DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 01/27/2021 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 7, 15 and 23 rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claims 7, 15 and 23 recites the limitation "the container orchestration system" in line 1.  There is insufficient antecedent basis for this limitation in the claim.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1-2, 4-7, 9-10, 12-15, 17-18 and 20-23 are rejected under 35 U.S.C. 103 as being unpatentable over MAHAJAN et al. (US Pub No. 2021/0377054) in view of Hayashi et al. (US Pub No. 2011/0239004).
Regarding independent claim 1, MAHAJAN teaches a method for certificate management for services in a container orchestrator, the method comprising: requesting a certificate for a service from a cloud certificate manager, in response to detecting a request from a control plane of the container orchestrator for the certificate for the service (MAHAJAN, page 2, paragraph 0029, page 3, paragraphs 0034-0040 and page 9, paragraphs 0095-0097; request for certificate after receiving request after network function is initiated); receiving the certificate from the cloud certificate manager (MAHAJAN, page 9, paragraph 0102 and page 5, paragraph 0054); and storing the certificate in a secret storage (MAHAJAN,  page 5, paragraph 0054). 
MAHAJAN teaches storing the certificate in a secure storage (MAHAJAN, page 5, paragraph 0054) but does not explicitly teach returning the location of the secret storage to a requester of the certificate.
	Hayashi teaches returning the location of the secret storage to a requester of the certificate (Hayashi, page 3, paragraphs 0050 & 0057-0058 and page 2, paragraphs 0042-0044; secure storage area with address). 
	It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify MAHAJAN with the teachings of Hayashi to control access to the secret storage to provide the advantage of improving the chance of outsiders fully access the secret areas (Hayashi, page 1, paragraphs 0006-0010). 
	Regarding claim 2, MAHAJAN in view of Hayashi teaches the method further comprising: monitoring a custom resource definition to detect the request for the certificate for the service (MAHAJAN, page 3, paragraphs 0034-0040).
Regarding claim 4, MAHAJAN in view of Hayashi teaches the method further comprising: receiving a private key from the cloud certificate manager; and storing the private key in the secret storage (MAHAJAN, page 3, paragraph 0037).
Regarding claim 5, MAHAJAN in view of Hayashi teaches each and every claim limitation of claim 1, however, Hayashi teaches the method wherein the secret storage includes at least one of a key store and a trust store (Hayashi, page 2, paragraph 0043 and page 3, paragraph 0057).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify MAHAJAN with the teachings of Hayashi to control access to the secret storage to provide the advantage of improving the chance of outsiders fully access the secret areas (Hayashi, page 1, paragraphs 0006-0010). 
Regarding claim 6, MAHAJAN in view of Hayashi teaches each and every claim limitation of claim 1, however, Hayashi teaches the method wherein the location of the secret storage is a pointer to a location in a cloud computing environment (Hayashi, page 3, paragraphs 0048 & 0050-0051).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify MAHAJAN with the teachings of Hayashi to control access to the secret storage to provide the advantage of improving the chance of outsiders fully access the secret areas (Hayashi, page 1, paragraphs 0006-0010). 
Regarding claim 7, MAHAJAN in view of Hayashi teaches the method wherein the container orchestration system is Kubernetes, and wherein the service is a pod (MAHAJAN, page 3, paragraph 0029 & 0033 and Figure 1A).
Regarding independent claim 9, MAHAJAN teaches a non-transitory machine-readable storage medium that provides instructions that, if executed by a processor, will cause said processor to perform operations of a method for certificate management for services in a container orchestrator, the operations comprising: requesting a certificate for a service from a cloud certificate manager, in response to detecting a request from a control plane of the container orchestrator for the certificate for the service (MAHAJAN, page 2, paragraph 0029, page 3, paragraphs 0034-0040 and page 9, paragraphs 0095-0097; request for certificate after receiving request after network function is initiated); receiving the certificate from the cloud certificate manager (MAHAJAN, page 9, paragraph 0102 and page 5, paragraph 0054); and storing the certificate in a secret storage (MAHAJAN,  page 5, paragraph 0054). 
MAHAJAN teaches storing the certificate in a secure storage (MAHAJAN, page 5, paragraph 0054) but does not explicitly teach returning the location of the secret storage to a requester of the certificate.
	Hayashi teaches returning the location of the secret storage to a requester of the certificate (Hayashi, page 3, paragraphs 0050 & 0057-0058 and page 2, paragraphs 0042-0044; secure storage area with address). 
	It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify MAHAJAN with the teachings of Hayashi to control access to the secret storage to provide the advantage of improving the chance of outsiders fully access the secret areas (Hayashi, page 1, paragraphs 0006-0010). 
	Regarding claim 10, MAHAJAN in view of Hayashi teaches the non-transitory machine-readable storage medium having further instructions for operations further comprising: monitoring a custom resource definition to detect the request for the certificate for the service (MAHAJAN, page 3, paragraphs 0034-0040).
Regarding claim 12, MAHAJAN in view of Hayashi teaches the non-transitory machine-readable storage medium having further instructions for operations further comprising:  receiving a private key from the cloud certificate manager; and storing the private key in the secret storage (MAHAJAN, page 3, paragraph 0037).
Regarding claim 13, MAHAJAN in view of Hayashi teaches each and every claim limitation of claim 9, however, Hayashi teaches the non-transitory machine-readable storage medium wherein the secret storage includes at least one of a key store and a trust store (Hayashi, page 2, paragraph 0043 and page 3, paragraph 0057).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify MAHAJAN with the teachings of Hayashi to control access to the secret storage to provide the advantage of improving the chance of outsiders fully access the secret areas (Hayashi, page 1, paragraphs 0006-0010). 
Regarding claim 14, MAHAJAN in view of Hayashi teaches each and every claim limitation of claim 9, however, Hayashi teaches the non-transitory machine-readable storage medium wherein the location of the secret storage is a pointer to a location in a cloud computing environment (Hayashi, page 3, paragraphs 0048 & 0050-0051).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify MAHAJAN with the teachings of Hayashi to control access to the secret storage to provide the advantage of improving the chance of outsiders fully access the secret areas (Hayashi, page 1, paragraphs 0006-0010). 
Regarding claim 15, MAHAJAN in view of Hayashi teaches the non-transitory machine-readable storage medium wherein the container orchestration system is Kubernetes, and wherein the service is a pod (MAHAJAN, page 3, paragraph 0029 & 0033 and Figure 1A).
Regarding independent claim 17, MAHAJAN teaches a computing system comprising: a non-transitory machine-readable medium having stored therein a certificate orchestrator; and a processor coupled to the non-transitory machine-readable medium, the processor to execute the certificate orchestrator, the certificate orchestrator to execute a method for certificate management for services in a container orchestrator, the certificate orchestrator to request a certificate for a service from a cloud certificate manager, in response to detecting a request from a control plane of the container orchestrator for the certificate for the service (MAHAJAN, page 2, paragraph 0029, page 3, paragraphs 0034-0040 and page 9, paragraphs 0095-0097; request for certificate after receiving request after network function is initiated), receive the certificate from the cloud certificate manager (MAHAJAN, page 9, paragraph 0102 and page 5, paragraph 0054), and store the certificate in a secret storage (MAHAJAN,  page 5, paragraph 0054). 
MAHAJAN teaches storing the certificate in a secure storage (MAHAJAN, page 5, paragraph 0054) but does not explicitly teach return the location of the secret storage to a requester of the certificate.
	Hayashi teaches return the location of the secret storage to a requester of the certificate (Hayashi, page 3, paragraphs 0050 & 0057-0058 and page 2, paragraphs 0042-0044; secure storage area with address). 
	It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify MAHAJAN with the teachings of Hayashi to control access to the secret storage to provide the advantage of improving the chance of outsiders fully access the secret areas (Hayashi, page 1, paragraphs 0006-0010). 
	Regarding claim 18, MAHAJAN in view of Hayashi teaches the system wherein the certificate orchestrator is further configured to monitor a custom resource definition to detect the request for the certificate for the service (MAHAJAN, page 3, paragraphs 0034-0040).
Regarding claim 20, MAHAJAN in view of Hayashi teaches the system wherein the certificate orchestrator is further to receive a private key from the cloud certificate manager, and store the private key in the secret storage (MAHAJAN, page 3, paragraph 0037).
Regarding claim 21, MAHAJAN in view of Hayashi teaches each and every claim limitation of claim 17, however, Hayashi teaches the system wherein the secret storage includes at least one of a key store and a trust store (Hayashi, page 2, paragraph 0043 and page 3, paragraph 0057).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify MAHAJAN with the teachings of Hayashi to control access to the secret storage to provide the advantage of improving the chance of outsiders fully access the secret areas (Hayashi, page 1, paragraphs 0006-0010). 
Regarding claim 22, MAHAJAN in view of Hayashi teaches each and every claim limitation of claim 17, however, Hayashi teaches the system wherein the location of the secret storage is a pointer to a location in a cloud computing environment (Hayashi, page 3, paragraphs 0048 & 0050-0051).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify MAHAJAN with the teachings of Hayashi to control access to the secret storage to provide the advantage of improving the chance of outsiders fully access the secret areas (Hayashi, page 1, paragraphs 0006-0010). 
Regarding claim 23, MAHAJAN in view of Hayashi teaches the system wherein the container orchestration system is Kubernetes, and wherein the service is a pod (MAHAJAN, page 3, paragraph 0029 & 0033 and Figure 1A).
Claim(s) 3, 11 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over MAHAJAN et al. (US Pub No. 2021/0377054) in view of Hayashi et al. (US Pub No. 2011/0239004)  as applied to claims 1-2, 5-7, 9-10, 12-15, 17-18 and  20-23 above, and further in view of Allo et al. (US Patent No. 10,382,201).
Regarding claim 3, MAHAJAN in view of Hayashi teaches each and every claim limitation of claim 1. 
MAHAJAN in view of Hayashi does not explicitly teach the method further comprising: requesting the secret storage be established by a cloud secrets manager, in response to determining that the secret storage is unavailable for the service.
Allo teaches requesting the secret storage be established by a cloud secrets manager, in response to determining that the secret storage is unavailable for the service (Allo, column 7, lies 51-58 and column 8, lines 58-63; create storage area for certificates).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify MAHAJAN in view of Hayashi with the teachings of Allo to create secure storages to provide the advantage of securely storing data used for authentication  (Allo, column 8, lines 59-63).
Regarding claim 11, MAHAJAN in view of Hayashi teaches each and every claim limitation of claim 9. 
MAHAJAN in view of Hayashi does not explicitly teach the non-transitory machine-readable storage medium having further instructions for operations further comprising: requesting the secret storage be established by a cloud secrets manager, in response to determining that the secret storage is unavailable for the service.
Allo teaches requesting the secret storage be established by a cloud secrets manager, in response to determining that the secret storage is unavailable for the service (Allo, column 7, lies 51-58 and column 8, lines 58-63; create storage area for certificates).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify MAHAJAN in view of Hayashi with the teachings of Allo to create secure storages to provide the advantage of securely storing data used for authentication (Allo, column 8, lines 59-63).
Regarding claim 19, MAHAJAN in view of Hayashi teaches each and every claim limitation of claim 17. 
MAHAJAN in view of Hayashi does not explicitly teach the system wherein the certificate orchestrator is further to request  the secret storage be established by a cloud secrets manager, in response to determining that the secret storage is unavailable for the service.
Allo teaches wherein the certificate orchestrator is further to request the secret storage be established by a cloud secrets manager, in response to determining that the secret storage is unavailable for the service (Allo, column 7, lies 51-58 and column 8, lines 58-63; create storage area for certificates).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify MAHAJAN in view of Hayashi with the teachings of Allo to create secure storages to provide the advantage of securely storing data used for authentication (Allo, column 8, lines 59-63).


Claim(s) 8, 16 and 24 are rejected under 35 U.S.C. 103 as being unpatentable over MAHAJAN et al. (US Pub No. 2021/0377054) in view of Hayashi et al. (US Pub No. 2011/0239004)  as applied to claims 1-2, 5-7, 9-10, 12-15, 17-18 and  20-23 above, and further in view of Feng et al. (US Pub No. 2017/0338968).
Regarding claim 8, MAHAJAN in view of Hayashi teaches each and every claim limitation of claim 1. 
MAHAJAN in view of Hayashi does not explicitly teach the method further comprising: requesting to delete the certificate for the service from a cloud secrets manager, in response to detecting a request from a control plane of the container orchestrator to delete the certificate for the service; receiving confirmation of deletion of the certificate from the cloud secrets manager; and Atty. Docket No.: 1031P5002US17 Patent Applicationreturning the confirmation of the deletion to a requester of the deletion of the certificate.
Feng teaches requesting to delete the certificate for the service from a cloud secrets manager, in response to detecting a request from a control plane of the container orchestrator to delete the certificate for the service (Feng, page 8, paragraphs 0145-0148 and page 9, paragraphs 0106-0161 & 0172-0174; request to terminate instance and delete certificate); receiving confirmation of deletion of the certificate from the cloud secrets manager (Feng, page 8, paragraphs 0145-0148 and page 9, paragraphs 0106-0161 & 0172-0174; confirm certificate revoked and delete); and Atty. Docket No.: 1031P5002US17 Patent Applicationreturning the confirmation of the deletion to a requester of the deletion of the certificate (Feng, page 8, paragraphs 0145-0148 and page 9, paragraphs 0106-0161 & 0172-0174; confirm certificate revoked and delete).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify MAHAJAN in view of Hayashi with the teachings of Feng for certificate management when the instances are terminated to provide the advantage of illegal obtaining a certificate from an attacker (Feng, page 1, paragraph 0005).
Regarding claim 16, MAHAJAN in view of Hayashi teaches each and every claim limitation of claim 9. 
MAHAJAN in view of Hayashi does not explicitly teach the non-transitory storage medium having further instructions for operations further comprising: requesting to delete the certificate for the service from a cloud secrets manager, in response to detecting a request from a control plane of the container orchestrator to delete the certificate for the service; receiving confirmation of deletion of the certificate from the cloud secrets manager; and Atty. Docket No.: 1031P5002US17 Patent Applicationreturning the confirmation of the deletion to a requester of the deletion of the certificate.
Feng teaches requesting to delete the certificate for the service from a cloud secrets manager, in response to detecting a request from a control plane of the container orchestrator to delete the certificate for the service (Feng, page 8, paragraphs 0145-0148 and page 9, paragraphs 0106-0161 & 0172-0174; request to terminate instance and delete certificate); receiving confirmation of deletion of the certificate from the cloud secrets manager (Feng, page 8, paragraphs 0145-0148 and page 9, paragraphs 0106-0161 & 0172-0174; confirm certificate revoked and delete); and Atty. Docket No.: 1031P5002US17 Patent Applicationreturning the confirmation of the deletion to a requester of the deletion of the certificate (Feng, page 8, paragraphs 0145-0148 and page 9, paragraphs 0106-0161 & 0172-0174; confirm certificate revoked and delete).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify MAHAJAN in view of Hayashi with the teachings of Feng for certificate management when the instances are terminated to provide the advantage of illegal obtaining a certificate from an attacker (Feng, page 1, paragraph 0005).
Regarding claim 24, MAHAJAN in view of Hayashi teaches each and every claim limitation of claim 17. 
MAHAJAN in view of Hayashi does not explicitly teach the system wherein the certificate orchestrator is further to request to delete the certificate for the service from a cloud secrets manager, in response to detecting a request from a control plane of the container orchestrator to delete the certificate for the service, receive confirmation of deletion of the certificate from the cloud secrets manager, and Atty. Docket No.: 1031P5002US17 Patent Applicationreturn the confirmation of the deletion to a requester of the deletion of the certificate.
Feng teaches wherein the certificate orchestrator is further to request to delete the certificate for the service from a cloud secrets manager, in response to detecting a request from a control plane of the container orchestrator to delete the certificate for the service (Feng, page 8, paragraphs 0145-0148 and page 9, paragraphs 0106-0161 & 0172-0174; request to terminate instance and delete certificate); receive confirmation of deletion of the certificate from the cloud secrets manager (Feng, page 8, paragraphs 0145-0148 and page 9, paragraphs 0106-0161 & 0172-0174; confirm certificate revoked and delete); and Atty. Docket No.: 1031P5002US17 Patent Applicationreturn the confirmation of the deletion to a requester of the deletion of the certificate (Feng, page 8, paragraphs 0145-0148 and page 9, paragraphs 0106-0161 & 0172-0174; confirm certificate revoked and delete).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify MAHAJAN in view of Hayashi with the teachings of Feng for certificate management when the instances are terminated to provide the advantage of illegal obtaining a certificate from an attacker (Feng, page 1, paragraph 0005).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHAQUEAL D WADE whose telephone number is (571)270-0357. The examiner can normally be reached M-F 8:00-5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on 571-272-4063. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SHAQUEAL D WADE-WRIGHT/Primary Examiner, Art Unit 2437