Notice of Pre-AIA  or AIA  Status
1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Election/Restrictions
2.    NO restrictions warranted at initial time of filing for patent.


Oath/Declaration
3.    Applicant’s Oath was filed on 03/11/2022.

Drawings
4.    Applicant’s drawings filed on 08/07/2020 has been inspected and is in compliance with MPEP 608.01.
Specification
5.    Applicant’s specification filed on 08/07/2020 has been inspected and is in compliance with MPEP 608.02.
Claim Objections
6.    NO objections warranted at initial time of filing for patent.



Remarks
7.	Examiner request Applicant review relevant prior art under the conclusion of this office action.

EXAMINER'S AMENDMENT
8.	An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.

Authorization for this examiner’s amendment was given in an interview with Peter Malen on 04/06/2022.

The application has been amended as follows: 

1.	(Currently Amended)	A method, comprising:
inserting a signal layer in an image which, when instantiated, is executable on an engine that is operable to build and containerize an application, the signal layer indicating that a sensitive layer in the image is a candidate for encryption;
creating a single layer archive file that includes the sensitive layer;
encrypting the single layer archive file to create an encrypted layer;
constructing a new image that includes the encrypted layer;
inserting, in the new image, a decryptor layer that is operable to decrypt the encrypted layer; and
designating the decryptor layer as an entry point of the new image so that the decryptor layer of the new image runs first when the new image is instantiated.

11.	(Currently Amended)	A non-transitory storage medium having stored therein instructions that are executable by one or more hardware processors to perform operations comprising: 
inserting a signal layer in an image which, when instantiated, is executable on an engine that is operable to build and containerize an application, the signal layer indicating that a sensitive layer in the image is a candidate for encryption;
creating a single layer archive file that includes the sensitive layer;
encrypting the single layer archive file to create an encrypted layer;
constructing a new image that includes the encrypted layer;
inserting, in the new image, a decryptor layer that is operable to decrypt the encrypted layer; and
designating the decryptor layer as an entry point of the new image so that the decryptor layer of the new image runs first when the new image is instantiated.
 
Reasons for Allowance
9.	Claims 1-20 including all of the limitations of the base claim and any intervening claims are allowed.

Closest Prior Art:
U.S. Publication No. 20190213319 discloses 0006 “A computer-implemented method of providing security for a software container according to an example of the present disclosure includes receiving a software container image that has a software application layer that is encrypted and includes a software application. The software container image has a separate security agent layer that includes a security agent. A request is received to instantiate the software container image as a software container. Based on the request, the security agent is launched and is utilized to decrypt and authenticate the software application layer, and to control operation of the software application based on the authentication.” Para 0007 “A computer-implemented method of providing security for a software container image according to an example of the present disclosure includes obtaining a software container image that includes at least one lower layer that stores a software application, and includes an execution entry point configured to launch to the software application upon instantiation of the software container image. The at least one lower layer is encrypted to obtain at least one encrypted layer. An encrypted container image is generated that replaces the at least one lower layer with the at least one encrypted layer. A security agent is embedded within the encrypted software container image. The security agent is configured to control operation of the software application when the encrypted software container image is instantiated as a software container based on a security policy and a cryptographic fingerprint of the at least one lower layer. The execution entry point of the encrypted software container image is configured to launch the security agent instead of the software application upon instantiation of the encrypted software container image.”

U.S. Publication No. 20190171907 discloses on paragraph 0006 “According to a first aspect of the present disclosure, there is provided a method for generating an image tag. The method comprises: determining, based on a first image, a first group of index values each index value in the first group of index values indicating a content of each layer of a plurality of layers of the first image; determining, based on a second image, a second group of index values, each index value in the second group of index values indicating a content of each layer of a plurality of layers of the second image; determining a similarity between the first image and the second image based on the first group of index values and the second group of index values; and generating, based on the similarity, a tag associated with at least one of the first image and the second image.” Paragraph 0022 “While building the image, a layer-by-layer approach is adopted, and the upper layer acts as a basis for the lower layer. Each layer remains constant once built, and any change at the lower layer only involves the current layer. For example, an operation of deleting the upper layer file is not really to delete the upper layer file but only to mark the file as deleted at the current layer. When the final container runs the image, although the file will not be seen, actually it will always follow the image. Therefore, when building the image, extreme caution should be taken to guarantee that each layer comprises only things to be added at this layer and any extras should be cleared before finish building this layer.”

U.S. Publication No. 20200250319 discloses on paragraph 0010 “According to another aspect of the present invention, a secure container system for creating a secure software container may be provided. The secure container system may comprise a receiving unit adapted for receiving a first layered software container image, a transformation unit adapted for transforming all files, except corresponding metadata, of each layer of the first layered software container image into a volume, the volume comprises a set of blocks, wherein each layer comprises an incremental difference to a next lower layer, an encryption module adapted for encrypting each block of the set of blocks of a portion of the layers and a storage unit adapted for storing each encrypted set of the blocks as a layer of an encrypted container image, along with unencrypted metadata for rebuilding an order of the set of blocks equal to an order of the first layered software container image. Thus, the secure container system may be enabled to create a secure encrypted software container.

 U.S. Publication No. 20170177877 discloses on paragraph 0065 “In some implementations, however, a decryption key for the container images is shared with the scanning mechanism 554. In these embodiments, the scanning mechanism 554 is configured to use the shared decryption key to decrypt the container images in order to scan for the reference criteria 556. Reference criteria 556 may include criteria such as names of known binaries, instructions to scan for files lacking checksums, scanning of known file names, scanning text files for a specified string of characters, and so on. The reference criteria 556 may include restrictions or exceptions for scanning of certain file types; for example, the reference criteria 556 may include instructions specifying that certain image file types be exempt from scanning


 	The following is an Examiner’s Statement of Reasons for Allowance: 
 	Claims 1-20 are allowable over prior art references taken individually or in combination fails to particularly disclose, fairly suggests or render obvious are argued by the applicant which examiner considers persuasive as set forth above.
 	Although the prior art discloses docker image including an executable container that including an encryption layer and decrypting an image associated with the encryption layer, no one or two references anticipates or obviously suggest inserting a signal layer in an image which, when instantiated, is executable on an engine that is operable to build and containerize an application, the signal layer indicating that a sensitive layer in the image is a candidate for encryption. Thereafter, creating a single layer archive file that includes the sensitive layer, encrypting the single layer archive file to create an encrypted layer and constructing a new image that includes the encrypted layer.
Furthermore, inserting, in the new image, a decryptor layer that is operable to decrypt the encrypted layer and designating the decryptor layer as an entry point of the new image so that the decryptor layer of the new image runs first when the new image is instantiated.

 Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to GARY S GRACIA whose telephone number is (571)270-5192. The examiner can normally be reached Monday-Friday 9am-6pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 5712723972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/GARY S GRACIA/           Primary Examiner, Art Unit 2499