DETAILED ACTION
Office Action Summary
Instant application claims 10/22/2020.
Claims 1-20 are pending in the instant application.
Claims 1-20 are rejected under 35 USC § 102.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1-20 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Haghighat et al. (US Pre-Grant Publication No: 2021/0263779) hereinafter referred to as Haghighat.

As per claims 1, 10 and 18, Haghighat teaches receiving, by a computer system, a serverless function; (Haghighat, [0005] and figure 2A, teaches “the serverless service platform 203 has a serverless services manager 203a to receive the serverless function code 201”)
executing, by the computer system, the serverless function within a container-based application environment; (Haghighat, [0005] and figure 2A, teaches “receives serverless function code 201 uploaded by a computer application developer, and executes the function code 201 triggered by a corresponding event”)
capturing, by the computer system, first data associated with the execution of the serverless function, using a monitoring component executing within the container-based application environment; (Haghighat, [0005] and figure 2A, teaches “For example, the security and access manager 203c may verify access to various computer resources and/or privileges associated with executing the serverless function code 201.”)
comparing, by the computer system, the first data to second data associated with one or more previous executions of the serverless function; and (D1, [0152] teaches “FIG. 2B shows examples of components 200 (200a-200b) of an enhanced FaaS system 202 as described herein. Comparing with the challenges associated with the existing FaaS services such as the one shown in FIG. 2A:)
determining, by the computer system, a runtime security threat associated with the serverless function, based on comparing the first data to second data. (D1, [0005], teaches “The serverless service platform 203 may also include a security and access manager 203c, and one or more storage services 203d. The security and access manager 203c is responsible for providing security in executing the serverless function code 201. For example, the security and access manager 203c may verify access to various computer resources and/or privileges associated with executing the serverless function code 201”)

As per claim 2, D1 teaches wherein the container-based application environment is based on a hybrid cloud deployment model associated with the serverless function. (D1, [0005])

As per claims 3 and 11, D1 teaches wherein executing the serverless function comprises emulating, within the container-based application environment: a software library invoked during the execution of the serverless function; a user permission associated with the execution of the serverless function; and an invoking context associated with the execution of the serverless function. (D1, [0151])

As per claims 4 and 12, and 19 D1 teaches wherein comparing the first data to second data comprises: providing the first data to a machine-learned model trained based on data captured during a plurality of previous executions of the serverless function; and receiving an output from the machine-learned model, wherein the output identifies a likelihood that the serverless function is associated with a runtime security threat. (D1, [0156])

As per claims 5 and 13, D1 teaches wherein the first data includes: one or more input values provided to the serverless function; one or more output values generated by the serverless function; and one or more runtime parameters captured during the execution of the serverless function. (D1, [0005])

As per claims 6 and 14, D1 teaches wherein capturing the first data comprises: capturing a first value for a runtime parameter associated with the serverless function, in response to determining that a first time interval has elapsed during the execution of the serverless function; and capturing a second value for the runtime parameter, in response to determining that a second time interval has elapsed during the execution of the serverless function, wherein the second time interval is greater than the first time interval. (D1, [0820])

As per claims 7 and 15, D1 teaches further comprising: receiving a second serverless function, wherein the second serverless function is invoked by the execution of the serverless function; and executing the second serverless function within the container-based application environment, concurrently with the execution of the serverless function, wherein the first data includes data generated by the execution of the serverless function and data generated by the execution of the second serverless function. (D1, [0179])

As per claims 8 and 16, D1 teaches wherein executing the serverless function comprises providing an input to the serverless function during execution, by the monitoring component of the container-based application environment, and capturing the first data comprises receiving an output from the serverless function during execution, by the monitoring component of the container-based application environment. (D1, [0005])

As per claims 9, 17 and 20, D1 teaches wherein the monitoring component of the container- based application environment is configured to receive data from and provide data to the serverless function via at least one of network layer 2 or network layer 3. (D1, [1085])

Other Art of Record
Dunham et al. (US Patent No: 11513833 ) teaches “FIG. 8 is a flowchart illustrating an example process for serverless function trigger event notification that may be used in accordance with the present disclosure. The process of FIG. 8 is initiated at operation 810, at which an interface (e.g., event interface 400 of FIGS. 4-5) receives, from a container that executes a serverless function of a serverless application, a request for notifications of occurrences of a triggering event for the serverless function.”
Segal et al. (US Pre-Grant Publication No: 20210329003) teaches “[0045] At block 403, the security access broker begins evaluating privilege(s) of each serverless function. The evaluations involve comparing indicated least privilege(s) for a serverless function with resource accesses by the serverless function from historical executions of the serverless function instance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SIMON P KANAAN whose telephone number is (571)270-3906.  The examiner can normally be reached on M-F (7AM-4PM).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on (571) 272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/SIMON P KANAAN/Primary Examiner, Art Unit 2492