Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 9/29/2022 has been entered.

Response to Amendment
This is in response to the amendments filed on 9/29/2022 Claims 1, 8, 9, 11-14, and 16-18 have been amended. Claim 15 has been canceled. Claims 1-4, 8-14, and 16-24 are currently pending and have been considered below. 

Response to Arguments
Applicant’s arguments with respect to claim(s) 1 and 13 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-4, 8-14, and 16-24 is/are rejected under 35 U.S.C. 103 as being unpatentable over “Joy” (US 7509497) in view of “Conikee” (US 2019/0171846) in further view of “Sawhney” (US 2018/0121659).

Regarding Claim 1:
Joy teaches:
A non-transitory computer readable medium including instructions that, when executed by at least one processor, cause the at least one processor to perform operations for maintaining and accessing security metadata associated with a … service (Fig. 9; Abstract, “Prior to execution, an application is authenticated, and security information associated with the application is retrieved … The security information may include a principle account associated with the application, a list of group accounts, and a corresponding privilege list”), the operations comprising: 
generating a modifiable security metadata (Fig. 5, steps 514 & 516; Here, the examiner interprets both the security information and token as being portions of the claimed “security metadata”) associated with the … service (Col. 2, lines 35-38, “Once identified, the security information is included in a token that is generated for the application. The application is then launched and its corresponding token is attached”), the modifiable security metadata being separate from an executable portion of the … service (Col. 2, lines 35-38, “The application is then launched and its corresponding token is attached”; i.e., the token is initially detached from the application) and defining a plurality of security attributes of the …service (Fig. 3 details the token as containing a plurality of security attributes associated with the application) …; 
wherein the plurality of security attributes include one or more of: 
a security grade level for the … service (Fig. 3, element 304; Col. 4, lines 67 & Col. 5, lines 1-5, “As discussed previously, the token may include a principal account and a list of group accounts of which the application is a member. At step 716, the accounts listed in the token are referenced against an access control list for the secured object to determine whether the accounts are authorized to access the secured object”; i.e., include information pertaining to the level of access the associated application has towards a secured object the application may be trying to access), 
a security sensitive operation that the … service is programmed to perform, 
a function classification for the … service, and 
an idempotence property for the … service; 
accessing the security metadata (Fig. 7, step 712); and 
analyzing the security metadata (Fig. 7, step 714; Col. 4, lines 66-67 & Col. 5, lines 1-2, “At step 714, the accounts listed in the token are identified”) to determine  whether to perform a control action for the … service (Fig. 7, step 716 determines whether to proceed to step 720 or not).
Joy does not disclose:
…at least one processor to perform operations for maintaining and accessing security metadata associated with a micro service… 
… the modifiable security metadata being based on static and dynamic analysis of the microservice and an identification of a type of a number of the security attributes to include in the modifiable security metadata;
Conikee teaches:
…at least one processor to perform operations for maintaining and accessing security metadata associated with a micro service (¶0099, “… the method may additionally include appending sensitive data metadata when communicating with other processes (e.g. in a microservice or a service oriented architecture environment). The sensitive data metadata preferably includes the sensitive data classification and/or score along with any suitable contextual information such as data flow information, data transformations and the like. Appending sensitive data metadata can be used so that multiple services can coordinate sensitive data management. For example, different microservices or applications may communicate sensitive data information so that management and handling of sensitive data can continue across and outside a single application”; i.e., maintaining and accessing security metadata associated with a micro service or an application)… 
	Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Joy’s application security system by enhancing Joy’s method of authorization an application request via the maintenance, accessing, and generation of security metadata to further apply to micro services as well, as taught by Conikee, in order to provide the same application-level protection to various types of applications, such as micro services.
	The motivation is to expand capability of Joy’s application security system by applying the authorization of an application to a micro service as well, based on metadata maintained, access, and generated for the micro service. This allows Joy’s system to be integrated within more modern-day programming environments that take advantage of service-oriented design, thus providing security to many additional programming environments.
Joy in view of Conikee does not disclose:
… the modifiable security metadata being based on static and dynamic analysis of the microservice and an identification of a type of a number of the security attributes to include in the modifiable security metadata;
Sawhney teaches:
… the modifiable security metadata (¶0016, “Once generated, the application information model can then be used to generate security policies for a software application …”; i.e., generate a modifiable security policy based on an application information model) being based on static and dynamic analysis of the microservice (¶0016, “To build an exhaustive application information model, several application analysis techniques are combined, such as static analysis of source code and/or a binary image of the application, dynamic analysis of a running application in an instrumented environment… ”) and an identification of a type and a number of the security attributes to include in the modifiable security metadata (¶0016, “These security-relevant behaviors may be grouped under different classes such as system calls, messaging, software and/or hardware interrupts, storage, file system, and/or network interactions, client requests and responses, remote procedure calls, and others”; i.e., include different types and a number of different security attributes within the application information model);
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Joy in view of Conikee’s application security system by enhancing Joy in view of Conikee’s security metadata to be generated based on a static and dynamic analysis of a microservice in addition to being based on a type of number of various security attributes, as taught by Sawhney, in order to improve the security of the microservice.
	The motivation is to provide a unified, comprehensive application model by combining multiple analysis techniques and security features, which can be used for creating security policies that enhance protection from advanced application-layer attacks (Sawhney, ¶0026).

Regarding Claim 2:
Joy in view Conikee in further view of Sawhney teaches:
The non-transitory computer readable medium of claim 1, …
Joy does not disclose:
… wherein the security grade level defines a group of identities permitted to access the micro service.
Conikee teaches:
… wherein the security grade level defines a group of identities permitted to access the micro service (Conikee, ¶0093, “The sensitive data policy may include information on how security measures should be enforced on the data. The sensitive data policy may include any level of abstraction or control over enforcing security measures as desired. Examples of different levels of control from the sensitive data policy may include: … general policies (e.g. communicate with external systems only over a secure network)”; i.e., the sensitive data policy defines that only external systems having a secure network may communicate with the micro service).	
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Joy’s application security system by enhancing Joy’s security grade level to define a group of entities capable of accessing a micro service application, as taught by Conikee, in order to enforce policy decisions to reduce vulnerabilities of the application.
	The motivation is to reduce application-level vulnerabilities from being exposed by defining, using a policy, that only a group of entities having a secure connection may access a micro service application. 

Regarding Claim 3:
The non-transitory computer readable medium of claim 1, wherein Joy in view of Conikee in further view of Sawhney teaches the security grade level defines a group of identities that the micro service is permitted to access (Joy, Col. 4, lines 67 & Col. 5, lines 1-5, “As discussed previously, the token may include a principal account and a list of group accounts of which the application is a member. At step 716, the accounts listed in the token are referenced against an access control list for the secured object to determine whether the accounts are authorized to access the secured object”).

Regarding Claim 4:
The non-transitory computer readable medium of claim 1, wherein Joy in view of Conikee in further view of Sawhney teaches the security grade level defines a degree of sensitivity of the micro service (Joy, Col. 5, lines 10-14, “If the accounts are referenced as authorized accounts in the access control list, then, at step 718, the application is granted access to the secured object. If the accounts are not referenced as authorized accounts in the access control list, then, at step 720, the application is denied access to the secured object”; i.e., the number of accounts that the application belongs to define the degree of access the application has towards accessing various secured objects -- the more groups leads to the more access available for the application).

Regarding Claim 8:
The non-transitory computer readable medium of claim 1, wherein Joy in view of Conikee in further view of Sawhney teaches the modifiable security metadata is stored separate from an executable file of the micro service (Joy, Col. 4, lines 22-25, “At step 514, token generator 416 retrieves the application's corresponding security information. The security information may be retrieved from account database 412 via account database server 414”).

Regarding Claim 9:
The non-transitory computer readable medium of claim 1, wherein Joy in view of Conikee in further view of Sawhney teaches the modifiable security metadata is stored in a common arrangement (Joy, Col. 4, lines 22-25, “At step 514, token generator 416 retrieves the application's corresponding security information. The security information may be retrieved from account database 412 via account database server 414”) that includes a plurality of sets of security metadata associated with a plurality of micro services (Col. 4, lines 1-5, “Account database 412 stores security information, which may include a list of applications and their corresponding principal accounts, group accounts, and privileges”).

Regarding Claim 10:
Joy in view of Conikee in further view of Sawhney teaches:
The non-transitory computer readable medium of claim 9,  …
Joy does not disclose:
… wherein the control action is performed on two or more of the plurality of micro services based on a shared attribute from the plurality of security attributes.
Conikee teaches:
… wherein the control action is performed on two or more of the plurality of micro services (Conikee, ¶0099, “Appending sensitive data metadata can be used so that multiple services can coordinate sensitive data management. For example, different microservices or applications may communicate sensitive data information so that management and handling of sensitive data can continue across and outside a single application”) based on a shared attribute from the plurality of security attributes (Conikee, ¶0099, “In this way some forms of sensitive data (e.g., low sensitivity data) can be communicated to a cooperating application with some level of assurance the application can support proper sensitive data management”).
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Joy’s application security system by enhancing Joy’s system to report vulnerabilities of multiple multi service applications sharing a common security attribute, such as sensitive data levels, as taught by Conikee, in order to allow for better coordination of sensitive data management between the applications.
	The motivation is to reduce application-level vulnerabilities from being exposed by coordinating between a plurality of micro service applications via utilizing a shared security level. 

Regarding Claim 11:
The non-transitory computer readable medium of claim 1, wherein Joy in view of Conikee in further view of Sawhney teaches the modifiable security metadata is invoked at runtime of the micro service (Joy, Fig. 7 details the token being retrieved and invoked upon the application requesting access to a secure object at runtime).

Regarding Claim 12:
The non-transitory computer readable medium of claim 1, wherein Joy in view of Conikee in further view of Sawhney teaches the modifiable security metadata is invoked independent of runtime of the micro service (Joy, Fig. 5 details retrieving security information and generating a corresponding token (both steps reading on the term “invoking”) independent of runtime of the associated application).

Regarding Claim 13:
Method claim 13 corresponds to non-transitory computer readable medium claim 1 and contains no further limitations. Therefore claim 13 is rejected by applying the same rationale used to reject claim 1 above.

Regarding Claim 14:
The computer-implemented method of claim 13, wherein Joy in view of Conikee in further view of Sawhney teaches the modifiable security metadata is manually generated and associated with the micro service (Conikee, Figure 4, step s110; ¶0073, “In some variations, identifying sensitive data S110 may incorporate multiple code policies… In some preferred variations the code policy is user editable such that an end user or administrator may add, remove, or change terms in the code policy; and add, remove, or change characterizations of the terms within the code policy”).
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Joy’s application security system by enhancing Joy’s system to enable a user to manually add, remote, or change security information terms, as taught by Conikee, in order to better customize security information to dynamic micro services.
	The motivation is to enable the manual editing of security information associated with a micro service application in order to allow an administrator to quickly modify the security information as the micro service application changes in operational scope. 

Regarding Claim 16:
Joy in view of Conikee in further view of Sawhney disclose:
The computer-implemented method of claim 13, 
Joy does not disclose:
… the static analysis includes scanning the source code and identifying a keyword from the code.
Conikee teaches:
… the static analysis includes scanning the source code and identifying a keyword from the code (Conikee, Figure 4, step s112).
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Joy’s application security system by enhancing Joy’s system to perform static code analysis to generate security information for a microservice, as taught by Conikee, in order to find and characterize locations of sensitive information within the code.
	The motivation is to generate security information for a microservice application by performing static code analysis on the application such that sensitive information can be located and protected prior to execution of the application.

Regarding Claim 17:
The computer-implemented method of claim 16, wherein Joy in view of Conikee in further view of Sawhney teaches the static analysis includes determining, based on the keyword, at least one of the plurality of security attributes for the micro service (Conikee, ¶0061, “Identifying sensitive data Silo preferably includes processing a semantic description of data in an application code S112 and characterizing the sensitive data S114”; ¶0062, “Processing a semantic description of data in an application S112 can preferably detect multiple data objects (or simple data variables) in the application code as sensitive data. Block S112 may detect the sensitive data through the semantics that are used with code elements and code commentary associated with the data object”).
The motivation to reject claim 17 is the same motivation applied to reject claim 16 above.

Regarding Claim 18:
The computer-implemented method of claim 13, wherein Joy in view of Conikee in further view of Sawhney teaches the modifiable security metadata is generated based on a dynamic behavior analysis (Conikee, Figure 4, step s120).
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Joy’s application security system by enhancing Joy’s system to perform a dynamic behavior analysis to generate security information for a micro service application, as taught by Conikee, in order to find and characterize the locations of sensitive information.
	The motivation is to generate security information for a micro service application by performing a dynamic analysis, such that sensitive information that may not be readily accessible can be found and protected during execution of the application.

Regarding Claim 19:
The computer-implemented method of claim 18, wherein Joy in view of Conikee in further view of Sawhney teaches the dynamic behavior analysis includes monitoring activity of the micro service and determining a pattern of activity of the micro service (Conikee, Figure 4, step s122).
The motivation to reject claim 19 is the same motivation applied to reject claim 18 above.

Regarding Claim 20:
The computer-implemented method of claim 19, wherein Joy in view of Conikee in further view of Sawhney teaches the pattern of activity identifies specific functions performed by the micro service (Conikee, ¶0076, “Block S120, which includes monitoring flow of the data during application runtime, functions to track and analyze utilization of data elements of the application. Monitoring flow of the data during application runtime S120 preferably tracks and analyzes sensitive data during the application runtime but may additionally follow other data elements and interaction”).
The motivation to reject claim 20 is the same motivation applied to reject claim 18 above.

Regarding Claim 21:
The computer-implemented method of claim 19, wherein Joy in view of Conikee in further view of Sawhney teaches the pattern of activity identifies specific computer resources accessed by the micro service (Conikee, ¶0076, “Block S120, which includes monitoring flow of the data during application runtime, functions to track and analyze utilization of data elements of the application. Monitoring flow of the data during application runtime S120 preferably tracks and analyzes sensitive data during the application runtime but may additionally follow other data elements and interaction … Monitoring flow of the data during application runtime S120 may include monitoring input/output calls, monitoring input and output data associated with the input/output calls, monitoring activity with various types of data, and monitoring function calls”).
The motivation to reject claim 21 is the same motivation applied to reject claim 18 above.

Regarding Claim 22:
The computer-implemented method of claim 19, wherein Joy in view of Conikee in further view of Sawhney teaches the pattern of activity identifies a sequence of operations performed by the micro service (Conikee, ¶0076, “Monitoring flow of the data during application runtime S120 may include monitoring input/output calls, monitoring input and output data associated with the input/output calls, monitoring activity with various types of data, and monitoring function calls”).
The motivation to reject claim 22 is the same motivation applied to reject claim 18 above.

Regarding Claim 23:
The computer-implemented method of claim 13, wherein Joy in view of Conikee in further view of Sawhney teaches the control action includes blocking activity of the micro service (Joy, Fig. 7, step 720).

Regarding Claim 24:
The computer-implemented method of claim 13, wherein Joy in view of Conikee in further view of Sawhney teaches the control action includes reporting activity of the micro service for analysis of potentially malicious activity (Conikee, ¶0078, “A runtime agent can have different modes of operation during application execution, monitoring the data and/or execution flow, detecting potential sensitive data leaks, enforcing certain rules and actions on sensitive data, and/or reporting those occurrences”).
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Joy’s application security system by enhancing Joy’s system to report vulnerabilities that may lead to potential sensitive data leaks, as taught by Conikee, in order to provide an administrator of the system with enough warning to address the vulnerabilities.
	The motivation is to provide ample time for an administrator to address potential issues with micro service applications that may lead to malicious activity by reporting occurrences when sensitive data leaks are located.

Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DANIEL B POTRATZ whose telephone number is (571)270-5329.  The examiner can normally be reached on M-F 10 A.M. - 6 P.M. CST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 571-272-3972.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/DANIEL B POTRATZ/Primary Examiner, Art Unit 2491