DETAILED ACTION 

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 6/28/2022 has been entered.
 
	Applicant amended claims 1, 2, 7, and 8.  Claim 19 has been withdrawn.  The claims 1-12 are pending. 

Claim Objections
Claim 1 is objected to because of the following informalities:  claim 1, line 6 extra “the” at “the the first unique key” should be deleted.  Appropriate correction is required.

Response to Arguments
Applicant’s arguments with respect to claims 1-12 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.  Specifically, the newly presented amendments are being taught by Polig et al. (US Pub No 2020/0272487).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-12 are rejected under 35 U.S.C. 103 as being unpatentable over Mencias et al. (US Pub No 2021/0097169) in view of Polig et al. (US Pub No 2020/0272487).

With respect to claim 1, Mencias teaches a method of securing containers within clusters, the method comprising: 
configuring a service access point within the cluster as a secure endpoints (e.g., inserting the re-packaged image into a Kubernetes pod container, the  Kubernetes pod comprising of a plurality of containers, which teaches cluster of containers.  A particular selection of microservices running as containers are group together into a pod forming an application or solution ¶ 0020 and having node agent that runs on every node ¶ 0023); and 
associating services within the clusters with a secure identity (e.g., upon inserting the image into a Kubernetes pod container, the container is associated and constrain to the original docker image ¶ 0019-0020); 
wherein each cluster is cryptographically isolated (e.g., upon deployment of the customer docket image into the secured Kubernetes POD 220, it is placed into a pod container ¶ 0022 and each secure container in the pod is isolated with secure execution ¶ 0023 preventing a single workload from breaking through a container’s vulnerability to read data from other pods in the same Kubernetes worker ¶0015).  
Mencias discloses the above, especially with regards to setting up each pod container as being protected from other containers, Kubernetes components, underlying host, and cloud administrator (¶ 0023) but does not explicitly disclose the service access point handling all communications into and out of the cluster and associating a first service with a first unique key and wherein the service access point only allows communications matching the first unique key to reach the first service.  However, Polig teaches the service access point handling all communications into and out of the cluster (e.g., cloud service # 410 @ Fig. 4 and Service Interface #511 of the same Cloud Service @ Fig. 5 teaches the cloud service 410 receiving all incoming communication from the user and handling all outgoing communications results ¶ 0019-0022 & 0057-0061) and associating a first service with a first unique key (e.g., the cloud service comprises a service interface and a service backend ¶ 0068 and associating a first service from user U with the user public key PKu as well as a service interface private key SKs corresponding to the service public key PKs.  This user-specific execution containers are individual container instances that only belong to a single end-user ¶ 0071) and wherein the service access point only allows communications matching the first unique key to reach the first service (e.g., the service interface of the cloud service will route the service execution requests to the user-specific execution container comprising the corresponding user public key, therefore teaches the service access point only  allowing communications matching the PKu and SKs to be pass to the correct first service ¶ 0072-0073 & 0077).  Therefore, based on Mencias in view of Polig, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teaching of Polig to the system of Mencias in order to provide client with secure and safe execution environment for execution of services in a cloud environment (¶ 0022).

With respect to claim 2, the references above further teaches further comprising associating a second service within the cluster with a second unique key wherein the service access point only allows communications matching the second unique key to reach the second service such that the first and second services are cryptographically isolated from each other (e.g., user A and user B having separate unique key in the cluster for separate service @ Polig ¶ 0080-0086 & Fig. 6).  The motivation to combine Polig to the system of Mencias is similar to claim 1 above.

With respect to claim 3, the references above further teaches wherein associating includes communities-of-interest configured for a web tier, an application tier or a database tier (e.g., application or program @ Mencias ¶ 0042-0044).

With respect to claim 4, the references above further teaches configuration a service access point includes configuring a service access point as a node within a cluster (e.g., the endpoint acting as node agent that runs on every node of the cluster @ Mencias ¶ 0023).

With respect to claim 5, the references above further teaches wherein associating a service includes associating a service within the clusters as a community-of-interest (e.g., A particular selection of microservices running as containers are group together into a pod forming an application or solution @ Mencias ¶ 0020).

With respect to claim 6, the references above further teaches translating by the secure endpoint between communities of interest outside the cluster and communities-of-interest within the cluster (e.g., translating communication between Nodes @ Mencias ¶ 0042 using unique key to decrypt the encrypted volume @ Mencias ¶ 0022).

The limitations of claim 7 are substantially similar to claim 1 above, and therefore this claim is likewise rejected.

The limitations of claim 8 are substantially similar to claim 2 above, and therefore this claim is likewise rejected.

The limitations of claim 9 are substantially similar to claim 3 above, and therefore this claim likewise rejected.

The limitations of claim 10 are substantially similar to claim 4 above, and therefore this claim likewise rejected.

The limitations of claim 11 are substantially similar to claim 5 above, and therefore this claim is likewise rejected.

The limitations of claims 12 are substantially similar to claim 6 above, and therefore this claim is likewise rejected.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.  Particularly, prior art Vyas et al. (US Pub No 2018/0109387) discloses relevant methods of isolating execution environment.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHAU LE whose telephone number is (571)270-7217. The examiner can normally be reached M-F 8:00-5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, CARL COLIN can be reached on (571) 272-3862. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/CHAU LE/Primary Examiner, Art Unit 2493