DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This action is in response to US Application filed on 07/06/2020. Claims 21-40 are pending.
Priority
This application is a continuation of US Application 15/826,281 filed 29/11/2017, now Patent No. 10705855.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 09/25/2020 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Objections
Claim 35 is objected to because of the following informalities:  
“The computing machine” lacks a proper antecedent basis which is herein being treated as a typographical error. For examination, this feature is read to refer back to “an information computing machine” previously recited in the claim.
Appropriate correction is required.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 21-27 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  The claim(s) do not fall within at least one of the four categories of patent eligible subject matter because the claimed system may be construed as being directed to a system of software structure without reciting any hardware.
The BRI of “storage resource” includes software, e.g., a container, database, table, data structure…etc.. Similarly, the BRI of “module” and “processor” comprises software implemented module and processor. Therefore, these claims are not reciting a required hardware structure/component.

Abstract Idea Analysis
Per 2019 Revised PEG (Electrical Arts):
Step 1: 
Claim 21-27 are construed as software per se. and are not directed to one of the four categories of invention, therefore, claims 21-27 are “subject matter ineligible” as shown above. 
Claim 28 and 35 are directed to one of the four categories of invention, therefore claims 28 and 40 are “subject matter eligible”.
Step 2A – prong one: claims 21, 28 and 35 do not recite abstract idea per the defined groupings.
Therefore, claim 21, and claims 22-27 for the same reason explained in the analysis of claim 21, are also patent ineligible due to failing to satisfy the step 1 analysis.
Claims 28-40 are patent eligible as they satisfy the analysis steps set forth above.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

1.	Claim(s) 21-26, 28-33 and 35-38 are rejected under 35 U.S.C. 103 as being unpatentable over Stopel, US2017/0187540 in view of Dalton, US 2008/0244689.

Per claim 21, Stopel discloses a system comprising: 
a storage resource (A container image is a static file and a runtime instance of the container image is a software container executing a specific application (hereinafter “APP container”)– Stopel: par. 0034); 
a processor communicatively coupled to the storage resource, wherein the processor executes application code instruction that are stored in the storage resource (The detector container 315 is a software container designed to profile container images stored in the registries 330 and to enforce a secured execution of a respective APP container based on the generated profiles. For example, a registry 313 includes a container image 301-C, where the runtime instance of this image is a APP container 311-C – Stopel: par. 0038) to cause the system to: 
compare a [signed] hash of a file system configuration image with a hash generated using a file system (any attempt to execute a spawned process during the runtime of the APP container 311-C is captured. Any execution of a new spawned process is reported to the detector container 315 as, for example, a netlink event. Such an event includes the process name and a pointer to the executable file. A signature is generated over the contents of the executable file using the same hash or check-sum functions used for the profiling. The generated signature is comparted to a signature of the respective spawned process as saved in the security profile – Stopel: par. 0066 – Note: enforcement of a security policy generated for a container is executed in the host 310. For example, execution of the APP container 311-C from the container image 301-C. Each intercepted communication is analyzed to detect an attempt by the APP container 311-C to violate any parameter sets in the security profile generated for the container image 301-C. Any filesystem action that is attempted to be performed during the runtime of the APP container 311-C is captured and compared against the permissible actions as defined in the security profile – par. 0063, 0064 and 0067), wherein the file system includes a memory file system module, a base file system image and the file system configuration image (A software container (also known as a container) provides an executable environment with a complete filesystem. The filesystem may contain code, runtime, system tools, system libraries, and so on – Stopel: par. 0006); 
Stopel discloses “[t]he container image 200 may include one or more root certificates. A certificate authority (CA) can issue multiple certificates in the form of a tree structure. A root certificate is the top-most certificate of the tree, the private key of which is used to “sign” other certificates” – Stopel: par. 0009. Stopel is not explicitly disclosing a signed signature/check-sum/hash of a filesystem configuration image but Dalton discloses “… EC image is digitally signed by the EMS private key at time of creation of the EC to ensure its authenticity when in physical possession of the EC. Additionally, each file within the EC image is digitally signed by the EMS private key during creation of the EC image to provide the ability to verify the authenticity of a booted EC when communicating (network attached) with the EMS ” – Dalton: par. 0029 – Note: The purpose of the EMS comprises management of various EC images within a library and authorization and revocation of EC's via digital certificate revocation and verification of the digital signature of the files within the EC – par. 0035. Additionally, Dalton discloses check the signed hash against a public certificate included in the file system (the EMS administrator configures the EC image on the EMS server via the EMS user interface... The EC image, EC digital certificate, EMS signed digital hash of the EC image, EMS public key, and user to which the image will be assigned, are saved on the EMS within the image library…The EMS administrator manages the deployed EC images to include: the online validation of EC's via the EMS assigned digital certificate on the EC… The EMS also creates, issues, and revokes digital certificates and manages the certificate revocation list (CRL) and OCSP responder, which are used to validate or invalidate EC's  – Dalton: par. 0031 and 0035); and 
verify the file system configuration image (EC image) by determining if the signed hash has been signed by an administrator using the data processing system (Authentication of the EC software begins with the host computer being booted by the EC media…The EC presents its EMS signed digital certificate for authentication. The EC digital certificate is then verified as authentic or not and its revocation status is verified by either CRL or OCSP method managed by the EMS– Dalton: par. 0031 – Note: wherein the EMS administrator manages the online validation of EC's via the EMS assigned digital certificate on the EC. The EMS administrator further manages the revocation of EC digital certificate for the purpose of disabling an EC).
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Stopel in view of Dalton to include check the signed hash against a public certificate included in the file system; and verify the file system configuration image by determining if the signed hash has been signed by an administrator using the data processing system.
One of ordinary skill in the art would have been motivated because it would allow including a secure boot image “encrypted and digitally signed by the EMS private key such that any attempted alteration of its content would invalidate it during the EC validation phase” – Dalton: par. 0026.

Per claim 28, it recites a method comprising steps performed by the system of claim 21.
Therefore, claim 28 is rejected based on the same analysis and motivation to combine as set forth in the rejection of claim 21 above. 

Per claim 35, it recites a non-transitory computer readable medium containing computer readable instructions for configuring an information computing machine, the computer-readable instructions comprising instructions for causing the computing machine to perform the system of claim 1. 
Therefore, claim 35 is rejected based on the same analysis and motivation to combine as set forth in the rejection of claim 21 above. 

Per claim 22, Stopel in view of Dalton discloses the system of claim 21 further comprising application code instruction to cause the system to determine if the hash has been validated against a white list (The detector container 315 is configured to create a unique signature for each executable file. The signature may be computed as a check-sum or hash value computed using a hash function over the contents of the executable file. Each generated signature is saved with the security profile of the container image 301-C together with the name of the respective spawned process… The intercepted communications may include, for example, system calls, access to the filesystem, access to network resource, execution of processes, and so on…any system call triggered by the execution of the APP container 311-C is captured and compared to the allowable system calls defined in the respective profile – Stopel: par. 0062 and 0064-0065 – Note: a security profile may include at least one of: a list of allowed (whitelist) system calls, a list of permissible network actions, a list of permissible filesystem actions, and signatures of executable files of spawned processes and execution of an APP container corresponding to a profile container image is monitored to enforce the respective security profile – par. 0033-0034).

Per claims 29 and 36, they recite features similar to features of claim 22 rejected above. Therefore, claims 29 and 36 are rejected based on the same analysis and motivation to combine as set forth in the rejection of claim 22 above. 

Per claim 23, Stopel in view of Dalton discloses the system of claim 21, further comprising application code instruction to cause the system to verify the base file system image by comparing a signed hash of the base file system image that includes a plurality of digital signatures with a hash generated by an initial file system (The database 340 is configured to store trusted root certificates, generated certificate lists (mentioned below), and detected vulnerable certificates…The unitary signature of each scanned container is saved in the database 340 to determine if a repeated scanning of the container image 301 is required. That is, upon receiving a request to scan a container image, a unitary signature is computed for the image that is requested to be scanned. The computed unitary signatures are matched to those saved in the database 340. If the compared unitary signatures are the same, then the container image is determined to be safe and is not scanned again – Stopel: par. 0032 and 0061 – Note: The container image 200 includes a base image 210 and a container layer 220. The base image 210 includes one or more image layers 215 and each layer 215 is identified by a randomly generated identifier number of a checksum computed using a hash function… The container image 200 may include one or more root certificates. A root certificate is the top-most certificate of the tree of certificates, the private key of which is used to “sign” other certificates – par. 0007-0009).

Per claims 30 and 37, they recite features similar to features of claim 23 rejected above. Therefore, claims 30 and 37 are rejected based on the same analysis and motivation to combine as set forth in the rejection of claim 23 above. 

Per claim 24, Stopel in view of Dalton discloses the system of claim 23 further comprising application code instruction to cause the system to check the plurality of digital signatures against public certificates included in the initial file system (the host certificate list stored in database 340 which is based on the initial file system is compared to the container certificate list to determine if there is at least one certificate designated in the container certificate list, but not in the host certificate list, i.e., each certificate’s unique ID, e.g., certificate signature or a combination of the version number, serial number, and issuer name, is matched with unique IDs in the host certificate list and any root certificate designated in the container certificate list but not in the host certificate list is determined to be vulnerable – Stopel: Fig. 3 and 4).

Per claims 31 and 38, they recite features similar to features of claim 24 rejected above. Therefore, claims 31 and 38 are rejected based on the same analysis and motivation to combine as set forth in the rejection of claim 24 above. 

Per claim 25, Stopel in view of Dalton discloses the system of claim 21 wherein the base file system image can be retrieved from a local storage resource or from a remote storage resource (The host device 310 may be communicatively connected to one or more external systems 370 through the network 320. Examples for such external systems 370 may include access control systems (e.g., Docker Swarm, Kubernetes management plane, etc.)… detector container 315 is configured to receive an event indicating that a container image has been uploaded to the host device 310… the event may be generated by the host device 310 when a new container image is uploaded to the host [from the external systems] or when an image is locally stored in the host device 310 and is ready for execution – Stopel: par. 0034-0035 – Note: an uploaded image of a software container, i.e., [uploaded] container image, from an external source and/or an attempt to execute a local image of a software container, i.e., [local] container image. Nonetheless, prior to executing the container image, a detector container initiates an scan event. The detector container is configured to create a container filesystem (e.g., using a Docker platform) for the [uploaded/local] container image and to execute a scanning process for scanning the filesystem and evaluating the security state of the container image).

Per claim 32, it recites features similar to features of claim 25 rejected above. Therefore, claims 32 is rejected based on the same analysis and motivation to combine as set forth in the rejection of claim 25 above. 

Per claim 26, Stopel in view of Dalton discloses the system of claim 21 wherein the file system configuration image can be retrieved from a local storage resource or from a remote storage resource (The host device 310 may be communicatively connected to one or more external systems 370 through the network 320. Examples for such external systems 370 may include access control systems (e.g., Docker Swarm, Kubernetes management plane, etc.)… detector container 315 is configured to receive an event indicating that a container image has been uploaded to the host device 310… the event may be generated by the host device 310 when a new container image is uploaded to the host [from the external systems] or when an image is locally stored in the host device 310 and is ready for execution – Stopel: par. 0034-0035 – Note: an uploaded image of a software container, i.e., [uploaded] container image, from an external source and/or an attempt to execute a local image of a software container, i.e., [local] container image. Nonetheless, prior to executing the container image, a detector container initiates an scan event. The detector container is configured to create a container filesystem (e.g., using a Docker platform) for the [uploaded/local] container image and to execute a scanning process for scanning the filesystem and evaluating the security state of the container image).

Per claim 33, it recites features similar to features of claim 26 rejected above. Therefore, claims 32 is rejected based on the same analysis and motivation to combine as set forth in the rejection of claim 26 above. 

2.	Claim(s) 27, 34 and 39-40 are rejected under 35 U.S.C. 103 as being unpatentable over Stopel, US2017/0187540 in view of Dalton, US 2008/0244689 as applied to claim 21, 28 and 35 above, and further in view of Waldie, US10938855.

Per claim 27, Stopel in view of Dalton discloses the system of claim 21.
Stopel and/or Dalton is not relied on to explicitly disclose but Waldie discloses further comprising application code instruction to cause the system to: execute /sbin/init; and start services (The pre-boot runtime environment loads the system vendor public CA from the unencrypted storage 501… If physical integrity has not been compromised, the bootloader runs 503. The bootloader verifies the firmware memory containing the OS image has been signed using the vendor CA, and has not been replaced with unauthorized image 504… The physical and logically verified base server system enters its primary operating mode 512 – Waldie: col. 7, lines 53-67 and col. 8, lines 1-20).
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Stopel and Dalton further in view of Waldie to include application code instruction to cause the system to: execute /sbin/init; and start services.
One of ordinary skill in the art would have been motivated because it would allow “automatically and securely provisioning computer network infrastructure in remote (and potentially untrusted) physical environments” – Waldie: col. 11, lines 49-52.

Per claims 34, 39 and 40, they recite features similar to features of claim 27 rejected above. Therefore, claims 34, 39 and 40 are rejected based on the same analysis and motivation to combine as set forth in the rejection of claim 27 above. 

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Dodeja (WO2013/101236) discloses securing device environment for trust provisioning.
Bernstein (US2018/0278639) discloses dynamically adapted traffic inspection and filtering in containerized environments.
Stopel (US2017/0116412) discloses profiling of spawned processes in container images and enforcing security policies respective thereof.
Stopel (US2017/0116415) discloses profiling of container images and enforcing security policies respective thereof.
Stopel (US2017/0109536) discloses static detection of vulnerabilities in base images of software containers.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to AREZOO SHERKAT whose telephone number is (571)272-8533. The examiner can normally be reached Monday - Friday 8:30-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jung Kim can be reached on 571 - 272 - 3804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/AREZOO SHERKAT/            Examiner, Art Unit 2494