DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
This office action is in response to the amendment filed on 05/02/2022.
Claims 3-4, 10-11 and 17-18 have been canceled.
Claims 1, 8 and 15 have been amended.
Claims 1-2, 5-9, 12-16 and 19-21 are pending for consideration.

Response to Arguments
Applicant’s arguments/remarks filed on 05/02/2022 (hereafter Remarks) have been considered but they are not persuasive.
On p, 2 of the Remarks Applicant stated that the Examiner has ignored arguments Applicant made in regards to paragraph 0052 of Applicant's specification because certain features weren't explicitly part of the claims. 
 In response to the Applicant’s statement and in view of the amendments Examiner respectfully presents regarding claim 1 (and other independent claims) the following. 
Adding additional extension to the container software in order to mediate the required operation privilege as disclosed in amendments to independent claims 1, 8, and 15 is met by mapping a user, i.e. application execution, to a root privilege inside the container only, in Shahab. Both operations equivalently reduce security risk in the system (Shahab, in Para. [0037] discloses “For security reasons, a multi-tenant (e.g., Hadoop) cluster cannot have access to the privileges associated with the superuser on the underlying physical machines. Therefore, when the containers are launched, a regular user of the underlying system is mapped to the root user (superuser) inside the container. This technique includes user namespace isolation, in which the entire uid space inside the container is exclusive to that container. The root in that container can perform privileged actions inside the container, but is banned from any privileged action outside of the container”). 
Other claims are rejected as dependent on the base claims. Accordingly, rejection of claims 1, 2, 5 – 9, 12 – 16, and 19 – 21 under 103 is maintained.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1, 2, 5, 6, 8, 9, 12 – 16, and 19 – 21 are rejected under 35 U.S.C. 103 as being unpatentable over Potlapally et al. (US 10303879) (hereafter Potlapally), in view of Ben Ali et al. (US 2018/0025152 A1) (hereafter Ben Ali), in view of Shahab at al. (US 2017/0373940) (hereafter Shahab), and in view of Marino et al. (US 9729579) (hereafter Marino).

Regarding claim 1, Potlapally teaches: A computer-implemented method for running applications on a multi-tenant container platform, at least a portion of the method being performed by a container host computing device comprising at least one processor, the method comprising: (Examiner note: container is equivalent to module) (Potlapally, in col. 6, ll. 52-55, discloses “an example system environment in which virtualization hosts of a provider network may be equipped with multi-tenant trusted platform modules (MTTPMs),” Potlapally, in col. 6, ll.60-61 discloses “Each VH 125 may be used to instantiate one or more guest virtual machines (GVMs) 150,…”):
[receiving, at an interceptor, a request from an application;
 performing, by the interceptor, a whitelist check of the request; 
calling, by the interceptor when the whitelist check succeeds, a container administrator;] (ref. to Ben Ali)
[initiating, by the container administrator, using the host administrator service socket handle,] (ref. to Shahab)
a connection between the container administrator and the container host administrator service when conditions are met for a requested operation; and sending the request to a container host administrator service with details of the requested operation; (Potlapally, in col. 14, ll.1-7 discloses “Given a combination of (a) the original target address 532 in a DD layer request 530 and (b) an identifier of the particular GVM at which the DD layer request 530 was generated, the mappings 580 may be used to obtain the corresponding mapped target address 550 that is to be indicated in a trusted computing request 545 to be directed to the MTTPM 170.” Potlapally, in col. 14, ll.39-41 discloses “FIG. 6 illustrates an example of the use of secure communication channels between guest virtual machines and an MTTPM, according to at least some embodiments.”). 
receiving, at the container host administrator service on the container host computing device and via the host administrator service socket handle, a request for a privileged operation from an application running in a non-privileged container; (Potlapally, in col. 17, ll. 37-41 discloses “At least some clients of virtual computing services may wish to obtain higher levels of hardware-based security than may be achievable when single-tenant TPMs are used, and such security requirements may be met using MTTPMs that include per-GVM subcomponents.”. Potlapally, in col. 11, ll.63-66, and in col. 12, ll.1-2 discloses “The administrative instance of the operating system may be referred to as a "privileged domain" labeled "domain 0" or "dom0" in some implementations, while respective operating systems established for each of the GVMs 150 may be referred to as "unprivileged domains" (labeled "domU"), "guest operating systems", or "guest domains".  Potlapally, in. col.12, ll.16-18 discloses “the request path for an operation may flow as follows: GVM -> hypervisor -> dom0 -> hypervisor -> hardware, and the response may be provided to the GVM using the reverse path.”);
performing a security check of a user associated with the application, wherein performing the security check further comprises issuing the security check results of approval when the user identifier indicates a root user (Examiner note: software having administrative privilege are executable on any system platform) (Potlapally, in col. 16, ll.39-41 discloses “In some embodiments, MTTPMs may be used for verifying that a given execution platform meets desired security criteria.” Potlapally, in col. 12, ll.9-11 discloses “Applications that utilize the functionality of the MTTPM may be referred to as trusted computing applications (TCAs) 350,…”,  Potlapally, in col. 11, ll.63-66 discloses “The administrative instance of the operating system may be referred to as a "privileged domain" labeled "domain 0" or "dom0" in some implementations,…”).
[comparing, when the security check results in approval, a process identifier of the requested privileged operation against a whitelist of permitted operations](ref. to Marino)
 [to determine if the requested Page 2 of 11 Application No. 15/908,854privileged operation from the application running in the non-privileged container is permissible; and initiating running, when the requested privileged operation is permissible, the requested privileged operation.](ref. to Shahab) 
Potlapally fails to explicitly teach: receiving, at an interceptor, a request from an application; performing, by the interceptor, a whitelist check of the request; calling, by the interceptor when the whitelist check succeeds, a container administrator; 
Ben Ali from the analogous technical field teaches: receiving, at an interceptor, a request from an application; performing, by the interceptor, a whitelist check of the request; calling, by the interceptor when the whitelist check succeeds, a container administrator; (Examiner note: a set of system call separation functions (SCSFs) is equivalent to interceptor; the preconfigured policy is equivalent to the whitelist) (Ben Ali, in Para. [0039] discloses “During runtime, the SCSFs intercept system calls from the container applications 151 and nano-service applications 152 and based on preconfigured policy determined at SCSF deployment time, the SCSF determines if a particular container application 151 or nano-service application 153 is allowed to execute the system call or not.);
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Potlapally, in view of the teaching of Ben Ali which discloses interception of communication and its comparative analysis with the preconfigured policy (or whitelist) in order to improve the certification process for the privilege category operations (Ben Ali, [0039]).
Potlapally, as modified by Ben Ali, fails to explicitly teach: initiating, by the container administrator, using the host administrator service socket handle, 
to determine if the requested Page 2 of 11 Application No. 15/908,854privileged operation from the application running in the non-privileged container is permissible; and initiating running, when the requested privileged operation is permissible, the requested privileged operation;
wherein an ambassador-pattern-like extension to container implementation software is provided by adding an application-specific functionality mediating required privileged operations of applications to reduce security risks that result from privileged container models
Shahab from the analogous technical field teaches: initiating, by the container administrator, using the host administrator service socket handle, (Shahab, in Para. [0089] discloses “communications may employ one or more public or private cryptographic keys, ciphers, digital certificates, or other credentials supported by a security protocol, such as any version of the Secure Sockets Layer (SSL) or the Transport Layer Security (TLS) protocol”)
to determine if the requested Page 2 of 11 Application No. 15/908,854privileged operation from the application running in the non-privileged container is permissible; and initiating running, when the requested privileged operation is permissible, the requested privileged operation (Shahab, in Para. [0005] discloses “each of the containers provides a root user that is a non-privileged user of a computing device that executes the container” Shahab, in Para. [0020] discloses “a normal, non-root (e.g., non-privileged) user of the node where a container is running may be designated as the root user (e.g., super user) of the container. Thus, even if a customer writes code that issues commands using a root account, and that code is running in a container, the commands will be interpreted by the host machine (e.g., the node) as coming from an unprivileged user. Accordingly, implementations provide for the mapping of an unprivileged node user to a privileged container user for a particular container, to ensure security and isolation among containers”)
wherein an ambassador-pattern-like extension to container implementation software is provided by adding an application-specific functionality mediating required privileged operations of applications to reduce security risks that result from privileged container models (Shahab, in Para. [0037] discloses “For security reasons, a multi-tenant (e.g., Hadoop) cluster cannot have access to the privileges associated with the superuser on the underlying physical machines. Therefore, when the containers are launched, a regular user of the underlying system is mapped to the root user (superuser) inside the container. This technique includes user namespace isolation, in which the entire uid space inside the container is exclusive to that container. The root in that container can perform privileged actions inside the container, but is banned from any privileged action outside of the container”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Potlapally, as modified by Ben Ali, in view of the teaching of Shahab which discloses different security protocols for communication as well as a technology to control privileges of users/operations/platforms comprising privilege operations inside a container in order to improve security of data communication and ensure security of the running codes of Potlapally/Ben Ali on containerized platforms (Shahab, [0005, 0020, 0037]). 
Potlapally, as modified Ben Ali and Shahab, fails to explicitly teach: comparing, when the security check results in approval, a process identifier of the requested privileged operation against a whitelist of permitted operations
Marino from the analogous technical field teaches: comparing, when the security check results in approval, a process identifier of the requested privileged operation against a whitelist of permitted operations (Examiner note: security check against the whitelist is met by the determination module 108 operations including comparison/determination the permission/prohibition of privilege operations/ applications) (Marino, in col. 2, ll. 40 – 43 discloses “modifying the command to prevent the potential violation of the security policy may include identifying a different deployment action that does not violate the security policy.” Marino, in col. 10, ll.36 – 38 discloses “modification module 110 may identify a different deployment action 506 in FIG. 5 that does not violate security policy 122.”)
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Potlapally, as modified by Ben Ali and Shahab, in view of the teaching of Marino which discloses security check against a whitelist comprising determination of allowed/prohibited processes (operations) and scanning the list in order to improve security and application management on the containerized platforms of Potlapally/Ben Ali/ Shahab based on identification of allowed processes (Marino, col.2, ll.40 – 43, col. 10, ll. 36 – 38, col. 9, ll.54 – 58).


Regarding claim 2, Potlapally, as modified by Ben Ali, Shahab, and Marino, teaches: The computer-implemented method of claim 1, further comprising: passing the host administrator service socket handle from the container host administrator service to the container (Examiner note: signal passing the socket handle from one module (the container host administrative service) to another module (container) is equivalent to communication over encrypted communication channel) (Potlapally, in col. 6, ll. 36-42 discloses “respective encrypted communication channels may be established (e.g., after an exchange of cryptographic secrets by both sides) between at least one of the GVMs of a virtualization host and the host's MTTPM. Using such channels, at least some types of commands/requests may be issued from GVMs to the MTTPM and the corresponding responses may be received…”).

Regarding claim 5, Potlapally, as modified by Ben Ali, Shahab, and Marino, teaches: The computer-implemented method of claim 1, further comprising: sending, when the requested privileged operation is successfully completed or rejected, a respective response to a container administrator (Examiner note: operations of the network host equipped with the multi-tenant trusted platform modules (MTTPMs) are equivalent to those of the  container (module) administration) (Potlapally, in col. 6, ll. 52-55, discloses “an example system environment in which virtualization hosts of a provider network may be equipped with multi-tenant trusted platform modules (MTTPMs) Potlapally, in col. 6, ll.40-42 discloses “Using such channels, at least some types of commands/requests may be issued from GVMs to the MTTPM and the corresponding responses may be received”).

Regarding claim 6, Potlapally as modified by Shahab, and Marino fails to explicitly teach: receiving, at an interceptor, a success response; and 3Application No.: 15/908,854Attorney's Docket No.: 007170.1186U1 sending a notification to the application that the requested privileged operation is successful.
Ben Ali from the analogous technical field teaches: receiving, at an interceptor, a success response; and 3Application No.: 15/908,854Attorney's Docket No.: 007170.1186U1 sending a notification to the application that the requested privileged operation is successful (Examiner note: regarding equivalence of the SCSFs functional blocks and interceptors see examiner note above) (Ben Ali, in Para. [0037] discloses “The SCSFs 153 receive resource requests from the container applications 151 and nano-service applications 153 and in turn generate a query to the operating system 155 or more specifically to the operating system component 157 responsible for managing the requested resource. Once the resource provides or services the request, return information or data may be provided to the requesting SCSF 153 that in turn provides it to the requesting container application 151 or nano-service application 152.”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Potlapally in view of the teaching of Ben Ali in view of Shahab, which discloses communication between interceptor (SCSFs) and container (module) application units in order to efficiently provide  information regarding operation status (Ben Ali, [0039]).

Regarding claim 8, claim 8 discloses a system of running applications on a multi-tenant container platform that is substantially equivalent to the method of claim 1. Therefore, the arguments set forth above with respect to claim 1 are equally applicable to claim 8 and rejected for the same reasons. 

Regarding claim 9, claim 9 depended on claim 8, discloses a system that is substantially equivalent to the method of claim 2, depended on claim 1. Therefore, the arguments set forth above with respect to claim 2 are equally applicable to claim 9 and rejected for the same reasons. 

Regarding claim 12, claim 12, depended on claim 8, discloses a system that is substantially equivalent to the method of claim 5, depended on claim 1. Therefore, the arguments set forth above with respect to claim 5 are equally applicable to claim 12 and rejected for the same reasons.

Regarding claim 13, claim 13 depended on claim 8, discloses a system that is substantially equivalent to the method of claim 6, depended on claim 1. Therefore, the arguments set forth above with respect to claim 6 are equally applicable to claim 13 and rejected for the same reasons. 

Regarding claim 15, claim 15 discloses a non-transitory computer readable medium comprising one or more computer executable instructions that is substantially equivalent to the method of claim 1. Therefore, the arguments set forth above with respect to claim 1 are equally applicable to claim 15 and rejected for the same reasons. 

Regarding claim 16, claim 16 depended on claim 15, discloses a medium that is substantially equivalent to the method of claim 2, depended on claim 1. Therefore, the arguments set forth above with respect to claim 2 are equally applicable to claim 15 and rejected for the same reasons. 

Regarding claim 19, claim 19 depended on claim 15, discloses a medium that is substantially equivalent to the method of claim 5, depended on claim 1. Therefore, the arguments set forth above with respect to claim 5 are equally applicable to claim 19 and rejected for the same reasons. 

Regarding claim 20, claim 20 depended on claim 15, discloses a medium that is substantially equivalent to the method of claim 6, depended on claim 1. Therefore, the arguments set forth above with respect to claim 6 are equally applicable to claim 20 and rejected for the same reasons.

Regarding claim 21, Potlapally, as modified by Ben Ali and Shahab, fails to explicitly teach: wherein the non-privileged container does not include an entire operating system and the non-privileged container executes only the application running in the non-privileged container. 
Marino from the analogous technical field teaches: wherein the non-privileged container does not include an entire operating system and the non-privileged container executes only the application running in the non-privileged container (Examiner note: the portion of the operating system included in the non-privileged container/module is met by a creation of the virtualization layer presenting a part of the operating system) (Marino, in col. 16, ll. 58 – 66 discloses “the modules and/or data described herein may reside and/or execute within a virtualization layer. As used herein, the phrase "virtualization layer" generally refers to any data layer and/or application layer that overlays and/or is abstracted from an operating system environment. A virtualization layer may be managed by a software virtualization solution (e.g., a file system filter) that presents the virtualization layer as though it were part of an underlying base operating system.”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Potlapally, as modified by Ben Ali and Shahab, in view of the teaching of Marino which discloses a creation of virtualized layer in a module/container comprising a part of the operating system in order to ensure security and privilege control of the codes running on the containerized platforms of Potlapally/Ben Ali (Marino, col. 16, ll. 58 – 66).

Claims 7 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Potlapally et al. (US 10303879) (hereafter Potlapally), in view of Ben Ali et al. (US 2018/0025152 A1) (hereafter Ben Ali), in view of Shahab at al. (US 2017/0373940) (hereafter Shahab), in view of Marino et al. (US 9729579) (hereafter Marino), and in view of Koushik et al. (US 2016/0134616) (hereafter Koushik).

Regarding claim 7, Potlapally, as modified by Ben Ali, Shahab, and Marino, fails to explicitly teach: displaying, on a user display, an error message when the requested privileged operation fails to successfully execute.
Koushik, from the analogous technical field teaches: displaying, on a user display, an error message when the requested privileged operation fails to successfully execute (Koushik, in Para. [0053] discloses “The client computing device may then establish a remote computing session with the virtual machine, and the user interface of the operating system (e.g., the output of the operating system, such as a graphical user interface, sound, etc.) may be sent to the client computing device via a particular network interface of the virtual machine instance or virtual desktop instance and presented to the user (e.g., the graphical user interface may be rendered on a display of the client computing device).”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Potlapally, as modified by Ben Ali, Shahab, and Marino, in view of the teaching of Koushik which discloses displaying on the client device an output of the operating system (including error messages) in order to rapidly visualize information of the codes running on containerized platforms  of Potlapally/Ben Ali/Shahab/Marino related the system processing status (Koushik, [0053]).

Regarding claim 14, claim 14 depended on claim 8, discloses a system that is substantially equivalent to the method of claim 7, depended on claim 1. Therefore, the arguments set forth above with respect to claim 7 are equally applicable to claim 14 and rejected for the same reasons. 

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure is listed on the enclosed PTO-892 form, Kurtz (US 2018/0165785). 
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to VLADIMIR IVANOVICH GAVRILENKO whose telephone number is (313) 446-6530.  The examiner can normally be reached on Monday-Friday 7:30-4:30 EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571) 272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/Vladimir I. Gavrilenko/Examiner, Art Unit 2431         

/TRANG T DOAN/Primary Examiner, Art Unit 2431