DETAILED ACTION
1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
2.	This communication is in response to applicant's amendment dated 5/24/2022 and interview dated 6/14/2022.
3.	Applicant's remarks, filed on 5/24/2022, with respect to the art rejection of the claims have been fully considered and they are persuasive as amended and in the light of the Examiner's amendments. 
EXAMINER’S AMENDMENT
4.1.	An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee. 
Authorization for this examiner’s amendment was given in a telephone interview with Richard R. Peters (Reg. No. 61441) on 6/14/2022.

4.2.	Claims 1, 5-8 has been amended follows: 

Claim 1.  End of the claim before the period (“.”) please inserts:
“wherein the policy is for communication between a group of containers  
or applications to another group of containers or applications, 
wherein the handler process enforces a default firewall rule, and 
          wherein the policy further includes communication between a physical machine  
             or a virtual machine that represents an application or the group of applications”

Claim 5.  End of the claim before the period (“.”) please inserts: 
“wherein the policy is for communication between a group of containers  
or applications to another group of containers or applications, 
wherein the handler process enforces a default firewall rule, and 
wherein the policy further includes communication between a physical machine or a virtual machine that represents an application or the group of applications”

Claim 6.	(Cancelled) 

Claim 7.  End of the claim before the period (“.”) please inserts:
“wherein the handler process receives a list of subnets for which an 
authentication is to be ignored; and 
wherein the handler process blocks all communication with the remote Internet Protocol (IP) address that did not successfully complete authentication”

Claim 8.	(Cancelled) 

Allowable Subject Matter
5.1.	Claims 1-3, 5, 7 are allowed.

5.2.	a). US Patent Application No. 2018/0316676 to Gilpin el al., discloses techniques include receiving an access notification identifying a request by an identity for access to an access-protected network resource; identifying a configurable and multi-dimensional policy defining rights of the identity to access the access-protected network resource with respect to the operation of the access-protected network resource; automatically determining, based on the configurable and multi-dimensional policy, whether to perform at least one of: permitting the identity to access the access-protected network resource; denying the identity to access the access-protected network resource; or rotating a secret associated with the identity.

b). US Patent Application No. 2007/0118878 to Sastry el al., discloses embodiments of the invention provide a trust framework for governing service-to-service interactions. This trust framework can provide enhanced security and/or manageability over prior systems. Merely by way of example, in some cases, an information store can be used to store information security information (such as trust information, credentials, etc.) for a variety of services across an enterprise. In other cases, the trust framework can provide authentication policies to define and/or control authentication between services (such as, for example, types of authentication credentials and/or protocols are required to access a particular service--either as a user and/or as another service--and/or types of authentication credentials and/or protocols a service may be enabled to use to access another service). Alternatively, and/or additionally, the trust framework can provide authorization policies to define and/or control authorization between services.

c).  US Patent No. 7865931issued to Stone et al., discloses the invention provides a system that includes: a web server, an application server, and a data server all connected to each other. The system is intended to protect web based applications. A web server receives a request and transmits it as a message to the application server. When the application server receives the request, the application server extracts attributes of this request. The application server uses an authorization engine to determine if each attribute of the request is authorized by accessing the data server to compare each attribute of the request with at least one rule from a rules store. The rules store resides on the data server. If the attributes of the request meet the rules in the rules store, then the request is executed by the application server.

5.3. 	The following is an examiner's statement of reasons for allowance: thecombination of Gilpin el al.,  Sastry et al., Stone et al., whether alone or in combination with the other prior arts of record fail to teach or render obvious “ …a credential server: specifying a computing resource; specifying a group name and a strong cryptographic identity associated with the group name; specifying a policy for the application belonging to a specific group to access a set of resources belonging to the group name; with a handler process: downloading a set of security group rule for the application from the credential server; reading a list of subnets for which authentication is to be enforced, wherein the authentication is enforced by the application; processing an initiate authentication request with an initiator of a new network connection or initiating a new authentication request with the initiator of the network connection, wherein the handler process uses an authentication token to obtain a strong cryptographic identity for the application; and wherein a strong cryptographic identity or a digital certificate is assigned to the application or group of applications and is used for authentication of the identity, in conjunction with a group-based security policy; upon successful authentication: extracting an identity of the initiator and a group of the initiator; obtaining a group security rule; translating the group security rule into an Internet Protocol (IP) firewall rule based on an observed IP address; and enforcing the IP firewall rule, and wherein a connection is permitted by determining that a source Internet Protocol (IP) address and a destination IP address belong to the groups that are allowed to communicate wherein the policy is for communication between a group of containers or applications to another group of containers or applications, wherein the handler process enforces a default firewall rule, and  wherein the policy further includes communication between … an application or the group of applications” as recited in claim 1.
Therefore, independent claim 1 is allowable over the prior arts of record.  The other independent claims 5 and 7 recite similar subject matter. Consequently, independent claims 5 and 7 are also allowable over the prior arts of record.
Claims 2-3 are directly or indirectly dependent upon claim1 and therefore, they are also allowable over the prior arts of record.

Conclusion
6.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to HARUNUR RASHID whose telephone number is (571)270-7195. The examiner can normally be reached 9 AM to 5PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni A. Shiferaw can be reached on (571) 272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

HARUNUR . RASHID
Primary Examiner
Art Unit 2497



/HARUNUR RASHID/Primary Examiner, Art Unit 2497