DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
In response to 35 USC 103, filed 06/28/2022, to independent claims 1, 8, and 15 along with their respective dependent claims, regarding limitations “allocating, by the microservice framework, one or more storages shared between the at least one microservice and other various microservices and other containers running on the microservice framework; and transmitting the salt file to at least one of the other various microservices and the other containers via the one or more storages”.
Fojtik teaches “allocating, by the microservice framework, one or more storages shared between the at least one microservice and other various microservices and other containers running on the microservice framework”. Fojtik discloses “cloud provider provides an interface to requisition virtual machines and associated resources such as storage [0003]. Framework for a PaaS system. The PAAS system may be a container-based architecture [0013]. a local repository for storing the changes for each application associated with the end user of the PaaS system architecture 200 [0027]. An application 235a-c may utilize resource-constrained containers 240 on nodes 232a-c using instances of application image. A container 240 is a resource-constrained process space on the node 232a-c to execute functionality of an application 235a-c [0039]. Data (e.g., authentication data, etc.) that is to be included in configuration file 366 may be copied into a different directory other than the destination directory 368. The data and/or the configuration file including the data may be copied into source code 364 or elsewhere in build container 360 [0061]. The configuration file is transferred into the build container [0062]. Copying the configuration file from the directory storage to destination directory that’s inside the build container [0052]”. Fojtik shows storages are shared from plurality of services and container. Containers processing space on the nodes to execute the function of the applications. 
Furthermore, Fojtik teaches “ transmitting the salt file to at least one of the other various microservices and the other containers via the one or more storages”. Fojtik discloses “Copying or moving the configuration file from the directory storage to destination directory that’s inside the build container. If the configuration file is still in the directory storage after moving it is deleted [0052]. Data (e.g., authentication data, etc.) that is to be included in configuration file 366 may be copied into a different directory other than the destination directory 368. The data and/or the configuration file including the data may be copied into source code 364 or elsewhere in build container 360 [0061]”. Fojtik shows configuration file being transmitted from one point to the other. The configuration file is a secret file that acts as the salt file.

In response to 35 USC 103, filed 06/28/2022, to independent claims 1, 8, and 15 along with their respective dependent claims, regarding limitations “receiving, by at least one microservice, the salt file; copying and injecting the salt file from the at least one microservice into the one or more storages”.
Applicant’s argument have been considered but are moot, because the newly recited amendment does not rely on the newly recited reference being applied to the prior rejection of record or any teaching or matter specifically challenged in the argument.

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 1-20 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. 
Regarding claims 1, 8, and 15, the claims recite “receiving, by at least one microservice, the salt file; allocating, by the microservice framework, one or more storages between the at least one microservice and other various microservice and other containers running on the microservice framework”. The specification is paragraph [0034] discloses “The microservice framework may inject the salt file received by the SaaS into the container. The microservice framework may allocate storages for containers and the storages may appear as different file folders from the point of view of the microservice framework, creating a simple process to inject the salt file into the container and to copy a salt file from one folder to a different folder. For example, docker cp <location of salt file> destination container ID>:/path/”. The specification does not indicate that the microservice framework allocates storages for a single microservice nor allocating storages for a plurality of microservices. Also, in paragraph [0024] discloses “A first microservice receives the static file from a SaaS and injects the static file into the storage or the shared volume. The storage or shared volume may be accessible to a second microservice running on the same microservice framework”. This paragraph shows shared storage accessible to a second microservice running on the same microservice framework, but does not indicate allocating shared storage between the at least one microservice and other various microservice and other containers running on the microservice framework.
	Furthermore, in paragraph [0024] discloses “A first microservice receives the static file from a SaaS and injects the static file into the storage or the shared volume. The storage or shared volume may be accessible to a second microservice running on the same microservice framework”. The specification shows no support of microservice receiving the salt file. The specification just indicates that the microservice receives the static file and not the salt file.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 3 5-6, 8, 10, 12-13, 15, 17 and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Schwarz et al. (US 20180367528, hereinafter Schwarz), in view of Edwards (US 20180054314), in view of Fojtik et al. (US 20170249128, hereinafter Fojtik), and in further view of Atta et al. (US 20180091484, hereinafter Atta).

Re. claim 1, Schwarz discloses a method comprising: receiving a generated salt file (Schwarz discloses a single signed token may be generated for the cloud-based asset including information identifying the respective virtualization platform 108a -c deploying the cloud-based asset, as well as other information specifying an issue date or an expiration time for the token or other information, such as random data for uniquely identifying the security token [0085]. Authentication credential data may be created (Interpreted as salt file) for cloud based assets [0087] Figs. 1a, 2, and 5); 
wherein the generated salt file is transmitted to the microservice framework using an out-of-band channel, wherein the out-of-band channel is an independent communication channel, wherein the generated salt file adds randomly generated data into the container (Schwarz discloses the security service establishes an out-of-band connection to the identified container running in the identified pod and writes part of the secret token in a temporary file [0105]. Authentication credential data 500 may also include a header field 502 and random data 504 [0090]. Trusted cloud platform resource 104 may inject the authentication credential data into the trusted virtualization platform (Interpreted as adding random data into the container) 106a-c by writing the authentication credential data to a system file, configuration file, or environment variable within the virtualization platform filesystem such that it is accessible to the cloud-based asset deployed within the virtualization platform[0093]. A secret could be injected into the cloud-based asset 108a -c (e.g., out of band through the trusted cloud platform resource 104) (Interpreted as salt file transmitted on the out of band channel), which the cloud-based asset 108a -c could then return back to security service 110 to confirm that the cloud-based asset 108a -c is valid [0109] Figs. 1a, 2, and 5);
injecting the salt file into the container (Schwarz discloses a secret could be injected into the cloud-based asset 108a -c (e.g., out of band through the trusted cloud platform resource 104) (Interpreted as salt file transmitted on the out of band channel), which the cloud-based asset 108a -c could then return back to security service 110 to confirm that the cloud-based asset 108a -c is valid [0109]).
Although Schwarz discloses salt file, Schwarz does not explicitly teach but Edwards teaches hashing a container image and the salt file (Edwards teaches verification may be accomplished by taking a cryptographic hash of the files of the verification information (Interpreted as salt file) associated with the container image and verifying the hashes against a database of correct hashes [0020]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by Schwarz to include hashing a container image and the salt file as disclosed by Edwards. One of ordinary skill in the art would have been motivated for the purpose of verifying the security of the container and container image. Delivering services without being compromised (Edwards [0009]).
Although the combination of Schwarz-Edwards discloses injecting the salt file into a container, the combination of Schwarz-Edwards do not explicitly teach but Fojtik teaches configuring, by one or more computing devices, a container within a microservice framework  (Fojtik teaches framework for a PaaS system. The PAAS system may be a container-based architecture (container within the microservice framework) [0013]. Client devices are connected to host machines [0019]. Client device provides the configuration file to the STI component which is provided to the directory storage [0051], taught as configuring the container by the device);
allocating, by the microservice framework, one or more storages shared between the at least one microservice and other various microservices and other containers running on the microservice framework (Fojtik teaches cloud provider provides an interface to requisition virtual machines and associated resources such as storage [0003]. Framework for a PaaS sytem. The PAAS system may be a container-based architecture [0013]. a local repository for storing the changes for each application associated with the end user of the PaaS system architecture 200 [0027]. An application 235a-c may utilize resource-constrained containers 240 on nodes 232a-c using instances of application image. A container 240 is a resource-constrained process space on the node 232a-c to execute functionality of an application 235a-c [0039]. Data (e.g., authentication data, etc.) that is to be included in configuration file 366 may be copied into a different directory other than the destination directory 368. The data and/or the configuration file including the data may be copied into source code 364 or elsewhere in build container 360 [0061]. The configuration file is transferred into the build container [0062]. Copying the configuration file from the directory storage to destination directory that’s inside the build container (interpreted as sending information between service and container) [0052] Figs. 1-3); 
and transmitting the salt file to at least one of the other various microservices and the other containers via the one or more storages (Fojtik teaches Copying or moving the configuration file from the directory storage to destination directory that’s inside the build container. If the configuration file is still in the directory storage after moving it is deleted [0052]. . Data (e.g., authentication data, etc.) that is to be included in configuration file 366 may be copied into a different directory other than the destination directory 368. The data and/or the configuration file including the data may be copied into source code 364 or elsewhere in build container 360 [0061] Figs. 1-3).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by the combination of Schwarz-Edwards to include allocating, by the microservice framework, one or more storages shared between various microservices and other containers running on the microservice framework; and transmitting the salt file to at least one of the various microservices and the other containers via the one or more storages as disclosed by Fojtik. One of ordinary skill in the art would have been motivated for the purpose of protecting information and prevent exposure (Fojtik [0016]).
Although the combination of Schwarz-Edwards-Fojtik teach copying and injecting salt file, the combination of Schwarz-Edwards-Fojtik do not explicitly teach but Atta teaches receiving, by at least one microservice, the salt file (Atta teaches the signed and encrypted configuration data can be communicated to the application function 515 which can forward the data to a cryptographic engine 517 of the host logic. [0078]);
copying and injecting the salt file from the at least one microservices into the one or more storages  (Atta teaches a developer can request a copy of the signed and encrypted configuration data 162 from the logic repository service [0029]. The signed and encrypted configuration data can be downloaded [0013]. The logic repository service 110 can store the generated configuration data 136 in a logic repository database 150 [0024]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by the combination of Schwarz-Edwards-Fojtik to include receiving, by at least one microservice, the salt file; copying and injecting the salt file from the at least one microservices into the one or more storages as disclosed by Atta. One of ordinary skill in the art would have been motivated for the purpose of increasing the security and the availability of the computing resource. Prevent malformed transactions or transactions to out-of-bounds locations (Atta [0014]).

Re. claim 3, the combination of Schwarz-Edwards-Fojtik-Atta teach the method of claim 1, further comprising: generating, by a software service, the salt file (Schwarz discloses a single signed token may be generated for the cloud-based asset including information identifying the respective virtualization platform 108a -c deploying the cloud-based asset, as well as other information specifying an issue date or an expiration time for the token or other information, such as random data for uniquely identifying the security token [0085] Figs. 1a, 2, and 5); transmitting, by the software service, the salt file to microservice framework (Schwarz discloses the security service establishes an out-of-band connection to the identified container running in the identified pod and writes part of the secret token in a temporary file [0105]. Authentication credential data 500 may also include a header field 502 and random data 504 [0090]. Trusted cloud platform resource 104 may inject the authentication credential data into the trusted virtualization platform (Interpreted as adding random data into the container) 106a-c by writing the authentication credential data to a system file, configuration file, or environment variable within the virtualization platform filesystem such that it is accessible to the cloud-based asset deployed within the virtualization platform[0093]. A secret could be injected into the cloud-based asset 108a -c (e.g., out of band through the trusted cloud platform resource 104) (Interpreted as salt file transmitted on the out of band channel), which the cloud-based asset 108a -c could then return back to security service 110 to confirm that the cloud-based asset 108a -c is valid [0109] Figs. 1a, 2, and 5).  
Although the combination of Schwarz-Edwards-Fojtik discloses hashing the salt file and microservice framework, the combination of Schwarz-Edwards-Fojtik do not explicitly teach but Atta teaches hashing, by the software service, the salt file (Atta teaches the digest can be encrypted using a private key of the logic repository service 205 to create at least a portion of the signature for the file. The signature can also include additional information such as a public key for decrypting the encrypted digest and a name or reference to the cryptographic hash function used to create the digest for the file [0042]); transmitting, by the microservice framework, the hash to the software service (Atta teaches the signed and encrypted configuration data can be communicated to the application function 515 which can forward the data to a cryptographic engine 517 of the host logic. [0078]); and validating, by the software service, the hash file (Atta teaches the server computer 140 can include a cryptographic engine 146. The cryptographic engine 146 can be used to authenticate a cryptographic digital signature and/or to decrypt encrypted information (such as encrypted configuration data) [0019]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by the combination of Schwarz-Edwards-Fojtik to include hashing, by the software service, the salt file; transmitting, by the microservice framework, the hash to the software service; and validating, by the software service, the hash file as disclosed by Atta. One of ordinary skill in the art would have been motivated for the purpose of increasing the security and the availability of the computing resource. Prevent malformed transactions or transactions to out-of-bounds locations (Atta [0014]).


Re. claim 5, the combination of Schwarz-Edwards-Fojtik-Atta teach method of claim 1, wherein a container configuration receives an environment variable from the microservice framework (Schwarz discloses verification service 112 may receive, for example, any additional information including the identified virtualization platform's IP address, operating environment variables and parameters, permissions, attributes, permissible operations and applications, etc [0079]).  

Re. claim 6, the combination of Schwarz-Edwards-Fojtik-Atta teach the method of claim 1, wherein the salt file is generated by a software service (Schwarz discloses a single signed token may be generated for the cloud-based asset including information identifying the respective virtualization platform 108a -c deploying the cloud-based asset, as well as other information specifying an issue date or an expiration time for the token or other information, such as random data for uniquely identifying the security token [0085]. Authentication credential data may be created for cloud based assets [0087] Figs. 1a, 2, and 5).

Re. claim 8, Schwarz discloses a computer system comprising: one or more processors (Schwarz discloses processor [0007], one or more computer-readable memories (Schwarz discloses random access memory [0121]), one or more computer-readable tangible storage media, and program instructions stored on at least one of the one or more computer-readable tangible storage media for execution by at least one of the one or more processors via at least one of the one or more computer-readable memories (Schwarz discloses computer readable storage medium having computer readable program instructions for causing a processor to carry the invention [0120]. The computer readable storage medium includes random access memory [0121]), wherein the computer system is capable of performing a method comprising: receiving a generated salt file  (Schwarz discloses a single signed token may be generated for the cloud-based asset including information identifying the respective virtualization platform 108a -c deploying the cloud-based asset, as well as other information specifying an issue date or an expiration time for the token or other information, such as random data for uniquely identifying the security token [0085]. Authentication credential data may be created for cloud based assets [0087] Figs. 1a, 2, and 5);
wherein the generated salt file is transmitted to the microservice framework using an out-of-band channel, wherein the out-of-band channel is an independent communication channel, wherein the generated salt file adds randomly generated data into the container (Schwarz discloses the security service establishes an out-of-band connection to the identified container running in the identified pod and writes part of the secret token in a temporary file [0105]. Authentication credential data 500 may also include a header field 502 and random data 504 [0090]. Trusted cloud platform resource 104 may inject the authentication credential data into the trusted virtualization platform (Interpreted as adding random data into the container) 106a-c by writing the authentication credential data to a system file, configuration file, or environment variable within the virtualization platform filesystem such that it is accessible to the cloud-based asset deployed within the virtualization platform[0093]. A secret could be injected into the cloud-based asset 108a -c (e.g., out of band through the trusted cloud platform resource 104) (Interpreted as salt file transmitted on the out of band channel), which the cloud-based asset 108a -c could then return back to security service 110 to confirm that the cloud-based asset 108a -c is valid [0109] Figs. 1a, 2, and 5);
 injecting the salt file into the container (Schwarz discloses a secret could be injected into the cloud-based asset 108a -c (e.g., out of band through the trusted cloud platform resource 104) (Interpreted as salt file transmitted on the out of band channel), which the cloud-based asset 108a -c could then return back to security service 110 to confirm that the cloud-based asset 108a -c is valid [0109]).
Although Schwarz discloses salt file, Schwarz does not explicitly teach but Edwards teaches hashing a container image and the salt file (Edwards teaches verification may be accomplished by taking a cryptographic hash of the files of the verification information associated with the container image and verifying the hashes against a database of correct hashes [0020]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by Schwarz to include hashing a container image and the salt file as disclosed by Edwards. One of ordinary skill in the art would have been motivated for the purpose of verifying the security of the container and container image. Delivering services without being compromised (Edwards [0009]).
Although the combination of Schwarz-Edwards discloses injecting the salt file into a container, the combination of Schwarz-Edwards do not explicitly teach but Fojtik teaches configuring a container within a microservice framework (Fojtik teaches framework for a PaaS system. The PAAS system may be a container-based architecture [0013]. Client devices are connected to host machines [0019]. Client device provides the configuration file to the STI component which is provided to the directory storage [0051]); 
allocating, by the microservice framework, one or more storages shared between the at least one microservice and other various microservices and other containers running on the microservice framework (Fojtik teaches cloud provider provides an interface to requisition virtual machines and associated resources such as storage [0003]. Framework for a PaaS sytem. The PAAS system may be a container-based architecture [0013]. a local repository for storing the changes for each application associated with the end user of the PaaS system architecture 200 [0027]. An application 235a-c may utilize resource-constrained containers 240 on nodes 232a-c using instances of application image. A container 240 is a resource-constrained process space on the node 232a-c to execute functionality of an application 235a-c [0039]. Data (e.g., authentication data, etc.) that is to be included in configuration file 366 may be copied into a different directory other than the destination directory 368. The data and/or the configuration file including the data may be copied into source code 364 or elsewhere in build container 360 [0061]. The configuration file is transferred into the build container [0062]. Copying the configuration file from the directory storage to destination directory that’s inside the build container (interpreted as sending information between service and container) [0052] Figs. 1-3); 
and transmitting the salt file to at least one of the other various microservices and the other containers via the one or more storages (Fojtik teaches Copying or moving the configuration file from the directory storage to destination directory that’s inside the build container. If the configuration file is still in the directory storage after moving it is deleted [0052]. . Data (e.g., authentication data, etc.) that is to be included in configuration file 366 may be copied into a different directory other than the destination directory 368. The data and/or the configuration file including the data may be copied into source code 364 or elsewhere in build container 360 [0061] Figs. 1-3).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by the combination of Schwarz-Edwards to include allocating, by the microservice framework, one or more storages shared between various microservices and other containers running on the microservice framework; and transmitting the salt file to at least one of the various microservices and the other containers via the one or more storages as disclosed by Fojtik. One of ordinary skill in the art would have been motivated for the purpose of protecting information and prevent exposure (Fojtik [0016]).
Although the combination of Schwarz-Edwards-Fojtik teach copying and injecting salt file, the combination of Schwarz-Edwards-Fojtik do not explicitly teach but Atta teaches receiving, by at least one microservice, the salt file (Atta teaches the signed and encrypted configuration data can be communicated to the application function 515 which can forward the data to a cryptographic engine 517 of the host logic. [0078]);
copying and injecting the salt file from the at least one microservices into the one or more storages  (Atta teaches a developer can request a copy of the signed and encrypted configuration data 162 from the logic repository service [0029]. The signed and encrypted configuration data can be downloaded [0013]. The logic repository service 110 can store the generated configuration data 136 in a logic repository database 150 [0024]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by the combination of Schwarz-Edwards-Fojtik to include receiving, by at least one microservice, the salt file; copying and injecting the salt file from the at least one microservices into the one or more storages as disclosed by Atta. One of ordinary skill in the art would have been motivated for the purpose of increasing the security and the availability of the computing resource. Prevent malformed transactions or transactions to out-of-bounds locations (Atta [0014]).

Re. claim 10, rejection of claim 8 is included and claim 10 is rejected with the same rationale as applied in claim 3 above. 

Re. claim 12, rejection of claim 8 is included and claim 12 is rejected with the same rationale as applied in claim 5 above. 

Re. claim 13, rejection of claim 8 is included and claim 13 is rejected with the same rationale as applied in claim 6 above. 

Re. claim 15, Schwarz discloses a computer program product comprising: one or more computer-readable tangible storage media and program instructions stored on at least one of the one or more computer-readable tangible storage media (Schwarz discloses computer readable storage medium having computer readable program instructions for causing a processor to carry the invention [0120]. The computer readable storage medium includes random access memory [0121]), the program instructions executable by a processor to cause the processor to perform a method comprising: receiving a generated salt file (Schwarz discloses a single signed token may be generated for the cloud-based asset including information identifying the respective virtualization platform 108a -c deploying the cloud-based asset, as well as other information specifying an issue date or an expiration time for the token or other information, such as random data for uniquely identifying the security token [0085]. Authentication credential data may be created for cloud based assets [0087] Figs. 1a, 2, and 5);
wherein the generated salt file is transmitted to the microservice framework using an out-of-band channel, wherein the out-of-band channel is an independent communication channel, wherein the generated salt file adds randomly generated data into the container (Schwarz discloses the security service establishes an out-of-band connection to the identified container running in the identified pod and writes part of the secret token in a temporary file [0105]. Authentication credential data 500 may also include a header field 502 and random data 504 [0090]. Trusted cloud platform resource 104 may inject the authentication credential data into the trusted virtualization platform (Interpreted as adding random data into the container) 106a-c by writing the authentication credential data to a system file, configuration file, or environment variable within the virtualization platform filesystem such that it is accessible to the cloud-based asset deployed within the virtualization platform[0093]. A secret could be injected into the cloud-based asset 108a -c (e.g., out of band through the trusted cloud platform resource 104) (Interpreted as salt file transmitted on the out of band channel), which the cloud-based asset 108a -c could then return back to security service 110 to confirm that the cloud-based asset 108a -c is valid [0109] Figs. 1a, 2, and 5);
injecting the salt file into the container (Schwarz discloses a secret could be injected into the cloud-based asset 108a -c (e.g., out of band through the trusted cloud platform resource 104) (Interpreted as salt file transmitted on the out of band channel), which the cloud-based asset 108a -c could then return back to security service 110 to confirm that the cloud-based asset 108a -c is valid [0109]).
Although Schwarz discloses salt file, Schwarz does not explicitly teach but Edwards teaches hashing a container image and the salt file (Edwards teaches verification may be accomplished by taking a cryptographic hash of the files of the verification information associated with the container image and verifying the hashes against a database of correct hashes [0020]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by Schwarz to include hashing a container image and the salt file as disclosed by Edwards. One of ordinary skill in the art would have been motivated for the purpose of verifying the security of the container and container image. Delivering services without being compromised (Edwards [0009]).
Although the combination of Schwarz-Edwards discloses injecting the salt file into a container, the combination of Schwarz-Edwards do not explicitly teach but Fojtik teaches configuring, by one or more computing devices, a container within a microservice framework  (Fojtik teaches framework for a PaaS sytem. The PAAS system may be a container-based architecture [0013]. Client devices are connected to host machines [0019]. Client device provides the configuration file to the STI component which is provided to the directory storage [0051]);
allocating, by the microservice framework, one or more storages shared between the at least one microservice and other various microservices and other containers running on the microservice framework (Fojtik teaches cloud provider provides an interface to requisition virtual machines and associated resources such as storage [0003]. Framework for a PaaS sytem. The PAAS system may be a container-based architecture [0013]. a local repository for storing the changes for each application associated with the end user of the PaaS system architecture 200 [0027]. An application 235a-c may utilize resource-constrained containers 240 on nodes 232a-c using instances of application image. A container 240 is a resource-constrained process space on the node 232a-c to execute functionality of an application 235a-c [0039]. Data (e.g., authentication data, etc.) that is to be included in configuration file 366 may be copied into a different directory other than the destination directory 368. The data and/or the configuration file including the data may be copied into source code 364 or elsewhere in build container 360 [0061]. The configuration file is transferred into the build container [0062]. Copying the configuration file from the directory storage to destination directory that’s inside the build container (interpreted as sending information between service and container) [0052] Figs. 1-3); 
and transmitting the salt file to at least one of the other various microservices and the other containers via the one or more storages (Fojtik teaches Copying or moving the configuration file from the directory storage to destination directory that’s inside the build container. If the configuration file is still in the directory storage after moving it is deleted [0052]. . Data (e.g., authentication data, etc.) that is to be included in configuration file 366 may be copied into a different directory other than the destination directory 368. The data and/or the configuration file including the data may be copied into source code 364 or elsewhere in build container 360 [0061] Figs. 1-3).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by the combination of Schwarz-Edwards to include allocating, by the microservice framework, one or more storages shared between various microservices and other containers running on the microservice framework; and transmitting the salt file to at least one of the various microservices and the other containers via the one or more storages as disclosed by Fojtik. One of ordinary skill in the art would have been motivated for the purpose of protecting information and prevent exposure (Fojtik [0016]).
Although the combination of Schwarz-Edwards-Fojtik teach copying and injecting salt file, the combination of Schwarz-Edwards-Fojtik do not explicitly teach but Atta teaches receiving, by at least one microservice, the salt file (Atta teaches the signed and encrypted configuration data can be communicated to the application function 515 which can forward the data to a cryptographic engine 517 of the host logic. [0078]);
copying and injecting the salt file from the at least one microservices into the one or more storages  (Atta teaches a developer can request a copy of the signed and encrypted configuration data 162 from the logic repository service [0029]. The signed and encrypted configuration data can be downloaded [0013]. The logic repository service 110 can store the generated configuration data 136 in a logic repository database 150 [0024]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by the combination of Schwarz-Edwards-Fojtik to include receiving, by at least one microservice, the salt file; copying and injecting the salt file from the at least one microservices into the one or more storages as disclosed by Atta. One of ordinary skill in the art would have been motivated for the purpose of increasing the security and the availability of the computing resource. Prevent malformed transactions or transactions to out-of-bounds locations (Atta [0014]).

Re. claim 17, rejection of claim 15 is included and claim 17 is rejected with the same rationale as applied in claim 3 above. 

Re. claim 19, rejection of claim 15 is included and claim 19 is rejected with the same rationale as applied in claim 5 above. 

Re. claim 20, rejection of claim 15 is included and claim 20 is rejected with the same rationale as applied in claim 6 above. 

Claims 4, 11, and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Schwarz et al. (US 20180367528, hereinafter Schwarz), in view of Edwards (US 20180054314), in view of Fojtik et al. (US 20170249128, hereinafter Fojtik), Atta et al. (US 20180091484, hereinafter Atta)and in further view of Cooper et al. (US 20190332579 hereinafter Cooper).

Re. claim 4, the combination of Schwarz-Edwards-Fojtik-Atta teach the method of claim 1, Atta further teaches validating, by the software service, the hash file (Atta teaches the server computer 140 can include a cryptographic engine 146. The cryptographic engine 146 can be used to authenticate a cryptographic digital signature and/or to decrypt encrypted information (such as encrypted configuration data) [0019]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by the combination of Schwarz-Edwards-Fojtik to include validating, by the software service, the hash file as disclosed by Atta. One of ordinary skill in the art would have been motivated for the purpose of increasing the security and the availability of the computing resource. Prevent malformed transactions or transactions to out-of-bounds locations (Atta [0014]).
Although the combination of Schwarz-Edwards-Fojtik-Atta would teach salt file and software service, the combination of Schwarz-Edwards-Fojtik-Atta do not explicitly teach but Cooper teaches hashing, by the container, the salt file and a target file (Cooper teaches a replication engine may be arranged provide fingerprint information associated with the source file system to the target file system and provide fingerprint information associated with the target file system to the source file system [0097]); transmitting, by the container, the hashed salt file and target file to a software service (Cooper teaches a replication engine may be arranged provide fingerprint information associated with the source file system to the target file system and provide fingerprint information associated with the target file system to the source file system [0097]); and validating, by the software service, the hash file (Cooper teaches some or all of the authentication information may be fingerprint information rather than copies of the authentication information. For example, if the source file system and target file system use cryptographic certificates to authenticate exchanged messages, the authentication information may be fingerprint information associated with meta-data associated with the certificates rather than the certificates themselves [0097]).  
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by the combination of Schwarz-Edwards-Fojtik-Atta to include hashing, by the container, the salt file and a target file; transmitting, by the container, the hashed salt file and target file to a software service as disclosed by Cooper. One of ordinary skill in the art would have been motivated for the purpose of establishing a secure communication channel (Cooper [0022]).

Re. claim 11, rejection of claim 8 is included and claim 11 is rejected with the same rationale as applied in claim 4 above. 

Re. claim 18, rejection of claim 15 is included and claim 18 is rejected with the same rationale as applied in claim 4 above. 

Claims 2, 7, 9, 14 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Schwarz et al. (US 20180367528, hereinafter Schwarz), in view of Edwards (US 20180054314), in view of Fojtik et al. (US 20170249128, hereinafter Fojtik), Atta et al. (US 20180091484, hereinafter Atta), and in further view of Ford et al. (US 20170041296, hereinafter Ford).

Re. claim 2, the combination of Schwarz-Edwards-Fojtik-Atta teach the method of claim 1, further comprising: initiating, by the container, authentication with a software service (Schwarz discloses based on address or identifying information, verification service 112 or credential service 116 can query the trusted cloud platform resource 104 to identify the cloud-based asset 108a -c associated with the address, or the identities associated with their identifiers [0077] Figs 1 and 1a); 
receiving, by the software service, authentication initiation from the container (Schwarz discloses cloud-based asset 108a -c itself may send its identifying data (e.g., address, hostname, asset resource name, location, etc.) to verification service 112 or credential service 116 [0077] Figs 1 and 1a); generating, by the software service, the salt file (Schwarz teaches a single signed token may be generated for the cloud-based asset including information identifying the respective virtualization platform 108a -c deploying the cloud-based asset, as well as other information specifying an issue date or an expiration time for the token or other information, such as random data for uniquely identifying the security token [0085]. Authentication credential data may be created for cloud based assets [0087] Figs. 1a, 2, and 5); 
transmitting, by the software service, the generated salt file to the microservice framework (Schwarz discloses the security service establishes an out-of-band connection to the identified container running in the identified pod and writes part of the secret token in a temporary file [0105]. Authentication credential data 500 may also include a header field 502 and random data 504 [0090]. Trusted cloud platform resource 104 may inject the authentication credential data into the trusted virtualization platform (Interpreted as adding random data into the container) 106a-c by writing the authentication credential data to a system file, configuration file, or environment variable within the virtualization platform filesystem such that it is accessible to the cloud-based asset deployed within the virtualization platform[0093]. A secret could be injected into the cloud-based asset 108a -c (e.g., out of band through the trusted cloud platform resource 104) (Interpreted as salt file transmitted on the out of band channel), which the cloud-based asset 108a -c could then return back to security service 110 to confirm that the cloud-based asset 108a -c is valid [0109] Figs. 1a, 2, and 5).
Although the combination of Schwarz-Edwards-Fojtik-Atta would teach a form of key exchange with a service, the combination of Schwarz-Edwards-Fojtik-Atta do not explicitly teach but Ford teaches initiating a key exchange between the software service and a client (Ford teaches enable exchange of messages, data, metadata and the like with a particular service, engine, module, function, application or the like on the enterprise premises system 110, at the intermediate host's secure exchange system 102, on a user device 120, by orchestration services 165, or in some other location, such as in a cloud storage system 118. The interfaces 160 may include application programming interfaces (APIs), such as REST APIs, websocket APIs, APIs for wrappers and containers and the like, as well as other elements, such as queue binding services, message brokers, bridges, gateways, sockets and the like [0081]).  
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by the combination of Schwarz-Edwards-Fojtik-Atta to include initiating a key exchange between the software service and a client as disclosed by Ford. One of ordinary skill in the art would have been motivated for the purpose of sharing information securely and improve secure exchange system (Ford [0004]).

Re. claim 7, the combination of Schwarz-Edwards-Fojtik-Atta teach the method of claim 1, Although the combination of Schwarz-Edwards-Fojtik-Atta discloses salt file, container, client and software service, the combination of Schwarz-Edwards-Fojtik-Atta does not explicitly teach but Ford teach wherein the salt file is transmitted for key exchanges between the microservice framework, a software service, a container and a client (Ford teaches enable exchange of messages, data, metadata and the like with a particular service, engine, module, function, application or the like on the enterprise premises system 110, at the intermediate host's secure exchange system 102, on a user device 120, by orchestration services 165, or in some other location, such as in a cloud storage system 118. The interfaces 160 may include application programming interfaces (APIs), such as REST APIs, websocket APIs, APIs for wrappers and containers and the like, as well as other elements, such as queue binding services, message brokers, bridges, gateways, sockets and the like [0081]).  
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by the combination of Schwarz-Edwards-Fojtik to include wherein the salt file is transmitted for key exchanges between the microservice framework, a software service, a container and a client as disclosed by Ford. One of ordinary skill in the art would have been motivated for the purpose of sharing information securely and improve secure exchange system (Ford [0004]).

Re. claim 9, rejection of claim 8 is included and claim 9 is rejected with the same rationale as applied in claim 2 above. 

Re. claim 14, rejection of claim 8 is included and claim 14 is rejected with the same rationale as applied in claim 7 above. 

Re. claim 16, rejection of claim 15 is included and claim 16 is rejected with the same rationale as applied in claim 2 above. 

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Tamrakar et al. ("OmniShare: Securely Accessing Encrypted Cloud Storage from Multiple Authorized Devices" hereinafter Tamrakar) discloses allow client-side encryption with high-entropy keys whilst providing an intuitive key distribution mechanism enabling data access from multiple client devices. It allows users to authorize their devices to access encrypted storage and makes use of out-of-band channels for distributing the relevant keys to authorized devices.
Reno et al. (US 20190146816) discloses a basic required operations for running many container functions (e.g., injection of secret or dynamic/configuration data). One or more of the hosts 1-N may store copies of the container images in the local memory or storage.
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KEVIN A AYALA whose telephone number is (571)270-3912. The examiner can normally be reached Monday-Thursday 8AM-5PM; Friday: Variable EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge Ortiz-Criado can be reached on 571-272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/K.A./Examiner, Art Unit 2496                                                                                                                                                                                                        
/JORGE L ORTIZ CRIADO/Supervisory Patent Examiner, Art Unit 2496