DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement filed March 3, 2021 has been placed in the application file and the information referred to therein has been considered as to the merits.

Allowable Subject Matter
Claims 1-20 are allowed.

EXAMINER’S STATEMENT OR REASONS FOR ALLOWANCE
	Regarding the claimed terms, the Examiner notes that a “general term must be
understood in the context in which the inventor presents it.” In re Glaug 263 F.3d 1335,
1340, 62 USPOQ2d 1151, 1154 (Fed. Cir 2002}. Therefore the Examiner must interpret
the claimed terms as found on the specification of the instant application. Clearly almost
all the general terms in the claims may have multiple meanings. So where a claim term
‘is susceptible to various meanings,...the inventor's lexicography must prevail..." id.
Using these definitions for the claims, the claimed invention was not reasonably found in
the prior art.
	Prior art US 20200380130 (Purushotham et al.) taught a method for managing memory within a computing system. The method includes one or more computer processors identifying a range of physical memory addresses that store a first data. The method further includes determining whether a second data is stored within the range of physical memory addresses that stores the first data. The method further includes responding to determining that the second data is stored within the range of physical memory addresses that store the first data, by determining whether a process accessing the second data is identified as associated with a side-channel attack. The method further includes responding to determining that the process accessing the second data is associated with the side-channel attack, by initiating a response associated with the process accessing the second data.
	Prior art US 20180204018 (Panchbudhe et al.) taught methods and systems to update data present within a data container, when a user accessing the data, present within the data container, has updated the data. Embodiments herein disclose a method and system for enabling modifications of data present in data containers, wherein de-containerized data associated with a data container can be modified by at least one user and the modifications by the user can be reflected in real-time to the data in the data container.
	Prior art US 20190251278 (Kalinichenko et al.) taught methods and apparatuses are described for generating and deploying customized application software containers. Software containers on a first server comprise an application software module and an end-user-specific data set. A second server receives input data from remote computing devices and stores the input data in a master data set. The second server determines end-user-specific data sets from the master data set. The second server encrypts each of the end-user-specific data sets with an encryption key. The second server generates the software containers by executing the application software module in separate processes and storing each of the encrypted data sets in a separate container. Client computing devices authenticate to the second server to access a software container. The client devices decrypt the end-user-specific data set stored in the software container using the encryption key, and use the application software module to interact with the end-user-specific data set.
	Prior art US 20190222419 (Adams et al.) taught systems and methods for maintaining encryption keys are disclosed. An encrypted master key is determined by encrypting a master key based on an initial user password and discarding the master key. The encrypted master key is stored. A request for the master key including a present user password is received and verified based on comparison to the initial user password. Based on failure of verifying the present user password, a failed attempt counter that is maintained within a secure container is created. User password based access to the master key is locked out based on the failed attempt counter exceeding a defined value.
	Prior art US 20200004451 (Prohofsky) taught a method and apparatus for managing software containers in a computer network. A data storage device has a non-volatile memory (NVM) and a controller circuit. A portion of the NVM is allocated for use during deployment of a software container during which an application in the software container is executed by a processor of a virtual machine (VM) hypervisor. A unique session key is generated for the software container, and a token derived from the session key is supplied with each host access command issued to the data storage device during the deployment of the software container. The controller circuit validates each received host access command by determining the session key is valid and that a predetermined time period since deployment has not expired. The controller circuit is further configured to store in a session log a listing of all data blocks accessed in the NVM during the session.
	For Independent claim 9,
	Since, no prior art was found to teach: “restricting access to hardware based on the first hardware requirement for the container; and performing, for a data object requested by the container, an encryption operation and a decryption operation using the hardware, wherein a result of the encryption operation is inaccessible to the container prior to the decryption operation” as it pertains to the other portions of the claim as a whole, in a manner that would motivate a person of ordinary skill in the art before the effective fling date of the invention to combine it as an obvious inclusion, the examiner found the invention as claimed to be allowable and allowed it to be patented.
	For independent claims 1 and 17, the claims recite essentially similar
limitations as in claim 9.
	For dependent claims 2-8, 10-16, and 18-20, the claims are allowed due to their dependency on allowable independent claims 1, 9, and 17.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MATTHEW B SMITHERS whose telephone number is (571)272-3876. The examiner can normally be reached 8:00-4:00 (Teleworking).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on 571-272-4063. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/MATTHEW SMITHERS/
Primary Examiner
Art Unit 2437