirements (a set of organization parameters for the application) … the platform can instantiate (identifying the group of cluster resources) the service mesh application in response to the request [0116] ), and
based on the set of organization parameters for the application, choosing the group of cluster resources from the plurality of cluster resources of the application environment (Bahl: fig 5-6, [0095-121]:  step 604 … partitions the service mesh application into its constituent components e.g. layers, services, microservices, etc, for example, into microservice containers … tags each component with derived individual governance information from received governance information  … evaluate an application profile to create microservice configuration objects corresponding to microservice containers making up the application (based on the set of organization parameters for the application, choosing the group of cluster resources from the plurality of cluster resources of the application environment) [0017] … the platform can instantiate the service mesh application in response to the request [0116]).
For motivation, see rejection of claim 1.
As to claim 7, see similar rejection to claim 6.
As to claim 7, Bahl and Guim Bernat further disclose wherein choosing the group of cluster resources from the plurality of cluster resources of the application environment includes: selecting the cluster resources among the plurality of cluster resources of the application environment based on a set of quality of service criteria  (Bahl: fig 5-6, [0095-121]: fig 5-6 … an administrator can define an application profile to deploy a corresponding application or to update application profile and modify existing application … allow administrator to define TCO constraints, SLA (based on a set of quality of service criteria) and other governance information that sets forth the application’s provisioning, deployment, and operational requirements [0116]).
For motivation, see rejection of claim 1.
As to claim 8, see similar rejection to claims 6-7.
As to claim 8, Bahl and Guim Bernat further disclose wherein choosing the group of cluster resources from the plurality of cluster resources of the application environment includes: selecting the cluster resources among the plurality of cluster resources of the application environment based on a set of velocity of deployment criteria, a set of security criteria, and a set of governance criteria (Bahl: fig 5-6, [0095-121]: fig 5-6 … an administrator can define an application profile to deploy a corresponding application or to update application profile and modify existing application … allow administrator to define TCO constraints (a set of security criteria), SLA and other governance information (a set of governance criteria) that sets forth the application’s provisioning, deployment, and operational requirements [0116] … before initial deployment of microservice containers, the multi-cloud service mesh orchestration may not have sufficient information to make intelligent decision regarding where to provision computing resources and deploy microservice containers and under these circumstances can include reinforcement learning system to learn optimal deployment of application (such as based on a set of velocity of deployment criteria) [018] … for example, may utilize Q-learning to iteratively update Q-values for each state-action pair for each time step over a time period until convergence with optimal Q-value function and an optimal policy derived by applying greedy policy to optimal Q-value function (based on a set of velocity of deployment criteria) [0119] … can select and perform a second set of actions for each microservice container based on reinforcement learning policy for the microservice container for each time step within a time period … can continuously relearn the optimal deployment for the service mesh application to dynamically adapt to different network conditions (based on a set of velocity of deployment criteria) [0121]).
For motivation, see rejection of claim 1.
As to claim 9, Bahl and Guim Bernat disclose identifying another group of cluster resources from the plurality of cluster resources of the application environment (Guim Bernat: section II III  IV, fig 3-22d & 23-42 & 75-78, [107-369; 370-719; 720-940]:  fig 39-42 … example  within context of edge computing deployment 3900 multiple servers and nodes as applicable for execution of multiple flavors of services among tenants or entities …when locations of execution identified orchestrator spawns a data replication service conducted between two different edge locations as allocated and controlled by orchestrator … reliability management component (RMU) at each node location is then responsible for forwarding the data to appropriate data replication service and sending messages to activate a service duplication or start up a backup service in case of predicted disruption or overloading of service (see with [0727-728] - identifying another group of cluster resources from the plurality of cluster resources of the application environment) [0668] … data replication service replicates data for use by backup on the same server or on another server of the second edge location … RMU responsible for predicting any service irregularity or disruption and such prediction based on various factors of monitoring components, machine learning algorithm (such as reinforcement learning) used to track patterns, external situation sensors, interfacing with applications, collected telemetry values etc and RMU also receives messages from other RMUs and acts upon requests such as spinning up backup services etc (see with [0727-728] - identifying another group of cluster resources from the plurality of cluster resources of the application environment) [0670]  [0668-670] … TSPs [0686; 693] );
forming another application slice having the other group of cluster resources (Guim Bernat: section II III  IV, fig 3-22d & 23-42 & 75-78, [107-369; 370-719; 720-940]: loadable security modules (LSMs) enable management, provisioning, distribution and application of dynamic security policies and other security and privacy features … especially as finer grain “slices” of resources are kept together and coordinated per tenant, application or service and once these groups or clusters are identified then use cases that support greater sharing and collaboration deployed (forming first second … another application slice having the other group of cluster resources) and even these finer grain slices of resources can be managed to allow inter-slice interactions in controlled way [0727] … domain or similar security context captures the cluster(s) or group(s) tenants or entities who are authorized to share resources or interact (forming first second … another application slice having the other group of cluster resources) [0727-728] ); and
deploying the other application slice to provide other services (Guim Bernat: section II III  IV, fig 3-22d & 23-42 & 75-78, [107-369; 370-719; 720-940]: loadable security modules (LSMs) enable management, provisioning, distribution and application of dynamic security policies and other security and privacy features … especially as finer grain “slices” of resources are kept together and coordinated per tenant, application or service and once these groups or clusters are identified then use cases that support greater sharing and collaboration deployed (deploying  first second … the other application slice to provide other services) and even these finer grain slices of resources can be managed to allow inter-slice interactions in controlled way [0727] … domain or similar security context captures the cluster(s) or group(s) tenants or entities who are authorized to share resources or interact (deploying  first second … the other application slice to provide other services) [0727-728]).
For motivation, see rejection of claim 1.
As to claim 10, see similar rejection to claim 9.
As to claim 10, Bahl and Guim Bernat further disclose wherein the application slice and the other application slice belong to an application mesh which overlays a microservices mesh (Guim Bernat: section II III  IV, fig 3-22d & 23-42 & 75-78, [107-369; 370-719; 720-940]: … fig 11 … arrangement 1120 demonstrates side car (SC) loading used to operate aspects of the edge mesh with microservices (MS) (see with [0727-728] - the application slice and the other application slice belong to an application mesh which overlays a microservices mesh) … a micro-service offered by the edge computing nodes may be treated as a function (see with [0727-728] - the application slice and the other application slice belong to an application mesh which overlays a microservices mesh) while side-cars are functions that support connectivity with other functions  [0165] … a valuable feature of a side-car is that it offers an LSM or other security policy point with an environment that has a “trusted path” relationship with its paired container environment (see with [0727-728] - the application slice and the other application slice belong to an application mesh which overlays a microservices mesh) [0157] and see more on LSM ([0126]- loadable security modules); and 
wherein the method further comprise: providing a web interface which supports user input/output to impose control over at least portions of both the application mesh and the microservices mesh  (Guim Bernat: section II III  IV, fig 3-22d & 23-42 & 75-78, [107-369; 370-719; 720-940]: … requirements originate from network or service operators determines architecture that satisfies operator requirements e.g. capital expense v operating expense, form factors, security and QoS [0179] (see with [0139]- dashboard – web interface);
Bahl: fig 5-6, [0095-121]: fig 5-6 … UI allows an administrator to define an application profile to deploy a corresponding application or to update application profile and modify existing application … allow administrator to define TCO constraints, SLA and other governance information that sets forth the application’s provisioning, deployment, and operational requirements [0116]
For motivation, see rejection of claim 1.
As to claim 11, see similar rejection to claims 9-10.
As to claim 11, Bahl and Guim Bernat further disclose wherein the group of cluster resources and the other group of cluster resources have at least one cluster resource in common (Guim Bernat: section II III  IV, fig 3-22d & 23-42 & 75-78, [107-369; 370-719; 720-940]:  fig 39-42 … example technique for policy driven approach achieving predictable usage and apportioning of compute capacity to the TSP or to third parties that need computing capacity and are brokered by TSPs [703] … TSP allocates various slices of compute shown as Portions A and B [0704] … for example, a customer may need all available power or all available bandwidth at various times in which case the customer may deny the TSP the slice of their infrastructure temporarily and comprehended in the business arrangement negotiated between customer and TSP (wherein the group of cluster resources and the other group of cluster resources have at least one cluster resource in common) [0706] … the relationship between tenant and operator in common cluster described as a shared domain context and these ownerships or relationships may have some associated time validity (aka expiration) (wherein the group of cluster resources and the other group of cluster resources have at least one cluster resource in common) [0735]).
For motivation, see rejection of claim 1.
As to claim 12, see similar rejection to claims 9-11.
As to claim 12, Bahl and Guim Bernat further disclose wherein the group of cluster resources has at least one cluster resource that is not in common with the other group of cluster resources(Guim Bernat: section II III  IV, fig 3-22d & 23-42 & 75-78, [107-369; 370-719; 720-940]: … for example, interactions within domain C can be controlled by LSM ([0126]- loadable security modules) and security policies for intra-domain traffic as well as inter-domain traffic and intra-domain tenants may require isolation/sharing that differs from inter-domain isolation/sharing policy (wherein the group of cluster resources has at least one cluster resource that is not in common with the other group of cluster resources) [0737] … tenant isolation may be orchestrated where resources allocated to a tenant are distinct from resources allocated to a second tenant, but edge owners cooperate to ensure resource allocations are not shared across tenant boundaries (see with [0737] - wherein the group of cluster resources has at least one cluster resource that is not in common with the other group of cluster resources) [0153]).
As to claim 13, see similar rejection to claims 9-12.
As to claim 14, see similar rejection to claim 9.
As to claim 15, Bahl and Guim Bernat disclose providing a slice namespace for application services deployed on the slice (Guim Bernat: section II III  IV, fig 3-22d & 23-42 & 75-78, [107-369; 370-719; 720-940]: … loadable security modules (LSMs) enable management, provisioning, distribution and application of dynamic security policies and other security and privacy features … especially as finer grain “slices” of resources are kept together and coordinated per tenant, application or service and once these groups or clusters are identified then use cases that support greater sharing and collaboration deployed (application services deployed on the slice) and even these finer grain slices of resources can be managed to allow inter-slice interactions in controlled way [0727] … domain or similar security context captures the cluster(s) or group(s) tenants or entities who are authorized to share resources or interact (providing a slice namespace for application services deployed on the slice) [0727-728]).
For motivation, see rejection of claim 1.
As to claim 16, see similar rejection to claim 15.
As to claim 16, Bahl and Guim Bernat further disclose performing a service discovery operation in the slice namespace to enable service-to-service communications among the deployed application services (Guim Bernat: section II III  IV, fig 3-22d & 23-42 & 75-78, [107-369; 370-719; 720-940]: … edge computing configurations provide a name-based access to discover resources or provide SLAs and these resources may be registered to each of the hierarchical domains to receive callbacks when change happens (see with [0840; 727-728] - performing a service discovery operation in the slice namespace to enable service-to-service communications among the deployed application services) [0893] … loadable security modules (LSMs) policies can be tenant specific, domain specific or edge infrastructure specific [0840]  … loadable security modules (LSMs) enable management, provisioning, distribution and application of dynamic security policies and other security and privacy features … especially as finer grain “slices” of resources are kept together and coordinated per tenant, application or service and once these groups or clusters are identified then use cases that support greater sharing and collaboration deployed (operation in the slice namespace to enable service-to-service communications among the deployed application services) and even these finer grain slices of resources can be managed to allow inter-slice interactions in controlled way [0727] … domain or similar security context captures the cluster(s) or group(s) tenants or entities who are authorized to share resources or interact (operation in the slice namespace to enable service-to-service communications among the deployed application services) [0727-728]).
For motivation, see rejection of claim 1.
As to claim 19, see similar rejection to claims 3-5.
As to claim 19, Bahl and Guim Bernat further discloses configuring respective slice control components for the cluster resources of the group, the respective slice control components being constructed and arranged to manage a life-cycle of the application slice (Bahl: fig 4-6, [0060-121]: fig 4 … management plane can deploy applications comprising multiple microservice containers interconnected via service mesh that can span multiple CSP networks depending on TCOs, SLAs and other governance information for deployed applications … TCO can quantify monetary costs of product or service over specified time [0068] … cost can refer more generally to other metrics … examples of tools for determining cost include … Cisco DNA ROI tool for determining cost in terms of  … application lifecycle management time savings … [0069]).
For motivation, see rejection of claim 1.
As to claims 20-21, see similar rejection to claim 1 where the circuitry and medium, respectively is/are taught by the method.
Claims 17-18 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent Publication No. 2021/0019194 A1 to Bahl et al. (“Bahl”) in view of U.S. Patent Publication No. 2021/0144517 A1 to Guim Bernat et al. (“Guim Bernat”) and further in view of U.S. Patent Publication No. 2021/0112049 A1 to Yigit et al. (“Yigit”).
As to claim 17, Bahl and Guim Bernat disclose the method of claim 1.
For motivation, see rejection of claim 1.
Bahl did not explicitly disclose performing a single sign-on authentication operation with a slice controller to authenticate a service request source constructed and arranged to provide the service requests to the application slice.
Yigit discloses performing a single sign-on authentication operation with a slice controller to authenticate a service request source constructed and arranged to provide the service requests to the application slice (Yigit: fig 1-6, [0003-19]: a new control function called single sign-on function (SOF) is designed to allow bypassing of sign-in procedures of service applications once the operator authenticates mobile users’ device(s) … SOF provides secure mapping of user credentials to the service application domain from mobile network domain [0013] …when a service applicant’s user connects to mobile network and attempts to access the application that issued SSO ticket, SOF intercepts and presents digitally signed SSO ticket on behalf of user [0015] … this new control function servicing premium slice users enables application service differentiation across users of different slice types [0016]).
Bahl, Guim Bernat and Yigit are analogous art because they are from the same field of endeavor with respect to application slices.
Before the effective filing date, for AIA , it would have been obvious to a person of ordinary skill in the art to incorporate the strategies by Yigit into the method by Bahl and Guim Bernat.  The suggestion/motivation would have been to provide a new control function called single sign-on function (SOF) is designed to allow bypassing of sign-in procedures of service applications once the operator authenticates mobile users’ device(s) … SOF provides secure mapping of user credentials to the service application domain from mobile network domain (Yigit: [0013]) and  provide this new control function servicing premium slice users that enables application service differentiation across users of different slice types (Yigit: [0016]).
As to claim 18, see similar rejection to claim 17.
As to claim 18, Bahl, Guim Bernat and Yigit further disclose after performing a successful single sign-on authentication operation with the slice controller, applying a global set of security policies that imposes federated security over the application slice during application runtime (Yigit: fig 1-3: [0030-53] SMF of the premium slice assigns UE a unique private IP address from its DHCP address pool and determines the {Public IP: port number} translated by the PAT in public domain and sends assigned pair along with user’s telephone number to -SOF and SOF checks if there is a SSO ticket corresponding user’s telephone number querying UDM and, if yes, asks UDM to store the unique IP address of UE along with user identity information [0049] … there may be plurality of SSO-enabled service applications of a user of list of service-IDs and SSO tickets associated with user [0051] … and when UE tries to access a registered service application, UPF will steer request directly to SOF (after performing a successful single sign-on authentication operation with the slice controller …) [0053] … UPF controller communicates with SMF to determine packet forwarding rules according to policies that apply to specific slice(s) and a specific user’s traffic (applying a global set of security policies that imposes federated security over the application slice during application runtime) [0038]).
For motivation, see rejection of claim 17.
Conclusion
The following prior art made of record and not relied upon is considered pertinent to applicant’s disclosure.
A] US 20220014963 – Yeh
The present disclosure is related to multi-access traffic management in edge computing environments, and in particular, artificial intelligence (AI) and/or machine learning (ML) techniques for multi-access traffic management. A scalable AI/ML architecture for multi-access traffic management is provided. Reinforcement learning (RL) and/or Deep RL (DRL) approaches that learn policies and/or parameters for traffic management and/or for distributing multi-access traffic through interacting with the environment are also provided. Deep contextual bandit RL techniques for intelligent traffic management for edge networks are also provided. Other embodiments may be described and/or claimed.
B] US 20220121455 – Hoban
Various systems and methods for implementing intent-based cluster administration are described herein. An orchestrator system includes: a processor; and memory to store instructions, which when executed by the processor, cause the orchestrator system to: receive, at the orchestrator system, an administrative intent-based service level objective (SLO) for an infrastructure configuration of an infrastructure; map the administrative intent-based SLO to a set of imperative policies; deploy the set of imperative policies to the infrastructure; monitor performance of the infrastructure; detect non-compliance with the set of imperative policies; and modify the administrative intent-based SLO to generate a revised set of imperative policies that cause the performance of the infrastructure to be compliant with the revised set of imperative policies.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JUNE SISON whose telephone number is (571)270-5693. The examiner can normally be reached 9:00 am - 5:00 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Emmanuel Moise can be reached on 571-272-3865. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/JUNE SISON/Primary Examiner, Art Unit 2455