Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
Claim Objections
Claims 1, 4-7, 11, 15-18, 20 comprise bullet points. For the purposes of clarity, Examiner recommends the removal of unnecessary characters.
Claim 1 comprises “I Claim”. Examiner recommends reciting the claim as “1.” For the purposes of clarity.
Claim Rejections - 35 USC §103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim 1 is rejected under 35 U.S.C. 103 as being unpatentable over Modeel (Pub. No. US 2020/0387361) in view of Venkatraman (Pat. No. US 10,083,052).
Claim 1, Modeel teaches “a computer-implemented method comprising: by a computer system, accessing a set of hardware parameters characterizing an embedded device; by the computer system, identifying a set of supported container functions based on the set of hardware parameters ([0027] The present disclosure provides techniques for creating an application runtime container specific to the hardware 124 that is abstracted by the node 116 on which the main container 140 is created. The main container 140 includes logic to consider the hardware architecture corresponding to the node 116 (e.g., architecture of the CPU 126 and/or GPU 130, etc.), the size of the memory 128, the available network bandwidth, whether the Quality of Service (QoS) is available to run the application dependencies (e.g., libraries), etc.). The application runtime container may have kernel features that can support the hardware architecture on which the node 116 runs.); by the computer system, identifying a set of selected container functions based on the selection of container functions and the set of supported container functions ([0028] The container platform 114 may include internal logic to create the node-identification container 144, a deploy container 146, and an application runtime container 148 in the main container 140. The node-identification container 144 may communicate with the recommendation service 104 and determine and analyze first information, which may include the set of kernel features 142, a set of node features, an application stack of the application 103. An application stack of the application 103 includes the application 103 with its combinations of dependencies of the application 103. The node-identification container 144 may create, based on the first information, a builder image. Based on the builder image, the node-identification container 144 may create the deploy container 146.); by the computer system, generating a hardware abstraction layer for the embedded device ([0023] The main container 140 may share the same kernel as the host machine. The set of kernel features 142 allows the main container 140 to interact with a set of physical hardware, which may be different from the hardware 124 included in the node 116.); by the computer system, generating a container runtime environment configured to execute, at the embedded device, a containerized application via the hardware abstraction layer, the containerized application comprising the set of selected container functions by the computer system, installing the hardware abstraction layer and the container runtime environment onto the embedded device ([Fig. 3] main container running application runtime container with stack and kernel features); and by the computer system, installing the containerized application onto the embedded device via the container runtime environment ([0020] The container platform 114 may be installed on multiple physical hardware, and each application executing on the container platform 114 may run inside a container. [0039] The main container 140 uses the builder image 238 to build an environment in which the application 103 may be built from scratch. The builder image 238 has a set of kernel-level features and compiler features that can successfully compile on the node 116 and run the application stack with the optimized bits. For example, to compile an application for a GPU (e.g., GPU 126), the builder image 238 has a GPU kernel and GPU features so that when the node-identification container 144 compiles the application for the GPU 126, the GPU compiler is available in the builder image. The stack builder 232 triggers the creation of the deploy container 146. The stack builder 232 may build the application 103 inside the deploy container 146. Based on the builder image 238, the node-identification container 144 creates the deploy container 146, which builds the application 103.)”.
However, Modeel may not explicitly teach a node is an embedded device.
Venkatraman teaches as evidence a node is an embedded device “([Col. 18 Lines 43-46]) A computing node may, for example, refer to various computing devices, such as cell phones, smartphones, tablets, embedded device, and so on.).”
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to apply the teachings of Venkatraman with the teachings of Modeel in order to provide a system that teaches embedded devices. The motivation for applying Venkatraman teaching with Modeel teaching is to provide a system that allows for design choice. Modeel, Venkatraman are analogous art directed towards installation of software. Together Modeel, Venkatraman teach every limitation of the claimed invention. Since the teachings were analogous art known at the filing time of invention, one of ordinary skill could have applied the teachings of Venkatraman with the teachings of Modeel by known methods and gained expected results. 
Claim 2 is rejected under 35 U.S.C. 103 as being unpatentable over Modeel  in view of Venkatraman in further view of Quigley (Pub. No. US 2014/0165190)
Claim 2, the combination may not explicitly teach the limitation.
Quigley teaches “the method of Claim 1, wherein the set of selected container functions comprises a security technology configured to secure the embedded device ([0041] For example, the Linux kernel includes a feature called "inotify" (on kernel versions 2.6.13 or later) that monitors file systems for Linux-based devices and provides alerts to attentive applications for relevant file system events, such as read, write, move, delete, and even unmount operations. According to one embodiment of the present invention, the inotify feature is used to monitor the file systems of computing devices, such as mobile communications devices and/or servers, as part of an overall process for security scanning of files in the device file systems. Effective file system monitoring can provide the trigger for many other defined events on the mobile communications device, and the inotify feature provides an example of how to integrate file system management features into control and security schemes for mobile communications devices. This feature and related features could be implemented by creating APIs and system calls for a particular operating system (or an application layer on top of the operating system) similar to the Linux inotify feature, or more generally, the Android FileObserver interface.)”.
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to apply the teachings of Quigley with the teachings of Modeel, Venkatraman in order to provide a system that teaches security features. The motivation for applying Quigley teaching with Modeel, Venkatraman teaching is to provide a system that allows for design choice. Modeel, Venkatraman, Quigley are analogous art directed towards installation of software. Together Modeel, Venkatraman, Quigley teach every limitation of the claimed invention. Since the teachings were analogous art known at the filing time of invention, one of ordinary skill could have applied the teachings of Quigley with the teachings of Modeel, Venkatraman by known methods and gained expected results. 
Claims 7-9, 11-13, 15 are rejected under 35 U.S.C. 103 as being unpatentable over Modeel  in view of Venkatraman in view of Quigley in further view of Beddus (Pub. No. US 2021/0157927)
Claim 3, the combination may not explicitly teach the limitation.
Beddus teaches “the method of Claim 1, further comprising, by the computer system, receiving a user input from a user associated with the embedded device, the user input comprising a security technology configured to secure the embedded device ([0024] In response to user inputs specifying application elements, user devices on which the applications are to be deployed, and a user-defined security levels, a service design processor may be arranged to assemble the application elements into a proposed network, connected to the selected user device. A service level may also be specified to define protection required for the application when in service [0040] There are three main components 20, 21, 22, 23. Firstly there is a Business and Operational Support System 20, in which a user's specification for end-to-end service is input in the form of applications, network links, devices and security constraints.)”.
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to apply the teachings of Beddus with the teachings of Modeel, Venkatraman in order to provide a system that teaches security features. The motivation for applying Beddus teaching with Modeel, Venkatraman teaching is to provide a system that allows for design choice. Modeel, Venkatraman, Beddus are analogous art directed towards installation of software. Together Modeel, Venkatraman, Beddus teach every limitation of the claimed invention. Since the teachings were analogous art known at the filing time of invention, one of ordinary skill could have applied the teachings of Beddus with the teachings of Modeel, Venkatraman by known methods and gained expected results. 
Claim 7, “the method of Claim 1, further comprising: by the computer system, identifying a second set of selected container functions comprising a second security technology configured to secure the embedded device; and at a second time, by the computer system, automatically installing a second containerized application comprising the second security technology onto the embedded device via the container runtime environment” is similar to claim 3 but performed for a second iteration and therefore rejected with the same references and citations.
Claim 8, the combination teaches the claim, wherein Modeel teaches “the method of Claim 7, further comprising, by the computer system, automatically selecting the second set of selected container functions for the embedded device based on a unique identifier of the embedded device ([0031] The stack analyzer tool 212 may download the application 103 ([0026] If the node 116 includes a GPU, for example, it may be desirable to create a GPU-compatible container to host the application 103. In another example, if the node 116 includes a particular CPU type, it may be desirable to create a container that is compatible with the particular CPU type to host the application 103.)”.
Claim 9, the combination teaches the claim, wherein Modeel teaches “the method of Claim 7, further comprising, by the computer system, automatically selecting the second set of selected container functions for the embedded device in response to randomly selecting the embedded device from a set of embedded devices associated with the user account ([0015] In another example, the container platform selects a random node on which to deploy the application. In this example, the container platform may be unaware of the hardware corresponding to the node, and the application runtime container in which the application runs may not be specific to the hardware included in the node. For example, if a node includes a GPU, it may be desirable to ensure that the application or application dependency is GPU compatible. Additionally, the application running in the container may not be an optimized version of the application stack. In these cases, the application not execute at its full potential in terms of speed, memory usage, etc.)”.
Claim 11, “the method of Claim 1, further comprising: by the computer system, identifying a second set of selected container functions comprising a second security technology configured to secure a second embedded device; and by the computer system, automatically installing a second containerized application comprising the second security technology onto the second embedded device via a second container runtime environment” is similar to claim 3 but performed for a second iteration and therefore rejected with the same references and citations.
Claim 12, “the method of Claim 11, further comprising, by the computer system, automatically selecting the second set of selected container functions for the second embedded device based on a unique identifier of the second embedded device” is similar to claim 8 but performed for a second iteration and therefore rejected with the same references and citations.
Claim 13, “the method of Claim 11, further comprising, by the computer system, automatically selecting the second set of selected container functions for the second embedded device in response to randomly selecting the second embedded device from a set of embedded devices associated with the user account” is similar to claim 9 but performed for a second iteration and therefore rejected with the same references and citations.
Claim 15, “a computer implemented method comprising: by a computer system, receiving a user input from a user associated with the embedded device, the user input comprising a security technology configured to secure the embedded device; by the computer system, accessing a set of hardware parameters characterizing an embedded device; by the computer system, identifying a set of supported container functions based on the set of hardware parameters; by the computer system, identifying a set of selected container functions based on the selection of container functions and the set of supported container functions; by the computer system, generating a hardware abstraction layer for the embedded device; by the computer system, generating a container runtime environment configured to execute, at the embedded device, a containerized application via the hardware abstraction layer, the containerized application comprising the set of selected container functions comprising the security technology configured to secure the embedded device; by the computer system, installing the hardware abstraction layer and the container runtime environment onto the embedded device; and by the computer system, installing the containerized application onto the embedded device via the container runtime environment” is similar to claim 1 and claim 3 and therefore rejected with the same references and citations.
Claims 4, 16 are rejected under 35 U.S.C. 103 as being unpatentable over Modeel  in view of Venkatraman in view of Beddus in further view of Ghoush (Pub. No. US 2020/0319879)
Claim 4, the combination may not explicitly teach the limitation.
Ghosh teaches “the method of Claim 3, further comprising: by the computer system, authenticating the user associated with the embedded device to a user account based on a role associated with the user; and by the computer system, authenticating the embedded device to the user account based upon the unique identifier associated with the embedded device ([0013] As further shown in FIG. 1A, and by reference number 152, blueprinting platform 104 may obtain authentication information from client device 102. For example, blueprinting platform 104 may provide a user interface via client device 102 to receive authentication information associated with identifying an identity of a user. In this case, the authentication information may include a user name, a password, information identifying a role (e.g., whether a user is a developer, a supervisor, etc.), information identifying an experience level, and/or the like. In this way, blueprinting platform 104 may configure a user experience based on a user that is using client device 102 to access blueprinting platform 104. For example, for a first type of user associated with a first level of experience or a first role, blueprinting platform 104 may grant access to a first set of functionalities of blueprinting platform 104. In contrast, for a second type of user associated with a second, higher level of experience or a second role, blueprinting platform 104 may grant access to the first set of functionalities and a second set of functionalities of blueprinting platform 104. In some implementations, blueprinting platform 104 may enable multi-factor authentication to reduce a risk of security issues relating to unauthorized access to blueprinting platform 104.)”.
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to apply the teachings of Ghosh with the teachings of Modeel, Venkatraman, Beddus in order to provide a system that teaches security features. The motivation for applying Ghosh teaching with Modeel, Venkatraman teaching is to provide a system that allows for design choice. Modeel, Venkatraman, Beddus, Ghosh are analogous art directed towards installation of software. Together Modeel, Venkatraman, Beddus, Ghosh teach every limitation of the claimed invention. Since the teachings were analogous art known at the filing time of invention, one of ordinary skill could have applied the teachings of Ghosh with the teachings of Modeel, Venkatraman, Beddus by known methods and gained expected results. 
Claim 16, “the method of Claim 15, further comprising: By the computer system, authenticating the user associated with the embedded device to a user account based on a role associated with the user; and by the computer system, authenticating the embedded device to the user account based upon the unique identifier associated with the embedded device” is similar to claim 4 and therefore rejected with the same references and citations.
Claims 5, 6, 17, 18 are rejected under 35 U.S.C. 103 as being unpatentable over Modeel  in view of Venkatraman in view of Quigley in view of Beddus in view of Ghoush in further view of Seo (Pub. No. US 2010/0107157)
Claim 5, the combination may not explicitly teach the limitation. 
Seo teaches “the method of Claim 4, further comprising, at the computer system, receiving a confirmatory transmission from the embedded device in response to: installation of the hardware abstraction layer and the container runtime environment at the embedded device; and installation of the containerized application onto the embedded device ([0115] The server 200 may display to the user an installation state of each client in which the installation program is executed in the operation S160 through the display unit 220 (S170). The displaying in the operation S170 may include displaying success or failure of the driver installation in each client.)”.
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to apply the teachings of Seo with the teachings of Modeel, Venkatraman, Beddus, Ghosh in order to provide a system that teaches situational awareness features. The motivation for applying Seo teaching with Modeel, Venkatraman, Beddus, Ghosh teaching is to provide a system that allows for design choice. Modeel, Venkatraman, Beddus, Ghosh, Seo are analogous art directed towards installation of software. Together Modeel, Venkatraman, Beddus, Ghosh, Seo teach every limitation of the claimed invention. Since the teachings were analogous art known at the filing time of invention, one of ordinary skill could have applied the teachings of Seo with the teachings of Modeel, Venkatraman, Beddus, Ghosh by known methods and gained expected results. 
Claim 6, the combination teaches the claim, wherein Seo teaches “the method of Claim 5, further comprising: at the computer system, generating a confirmatory message indicating successful installation of the containerized application onto the embedded device; and at the computer system, displaying the confirmatory message within the user account associated with the embedded device ([0115] The server 200 may display to the user an installation state of each client in which the installation program is executed in the operation S160 through the display unit 220 (S170). The displaying in the operation S170 may include displaying success or failure of the driver installation in each client.)”.
Rational to claim 5 is applied here.
Claim 17, “the method of Claim 16, further comprising, at the computer system, receiving a confirmatory transmission from the embedded device in response to: installation of the hardware abstraction layer and the container runtime environment at the embedded device; and e installation of the containerized application onto the embedded device” is similar to claim 5 and therefore rejected with the same references and citations.
Claim 18, “the method of Claim 17, further comprising: at the computer system, generating a confirmatory message indicating successful installation of the containerized application onto the embedded device; and at the computer system, displaying the confirmatory message within the user account associated with the embedded device” is similar to claim 6 and therefore rejected with the same references and citations.
Claims 4, 14 are rejected under 35 U.S.C. 103 as being unpatentable over Modeel  in view of Venkatraman in view of Beddus in further view of Golden (Pub. No. US 2010/0292556)
Claim 10, the combination may not explicitly teach the limitation. 
Golden teaches “the method of Claim 7, further comprising, by the computer system, automatically selecting the second set of selected container functions for the embedded device in response to a vulnerability characterization of the embedded device ([0102] Attention is now directed to the user device 310b, which is configured with a dedicated-hardware architecture (also referred to as a "security kernel" configuration). A dedicated-hardware architecture may be configured with single or separate physical processors, memories, peripherals, etc, that are each dedicated to the operation of the secure environment 311b (e.g., running medical applications) or the operation of the non-secure environment 313b (e.g., running mainstream applications). For example, the dedicated-hardware architecture may utilize security kernel features that prevent unauthorized access to, or use of, the system resources used by the secure environment 311b.)”.
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to apply the teachings of Golden with the teachings of Modeel, Venkatraman in order to provide a system that teaches security features. The motivation for applying Golden teaching with Modeel, Venkatraman teaching is to provide a system that allows for design choice. Modeel, Venkatraman, Golden are analogous art directed towards installation of software. Together Modeel, Venkatraman, Golden teach every limitation of the claimed invention. Since the teachings were analogous art known at the filing time of invention, one of ordinary skill could have applied the teachings of Golden with the teachings of Modeel, Venkatraman by known methods and gained expected results. 
Claim 14, “the method of Claim 11, further comprising, by the computer system, automatically selecting the second set of selected container functions for the second embedded device in response to a vulnerability characterization of the second embedded device” is similar to claim 10 but performed for a second iteration and therefore rejected with the same references and citations.
Claim 19 is rejected under 35 U.S.C. 103 as being unpatentable over Modeel  in view of Venkatraman in view of Beddus in further view of Joseph (NPL 7/2019 “Learning Docker creating your own base image”)
Claim 19, the combination may not explicitly teach the limitation.
Joseph teaches “the method of Claim 15, wherein the hardware abstraction layer and the container runtime environment are characterized by a memory footprint of less than or equal to 256 kilobytes on the embedded device ([Scratch ]This would start the container run the executable and end the container. My base container size with scratch alone is 1.84 kilobytes.)”.
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to apply the teachings of Joseph with the teachings of Modeel, Venkatraman, Beddus in order to provide a system that teaches minimal distribution. The motivation for applying Joseph teaching with Modeel, Venkatraman, Beddus teaching is to provide a system that allows for design choice. Modeel, Venkatraman, Beddus, Joseph are analogous art directed towards installation of software. Together Modeel, Venkatraman, Beddus, Joseph teach every limitation of the claimed invention. Since the teachings were analogous art known at the filing time of invention, one of ordinary skill could have applied the teachings of Joseph with the teachings of Modeel, Venkatraman, Beddus by known methods and gained expected results. 
Claim 20 is rejected under 35 U.S.C. 103 as being unpatentable over Modeel  in view of Venkatraman in view of Beddus in further view of Nachimuthu (Pub. No. US 2018/0188989)
Claim 20, the combination teaches  the claim, wherein Modeel teaches “the method of Claim 15, wherein accessing the set of hardware parameters characterizing the embedded device comprises accessing the set of hardware parameters selected from a group of hardware parameters comprising: a central processing unit type of the embedded device ([0027] cpu archtecture); an available memory of the embedded device ([0027] size of memory);  a hardware accelerator type of the embedded device ([0027] gpu archtecture); and a network connectivity of the embedded device ([0027] network bandwidth)”. 
However, Modeel  may not explicitly teach the remaining limitations
Nachimuthu teaches “a memory type of the embedded device; an input bus type of the embedded device;  an output bus type of the embedded device; a sensor type associated with the embedded device ([0029] At 802, the node manager node tracks all of the resources available to the node. In some embodiments, the tracked resources include hardware and/or software resources. The resources include hardware and/or software assets that are installed or populated in the node, as well as those that are connected and/or accessible to the node. In one embodiment, the tracked resources include memory resources such as DRAM, NVDIMM, volatile memory, persistent memory, block memory, SSD, storage, and any other memory type/technology that are available now or may be available in the future. At 804, the node manager determines the different possible configurations based on the tracked resources. For example, with respect to memory resources, the possible memory configurations may be based on memory type (e.g., volatile, persistent), memory capacity (e.g., size), memory performance (e.g., speed, bandwidth, latency), special mode/functionality (e.g., mirrored memory, interleaved memory, DRAM cache). In addition to memory resources, according to an embodiment, the node manager may also generate possible configurations of other resources. For example, the node manager may generate difference configurations for or based on storage resources (e.g., storage capacity, storage performance), core resources (e.g., core count, core speed), networking resources (e.g., network type, network speed), I/O resources (e.g., bus type, bus speed), additional computing resources (e.g., GPU, FPGA) and any other suitable resources that may be requested by the user. Some of the possible configurations may also include valid configurations, frequently used configurations, specific configurations and previously specified/used configurations. In some embodiments, the possible configurations also include sliding scale configurations that covers a range instead of a specific number. For instance, a particular configuration could include a memory capacity range of 0-128 GB instead of a fixed number (e.g., 16 GB, 32 GB, 64 GB, etc.). At 806, the node manager generates a performance estimate for each of the possible configurations. The operations and logic for generating a performance estimate will be described further below in FIG. 10.)”.
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to apply the teachings of Nachimuthu with the teachings of Modeel, Venkatraman, Beddus in order to provide a system that teaches sensor types. The motivation for applying Nachimuthu teaching with Modeel, Venkatraman, Beddus teaching is to provide a system that allows for design choice. Modeel, Venkatraman, Beddus, Nachimuthu are analogous art directed towards installation of software. Together Modeel, Venkatraman, Beddus, Nachimuthu teach every limitation of the claimed invention. Since the teachings were analogous art known at the filing time of invention, one of ordinary skill could have applied the teachings of Nachimuthu with the teachings of Modeel, Venkatraman, Beddus by known methods and gained expected results. 

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WYNUEL S AQUINO whose telephone number is (571)272-7478. The examiner can normally be reached 9AM-5PM EST M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lewis Bullock can be reached on 571-272-3759. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/WYNUEL S AQUINO/             Primary Examiner, Art Unit 2199