DETAILED ACTION
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
This Office Action is in response to the communication filed on 11/17/2020.
Claims 1-20 are pending for consideration.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 2/17/2022 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Regarding claims 1, 9 and 17, Claims 1, 9 and 17 recite the limitation "the secret key" in lines 10 and 11.  It is unclear if the secret key is referred back to the cloud application secret key in the previous steps or it is a new key.  There is insufficient antecedent basis for this limitation in the claims.
Dependent claim(s) 2-8, 10-16 and 18-20 are rejected for the reasons presented above with respect to their respective rejected parent claim(s) in view of their dependence thereon.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1-4, 7-12, 15-18 and 20 rejected under 35 U.S.C. 102(a)(1) as being anticipated by Kariv et al. (US 20190268149) (hereinafter Kariv).
Regarding claim 1, Kariv discloses a system associated with a cloud computing environment (Kariv: see figure 10), comprising: 
a proxy platform data store containing node data associated with nodes of the cloud computing environment, each node storing multi-party computation information (Kariv: paragraphs 0066, 0069 and 0070, “secrets are partitioned into secret shares, with each secret share stored in a different CC node within the DSS system”… “Each secret, such as secret 1202, is partitioned into multiple shares. In the example shown in FIG. 12, the secret 1202 is partitioned into 6 shares, including a first share 1204. The secret shares are distributed among a set of control-cluster (“CC ”) nodes 1206 of a distributed-secure-storage (“DSS”) system. In the example shown in FIG. 12, there are six CC nodes 1208-1213 in the set of control-cluster nodes. The CC nodes are generally servers that include secure-storage-system modules”); and 
a proxy platform able to access the proxy platform data store, including: a computer processor, and computer memory, coupled to the computer processor, storing instructions that, when executed by the computer processor cause the processor (Kariv: paragraph 0071, processor-controlled device) to: 
(i) detect that a first node needs to access a cloud application secret key (Kariv: paragraph 0069, “a client system needs to access a service based on a securely stored secret”), 
(ii) determine, based on information in the proxy platform data store, a set of nodes associated with the secret key that the first node needs to access (Kariv: paragraph 0069, “to request secret shares or derived-data shares from the CC nodes and reconstructs the secret or the derived data in client memory controlled by the DSS-client agent. In most cases, when a secret is reconstructed by the DSS-client agent, the secret is used by the DSS-client agent to perform a task or service on behalf of the client system, such as using a secret private encryption key”), and 
(iii) use a multi-party computation algorithm and information received from the set of nodes to generate the secret key (Kariv: paragraph 0069, DSS system reconstructs the secret).
Regarding claim 9, claim 9 discloses a method claim that is substantially equivalent to the system of claim 1. Therefore, the arguments set forth above with respect to claim 1 are equally applicable to claim 9 and rejected for the same reasons.
Regarding claim 17, claim 17 discloses a medium claim that is substantially equivalent to the system of claim 1. Therefore, the arguments set forth above with respect to claim 1 are equally applicable to claim 17 and rejected for the same reasons.
Regarding claims 2 and 10, Kariv discloses wherein the secret key is associated with a cloud application password (Kariv: paragraphs 0069 and 0127, “to request secret shares or derived-data shares from the CC nodes and reconstructs the secret or the derived data in client memory controlled by the DSS-client agent. In most cases, when a secret is reconstructed by the DSS-client agent, the secret is used by the DSS-client agent to perform a task or service on behalf of the client system”).
Regarding claims 3, 11 and 18, Kariv discloses wherein the nodes are associated with at least one of (i) a virtual machine, and (ii) a container (Kariv: paragraphs 0054 and 0069, virtual machines, virtual servers and containers as alternative technologies to run serves and applications).
Regarding claims 4 and 12, Kariv discloses wherein the proxy platform executes on the first node (Kariv: paragraph 0069, discloses the same system detecting the request and retrieving secret shares).
Regarding claims 7, 15 and 20, Kariv discloses wherein multi-party computation information is stored in a secure enclave of each node (Kariv: paragraph 0054, “OSL virtualization uses operating-system features, such as name space support, to isolate each container from the remaining containers so that the applications executing within the execution environment provided by a container are isolated from applications executing within the execution environments provided by all other containers. As a result, a container can be booted up much faster than a virtual machine, since the container uses operating-system-kernel features that are already available within the host computer. Furthermore, the containers share computational bandwidth, memory, network bandwidth, and other computational resources provided by the operating system, without resource overhead allocated to virtual machines and virtualization layers. Again, however, OSL virtualization does not provide many desirable features of traditional virtualization. As mentioned above, OSL virtualization does not provide a way to run different types of operating systems for different groups of containers within the same host system, nor does OSL-virtualization provide for live migration of containers between host computers, as does traditional virtualization technologies”).
Regarding claims 8 and 16, Kariv discloses, wherein the secure enclaves are associated with at least one of: (i) a trusted execution environment, (ii) a software guard extension, (iii) a secure encrypted virtualization, and (iv) a similar enclaving technology (Kariv: paragraphs 0054 and 0069, “OSL virtualization uses operating-system features, such as name space support, to isolate each container from the remaining containers so that the applications executing within the execution environment provided by a container are isolated from applications executing within the execution environments provided by all other containers”).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 5, 13 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Kariv in view of Aithal et al. (US 10298577) (hereinafter Aithal).
Regarding claims 5, 13 and 19, Kariv does not explicitly disclose the following limitation which is disclosed by Aithal, wherein said detection is associated with a transmission control protocol proxy server that communicates via localhost (Aithal: column 3 lines 18-28; and column 5 lines 1-12, “Each container includes a credential proxy that runs within the namespace of the container. The credential proxy communicates with the credential provider on behalf of the container. The credential proxy relays requests for credentials to the credential provider and applies identifying information that authenticates the request and identifies the particular container to the credential provider. In some implementations, a secret-sharing scheme”).  
Kariv and Aithal are analogous art because they are from the same field of endeavor, data protection. Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Kariv and Aithal before him or her, to modify the system of Kariv to include the transmission control protocol proxy server that communicates via localhost of Aithal.  The suggestion/motivation for doing so would have been to improve the security of information by providing, to individual processes of an application, a credential adapted to the particular requirements of the process (Aithal: column 2 lines 23-25).

Claims 6 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Kariv in view of Buendgen et al. (US 20200089916) (hereinafter Buendgen).
Regarding claims 6 and 14, Kariv does not explicitly disclose the following limitation which is disclosed by Buendgen, wherein said detection comprises interception of an encrypted password request (Buendgen: paragraphs 0003, 0040, 0048 and 0052, “each intercepted request from the secure software context to the hardware security module using a protocol requiring that the sender of the intercepted request has access to the secret”… “where a secret is cryptographically linked to the software component. This can be completed using cryptographic signatures, MACs (message authentication code), and the like. The secret is then protected. This is illustrated at operation 104. The secret is protected by ensuring the secret is only accessible to a trusted firmware”).
Kariv and Buendgen are analogous art because they are from the same field of endeavor, access protection. Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Kariv and Buendgen before him or her, to modify the system of Kariv to include the interception of an encrypted password request of Buendgen.  The suggestion/motivation for doing so would have been to ensure that the functionality of the application and access to the data may not be compromised (Buendgen: paragraph 0018).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure is listed.
MULLIGAN 20220050906 METHODS AND APPARATUS FOR DOCUMENT SHARING
Bursell  20210374234 USING TRUSTED EXECUTION ENVIRONMENTS TO PERFORM A COMMUNAL OPERATION FOR MUTUALLY-UNTRUSTED DEVICES
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TRANG T DOAN whose telephone number is (571)272-0740. The examiner can normally be reached Monday-Friday 7-4 ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn D Feild can be reached on (571)272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/TRANG T DOAN/Primary Examiner, Art Unit 2431