DETAILED ACTION
1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
2.	A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office Action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 11/07/2022 has been entered.
3.	Applicant's amendment and response received 11/07/2022, responding to the 08/22/2022 Office Action provided in the rejections of claims 1-20, wherein at least independent claims 1, 13 and 20 have been amended.  Claims 1-20 remain pending in the application; which has been fully considered by the Examiner.
Response to Arguments 

4.	Applicant’s arguments with respect to newly amended independent claims 1, 13 and 20 and claims 2-12 and 14-19 on pages 8-12 of the response have been fully considered but they are not persuasive and are moot in view of the new ground(s) of rejection- see Le (Art newly made of record) as applied below, as they further teach such use.
Claim Rejections - 35 USC § 112

5.	The following is a quotation of 35 U.S.C. 112(a):

(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

6.	Claims 13-19 are rejected under 35 U.S.C. 112(a) as failing to comply with the written description requirement.  The claims contain subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor had possession of the claimed invention at the time the application was filed.
		Claim 13 recites “receiving from a plurality of validators in parallel, identical copies of the build artifact and a corresponding manifest”. Applicant’s disclosure does not set forth any written description and is devoid of such “receiving from a plurality of validators in parallel, identical copies of the build artifact and a corresponding manifest”. The remarks indicates that specification fully supports the subject matter, however no specific indication of where such limitation is supported in the disclosure was specified. 
		Claims 14-19 are also rejected for being dependent on rejected base claims
Claim Rejections - 35 USC § 103

7.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

8.	Claims 1-4, 8, 10 and 12 are rejected under 35 U.S.C. 103 as being unpatentable over Cahna et al., U.S. Patent No. 10,521,447 (hereinafter Cahna) in view of Robison et al., U.S. Patent No. 10,656,936 (hereinafter Robison) in view of Suarez et al., U.S. Patent No. 10,782,990 (hereinafter Suarez) in view of Nijasure  et al., U.S. 2022/0092193 (hereinafter Nijasure) in view of Le et al., U.S. Patent No. 10,951,544 (hereinafter Le).
  In regards to claim 1, Cahna teaches:
A computer-implemented method for validating a build artifact, the method comprising: (column 1, lines 13-14, see a system can include a processor to receive an image ID corresponding to a container image of a container to be run) and (column 6, lines 21-40, see when the local agent 110 retrieves an image data 114 from the registry, the local agent 110 may add a signature for each file including file path in the image that identifies the file data to the image meta-data. For example, the signature may be a hash-code or any other valid signature. The local agent 110 may save the hash-code on the local file system when the image data 114 is saved. Then, when the local agent 110 attempts to read a 1st block of data from a file, the local agent 110 may check whether a file with the same hash-code was already pulled and stored locally for a different image ID… If not, the local agent 110 may continue to download the block the registry 104. In that case, the local agent 110 may mark in a global data-structure that a file with this hash-code is stored under the current image ID or at any other location on the local file system, so future accesses to this file may be served locally).
determine whether the build artifact meets a respective criterion (column 6, lines 21-40, see when the local agent 110 attempts to read a 1st block of data from a file, the local agent 110 may check whether a file with the same hash-code was already pulled and stored locally for a different image ID… If not, the local agent 110 may continue to download the block the registry 104. In that case, the local agent 110 may mark in a global data-structure that a file with this hash-code is stored under the current image ID or at any other location on the local file system, so future accesses to this file may be served locally).
Cahna doesn’t explicitly teach:
in response to a determination that the build artifact meets the respective criterion, generate a respective digital signature associated with the build artifact.
However, Robison teaches such use: (Fig. 3, Receive new code digest developed by developer 302, read last block of code developer’s blockchain 304, compile code digest, code id, developer’s public key and signed has of last block into a compilation 306, hash compilation to generate new hash digest 308, sign new hash digest to generate a new signature 312, store new code digest in code repository 316, repeat steps for multiple code digest and multiple code developers), and (column 2, lines 25-36, see reading a last block of a blockchain associated with a code developer having a private key and public key pair associated with the blockchain, in which each block of the blockchain includes a signed hash including a hash digest and a signature of the hash digest generated using the private key; hashing a compilation to generate a new hash digest, the compilation including the signed hash of the read last block, the public key and a new code digest; signing the new hash digest with the private key to generate a new signature; and updating the blockchain with a new block that includes a new signed hash including the new hash digest and the new signature) and (column 5, line 66 – column 6, line 29, see at block 302, a developer develops a new code digest, logs into his/her account 171 of the code repository 198 and indicates a request to submit the new code digest to the code repository 198. Flow proceeds to block 304. At block 304, the code repository 198 reads the last block of the blockchain 175 associated with the developer's account, which includes the signed hash 202 of the last block. Flow proceeds to block 306. At block 306, the code repository 198 assigns a code ID to the new code digest. The code repository 198 then compiles the new code digest, the code ID (e.g., 294 of FIG. 2), the developer's public key 292, and the signed hash 202 of the last block read at block 304 into a compilation (e.g., 206 of FIG. 2). Flow proceeds to block 308. At block 308, the code repository 198 hashes the compilation 206 to generate a new hash digest… At block 312, the developer signs the new hash digest using his private key (paired with the public key) to generate a new digital signature… At block 314, the code repository 198 updates the developer's blockchain 175 with the a new block that includes the new signed hash generated at block) (emphasis added). 
verifying each of the respective digital signatures.
However, Robison teaches such use: (column 7, lines 29-33, see the signature validation/verification process outputs an indication that the signature 209 is either accepted or rejected, i.e., that the signed hash 202 was signed by the private key 204 of the developer who’s paired public key 292 is being used to verify the signed hash 202).
Cahna and Robison are analogous art because they are from the same field of endeavor, software installation.
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teaching of Cahna and Robison before him or her, to modify the system of Cahna to include the teachings of Robison, as a system for validating software, and accordingly it would enhance the system of Cahna, which is focused on container application execution, because that would provide Cahna with the ability to utilize a digital signature, as suggested by Robison (column 2, lines 25-36, column 10, lines 1-9).      
Cahna and Robinson, in particular Cahna doesn’t explicitly teach:   
in response to verifying the respective digital signatures, deploying the build artifact.
However, Suarez teaches such use: (column 1, lines 8-11, see  companies and individuals have turned to these software containers for automated application deployment on virtual machine instances being remotely hosted by distributed computing systems of computing resource service providers), (Fig. 8, see process arrow flow from Container Instance 802, Auth Service 816, Valid No/Yes 815, Telemetry Front-End Service 814) and (column 20, lines 25-34, see the telemetry front-end service 814 may validate the electronic signature of the signed message 820… In this manner, validation 815 of the signature of the telemetry data provided by the container instance 802 provides additional assurances that the telemetry has not been corrupted, replayed, or tampered with).
Cahna, Robison and Suarez are analogous art because they are from the same field of endeavor, software installation.
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teaching of Cahna, Robison and Suarez before him or her, to modify the system of Cahna and Robison, in particular Cahna to include the teachings of Suarez, as a system for container telemetry, and accordingly it would enhance the system of Cahna, which is focused on container application execution, because that would provide Cahna with the ability to verify a digital signature, as suggested by Suarez (column 20, lines 25-34, column 30, lines 48-60).   
Cahna, Robinson and Suarez, in particular Cahna doesn’t explicitly teach:   
receiving a manifest associated with the build artifact, wherein the manifest includes each of the respective digital signatures.  
However, Nijasure teaches such use (Abstract, see an access client may transmit an access request to a server, and the access request may be an example of a decryption request or an encryption request. The access request may include access information and file information for a file to be accessed. The server may validate the access information and generate an access package that includes a set of access keys and executable code. The access keys may be transmitted to the access client. The access client may execute the executable code and decrypt or encrypt the file. The file may include one or more data packs that include file access policies, ownership information, and file access log) and (p. 5, [0057], see the ownership information 255 may include a value for an Author ID field uniquely identifies the user that created the encrypted file 200. The value for the Author ID may be an email address, an employee identifier, a username, etc. The ownership information 255 may include an entity signature, such as a digital signature. A user of the system may be one of multiple employees of the entity. Each encrypted file generated by users for the entity may include the same entity signature, which identifies the entity as the source of the encrypted file, or multiple entity signatures, which may identify the entity source of the encrypted file and the user that generated the encrypted file) (emphasis added).
Cahna, Robison, Suarez and Nijasure are analogous art because they are from the same field of endeavor, software installation.
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teaching of Cahna, Robison, Suarez and Nijasure before him or her, to modify the system of Cahna, Robison and Suarez, in particular Cahna to include the teachings of Nijasure, as an encrypted file control system, and accordingly it would enhance the system of Cahna, which is focused on container application execution, because that would provide Cahna with the ability to validate software compliance, as suggested by Nijasure (p. 5, [0057], p. 25, [0319]).   
Cahna, Robinson, Suarez and Nijasure, in particular Cahna doesn’t explicitly teach:
transmitting an identical copy of the build artifact to each of a plurality of validators in parallel, wherein each of the plurality of validators is configured
However, Le teaches such use (Fig. 3, Provide first copies of the data to multiple parallel first paths 304, At each of the first paths, perform a check on a first copy of the date and generate a protection for the first copy of the data 306).
Cahna, Robison, Suarez, Nijasure and Le are analogous art because they are from the same field of endeavor, software installation.
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teaching of Cahna, Robison, Robison, Suarez, Nijasure and Le before him or her, to modify the system of Cahna, Robison, Robison, Suarez and Nijasure in particular Cahna to include the teachings of Le, as a system for crosschecking data, and accordingly it would enhance the system of Cahna, which is focused on container application execution, because that would provide Cahna with the ability to validate parallel data, as suggested by Le (Fig. 3, column 14, lines 33-46).   

  In regards to claim 2, Cahna doesn’t explicitly teach:
each of the respective digital signatures is a cryptographic signature.
However, Robison teaches such use: (Fig. 3, Receive new code digest developed by developer 302, read last block of code developer’s blockchain 304, compile code digest, code id, developer’s public key and signed has of last block into a compilation 306, hash compilation to generate new hash digest 308, sign new hash digest to generate a new signature 312, store new code digest in code repository 316, repeat steps for multiple code digest and multiple code developers), and (column 2, lines 25-36, see reading a last block of a blockchain associated with a code developer having a private key and public key pair associated with the blockchain, in which each block of the blockchain includes a signed hash including a hash digest and a signature of the hash digest generated using the private key; hashing a compilation to generate a new hash digest, the compilation including the signed hash of the read last block, the public key and a new code digest; signing the new hash digest with the private key to generate a new signature; and updating the blockchain with a new block that includes a new signed hash including the new hash digest and the new signature) and (column 5, line 66 – column 6, line 29, see at block 302, a developer develops a new code digest, logs into his/her account 171 of the code repository 198 and indicates a request to submit the new code digest to the code repository 198. Flow proceeds to block 304. At block 304, the code repository 198 reads the last block of the blockchain 175 associated with the developer's account, which includes the signed hash 202 of the last block. Flow proceeds to block 306. At block 306, the code repository 198 assigns a code ID to the new code digest. The code repository 198 then compiles the new code digest, the code ID (e.g., 294 of FIG. 2), the developer's public key 292, and the signed hash 202 of the last block read at block 304 into a compilation (e.g., 206 of FIG. 2). Flow proceeds to block 308. At block 308, the code repository 198 hashes the compilation 206 to generate a new hash digest… At block 312, the developer signs the new hash digest using his private key (paired with the public key) to generate a new digital signature… At block 314, the code repository 198 updates the developer's blockchain 175 with the new block that includes the new signed hash generated at block) (emphasis added). 
Cahna and Robison are analogous art because they are from the same field of endeavor, software installation.
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teaching of Cahna and Robison before him or her, to modify the system of Cahna to include the teachings of Robison, as a system for validating software, and accordingly it would enhance the system of Cahna, which is focused on container application execution, because that would provide Cahna with the ability to utilize a digital signature, as suggested by Robison (column 2, lines 25-36, column 10, lines 1-9).      

  In regards to claim 3, Cahna doesn’t explicitly teach:
each of the plurality of validators is further configured to generate the respective digital signature using a respective private key.
However, Robison teaches such use: (Fig. 3, Receive new code digest developed by developer 302, read last block of code developer’s blockchain 304, compile code digest, code id, developer’s public key and signed has of last block into a compilation 306, hash compilation to generate new hash digest 308, sign new hash digest to generate a new signature 312, store new code digest in code repository 316, repeat steps for multiple code digest and multiple code developers), and (column 2, lines 25-36, see reading a last block of a blockchain associated with a code developer having a private key and public key pair associated with the blockchain, in which each block of the blockchain includes a signed hash including a hash digest and a signature of the hash digest generated using the private key; hashing a compilation to generate a new hash digest, the compilation including the signed hash of the read last block, the public key and a new code digest; signing the new hash digest with the private key to generate a new signature; and updating the blockchain with a new block that includes a new signed hash including the new hash digest and the new signature) and (column 5, line 66 – column 6, line 29, see at block 302, a developer develops a new code digest, logs into his/her account 171 of the code repository 198 and indicates a request to submit the new code digest to the code repository 198. Flow proceeds to block 304. At block 304, the code repository 198 reads the last block of the blockchain 175 associated with the developer's account, which includes the signed hash 202 of the last block. Flow proceeds to block 306. At block 306, the code repository 198 assigns a code ID to the new code digest. The code repository 198 then compiles the new code digest, the code ID (e.g., 294 of FIG. 2), the developer's public key 292, and the signed hash 202 of the last block read at block 304 into a compilation (e.g., 206 of FIG. 2). Flow proceeds to block 308. At block 308, the code repository 198 hashes the compilation 206 to generate a new hash digest… At block 312, the developer signs the new hash digest using his private key (paired with the public key) to generate a new digital signature… At block 314, the code repository 198 updates the developer's blockchain 175 with the new block that includes the new signed hash generated at block) (emphasis added). 
verifying each of the respective digital signatures further comprises using a respective public key to decrypt each of the respective digital signatures.
However, Robison teaches such use: (column 7, lines 29-33, see the signature validation/verification process outputs an indication that the signature 209 is either accepted or rejected, i.e., that the signed hash 202 was signed by the private key 204 of the developer who’s paired public key 292 is being used to verify the signed hash 202).
Cahna and Robison are analogous art because they are from the same field of endeavor, software installation.
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teaching of Cahna and Robison before him or her, to modify the system of Cahna to include the teachings of Robison, as a system for validating software, and accordingly it would enhance the system of Cahna, which is focused on container application execution, because that would provide Cahna with the ability to utilize a digital signature, as suggested by Robison (column 2, lines 25-36, column 10, lines 1-9).      

  In regards to claim 4, Cahna teaches:
each of the plurality of validators is further configured to: generate a respective hash value corresponding to the build artifact (column 5, lines 10-12, see the image metadata 116 may include, for example, file names, sizes and hash-codes of the files' content that form the container image) and (column 6, lines 20-31, see for example, when the local agent 110 retrieves an image data 114 from the registry, the local agent 110 may add a signature for each file including file path in the image that identifies the file data to the image meta-data. For example, the signature may be a hash-code or any other valid signature. The local agent 110 may save the hash-code on the local file system when the image data 114 is saved. Then, when the local agent 110 attempts to read a 1st block of data from a file, the local agent 110 may check whether a file with the same hash-code was already pulled and stored locally for a different image ID). 
Cahna doesn’t explicitly teach:
generate the respective digital signature using the respective private key and the respective hash value.
However, Robison teaches such use: (Fig. 3, Receive new code digest developed by developer 302, read last block of code developer’s blockchain 304, compile code digest, code id, developer’s public key and signed has of last block into a compilation 306, hash compilation to generate new hash digest 308, sign new hash digest to generate a new signature 312, store new code digest in code repository 316, repeat steps for multiple code digest and multiple code developers), and (column 2, lines 25-36, see reading a last block of a blockchain associated with a code developer having a private key and public key pair associated with the blockchain, in which each block of the blockchain includes a signed hash including a hash digest and a signature of the hash digest generated using the private key; hashing a compilation to generate a new hash digest, the compilation including the signed hash of the read last block, the public key and a new code digest; signing the new hash digest with the private key to generate a new signature; and updating the blockchain with a new block that includes a new signed hash including the new hash digest and the new signature) and (column 5, line 66 – column 6, line 29, see at block 302, a developer develops a new code digest, logs into his/her account 171 of the code repository 198 and indicates a request to submit the new code digest to the code repository 198. Flow proceeds to block 304. At block 304, the code repository 198 reads the last block of the blockchain 175 associated with the developer's account, which includes the signed hash 202 of the last block. Flow proceeds to block 306. At block 306, the code repository 198 assigns a code ID to the new code digest. The code repository 198 then compiles the new code digest, the code ID (e.g., 294 of FIG. 2), the developer's public key 292, and the signed hash 202 of the last block read at block 304 into a compilation (e.g., 206 of FIG. 2). Flow proceeds to block 308. At block 308, the code repository 198 hashes the compilation 206 to generate a new hash digest… At block 312, the developer signs the new hash digest using his private key (paired with the public key) to generate a new digital signature… At block 314, the code repository 198 updates the developer's blockchain 175 with the new block that includes the new signed hash generated at block) (emphasis added). 
Cahna and Robison are analogous art because they are from the same field of endeavor, software installation.
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teaching of Cahna and Robison before him or her, to modify the system of Cahna to include the teachings of Robison, as a system for validating software, and accordingly it would enhance the system of Cahna, which is focused on container application execution, because that would provide Cahna with the ability to utilize a digital signature, as suggested by Robison (column 2, lines 25-36, column 10, lines 1-9).      

  In regards to claim 8, Cahna and Robinson, in particular Cahna doesn’t explicitly teach:
the respective criterion corresponding to at least one of the plurality of validators is generation of the build artifact by a predetermined source.
However, Suarez teaches such use: (column 4, lines 5-10, see additionally, techniques described and suggested in the present disclosure can improve the security and accuracy of telemetry data by electronically signing each message containing telemetry data with the signing key that can be verified as having originated from an authorized container instance) and (Fig. 8, see process arrow flow from Container Instance 802, Auth Service 816, Valid No/Yes 815, Telemetry Front-End Service 814). 
Cahna, Robison and Suarez are analogous art because they are from the same field of endeavor, software installation.
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teaching of Cahna, Robison and Suarez before him or her, to modify the system of Cahna and Robison, in particular Cahna to include the teachings of Suarez, as a system for container telemetry, and accordingly it would enhance the system of Cahna, which is focused on container application execution, because that would provide Cahna with the ability to verify a digital signature, as suggested by Suarez (column 20, lines 25-34, column 30, lines 48-60).   

  In regards to claim 10, Cahna, Robinson, Suarez and Nijasure, in particular Cahna doesn’t explicitly teach:
the plurality of validators are each configured to generate the respective digital signatures in parallel and add the respective digital signatures to the manifest. 
However, Le teaches such use (Fig. 3, Provide first copies of the data to multiple parallel first paths 304, At each of the first paths, perform a check on a first copy of the date and generate a protection for the first copy of the data 306).
Cahna, Robison, Suarez, Nijasure and Le are analogous art because they are from the same field of endeavor, software installation.
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teaching of Cahna, Robison, Robison, Suarez, Nijasure and Le before him or her, to modify the system of Cahna, Robison, Robison, Suarez and Nijasure in particular Cahna to include the teachings of Le, as a system for crosschecking data, and accordingly it would enhance the system of Cahna, which is focused on container application execution, because that would provide Cahna with the ability to validate parallel data, as suggested by Le (Fig. 3, column 14, lines 33-46).   

  In regards to claim 12, Cahna teaches:
the build artifact is an application container (column 1, lines 13-14, see a system can include a processor to receive an image ID corresponding to a container image of a container to be run) and (column 6, lines 21-40, see when the local agent 110 retrieves an image data 114 from the registry, the local agent 110 may add a signature for each file including file path in the image that identifies the file data to the image meta-data. For example, the signature may be a hash-code or any other valid signature. The local agent 110 may save the hash-code on the local file system when the image data 114 is saved. Then, when the local agent 110 attempts to read a 1st block of data from a file, the local agent 110 may check whether a file with the same hash-code was already pulled and stored locally for a different image ID… If not, the local agent 110 may continue to download the block the registry 104. In that case, the local agent 110 may mark in a global data-structure that a file with this hash-code is stored under the current image ID or at any other location on the local file system, so future accesses to this file may be served locally).

9.	Claims 5-7 are rejected under 35 U.S.C. 103 as being unpatentable over Cahna in view of Robison in view of Suarez in view of Nijasure in view of Le in view of Agarwal et al., U.S. Patent No. 10,268,565 (hereinafter Agarwal).
In regards to claim 1, the rejections above are incorporated respectively.
  In regards to claim 5, Cahna, Robinson, Suarez, Nijasure and Le, in particular Cahna doesn’t explicitly teach:
the plurality of validators includes at least three validators.
However, Agarwal teaches such use: (Fig. 1, 110A Validation Entity … 110N Validation Entity) and (column 8, lines 31-39, see multiple validation entities may be associated with a particular validation routine (or routines), with a particular validation entity 110  providing the container validation routine with another validation entity 110 modifying or approving the container validation routing. For example, a security validation routine may be provided by a vendor providing security validation services (e.g., applying techniques to the container to identify security vulnerabilities)).  
Cahna, Robison, Suarez, Nijasure, Le and Agarwa are analogous art because they are from the same field of endeavor, software installation.
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teaching of Cahna, Robison, Suarez, Nijasure, Le and Agarwal before him or her, to modify the system of Cahna, Robison, Suarez, Nijasure and Le, in particular Cahna to include the teachings of Agarwa, as a system for validation of containers, and accordingly it would enhance the system of Cahna, which is focused on container application execution, because that would provide Cahna with the ability to combine signatures, as suggested by Agarwa (column 8, lines 31-39, column 21, lines 16-28).   

  In regards to claim 6, Cahna, Robinson, Suarez, Nijasure and Le in particular Cahna doesn’t explicitly teach:
the plurality of validators includes at least four validators.
However, Agarwal teaches such use: (Fig. 1, 110A Validation Entity … 110N Validation Entity) and (column 8, lines 31-39, see multiple validation entities may be associated with a particular validation routine (or routines), with a particular validation entity 110 providing the container validation routine with another validation entity 110 modifying or approving the container validation routing. For example, a security validation routine may be provided by a vendor providing security validation services (e.g., applying techniques to the container to identify security vulnerabilities)).  
Cahna, Robison, Suarez, Nijasure, Le and Agarwa are analogous art because they are from the same field of endeavor, software installation.
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teaching of Cahna, Robison, Suarez, Nijasure, Le and Agarwal before him or her, to modify the system of Cahna, Robison, Suarez, Nijasure and Le, in particular Cahna to include the teachings of Agarwa, as a system for validation of containers, and accordingly it would enhance the system of Cahna, which is focused on container application execution, because that would provide Cahna with the ability to combine signatures, as suggested by Agarwa (column 8, lines 31-39, column 21, lines 16-28).   

  In regards to claim 7, Cahna, Robinson, Suarez, Nijasure and Le in particular Cahna doesn’t explicitly teach:
at least one of the plurality of validators is further configured to scan the build artifact for Known vulnerabilities; and the respective criterion associated with the at least one of the plurality of validators is based on an existence of one or more of the known vulnerabilities in the build artifact.
However, Agarwal teaches such use: (Fig. 1, 110A Validation Entity … 110N Validation Entity) and (column 8, lines 31-39, see multiple validation entities may be associated with a particular validation routine (or routines), with a particular validation entity 110 providing the container validation routine with another validation entity 110 modifying or approving the container validation routing. For example, a security validation routine may be provided by a vendor providing security validation services (e.g., applying techniques to the container to identify security vulnerabilities)).
Cahna, Robison, Suarez, Nijasure, Le and Agarwa are analogous art because they are from the same field of endeavor, software installation.
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teaching of Cahna, Robison, Suarez, Nijasure, Le and Agarwal before him or her, to modify the system of Cahna, Robison, Suarez, Nijasure and Le, in particular Cahna to include the teachings of Agarwa, as a system for validation of containers, and accordingly it would enhance the system of Cahna, which is focused on container application execution, because that would provide Cahna with the ability to combine signatures, as suggested by Agarwa (column 8, lines 31-39, column 21, lines 16-28).   

10.	Claim 9  is rejected under 35 U.S.C. 103 as being unpatentable over Cahna in view of Robison in view of Suarez in view of Nijasure in view of Le in view of Wong et al., U.S. 2014/0250427  (hereinafter Wong).
In regards to claim 1, the rejections above are incorporated respectively.
  In regards to claim 9, Cahna, Robinson, Suarez, Nijasure and Le in particular Cahna doesn’t explicitly teach:
at least one of the plurality of validators is further configured to scan the build artifact for compliance with legal regulations; and the respective criterion associated with the at least one of the plurality of validators is based on compliance of the build artifact with one or more legal regulations.
However, Wong teaches such use: (p. 4, [0027], see compliant software production system 10 may be implemented on a network, for example, over the Internet as a cloud-based service or hosted service, which may be accessed through a standard web service API. This means that the compliant software production system can perform a regulatory-compliant validation of a software application and then issue all of the appropriate regulatory documentation. Implementation may also include offering a platform as a service that hosts the software application and is rule compliant).
Cahna, Robison, Suarez, Nijasure, Le and Wong are analogous art because they are from the same field of endeavor, software installation.
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teaching of Cahna, Robison, Suarez, Nijasure, Le and Wong before him or her, to modify the system of Cahna, Robison, Suarez, Nijasure and Le, in particular Cahna to include the teachings of Wong, as a system for  compliant software, and accordingly it would enhance the system of Cahna, which is focused on container application execution, because that would provide Cahna with the ability to validate software compliance, as suggested by Wong (p. 4, [0027], p. 4, [0032-0033).   

11.	Claim 11  is rejected under 35 U.S.C. 103 as being unpatentable over Cahna in view of Robison in view of Suarez in view of Nijasure in view of Le in view of Wong in view of Connelly et al., U.S. 2016/0004522  (hereinafter Connelly).
In regards to claim 1, the rejections above are incorporated respectively.
  In regards to claim 11, Cahna and Robinson, in particular Cahna doesn’t explicitly teach:
verifying each of the respective digital signatures is performed by a deployment module.
However, Suarez teaches such use: (Fig. 8, see process arrow flow from Container Instance 802, Auth Service 816, Valid No/Yes 815, Telemetry Front-End Service 814) and (column 20, lines 25-34, see the telemetry front-end service 814 may validate the electronic signature of the signed message 820… In this manner, validation 815 of the signature of the telemetry data provided by the container instance 802 provides additional assurances that the telemetry has not been corrupted, replayed, or tampered with).
Cahna, Robison and Suarez are analogous art because they are from the same field of endeavor, software installation.
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teaching of Cahna, Robison and Suarez before him or her, to modify the system of Cahna and Robison, in particular Cahna to include the teachings of Suarez, as a system for container telemetry, and accordingly it would enhance the system of Cahna, which is focused on container application execution, because that would provide Cahna with the ability to verify a digital signature, as suggested by Suarez (column 20, lines 25-34, column 30, lines 48-60).   
Cahna, Robinson, Suarez, Nijasure and Le in particular Cahna doesn’t explicitly teach:
the deployment module being distinct from each of the plurality of validators.
However, Wong teaches such use: (Fig. 3, Software Application Supplier, 315 Supplier provides validated software, Compliant Software Producer, Recipe deployment tool builds supplier’s instances, Recipe deployment tool deploys software).
Cahna, Robison, Suarez, Nijasure, Le and Wong are analogous art because they are from the same field of endeavor, software installation.
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teaching of Cahna, Robison, Suarez, Nijasure, Le and Wong before him or her, to modify the system of Cahna, Robison, Suarez, Nijasure and Le, in particular Cahna to include the teachings of Wong, as a system for  compliant software, and accordingly it would enhance the system of Cahna, which is focused on container application execution, because that would provide Cahna with the ability to validate software compliance, as suggested by Wong (p. 4, [0027], p. 4, [0032-0033).   
Cahna, Robinson, Suarez, Nijasure, Le and Wong in particular Cahna doesn’t explicitly teach:
configured to perform the verifying without communicating with one or more of the plurality of validators.
However, Connelly teaches such use: (p.4, [0038], see as a result, in one example, this may facilitate a service entry device (e.g., residential wireless gateway) to run a plurality of applications independently without requiring a reinstall of driver data, configuration data, etc. and may recertify the already tested applications whenever updated application versions are released).
Cahna, Robison, Suarez, Nijasure, Le, Wong and Connelly are analogous art because they are from the same field of endeavor, software installation.
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teaching of Cahna, Robison, Robison, Suarez, Nijasure, Le , Wong and Connelly before him or her, to modify the system of Cahna, Robison, Robison, Suarez, Nijasure, Le and Wong in particular Cahna to include the teachings of Connelly, as a system for a virtualization platform, and accordingly it would enhance the system of Cahna, which is focused on container application execution, because that would provide Cahna with the ability to independently validate software, as suggested by Connelly (p.4, [0038], p. 9, [0075]).   

12.	Claims 13-16 and 18-20 are rejected under 35 U.S.C. 103 as being unpatentable over Cahna in view of Robison in view of Suarez in view of Nijasure in view of Agarwal et al., U.S. Patent No. 10,268,565 (hereinafter Agarwal) in view of Le. 
  In regards to claim 13, Cahna teaches:
A computer-implemented method for validating a build artifact, the method comprising: (column 1, lines 13-14, see a system can include a processor to receive an image ID corresponding to a container image of a container to be run) and (column 6, lines 21-40, see when the local agent 110 retrieves an image data 114 from the registry, the local agent 110 may add a signature for each file including file path in the image that identifies the file data to the image meta-data. For example, the signature may be a hash-code or any other valid signature. The local agent 110 may save the hash-code on the local file system when the image data 114 is saved. Then, when the local agent 110 attempts to read a 1st block of data from a file, the local agent 110 may check whether a file with the same hash-code was already pulled and stored locally for a different image ID… If not, the local agent 110 may continue to download the block the registry 104. In that case, the local agent 110 may mark in a global data-structure that a file with this hash-code is stored under the current image ID or at any other location on the local file system, so future accesses to this file may be served locally).
Cahna doesn’t explicitly teach:
each of the plurality of cryptographic signatures corresponds respectively to one of the plurality of public keys. 
However, Robison teaches such use (column 2, lines 48-54, see the method may proceed as follows in response to a request to load a code digest of the code digests into a memory of an information handling system: validating, using the public key, the integrity of the signed hash of the block associated with the requested code digest as a prerequisite to performing the request to load the code digest).
verifying the plurality of cryptographic signatures using the corresponding public keys. 
However, Robison teaches such use: (column 7, lines 29-33, see the signature validation/verification process outputs an indication that the signature 209 is either accepted or rejected, i.e., that the signed hash 202 was signed by the private key 204 of the developer whose paired public key 292 is being used to verify the signed hash 202).
Cahna and Robison are analogous art because they are from the same field of endeavor, software installation.
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teaching of Cahna and Robison before him or her, to modify the system of Cahna to include the teachings of Robison, as a system for validating software, and accordingly it would enhance the system of Cahna, which is focused on container application execution, because that would provide Cahna with the ability to utilize a digital signature, as suggested by Robison (column 2, lines 25-36, column 10, lines 1-9).      
Cahna and Robinson, in particular Cahna doesn’t explicitly teach:
in response to verifying the plurality of cryptographic signatures, deploying the build artifact.
However, Suarez teaches such use: (column 1, lines 8-11, see  companies and individuals have turned to these software containers for automated application deployment on virtual machine instances being remotely hosted by distributed computing systems of computing resource service providers), (Fig. 8, see process arrow flow from Container Instance 802, Auth Service 816, Valid No/Yes 815, Telemetry Front-End Service 814) and (column 20, lines 25-34, see the telemetry front-end service 814 may validate the electronic signature of the signed message 820… In this manner, validation 815 of the signature of the telemetry data provided by the container instance 802 provides additional assurances that the telemetry has not been corrupted, replayed, or tampered with). 
Cahna, Robison and Suarez are analogous art because they are from the same field of endeavor, software installation.
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teaching of Cahna, Robison and Suarez before him or her, to modify the system of Cahna and Robison, in particular Cahna to include the teachings of Suarez, as a system for container telemetry, and accordingly it would enhance the system of Cahna, which is focused on container application execution, because that would provide Cahna with the ability to verify a digital signature, as suggested by Suarez (column 20, lines 25-34, column 30, lines 48-60).   
Cahna, Robinson and Suarez, in particular Cahna doesn’t explicitly teach:   
receiving the build artifact and a corresponding manifest, 
However, Nijasure teaches such use (p. 4, [0047], see the payload 205 is an electronic file that forms the basis of the encrypted file 200. The payload 205 may include any type of electronic file, including text documents, spreadsheets, slide presentations, source code files, image files, archive files, video files, etc. The encrypted file 200 may include a single file within the payload 205) and (p. 1, [0004], see  if the data pack includes source code, the source code may be injected with the salts and keys used to encrypt or decrypt payloads of encrypted files. A server sends an access response, with the access package, to the access device that sent the access request to the server. The access device may compile the source code from the access package to generate an executable that may encrypt or decrypt payloads of encrypted files). 
the manifest including a plurality of cryptographic signatures, wherein each of the plurality of cryptographic signatures is generated by a respective validation entity.
However, Nijasure teaches such use (Abstract, see an access client may transmit an access request to a server, and the access request may be an example of a decryption request or an encryption request. The access request may include access information and file information for a file to be accessed. The server may validate the access information and generate an access package that includes a set of access keys and executable code. The access keys may be transmitted to the access client. The access client may execute the executable code and decrypt or encrypt the file. The file may include one or more data packs that include file access policies, ownership information, and file access log) and (p. 5, [0057], see the ownership information 255 may include a value for an Author ID field uniquely identifies the user that created the encrypted file 200. The value for the Author ID may be an email address, an employee identifier, a username, etc. The ownership information 255 may include an entity signature, such as a digital signature. A user of the system may be one of multiple employees of the entity. Each encrypted file generated by users for the entity may include the same entity signature, which identifies the entity as the source of the encrypted file, or multiple  entity signatures, which may identify the entity source of the encrypted file and the user that generated the encrypted file) (emphasis added). 
Cahna, Robison, Suarez and Nijasure are analogous art because they are from the same field of endeavor, software installation.
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teaching of Cahna, Robison, Suarez and Nijasure before him or her, to modify the system of Cahna, Robison and Suarez, in particular Cahna to include the teachings of Nijasure, as an encrypted file control system, and accordingly it would enhance the system of Cahna, which is focused on container application execution, because that would provide Cahna with the ability to validate software compliance, as suggested by Nijasure (p. 5, [0057], p. 25, [0319]).   
Cahna, Robinson, Suarez and Nijasure in particular Cahna doesn’t explicitly teach:
retrieving and storing a plurality of public keys; 
However, Agarwal teaches such use: (Fig. 3, Server Computer System 310, Transceiver 328) and (column 13, line 64-column 14, line 4, see the server computer system 310 may also include a transceiver program 316. The transceiver program 316 may facilitate secure communication with the client computer system and establish a secure connection between the transceiver program and an agent program 328 running on the client computer system 320. This connection may be secured, for example, through the use of a public-private key exchange, encryption, etc.).
Cahna, Robison, Suarez, Nijasure and Agarwa are analogous art because they are from the same field of endeavor, software installation.
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teaching of Cahna, Robison, Suarez, Nijasure and Agarwal before him or her, to modify the system of Cahna, Robison, Suarez and Nijasure, in particular Cahna to include the teachings of Agarwa, as a system for validation of containers, and accordingly it would enhance the system of Cahna, which is focused on container application execution, because that would provide Cahna with the ability to combine signatures, as suggested by Agarwa (column 8, lines 31-39, column 21, lines 16-28).   
Cahna, Robinson, Suarez, Nijasure and Agarwal in particular Cahna doesn’t explicitly teach:
receiving from a plurality of validators in parallel, identical copies of the build artifact and a corresponding manifest, 
However, Lee teaches such use (column 2, lines 17-41, see the multiple checks include a check based on the protection. The operations further include crosschecking fourth copies of the data received from the second paths and selectively sending, in response to crosschecking the fourth copies of the data, one or more of the fourth copies of the data via a send port to a next network element… The multiple checks include a check based on the protection. The operations further include crosschecking fourth copies of the data received from the second paths and selectively sending, in response to crosschecking the fourth copies of the data, one or more of the fourth copies of the data via a send port to a next network element) and (column 6, lines 53-58, see in some implementations, the network switch device 102 includes multiple send ports 128 (e.g., where each of the multiple send ports 128 is coupled to a corresponding path of a set of parallel paths that “branch off” from the processing section 118).
Cahna, Robison, Suarez, Nijasure, Agarwal and Le are analogous art because they are from the same field of endeavor, software installation.
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teaching of Cahna, Robison, Robison, Suarez, Nijasure, Agarwal and Le before him or her, to modify the system of Cahna, Robison, Robison, Suarez, Nijasure and Agarwal in particular Cahna to include the teachings of Le, as a system for crosschecking data, and accordingly it would enhance the system of Cahna, which is focused on container application execution, because that would provide Cahna with the ability to validate parallel data, as suggested by Le (Fig. 3, column 14, lines 33-46).   

  In regards to claim 14, Cahna doesn’t explicitly teach:
the plurality of cryptographic signatures includes at least three cryptographic signatures.
However, Robison teaches such use: (Fig. 2, 202-1 Block 1 signed hash, 202-2 Block2 Signed hash…. 202-3 Block 3 Signed hash), (column 6, lines 34-36, see at block 318, the steps described at blocks 302 through 316 may be repeated multiple times for multiple code digests by multiple code developers) and (column 10, lines 12-26, see reading a last block of a blockchain associated with a code developer having a private key and public key pair associated with the blockchain, in which each block of the blockchain includes a signed hash including a hash digest and a signature of the hash digest generated using the private key; hashing a compilation to generate a new hash digest, the compilation including the signed hash of the read last block, the public key and a new code digest; signing the new hash digest with the private key to generate a new signature; and updating the blockchain with a new block that includes a new signed hash including the new hash digest and the new signature). 
Cahna and Robison are analogous art because they are from the same field of endeavor, software installation.
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teaching of Cahna and Robison before him or her, to modify the system of Cahna to include the teachings of Robison, as a system for validating software, and accordingly it would enhance the system of Cahna, which is focused on container application execution, because that would provide Cahna with the ability to utilize a digital signature, as suggested by Robison (column 2, lines 25-36, column 10, lines 1-9).      

  In regards to claim 15, Cahna doesn’t explicitly teach:
the plurality of cryptographic signatures includes at least four cryptographic signatures.
However, Robison teaches such use: (Fig. 2, 202-1 Block 1 signed hash, 202-2 Block2 Signed hash…. 202-3 Block 3 Signed hash), (column 6, lines 34-36, see at block 318, the steps described at blocks 302 through 316 may be repeated multiple times for multiple code digests by multiple code developers) and (column 10, lines 12-26, see reading a last block of a blockchain associated with a code developer having a private key and public key pair associated with the blockchain, in which each block of the blockchain includes a signed hash including a hash digest and a signature of the hash digest generated using the private key; hashing a compilation to generate a new hash digest, the compilation including the signed hash of the read last block, the public key and a new code digest; signing the new hash digest with the private key to generate a new signature; and updating the blockchain with a new block that includes a new signed hash including the new hash digest and the new signature). 
Cahna and Robison are analogous art because they are from the same field of endeavor, software installation.
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teaching of Cahna and Robison before him or her, to modify the system of Cahna to include the teachings of Robison, as a system for validating software, and accordingly it would enhance the system of Cahna, which is focused on container application execution, because that would provide Cahna with the ability to utilize a digital signature, as suggested by Robison (column 2, lines 25-36, column 10, lines 1-9).      

  In regards to claim 16, Cahna doesn’t explicitly teach:
each of the plurality of cryptographic signatures is generated by a respective validator. 
However, Robison teaches such use: (Fig. 3, Receive new code digest developed by developer 302, read last block of code developer’s blockchain 304, compile code digest, code id, developer’s public key and signed has of last block into a compilation 306, hash compilation to generate new hash digest 308, sign new hash digest to generate a new signature 312, store new code digest in code repository 316, repeat steps for multiple code digest and multiple code developers), and (column 2, lines 25-36, see reading a last block of a blockchain associated with a code developer having a private key and public key pair associated with the blockchain, in which each block of the blockchain includes a signed hash including a hash digest and a signature of the hash digest generated using the private key; hashing a compilation to generate a new hash digest, the compilation including the signed hash of the read last block, the public key and a new code digest; signing the new hash digest with the private key to generate a new signature; and updating the blockchain with a new block that includes a new signed hash including the new hash digest and the new signature) and (column 5, line 66 – column 6, line 29, see at block 302, a developer develops a new code digest, logs into his/her account 171 of the code repository 198 and indicates a request to submit the new code digest to the code repository 198. Flow proceeds to block 304. At block 304, the code repository 198 reads the last block of the blockchain 175 associated with the developer's account, which includes the signed hash 202 of the last block. Flow proceeds to block 306. At block 306, the code repository 198 assigns a code ID to the new code digest. The code repository 198 then compiles the new code digest, the code ID (e.g., 294 of FIG. 2), the developer's public key 292, and the signed hash 202 of the last block read at block 304 into a compilation (e.g., 206 of FIG. 2). Flow proceeds to block 308. At block 308, the code repository 198 hashes the compilation 206 to generate a new hash digest… At block 312, the developer signs the new hash digest using his private key (paired with the public key) to generate a new digital signature… At block 314, the code repository 198 updates the developer's blockchain 175 with the new block that includes the new signed hash generated at block) (emphasis added). 
Cahna and Robison are analogous art because they are from the same field of endeavor, software installation.
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teaching of Cahna and Robison before him or her, to modify the system of Cahna to include the teachings of Robison, as a system for validating software, and accordingly it would enhance the system of Cahna, which is focused on container application execution, because that would provide Cahna with the ability to utilize a digital signature, as suggested by Robison (column 2, lines 25-36, column 10, lines 1-9). 
     
  In regards to claim 18, Cahna teaches:
generate a hash value corresponding to the build artifact using a hash function (column 5, lines 10-12, see the image metadata 116 may include, for example, file names, sizes and hash-codes of the files' content that form the container image) and (column 6, lines 20-31, see for example, when the local agent 110 retrieves an image data 114 from the registry, the local agent 110 may add a signature for each file including file path in the image that identifies the file data to the image meta-data. For example, the signature may be a hash-code or any other valid signature. The local agent 110 may save the hash-code on the local file system when the image data 114 is saved. Then, when the local agent 110 attempts to read a 1st block of data from a file, the local agent 110 may check whether a file with the same hash-code was already pulled and stored locally for a different image ID).
Cahna doesn’t explicitly teach:
the verifying comprises verifying the plurality of cryptographic signatures using the hash value.
However, Robison teaches such use: (column 7, lines 33-43, see as an additional verification, the loader 197 may verify the integrity of the code digest 173 by compiling the code digest 173, its code ID 294, the developer's public key 292, and the signed hash 202 of the previous block in the blockchain into a compilation, hash the  compilation using the same cryptographic hash function used by the code repository 198 to create the signed hashes of the blockchains, and compare the resulting hash digest with the hash digest of the signed hash of the block of the blockchain associated with the code digest 173 to verify that they match).
Cahna and Robison are analogous art because they are from the same field of endeavor, software installation.
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teaching of Cahna and Robison before him or her, to modify the system of Cahna to include the teachings of Robison, as a system for validating software, and accordingly it would enhance the system of Cahna, which is focused on container application execution, because that would provide Cahna with the ability to utilize a digital signature, as suggested by Robison (column 2, lines 25-36, column 10, lines 1-9).  
    
  In regards to claim 19, Cahna and Robinson, in particular Cahna doesn’t explicitly teach:
in response to a failure to verify any one of the plurality of cryptographic signatures, prohibiting deployment of the build artifact.
However, Suarez teaches such use: (column 20, lines 35-38, see in the event that the signed message 820 cannot be validated (e.g., the message was corrupted during transmission, the message was tampered with, the signing key expired, etc.), the telemetry front-end service 814 may discard the signed message 820) and (Fig. 8, see process arrow flow from Container Instance 802, Auth Service 816, Valid No/Yes 815, Telemetry Front-End Service 814).  
generating a log entry corresponding to the failure in a log.
However, Suarez teaches such use: (column 15, lines 29-37, see in the event of a failure, such as a host failure, techniques of the present disclosure known as “checkpointing” may be employed to ensure that processing of telemetry data can be resumed without losing data and with little to no duplicated work. Checkpointing effectively keeps track of the progress of the telemetry data 520A-20C so that if components of the system fail, data can be replayed/resent from the point of the most recent checkpoint).
Cahna, Robison and Suarez are analogous art because they are from the same field of endeavor, software installation.
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teaching of Cahna, Robison and Suarez before him or her, to modify the system of Cahna and Robison, in particular Cahna to include the teachings of Suarez, as a system for container telemetry, and accordingly it would enhance the system of Cahna, which is focused on container application execution, because that would provide Cahna with the ability to verify a digital signature, as suggested by Suarez (column 20, lines 25-34, column 30, lines 48-60).   
  In regards to claim 20, Cahna teaches:
A system for validating a build artifact, comprising: a memory storing instructions and a database that includes the artifact; and a processor operatively connected to the memory and configured to execute the instructions to perform a plurality of operations, including: (column 1, lines 13-14, see a system can include a processor to receive an image ID corresponding to a container image of a container to be run) and (column 6, lines 21-40, see when the local agent 110 retrieves an image data 114 from the registry, the local agent 110 may add a signature for each file including file path in the image that identifies the file data to the image meta-data. For example, the signature may be a hash-code or any other valid signature. The local agent 110 may save the hash-code on the local file system when the image data 114 is saved. Then, when the local agent 110 attempts to read a 1st block of data from a file, the local agent 110 may check whether a file with the same hash-code was already pulled and stored locally for a different image ID… If not, the local agent 110 may continue to download the block the registry 104. In that case, the local agent 110 may mark in a global data-structure that a file with this hash-code is stored under the current image ID or at any other location on the local file system, so future accesses to this file may be served locally).
each validator is configured to: generate a respective hash value associated with the build artifact using a respective hash function (column 5, lines 10-12, see the image metadata 116 may include, for example, file names, sizes and hash-codes of the files' content that form the container image) and (column 6, lines 20-31, see for example, when the local agent 110 retrieves an image data 114 from the registry, the local agent 110 may add a signature for each file including file path in the image that identifies the file data to the image meta-data. For example, the signature may be a hash-code or any other valid signature. The local agent 110 may save the hash-code on the local file system when the image data 114 is saved. Then, when the local agent 110 attempts to read a 1st block of data from a file, the local agent 110 may check whether a file with the same hash-code was already pulled and stored locally for a different image ID).
add the respective cryptographic signature to the build artifact: (column 6, lines 21-24, see when the local agent 110 retrieves an image data 114 from the registry, the local agent 110 may add a signature for each file including file path in the image that identifies the file data to the image meta-data).
Cahna doesn’t explicitly teach:
determine whether the build artifact meets a respective criterion; and in response to a determination that the build artifact meets the respective criterion, generate a respective cryptographic signature based on the respective hash value.
However, Robison teaches such use: (Fig. 3, Receive new code digest developed by developer 302, read last block of code developer’s blockchain 304, compile code digest, code id, developer’s public key and signed has of last block into a compilation 306, hash compilation to generate new hash digest 308, sign new hash digest to generate a new signature 312, store new code digest in code repository 316, repeat steps for multiple code digest and multiple code developers), and (column 2, lines 25-36, see reading a last block of a blockchain associated with a code developer having a private key and public key pair associated with the blockchain, in which each block of the blockchain includes a signed hash including a hash digest and a signature of the hash digest generated using the private key; hashing a compilation to generate a new hash digest, the compilation including the signed hash of the read last block, the public key and a new code digest; signing the new hash digest with the private key to generate a new signature; and updating the blockchain with a new block that includes a new signed hash including the new hash digest and the new signature) and (column 5, line 66 – column 6, line 29, see at block 302, a developer develops a new code digest, logs into his/her account 171 of the code repository 198 and indicates a request to submit the new code digest to the code repository 198. Flow proceeds to block 304. At block 304, the code repository 198 reads the last block of the blockchain 175 associated with the developer's account, which includes the signed hash 202 of the last block. Flow proceeds to block 306. At block 306, the code repository 198 assigns a code ID to the new code digest. The code repository 198 then compiles the new code digest, the code ID (e.g., 294 of FIG. 2), the developer's public key 292, and the signed hash 202 of the last block read at block 304 into a compilation (e.g., 206 of FIG. 2). Flow proceeds to block 308. At block 308, the code repository 198 hashes the compilation 206 to generate a new hash digest… At block 312, the developer signs the new hash digest using his private key (paired with the public key) to generate a new digital signature… At block 314, the code repository 198 updates the developer's blockchain 175 with the a new block that includes the new signed hash generated at block) (emphasis added). 
verifying each of the respective cryptographic signatures.
However, Robison teaches such use: (column 7, lines 29-33, see the signature validation/verification process outputs an indication that the signature 209 is either accepted or rejected, i.e., that the signed hash 202 was signed by the private key 204 of the developer whose paired public key 292 is being used to verify the signed hash 202).
Cahna and Robison are analogous art because they are from the same field of endeavor, software installation.
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teaching of Cahna and Robison before him or her, to modify the system of Cahna to include the teachings of Robison, as a system for validating software, and accordingly it would enhance the system of Cahna, which is focused on container application execution, because that would provide Cahna with the ability to utilize a digital signature, as suggested by Robison (column 2, lines 25-36, column 10, lines 1-9).      
Cahna and Robinson, in particular Cahna doesn’t explicitly teach:
in response to verifying the respective cryptographic signatures, deploying the build artifact. 
However, Suarez teaches such use: (Fig. 8, see process arrow flow from Container Instance 802, Auth Service 816, Valid No/Yes 815, Telemetry Front-End Service 814) and (column 20, lines 25-34, see the telemetry front-end service 814 may validate the electronic signature of the signed message 820… In this manner, validation 815 of the signature of the telemetry data provided by the container instance 802 provides additional assurances that the telemetry has not been corrupted, replayed, or tampered with). 
Cahna, Robison and Suarez are analogous art because they are from the same field of endeavor, software installation.
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teaching of Cahna, Robison and Suarez before him or her, to modify the system of Cahna and Robison, in particular Cahna to include the teachings of Suarez, as a system for container telemetry, and accordingly it would enhance the system of Cahna, which is focused on container application execution, because that would provide Cahna with the ability to verify a digital signature, as suggested by Suarez (column 20, lines 25-34, column 30, lines 48-60).   
Cahna, Robinson and Suarez in particular Cahna doesn’t explicitly teach:
retrieving and storing a plurality of public keys.
However, Agarwal teaches such use: (Fig. 3, Server Computer System 310, Transceiver 328) and (column 13, line 64-column 14, line 4, see the server computer system 310 may also include a transceiver program 316. The transceiver program 316 may facilitate secure communication with the client computer system and establish a secure connection between the transceiver program and an agent program 328 running on the client computer system 320. This connection may be secured, for example, through the use of a public-private key exchange, encryption, etc.).
Cahna, Robison, Suarez and Agarwa are analogous art because they are from the same field of endeavor, software installation.
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teaching of Cahna, Robison, Suarez and Agarwal before him or her, to modify the system of Cahna, Robison and Suarez, in particular Cahna to include the teachings of Agarwa, as a system for validation of containers, and accordingly it would enhance the system of Cahna, which is focused on container application execution, because that would provide Cahna with the ability to combine signatures, as suggested by Agarwa (column 8, lines 31-39, column 21, lines 16-28).   
Cahna, Robinson and Suarez, in particular Cahna doesn’t explicitly teach:   
receiving a manifest associated with the build artifact, wherein the manifest includes each of the respective cryptographic signatures.  
However, Nijasure teaches such use (Abstract, see an access client may transmit an access request to a server, and the access request may be an example of a decryption request or an encryption request. The access request may include access information and file information for a file to be accessed. The server may validate the access information and generate an access package that includes a set of access keys and executable code. The access keys may be transmitted to the access client. The access client may execute the executable code and decrypt or encrypt the file. The file may include one or more data packs that include file access policies, ownership information, and file access log) and (p. 5, [0057], see the ownership information 255 may include a value for an Author ID field uniquely identifies the user that created the encrypted file 200. The value for the Author ID may be an email address, an employee identifier, a username, etc. The ownership information 255 may include an entity signature, such as a digital signature. A user of the system may be one of multiple employees of the entity. Each encrypted file generated by users for the entity may include the same entity signature, which identifies the entity as the source of the encrypted file, or multiple entity signatures, which may identify the entity source of the encrypted file and the user that generated the encrypted file) (emphasis added). 
Cahna, Robison, Suarez and Nijasure are analogous art because they are from the same field of endeavor, software installation.
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teaching of Cahna, Robison, Suarez and Nijasure before him or her, to modify the system of Cahna, Robison and Suarez, in particular Cahna to include the teachings of Nijasure, as an encrypted file control system, and accordingly it would enhance the system of Cahna, which is focused on container application execution, because that would provide Cahna with the ability to validate software compliance, as suggested by Nijasure (p. 5, [0057], p. 25, [0319]).   
Cahna, Robinson, Suarez, Nijasure and Agarwal in particular Cahna doesn’t explicitly teach:
transmitting an identical copy of the build artifact to each of a plurality of validators.  
However, Lee teaches such use (Fig. 3, Provide first copies of the data to multiple parallel first paths 304, At each of the first paths, perform a check on a first copy of the date and generate a protection for the first copy of the data 306).
Cahna, Robison, Suarez, Nijasure, Agarwal and Le are analogous art because they are from the same field of endeavor, software installation.
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teaching of Cahna, Robison, Robison, Suarez, Nijasure, Agarwal and Le before him or her, to modify the system of Cahna, Robison, Robison, Suarez, Nijasure and Agarwal in particular Cahna to include the teachings of Le, as a system for crosschecking data, and accordingly it would enhance the system of Cahna, which is focused on container application execution, because that would provide Cahna with the ability to validate parallel data, as suggested by Le (Fig. 3, column 14, lines 33-46).   

13.	Claim 17 is rejected under 35 U.S.C. 103 as being unpatentable over Cahna in view of Robison in view of Suarez in view of Nijasure in view of Agarwal in view of Le in view of Shoens in view of Shoens U.S. 2013/0325824.
  In regards to claim 13, the rejections above are incorporated respectively.
  In regards to claim 17, Cahna, Robinson, Suarez, Nijasure, Agarwal and Le in particular Cahna doesn’t explicitly teach:
prior to receiving the build artifact, each of the plurality of cryptographic signatures is generated in parallel by a respective validator.
However, Shoens teaches such use: (p. 8, [0076], see the source and target replicated file… may be stored on different volumes, and parallel processes can be used to efficiently generate the signatures in a substantially concurrent manner).
Cahna, Robison, Suarez, Nijasur, Agarwa, Le and Shoens are analogous art because they are from the same field of endeavor, software installation.
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teaching of Cahna, Robison, Suarez, Nijasure, Agarwa, Le and Shoens before him or her, to modify the system of Cahna, Robison, Suarez, Nijasure, Agarwa and Le, in particular Cahna to include the teachings of Shoens, as an offline verification system, and accordingly it would enhance the system of Cahna, which is focused on container application execution, because that would provide Cahna with the ability to validate software signatures, as suggested by Shoens ((p. 8, [0076],  p. 11, [0108]).   
Conclusion
14.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
US Patent Application Publications

Jiang et al.,  		20210064417

Suarez et al., 	10725775

15. 	Any inquiry concerning this communication or earlier communications from the examiner should be directed to Evral Bodden whose telephone number is 571-272-3455.  The examiner can normally be reached on Monday to Friday, 8:30 to 5:00.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Chat Do can be reached on 571-272-3721.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/EVRAL E BODDEN/Primary Examiner, Art Unit 2193