DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The present application, filed on December 30, 2020, is accepted.
Claims 1 – 20 are being considered on the merits.

Drawings
The drawings, filed on December 30, 2020, are accepted.

Specification
The specification, filed on December 30, 2020, is accepted.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


Claims 5 and 16 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention. The term “immediately after” in claims 5 and 16 are a relative term which renders the claim indefinite. The term “immediately after” is not defined by the claim, the specification does not provide a standard for ascertaining the requisite degree, and one of ordinary skill in the art would not be reasonably apprised of the scope of the invention. The term “immediately after” does not help explicitly determine the time of delete of the request. For the purpose of examination, “immediately after” is interpreted as “after”.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1 – 5, 7 – 8, 10 – 16, and 18 – 19 are rejected under 35 U.S.C. 103 as being unpatentable over US 20190349357 A1 to Shukla et al., (hereinafter, “Shukla”) in view of US 20200099522 A1 to Yang et al., (hereinafter, “Yang”).
Regarding claim 1, Shukla teaches a computer implemented method for secure initial secret delivery for collocated containers with shared resources, comprising: receiving, by an identity and authentication sidecar, an application type identifier and a token to access a secrets management service, [Shukla, para. 39 discloses the orchestration server transmits authentication token to the handler process over a secure channel. The handler process uses the authentication token to obtain strong cryptographic identity for the application/container. The strong cryptographic identity for the application/container is assigned a security policy group based on a group identifier. The group identifier is submitted by the handler process when requesting a credential for the application/container. The strong cryptographic identity may also be assigned a group based on the group that was associated with the authentication token. In this way, a bootstrapping process to issue a digital certificate to the container/application. It also covers association of the auth token to security group.] wherein the identity and authentication sidecar is a container in a plurality of collocated containers with shared resources; [Shukla, para. 44 discloses Handler process 128 can manage the identities of the applications/containers. The handler process can be an independent process or part of the application/container whose identity it manages. The handler processes 128 can be implemented as an application, kernel module, hypervisor, or a dynamic linked library (DLL). The handler process 128 monitors a plurality of application processes/containers 122-126 executing in the memory 120 of the client; provisions identity to the target application/container 122-126 using a cloud-based identity management service; effects authentication with other applications/containers that interact with said application/container 122-126; and enforces security policies based on the group association of the respective application/container 122-126.] executing a container creation code hook on an application container, [Shukla, para. 48 discloses the start of an, application/container on a computer system is monitored. Policy requiring assignment of identity to application/container is checked. A token, identifier, group name, entity ID, and certificate authority location are assigned to the application/container; a handler process uses the token, identifier, group name, and entity ID to obtain a digital certificate from a cloud-based certificate authority; group security policy is specified for the entity ID; the handler process downloads a group security policy from the cloud; the handler process monitors all network connections; the handler process initiates an authentication mechanism for all new network connections; upon authentication, the handler obtains the group information of the remote process/container.] wherein the application container is a container in a plurality of collocated containers with shared resources; [Shukla, para. 41 discloses the application/container uses its strong cryptographic identity to obtain access to a computing resource based on the issued security policy. The security policies cover, but are not limited to, resource accesses and permitted actions for the container/application. Some examples of resources and associated actions include: data contained in databases, access to file systems, and changing data in a file system or database, etc. Other examples of actions include initiating network connections and accessing remote applications/containers. Para. 42 discloses an application/container from one group wishing to access resources of another application/container from another group is required to authenticate itself based on strong cryptographic credentials. This can be achieved by monitoring network connections.] requesting, by the identity and authentication sidecar, an identity for the collocated containers using the application type identifier and the access token when the request for the creation of the initial secret is determined to be valid; [Shukla, para. 55 discloses the steps for obtaining the certificate can be performed by the application/container or by a separate handler process. The handler monitors the star of a new application/container 510. Upon detecting the start of an application/container, the handler determines the stored group identity of the application/container and other attributes 520. The security group identity may be stored in a file or as an environment variable. The handler may, additionally, read a certificate signing request generation configuration file 530. Configuration information includes, but is not limited to, entity ID, organizational unit, name of application/process, organization name, and group name. The handler generates a certificate signing request with the entity ID and security group name inserted into the certificate signing request 540. The handler process submits a certificate signing request to the credential manager along with the authentication token 550.] receiving, by the identity and authentication sidecar, a unique identity for the collocated containers with shared resources based on the application type identifier; [Shukla, para. 56 discloses the credential manager receives the certificate sign requests, validates the token along with the entity ID, signs the digital certificate if the validation is successful, and sends the signed digital certificate to the handler process at the computing device. The handler process checks for a valid signed certificate from the credential manager 560. If a valid digital certificate is received, then the handler process uses the obtained certificate for authenticating the application/container to other applications/containers] requesting validation of the unique identity for the plurality of collocated containers with shared resources; [Shukla, para. 53 discloses the cloud-based credential manager generates tokens and assigns the generated tokens to already-established entity IDs and their security groups. The cloud-based credential manager is publicly accessible and listens on a known port(s) for incoming requests for certificate signing 410. Upon receiving a new request for certificate signing 420, the credential manager initiates a validation mechanism. For each incoming request, the credential manager extracts the entity ID and the token from the request. The group name is extracted from the certificate to be signed. The token and its group are validated for the given token and entity ID.] requesting, by the identity and authentication sidecar, the initial secret for the application container using the validated unique identity; [Shukla, para. 53 discloses for each incoming request, the credential manager extracts the entity ID and the token from the request. The group name is extracted from the certificate to be signed. The token and its group are validated for the given token and entity ID. Upon validation 430, the certificate authority signs the certificate and returns the signed certificate to the handler process at the client 440.] starting an application instance in the application container; [Shukla, para. 57 discloses Example processes can issue strong cryptographic identity or digital certificate to each instance of an application/container via a cloud-based credential manager that uses a secure bootstrap mechanism to ensure that no unauthorized digital certificates can be obtained. Further, each cryptographic identity is associated with a security group.] and retrieving other secrets for the application instance using the initial secret. [Shukla, para. 56 discloses the credential manager receives the certificate sign requests, validates the token along with the entity ID, signs the digital certificate if the validation is successful, and sends the signed digital certificate to the handler process at the computing device. The handler process checks for a valid signed certificate from the credential manager 560. If a valid digital certificate is received, then the handler process uses the obtained certificate for authenticating the application/container to other applications/containers. Para. 39 discloses a bootstrapping method is used to securely assign a strong cryptographic identity or a digital certificate to an application/container and associate that identity to a group. The assignment of an application to a security group is based on the classification of the application based on a scan of applications/containers executing on the computer system. A cloud-based credential manager generates an authentication token. The authentication token is provided to an orchestration server over a secure channel. The orchestration server transmits authentication token to the handler process over a secure channel. The handler process uses the authentication token to obtain strong cryptographic identity for the application/container. (Examiner notes that the token is being mapped to the initial secret and the signed digital certificate is being mapped to other secret)], but Shukla does not teach requesting, by the container creation code hook, a creation of an initial secret; continuously polling, by the identity and authentication sidecar, an in-memory volume between the identity and authentication sidecar and the application container to determine whether there exists a request for creating the initial secret; requesting validation of the request for the creation of the initial secret when a request for creating the initial secret is found.
However, Yang does teach requesting, by the container creation code hook, a creation of an initial secret; [Yang, para. 23 discloses transmit an authentication request containing a request for the superuser password in response to receiving the request to generate the new secret key;] continuously polling, by the identity and authentication sidecar, an in-memory volume between the identity and authentication sidecar and the application container to determine whether there exists a request for creating the initial secret; [Yang, para. 23 discloses receive the superuser password from the first device; verify the superuser password with the password stored on a secured memory of the third device. Para. 234 discloses the car access protocol module 3140 would trigger the NFC to broadcasts its ID id.sub.Car and a random number r in a fixed frequency. Based on the id.sub.Car and random number r, the car access protocol module 3240 computes vd=MAC(K.sub.id.sub.O, r), and then sends a request to access the car in step 445. The request includes [0, id.sub.O, vd] where 0 denotes “owner access”. In step 450, the car verifies the blacklist and vd. In particular, the car access protocol module 3140 checks the blacklist to determine whether id.sub.O is revoked, and aborts if it is. If the id.sub.O is not in the blacklist, the car access protocol module 3140 continues to check whether vd=MAC(h(K, id.sub.Car, id.sub.O), r). If the check passes, then the car access protocol module 3140 grants the access, e.g., open the car door. Otherwise, the car access protocol module 3140 rejects granting access. If the key rotation strategy is implemented, a new key is going to be generated for the car owner after each access.] requesting validation of the request for the creation of the initial secret when a request for creating the initial secret is found. [Yang, para. 23 discloses generate the secret key (K) in response to verifying the superuser password being identity to the password stored on the secured memory of the third device; and store the secret key in the secured memory in response to generating the secret key; and transmit a confirmation message indicating the secret key has been successfully created.]
Therefore, it would have been obvious to one of ordinary skills within the art before the effective filling to combine Yang’s system with Shukla’s system, with a motivation to flexibly and securely delegate their access rights to other users, under fine-grained access policies. [Yang, para. 9]

As per claim 2, modified Shukla teaches the method of claim 1, wherein the plurality of collocated containers with shared resources were created asynchronously. [Shukla, para. 52 discloses the process 300 performed by the credential manager to create a new entity, according to some embodiments. The credential manager, upon receiving a request to create a new entity, first generates an identity and creates a root certificate 304. A unique entity ID is created and associated with the new entity. The generated root certificate is used to sign the certificate signing request from the application/container. As part of new entity creation, the credential manager also creates security policy groups 306 and generates single-use tokens 308 to be presented with certificate signing requests by the application/container. In one embodiment, the association of the tokens to specific security groups can be performed at the time of the creation of the groups. Para. 41 discloses an application, programming interface (API) enables an application/container to use tokens and obtain a strong cryptographic identity from the cloud service. An authentication method ensures that tokens cannot be obtained by unauthorized users. Application orchestrator or application orchestration server will be tasked with obtaining the tokens, but the task can also be accomplished by the handler service. Based on that identity and group association, the credential manager also issues the application/container a security policy. The application/container uses its strong cryptographic identity to obtain access to a computing resource based on the issued security policy. The security policies cover, but are not limited to, resource accesses and permitted actions for the container/application.]

As per claim 3, modified Shukla teaches the method of claim 1, wherein the identity and authentication sidecar is isolated from the application container. [Shukla, para. 44 discloses Handler process 128 can manage the identities of the applications/containers. The handler process can be an independent process or part of the application/container whose identity it manages.] 

As per claim 4, modified Shukla teaches the method of claim 1, further comprising: mounting a sidecar in-memory volume to the identity and authentication sidecar; and mounting the application type identifier and the access token to the sidecar in-memory volume. [Shukla, para. 44 discloses the handler process 128 monitors a plurality of application processes/containers 122-126 executing in the memory 120 of the client; provisions identity to the target application/container 122-126 using a cloud-based identity management service; effects authentication with other applications/containers that interact with said application/container 122-126; and enforces security policies based on the group association of the respective application/container 122-126.]

As per claim 5, modified Shukla teaches the method of claim 1, further comprising deleting the request for the initial secret immediately after the request is validated. [Shukla, para. 53 discloses for each incoming request, the credential manager extracts the entity ID and the token from the request. The group name is extracted from the certificate to be signed. The token and its group are validated for the given token and entity ID. Upon validation 430, the certificate authority signs the certificate and returns the signed certificate to the handler process at the client 440. The spent token is invalidated so it cannot be used again, Tokens are also invalidated if they have not been used for a specified amount of time.]

As per claim 7, modified Shukla teaches the method of claim 1, further comprising writing the initial secret to the in- memory volume between the identity and authentication sidecar and the application container. [Shukla, para. 52 discloses The credential manager, upon receiving a request to create a new entity, first generates an identity and creates a root certificate 304. A unique entity ID is created and associated with the new entity. The generated root certificate is used to sign the certificate signing request from the application/container. As part of new entity creation, the credential manager also creates security policy groups 306 and generates single-use tokens 308 to be presented with certificate signing requests by the application/container.]
 
As per claim 8, modified Shukla teaches the method of claim 1, wherein the other secrets are retrieved by an externalized configuration server from the secrets management service. [Shukla, para. 56 discloses the credential manager receives the certificate sign requests, validates the token along with the entity ID, signs the digital certificate if the validation is successful, and sends the signed digital certificate to the handler process at the computing device. The handler process checks for a valid signed certificate from the credential manager 560. If a valid digital certificate is received, then the handler process uses the obtained certificate for authenticating the application/container to other applications/containers. Para. 39 discloses a bootstrapping method is used to securely assign a strong cryptographic identity or a digital certificate to an application/container and associate that identity to a group. The assignment of an application to a security group is based on the classification of the application based on a scan of applications/containers executing on the computer system. A cloud-based credential manager generates an authentication token. The authentication token is provided to an orchestration server over a secure channel. The orchestration server transmits authentication token to the handler process over a secure channel. The handler process uses the authentication token to obtain strong cryptographic identity for the application/container.]
 
Regarding claim 10, Shukla teaches a system for secure initial secret delivery for collocated containers with shared resources between devices comprises: a plurality of collocated containers with shared resources, [Shukla, para. 44 discloses Handler process 128 can manage the identities of the applications/containers. The handler process can be an independent process or part of the application/container whose identity it manages. The handler process 128 can be implemented as an application, kernel module, hypervisor, or a dynamic linked library (DLL).] wherein the plurality of collocated containers comprises: an identity and authentication sidecar wherein the identity and authentication sidecar securely obtains the identity of the collocated containers from a secrets management service, and securely obtains and delivers the Attorney Docket No.: SNCR20001 (SNCR-CLD-20001)initial secret from the secrets management service to an application instance in an application container; [Shukla, para. 55 discloses The steps for obtaining the certificate can be performed by the application/container or by a separate handler process. The handler monitors the star of a new application/container 510. Upon detecting the start of an application/container, the handler determines the stored group identity of the application/container and other attributes 520. The security group identity may be stored in a file or as an environment variable. The handler may, additionally, read a certificate signing request generation configuration file 530. Configuration information includes, but is not limited to, entity ID, organizational unit, name of application/process, organization name, and group name.] an application container where the application instance is executed; [Shukla, para. 44 discloses the system 100 includes a computing device 110 that executes one or more applications 122 124 and containers 126.] a sidecar in-memory volume; [Shukla, para. 48 discloses in the memory 120 of the client 110 a handler process 128 can be executed.] and an in-memory volume between the identity and authentication sidecar and the application container; [Shukla, para. 44 discloses The handler process 128 monitors a plurality of application processes/containers 122-126 executing in the memory 120 of the client; provisions identity to the target application/container 122-126 using a cloud-based identity management service;] a container orchestration and management system comprising: a) at least one processor; b) at least one input device; and c) at least one storage device storing processor-executable instructions which, when executed by the at least one processor, perform a method including: setting an application type identifier and a token for accessing a secrets management service; [Shukla, para. 41 discloses an application, programming interface (API) enables an application/container to use tokens and obtain a strong cryptographic identity from the cloud service. An authentication method ensures that tokens cannot be obtained by unauthorized users. Application orchestrator or application orchestration server will be tasked with obtaining the tokens, but the task can also be accomplished by the handler service. Based on that identity and group association, the credential manager also issues the application/container a security policy. The application/container uses its strong cryptographic identity to obtain access to a computing resource based on the issued security policy. The security policies cover, but are not limited to, resource accesses and permitted actions for the container/application. Some examples of resources and associated actions include: data contained in databases, access to file systems, and changing data in a file system or database, etc. Other examples of actions include initiating network connections and accessing remote applications/containers. In this way, server-side component of managing identity in the cloud-computing environment is provided.] creating the plurality of collocated containers with shared resources, wherein creating comprises: starting an identity and authentication sidecar; [Shukla, para. 38 discloses A group of applications/containers is assigned a strong credential or cryptographic identity, or a digital certificate. The strong cryptographic identity of each application/container is associated with a security policy, group. The assignment of an application to a security group is based on the classification of the application after a scan. Security policies for provisioning of resources are defined for security groups. The enforcement of security policies is performed either by the application/container or by a separate handler process. The handler process uses the strong cryptographic identity of the application/container to authenticate to other applications/containers. Authenticated identities and group-based security policies are used for enforcing provisioning of resources.] and starting an application container; [Shukla, para. 40 discloses The start of each new application/container is monitored at the network of the entity by a handler process at each computing device. The new application is scanned and assigned to a security group based on the classification of the application. Strong cryptographic identity is assigned to a new application/container by the cloud-based credential manager. Security policies are enforced for the application/container. Events are recorded.] and a secrets management service comprising: a) at least one processor; b) at least one input device; and c) at least one storage device storing processor-executable instructions which, when executed by the at least one processor, perform a method including: generating just-in-time, a unique run-time identity for a plurality of collocated containers with shared resources; [Shukla, para. 50 discloses a cloud-hosted service provides credential management. The credential manager includes a native certificate authority with the ability to manage and assign certificates for applications/containers. The certificate authority assigns a unique identifier to and manages root certificates for each container-creating entity. The certificate authority manages tokens for each root certificate. The cloud-based service also manages group security policies for each entity. To use the service, the client sends a certificate signing request (CSR) along with a token to the cloud. The credential manager verifies the token and the customer ID and upon verification signs the certificate.] validating the unique identity for the plurality of collocated containers with shared resources; [Shukla, para. 53 discloses Upon receiving a new request for certificate signing 420, the credential manager initiates a validation mechanism. For each incoming request, the credential manager extracts the entity ID and the token from the request. The group name is extracted from the certificate to be signed. The token and its group are validated for the given token and entity ID.], but Shukla does not teach just-in-time generating and delivering an initial secret for the application container; and managing one or more application secrets for the application instance.
However, Yang does teach just-in-time generating and delivering an initial secret for the application container; and managing one or more application secrets for the application instance. [Yang, para. 23 discloses transmit an authentication request containing a request for the superuser password in response to response to receiving the request to generate the new secret key; receive the superuser password from the first device; verify the superuser password with the password stored on a secured memory of the third device; generate the secret key (K) in response to verifying the superuser password being identity to the password stored on the secured memory of the third device; and store the secret key in the secured memory in response to generating the secret key; and transmit a confirmation message indicating the secret key has been successfully created.]
Therefore, it would have been obvious to one of ordinary skills within the art before the effective filling to combine Yang’s system with Shukla’s system, with a motivation to flexibly and securely delegate their access rights to other users, under fine-grained access policies. [Yang, para. 9]

Regarding claim 11, it recites features similar to features within claim 2, therefore, it is rejected in a similar manner.

Regarding claim 12, it recites features similar to features within claim 4, therefore, it is rejected in a similar manner.

Regarding claim 13, modified Shukla teaches the system of claim 10, but Shukla does not teach wherein the application container executes a container creation code hook that requests a creation of an initial secret.
However, Yang does teach wherein the application container executes a container creation code hook that requests a creation of an initial secret. [Yang, para. 23 discloses transmit an authentication request containing a request for the superuser password in response to response to receiving the request to generate the new secret key; receive the superuser password from the first device; verify the superuser password with the password stored on a secured memory of the third device; generate the secret key (K) in response to verifying the superuser password being identity to the password stored on the secured memory of the third device;]
Therefore, it would have been obvious to one of ordinary skills within the art before the effective filling to combine Yang’s system with Shukla’s system, with a motivation to flexibly and securely delegate their access rights to other users, under fine-grained access policies. [Yang, para. 9]

Regarding claim 14, modified Shukla teaches the system of claim 10, but Shukla does not teach wherein the identity and authentication sidecar continuously polls the in-memory volume between the identity and authentication sidecar and the application container to determine if there is a request for creating the initial secret.  
However, Yang does teach wherein the identity and authentication sidecar continuously polls the in-memory volume between the identity and authentication sidecar and the application container to determine if there is a request for creating the initial secret. [Yang, para. 23 discloses receive the superuser password from the first device; verify the superuser password with the password stored on a secured memory of the third device;]
Therefore, it would have been obvious to one of ordinary skills within the art before the effective filling to combine Yang’s system with Shukla’s system, with a motivation to flexibly and securely delegate their access rights to other users, under fine-grained access policies. [Yang, para. 9]

Regarding claim 15, modified Shukla teaches the system of claim 10, but Shukla does not teach wherein the identity and authentication sidecar requests validation of the request for the creation of the initial secret.   
However, Yang does teach wherein the identity and authentication sidecar requests validation of the request for the creation of the initial secret. [Yang, para. 23 discloses generate the secret key (K) in response to verifying the superuser password being identity to the password stored on the secured memory of the third device; and store the secret key in the secured memory in response to generating the secret key; and transmit a confirmation message indicating the secret key has been successfully created.]
Therefore, it would have been obvious to one of ordinary skills within the art before the effective filling to combine Yang’s system with Shukla’s system, with a motivation to flexibly and securely delegate their access rights to other users, under fine-grained access policies. [Yang, para. 9]

Regarding claim 16, it recites features similar to features within claim 5, therefore, it is rejected in a similar manner.

Regarding claim 18, it recites features similar to features within claim 7, therefore, it is rejected in a similar manner.

As per claim 19, modified Shukla teaches the system of claim 10, further comprising an externalized configuration server for providing a configuration for the application container during bootstrapping and retrieving other secrets from the secrets management service. [Shukla, para. 56 discloses the credential manager receives the certificate sign requests, validates the token along with the entity ID, signs the digital certificate if the validation is successful, and sends the signed digital certificate to the handler process at the computing device. The handler process checks for a valid signed certificate from the credential manager 560. If a valid digital certificate is received, then the handler process uses the obtained certificate for authenticating the application/container to other applications/containers. Para. 39 discloses  a bootstrapping method is used to securely assign a strong cryptographic identity or a digital certificate to an application/container and associate that identity to a group. The assignment of an application to a security group is based on the classification of the application based on a scan of applications/containers executing on the computer system. A cloud-based credential manager generates an authentication token. The authentication token is provided to an orchestration server over a secure channel. The orchestration server transmits authentication token to the handler process over a secure channel. The handler process uses the authentication token to obtain strong cryptographic identity for the application/container.]

Claims 6 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over US 20190349357 A1 to Shukla et al., (hereinafter, “Shukla”) in view of US 20200099522 A1 to Yang et al., (hereinafter, “Yang”) in further view of US 20130110658 A1 to Lyman et al., (hereinafter, “Lyman”).
Regarding claim 6, modified Shukla teaches the method of claim 1, but Shukla does not teach wherein validating the request for creating the initial secret comprises performing a readiness check on the application instance, wherein the request is determined to be invalid if the application instance is already started. 
However, Lyman does teach wherein validating the request for creating the initial secret comprises performing a readiness check on the application instance, wherein the request is determined to be invalid if the application instance is already started. [Lyman, para. 48 discloses the mobile token generation module 118 validates the token request with the policy and fraud detection module 120. At this point, the policy and fraud detection module 120 determines whether the token request is likely to be valid or invalid, based on a previous fraud alert, a previous suspicious activity, and/or the like. If the request is found to be invalid, the mobile token generation module 118 will take appropriate action, which may include notifying the entity managing the associated configuration portal server 102, which will take appropriate action.]
Therefore, it would have been obvious to one of ordinary skills within the art before the effective filling to combine Lyman’s system with Shukla’s system, with a motivation to provide a fraud alert capability that transmits a notification to the appropriate configuration portal server 102 when potential fraud is detected to allow the sponsor associated with the configuration portal server 102 to react accordingly. [Lyman, para. 40]

Regarding claim 17, it recites features similar to features within claim 6, therefore, it is rejected in a similar manner.

Claims 9 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over US 20190349357 A1 to Shukla et al., (hereinafter, “Shukla”) in view of US 20200099522 A1 to Yang et al., (hereinafter, “Yang”) in further view of US 20190268149 A1 to Kariv et al., (hereinafter, “Kariv”).
Regarding claim 9, modified Shukla teaches the method of claim 1, but modified Shukla does not teach further comprising deleting the initial secret. 
However, Kariv does teach further comprising deleting the initial secret. [Kariv, para. 69 discloses A DSS-client agent 1218 is a virtual security layer included in client computer systems, such as client system 1220, that interfaces through electronic communications to the APIs of the CC nodes. Any particular secret enters the DSS system through a security manager (“SM”), discussed below, and resides in SM memory transiently, for only the time needed to partition the secret into secret shares. Following partitioning, the secret is deleted from memory and never again reconstructed within the SM or CC nodes. When a client system needs to access a service based on a securely stored secret or, in certain implementations, the secret itself, the client system directs the DSS-client agent 1218 to request secret shares or derived-data shares from the CC nodes and reconstructs the secret or the derived data in client memory controlled by the DSS-client agent. In most cases, when a secret is reconstructed by the DSS-client agent, the secret is used by the DSS-client agent to perform a task or service on behalf of the client system, such as using a secret private encryption key to establish a secure communications channel with a remote computer system, and is not stored in mass storage or directly accessibly to the system layers or application layers within the client computer.]
 Therefore, it would have been obvious to one of ordinary skills within the art before the effective filling to combine Kariv’s system with modified Shukla’s system, with a motivation that secrets exist for only a short, initial period of time within the DSS system, specifically in SM memory. Once the SM has encoded a secret in a finite-field polynomial, the secret is deleted from SM memory and deletion of the secret is verified. [Kariv, para. 69]

Regarding claim 20, it recites features similar to features within claim 9, therefore, it is rejected in a similar manner.

Conclusion
Pertinent prior art made of record however not replied upon include:
US 20200084027 A1 to Duchon et al.
“Methods and systems for encrypting and decrypting data on a blockchain may comprise, upon receiving a request to encrypt data elements of a first data block of a blockchain to only be accessible to a subset of nodes of the blockchain, generating an encryption key configured to encrypt the data elements of the first data block; encrypting the data elements of the first data block using the encryption key; retrieving a public key corresponding to each node within the subset of nodes; encrypting the encryption key using the public key corresponding to each node within the subset of nodes, generating an encrypted encryption key for each node within the subset of nodes; generating a second data block comprising the encrypted encryption key for each node and the encrypted data elements of the first data block; and appending the second data block to the blockchain.”
US 20160134932 A1 to Karp et al.
“In embodiments of a camera system application program interface (API) for third-party integrations, a camera device captures images as a video stream and communicates the video stream to a cloud-based service. The cloud-based service implements a service application that processes video data received as the video stream. The cloud-based service exposes the camera system API that can be invoked by a third-party application running on a client device to request the video data and camera data that is associated with the camera device. The API permits access by the third-party application to the video data and the camera data from the cloud-based service. The API is exposed for the third-party application to communicate with the cloud-based service via a network connection, and the camera device communicates with the cloud-based service via a secure connection to provide the requested camera data and communicate the video stream to the cloud-based service.”
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Phuc Pham whose telephone number is (571)272-8893. The examiner can normally be reached Monday - Thursday 7:30 AM - 4:30 PM; Friday 8:00 AM - 12:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571)272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/P.P./Patent Examiner, Art Unit 2434                                                                                                                                                                                                        
/NOURA ZOUBAIR/Primary Examiner, Art Unit 2434