DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Information Disclosure Statement
No information disclosure statement(s) (IDS) was filed before the mailing date of this office action.  Accordingly, no information disclosure statement is being considered by the examiner.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1-4, 9-13 and 18-20 are rejected under 35 U.S.C. 102(a)(l)(a)(2) as being anticipated by US PG-PUB No. US 2019/0163559 A1 to Takahashi et al. (hereinafter “Takahashi”)
Regarding claim 1:
Takahashi discloses:
An Information Handling System (IHS) (¶06: “…  a computer system for preventing application container failure between replicated containers …”), the IHS comprising: 
a processor (¶45: “… one or more processor(s) …”); and 
a memory (¶45: “… a memory 306 …”) coupled to the processor (see Fig. 3 memory 306 coupled to processor(s) 304), the memory having program instructions stored thereon (¶48: “Program instructions for CFP program 101 be stored in the persistent storage 308 …  for execution by one or more of the respective computer processors 304 via one or more memories of the memory 306.”) that, upon execution, cause the IHS to:
receive, from a first local management agent (¶20: “… container engine 120 …”, see Fig. 1) configured to provide a first workspace (¶24: “… container 131 …”, see Fig. 1) in a fleet of workspaces (¶22: “… containers 131, 141, and 161 … containers 132, 142, and 162 …”), an indication that the first workspace has suffered a security compromise (¶24: “…  container 131 in pod 130 temporarily goes down …”, ¶14: “… detect potential failures of replicated applications, such as security holes … ”), wherein the first workspace is instantiated based upon a first workspace definition (¶22: “… replica pod 130 … a pod encapsulates one or more application containers, storage resources, a unique network IP, and options that govern how the container(s) within the pod should run.”); and 
in response to the indication (¶24: “…  if container 131 in pod 130 temporarily goes down …”), transmit a second workspace definition (¶22: “… replica pod 160 …”, ¶24: “… replication controller 175 may start up an identical copy of container 131.”) to a second local management agent (¶20: “… container engine 150 …”) configured to provide a second workspace (¶32: “… container 161 …”) in the fleet of workspaces, wherein the second workspace is instantiated based upon the first workspace definition (¶22: “…  containers 131 … and 161 are identical copies of each other.”), and wherein the second local management agent is configured to instantiate a third workspace (see Fig. 1, Container 162 is configured to be instantiated by container engine 150) based upon the second workspace definition (see Fig. 1, Container 162 within Replica Pod 160 (second workspace definition)).  
Regarding claim 2:
Takahashi discloses: 
The IHS of claim 1, wherein the indication comprises the absence of a heartbeat, token, or handshake from the first local management agent (¶24: “…  container 131 in pod 130 temporarily goes down …”, ¶32: “… CFP program 101 identifies that the application in replica pod 130 is inactive, whereas the applications running in replica pods 140 and 160 are active.”).  
Regarding claim 3:
Takahashi discloses: 
The IHS of claim 1, wherein the program instructions, upon execution, further cause each local management agent instantiating a respective workspace in the fleet of workspaces to be identified in or associated with the first and second workspace definitions (¶22: “… containers 132 (instantiated by the first workspace definition- Replica Pod 130) … and 162 (instantiated by the second workspace definition- Replica Pod 160) are identical copies of each other.”).  
Regarding claim 4:
Takahashi discloses: 
The IHS of claim 1, wherein the security compromise comprises at least one of: 
a denial-of-service (DoS) attack (¶24: “…  container 131 in pod 130 temporarily goes down …”), a man-in-the-middle (MitM) attack, a phishing attack, a drive-by attack, a password attack, an SQL injection attack (¶33: “… a query string parameter of a URI is the root cause of the anomaly.”), a cross-site scripting (XSS) attack, an eavesdropping attack, or a malware attack.  
Regarding claim 9:
Takahashi discloses: 
The IHS of claim 1, wherein the second local management agent is configured to terminate the second workspace (¶24: “… if the first container comes back online, replication controller 175 will remove one of the duplicate copies.”).  
Regarding claim 10:
Takahashi discloses: 
The IHS of claim 1, wherein the second local management agent (¶20: “… container engine 150 …”) is configured to migrate a context of the second workspace (¶32: “… container 161 …”) onto the third workspace (Fig. 1, Container 162) (¶22: “… the containers within each replica pod are identical (containers 161 and 162 are within replica pod 160, so they are identical).”).
Regarding claims 11-13:
Claims 11 and 12-13 substantially recite the same limitations as claims 1 and 3-4, respectively, in the form of a memory storage device for storing program instructions, therefore they are rejected by the same rationale.
Regarding claim 18:
Takahashi discloses: 
The memory storage of claim 11, wherein the program instructions, upon execution, further cause the HIS to terminate the first workspace (¶24: “… if container 131 … goes down, replication controller 175 may start up an identical copy of container 131 … if the first container comes back online, replication controller 175 will remove one of the duplicate copies.”).  
Regarding claim 19:
Takahashi discloses: 
The memory storage of claim 11, wherein the program instructions, upon execution, further cause the HIS to migrate (¶20: “… container engine 150 …”) a context of the first workspace (Fig. 1, container 131) onto the third workspace (Fig. 1, Container 162) (¶22: “… the containers within each replica pod are identical (containers 161 and 162 are within replica pod 160, so they are identical) …  containers 131 … and 161 are identical copies of each other (indicating a context of container 131 is migrated onto container 162).”).
Regarding claim 20:
Claim 20 substantially recites the same limitation as claim 1 in the form of a method to be executed by program instructions stored in, therefore it is rejected by the same rationale.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 5-7 and 14-16 are rejected under 35 U.S.C. 103 as being unpatentable over Takahashi, and further in view of US-PGPUB No. 2009/0249337 A1 to Vasilevsky et al. (hereinafter “Vasilevsky”)
Regarding claim 5:
Takahashi discloses the IHS of claim 1, but does not disclose the following limitation taught by Vasilevsky: 
wherein the first local management agent is configured to indicate that the first workspace has suffered the security compromise in response to a failed authentication of at least one of: 
a key derivation function (KDF), a nested hash, a blockchain, a one-time-password (OTP) algorithm, prime factoring, a monotonic counter, or a public key infrastructure (PKI) challenge-response protocol (Vasilevsky, ¶165: “… the WEE may authenticate the user based upon local data … authenticating the user may result in the WEE receiving a PKI key pair.”, ¶173: “… the mobile computer may destroy the secured workspace volume 524 or workspace if a certain number of sequential login attempts fail.”).  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the system of Takahashi to incorporate the functionality of the Workspaces Execution Engine (WEE) to authenticate users by using username and password, or using local data, and receiving a PKI key pair from a management system, as disclosed by Vasilevsky, such modification of using PKI would provide the system to avoid third party authentication server needs since users maintain their own certificates.
Regarding claim 6:
Takahashi discloses the IHS of claim 1, but does not disclose the following limitation taught by Vasilevsky:
wherein the second workspace definition has a smaller attack surface than the first workspace definition (Vasilevsky, ¶185: “… a user may have a workspace for work-related use and workspace for home-related use …The administrator may apply a constraint to this workspace, the constraint limiting the user's ability to install an application into the workspace. This constraint may not apply to the home-related workspace, which the user locally manages.”).
The same motivation which is applied to claim 5, is applied to claim 6.
Regarding claim 7:
Takahashi discloses the IHS of claim 1, but does not disclose the following limitation taught by Vasilevsky:
wherein the second workspace definition comprises at least one modified: 
minimum security score for a workspace, authentication requirement (Vasilevsky, ¶177: “… creation of workspace policies may include … activating and authenticating policies …”), isolation requirements, ability to access a browser (Vasilevsky, ¶172: “… the WEE may redirect the user's web browser to a webpage providing a remote desktop of the user's workspace that is now running on the server.”), ability to transfer data between workspaces, the ability to extend a workspace.   
The same motivation which is applied to claim 5, is applied to claim 7.
Regarding claims 14-16:
Claims 14-16 substantially recite the same limitations as claims 5-7, respectively, in the form of a memory storage device for storing program instructions, therefore they are rejected by the same rationale.
Claims 8 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Takahashi, and further in view of US-PGPUB No. 2018/0270125 A1 to Jain et al. (hereinafter “Jain”)
Regarding claim 8:
Takahashi discloses the IHS of claim 1, but does not disclose the following limitation taught by Jain: 
wherein the second local management agent is configured to instantiate the third workspace in the absence of any indication that the second workspace has suffered the security compromise (Jain, ¶78-79: “… management node 222 can add an amount of capacity available … by adding one or more additional containers and/or one or more additional replicate containers. … can deploy the one or more additional containers, based on applying the load balancing technique.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the system of Takahashi to incorporate the functionality of the management node to deploy one or more replicate containers based on load balancing, as disclosed by Jain, such modification would provide the system with protection against DDoS attacks.
Regarding claim 17:
Claim 17 substantially recites the same limitation as claims 8, in the form of a memory storage device for storing program instructions, therefore it is rejected by the same rationale.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Goel (US-PGPUB No. 2019/0235897 A1)- disclosed a computer-implemented method for updating containers by identifying an application container that is instantiated from a static application container image and that isolates a user space of an application that executes within the application container from other software on a host system while sharing a kernel space with the other software and  identifying ancillary code that is designed to modify execution of the application executing in the application container.
Bhalotra et al. (USPAT No. 10397255-B1)- disclosed a distributed computation system utilizing application containers that includes a container security platform with a management module which controls the launch, provisioning, management, monitoring, communication, security scanning and policy computation of all modules and services across the entire system. 
Chatterjee et al. (US-PGPUB No. 20070124373 A1)- disclosed system, methods and apparatus which provide the ability to create a template for the collaborative workspace that allows a user such as a workspace administrator the ability to quickly define a new workspace for a specific collaborative project.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MATTHIAS HABTEGEORGIS whose telephone number is (571)272-1916. The examiner can normally be reached M-F 8am-5pm ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok B Patel can be reached on (571)272-3972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/M.H./Examiner, Art Unit 2491        

                                                                                                                                                                                                /ASHOKKUMAR B PATEL/Supervisory Patent Examiner, Art Unit 2491