DETAILED ACTION

Continued Examination Under 37 CFR 1.114

A request for continued examination under 37 CFR 1.114 was filed in this application after a decision by the Patent Trial and Appeal Board, but before the filing of a Notice of Appeal to the Court of Appeals for the Federal Circuit or the commencement of a civil action. Since this application is eligible for continued examination under 37 CFR  1.114 and the fee set forth in 37 CFR 1.17(e) has been timely paid, the appeal has been withdrawn pursuant to 37 CFR 1.114 and prosecution in this application has been reopened pursuant to 37 CFR 1.114. Applicant’s submission filed on 11 November 2022 has been entered.
By the above submission, Claims 1, 9, and 14 have been amended.  No claims have been added or canceled.  Claims 1-21 are currently pending in the present application.

Response to Amendment

The amendments to the specification do not clearly comply with the requirements of 37 CFR 1.121(b)(3) and 1.125(c).  Applicant has not submitted a clear instruction to replace the specification as required by 37 CFR 1.121(b)(3)(i).  Further, the substitute specification does not comply with the requirement of 37 CFR 1.125(c) that the marked-up substitute specification include markings showing all changes relative to the immediate prior version of the specification (noting that amendments to the specification were filed on 01 October 2018, 07 May 2019, and 06 January 2020, and these amendments were entered, and further noting additional amendments to the specification were filed on 29 May 2020 and 15 June 2020, but these amendments were not entered).  The substitute specification does not reflect the amendments that were entered previously.  Additionally, the marked-up and clean versions of the substitute specification are not consistent with each other at least in terms of having different paragraph numbering.  It is further noted that as per MPEP § 714(II)B, if a paragraph is deleted, the numbering of subsequent paragraphs should remain unchanged, and added paragraphs should be numbered using increasing decimal numbers, e.g. 0025.01-0025.12.  Still further, neither the clean nor the marked-up copy of the substitute specification complies with 37 CFR 1.52(b)(5) which requires that the pages of the specification must be numbered consecutively, starting with 1.  The substitute specification should be separate from the amendment document.
The amendments to the claims do not clearly comply with the requirements of 37 CFR 1.121(c) that amended claims must include markings showing the changes made relative to the immediate prior version of the claims.  In particular, at least Claim 14 appears to include text that is marked as added with underlining but which was previously present in the claim.
Applicant is reminded that all future submissions must fully comply with the requirements of 37 CFR 1.121.

Response to Arguments

Applicant's arguments filed 11 November 2022 have been fully considered but they are not persuasive.
Regarding the objections to the drawings with respect to Figures 1, 2, 8, 9A, and 9B and the requirement of a Prior Art label, although Applicant argues that the figures illustrate problems in the art in accordance with 37 CFR 1.83(b) and show the connection of the invention therewith (pages 62-63 of the present response), it is noted that 37 CFR 1.83(b) explicitly discusses that which is old, as described in the objection to the figures.  Put another way, only what is conventional is shown in the figures subject to the objection.  Figures 1 and 2 depict general examples of cloud computing environments (see paragraphs 0040, 0041, and 0052, for example), and Figures 8, 9A, and 9B depict general examples of devices (see paragraphs 0083 and 0087, for example), none of which is clearly tied to the present invention.  Figure 9A, in particular, is explicitly described as “conventional” (see paragraph 0088).  Applicant provides no evidence or explanation of examples of inventive features shown in any of these figures.  Again, the elements in each of Figures 1, 2, 8, 9A, and 9B are described in a generic manner, and there is nothing in these figures that ties them to the particular features of the invention as described or claimed.  Therefore, only that which is old or conventional is illustrated, and must be labeled as such.  The objection is maintained as set forth below.
Regarding the rejection of Claims 1-20 under 35 U.S.C. 103 as unpatentable over Ettema et al, US Patent 9495188, in view of Traut et al, US Patent 7313793, and with particular reference to amended independent Claim 1, Applicant argues that the art of record does not teach or suggest operating system level virtualization software containers and that this precludes virtual machines (pages 61-62 of the present response).  However, first, it is noted that Applicant has defined the term “application containers” as previously recited in the claims to refer to “operating-system-level virtualization containers” (see paragraph 0002 of the present specification).  Therefore, this amendment does not change the scope of the claims because the specification indicates that the term “application containers” already referred to operating system level virtualization containers.  Because the scope has not changed, the rejection as affirmed by the Board is maintained, and this action is made final as set forth below.
It is noted that Applicant cited the Board’s contention that the previous arguments did not point to any claim limitations which would “preclude the use of known prior art virtual machine techniques” (page 61 of the present response, citing page 8 of the Decision mailed 11 October 2022) but then concluded that the claims as amended would preclude “virtual machines” (rather than techniques used with virtual machines, see pages 61-62 of the present response).  This does not follow from the Board’s reasoning.  As set forth in the previous Office actions and the Board’s Decision, the techniques of Ettema and Traut that are described in the context of virtual machines could also be used in the context of containers (which as described above are operating system level software virtualization containers).  See pages 8-9 of the Office action mailed 06 October 2020, setting forth that the terms “virtual machine” and “container” can be used interchangeably, suggesting that techniques applicable to virtual machines could also be applied to containers; see also at least pages 6-9 of the Examiner’s answer mailed 06 May 2021, citing, for example, paragraph 0062 of the present specification, which acknowledges that the described technologies can be used with a range of environments using software containers or virtual machines, again suggesting that techniques applicable to virtual machines could also be applied to containers; see further section D of the Decision mailed 11 October 2022, describing that additional evidence cited by Applicant also supported that virtual machines and containers could be used interchangeably and do not conflict with the suggestion that virtual machine techniques could be used with containers.  
With reference to independent Claims 19 and 20, Applicant argues that the claims include similar limitations as Claim 1 and should be allowable for the same reasons (page 62 of the present response).  However, Claims 19 and 20 have not been amended and do not include the subject matter relied upon in the arguments above, regardless of whether such arguments may be persuasive.  Claims 19 and 20 are identical to the claims whose rejection was affirmed by the Board (see the Decision mailed 11 October 2022).
Applicant does not appear to have acknowledged or addressed the rejection of Claim 21 under 35 U.S.C. 103 as unpatentable over Ettema and Traut, and further in view of Reybok, Jr. et al, US Patent 10686805.  As per 37 CFR 1.111(b), Applicant must reply to every ground of objection and rejection in the prior Office action.
Therefore, for the reasons detailed above, the Examiner maintains the rejections as set forth below.

Drawings

The objection to Figures 1, 2, 8, 9A, and 9B is NOT withdrawn for the reasons detailed above.
Figures 1, 2, 8, 9A, and 9B should be designated by a legend such as --Prior Art-- because only that which is old is illustrated.  See MPEP § 608.02(g).  Corrected drawings in compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid abandonment of the application. The replacement sheet(s) should be labeled “Replacement Sheet” in the page header (as per 37 CFR 1.84(c)) so as not to obstruct any portion of the drawing figures. If the changes are not accepted by the examiner, the applicant will be notified and informed of any required corrective action in the next Office action. The objection to the drawings will not be held in abeyance.

Specification

The objections to the disclosure for informalities is NOT withdrawn because not all issues have been addressed, as detailed below.  As noted above, the substitute specification does not comply with 37 CFR 1.121(b)(3), 1.125(c), and 1.52(b)(5).  Applicant is hereby required to submit a replacement substitute specification in compliance with all of the above requirements.
The disclosure is objected to because of the following informalities:  
As noted above, the amendments to the specification have not been entered.
The ordering of the sections is unclear.  Although Applicant previously proposed to delete paragraphs 0005-0016 and add corresponding new paragraphs 0025.1-0025.12, the heading “Brief Description of the Drawings” appeared to remain after paragraph 0004, and the new paragraphs 0025.1-0025.12 do not have a heading indicating that they provide the brief description of the drawings.  See also MPEP § 608.01(a) and 37 CFR 1.77(b) setting forth the order and section headings.
A replacement substitute specification must be filed with the next response, or other amendments to the specification fully in compliance with 37 CFR 1.121(b)(1) or (2) to make the ordering and section headers clear.
Appropriate correction is required.  Applicant’s cooperation is again requested in correcting any other errors of which applicant may become aware in the specification.

Claim Objections

Claims 3, 14, 15, 17, and 18 are objected to because of the following informalities:  
In Claim 3, line 2, the comma after “wherein” should be deleted or replaced by a colon.
In Claim 14, lines 7-8, it appears that the reference to “the application containers” should instead refer to the singular application container recited in line 6, because there is not sufficient antecedent basis for plural containers in this claim.  The recitations of an application container in line 6 and the application container in lines 7, 9, 10, and 12-13, as well as the recitations of the application container in Claim 15, line 3; Claim 17, lines 3-5; and Claim 18, lines 2-5; and the plural application containers in Claim 14, lines 7-8, should be made consistent throughout these claims.  Compare to independent Claims 1 and 9.
Appropriate correction is required.

Claim Rejections - 35 USC § 103

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Ettema et al, US Patent 9495188, in view of Traut et al, US Patent 7313793.
In reference to Claim 1, Ettema discloses a method that includes gathering security threat intelligence in a network of application containers (see column 4, lines 20-39; column 9, lines 12-40; column 10, line 25-column 11, line 5; see also column 19, line 48-column 20, line 60, noting that the virtual machines are equivalent to the claimed containers, and that the network is in a cloud, i.e. distributed); correlating the automatically identifying an application container that is affected by the security threat and determining a threat level on the application container (column 34, line 27-column 35, line 5); and applying a threat mitigation policy based on the threat level (column 34, line 64-column 35, line 1, remediation).  However, although Ettema generally discloses use of a clone (column 32, lines 48-60), Ettema does not explicitly disclose spawning a clone to test security fixes.  
Traut discloses a method that includes spawning a clone of an application container, testing one or more fixes on the clone, and deploying the clone as a replacement if the testing is successful (see column 4, lines 55-62, virtual machine is replicated and a patch can be tested on non-production fork and applied to the original after testing; again, virtual machine is equivalent to the claimed container).  Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Ettema by including the use of the cloned/forked virtual machine as in Traut, in order to allow application of patches with limited risk (see Traut, column 4, lines 58-60).
While Ettema and Traut describe virtual machines and do not explicitly use the term “application container” or “operating-system-level virtualization software containers”, it is noted that Applicant defines these two terms as equivalent (paragraph 0002 of the present specification), and further, Official notice is taken that it is well-known in the art that the terms “container” and “virtual machine” can be used interchangeably.  For example, see More et al, US Patent 7814494 (cited in the Office action mailed 01 May 2020), which uses the term “virtual machine” as an example of a type of container (see column 4, lines 11-14); see also Groetzner et al, US Patent 8365182 (cited in the Office action mailed 01 May 2020), which uses the term “virtual machine” as an example of a container (see column 1, lines 45-48).  Therefore, the disclosures in Ettema and Traut of virtual machines, which are a type of container, read on the recited claim limitations of containers.  Stated another way, it would have been obvious to one of ordinary skill before the effective filing date of the claimed invention to apply to application containers the teachings of Ettema and Traut related to virtual machines. 
In reference to Claims 2 and 3, Ettema and Traut further disclose gathering external intelligence from plural feeds, processing a vulnerability report, and analyzing local indicators of compromise, and correlating the threat intelligence with indicators of compromise that include communication with known domains (Ettema, column 34, line 27-column 35, line 5; column 10, lines 25-55).
In reference to Claims 4-6, Ettema and Traut further disclose gathering information related to the operating environment of the container and applying the information when determining the threat level (see Ettema, column 4, lines 20-39; column 9, lines 12-40; column 10, lines 25-55; column 34, line 27-column 35, line 5) and applying information relating to the operating environment to the clone (see Traut, column 4, lines 55-62).
In reference to Claim 7, Ettema and Traut further disclose determining that a patch is available and deploying the patch (Ettema, column 34, line 64-column 35, line 1; Shinohara, column 2, lines 18-32).
In reference to Claim 8, Ettema and Traut further disclose applying a threat mitigation policy by hardening an access policy, encrypting a database, suspending a service, or shutting down the affected container (see Ettema, column 21, lines 10-21).

Claims 9-13 are directed to systems having functionality corresponding to the methods of Claims 1, 4-6, and 8, respectively, and are rejected by a similar rationale.
Claims 14-18 are directed to software implementations of the methods of Claims 1, 4-6, and 8, and are rejected by a similar rationale.

In reference to Claim 19, Ettema discloses a method that includes identifying a security threat for an application container based on threat intelligence and an indicator (see column 4, lines 20-39; column 9, lines 12-40; column 10, lines 25-55, noting that the virtual machines are equivalent to the claimed containers) and identifying an application container that is affected by the security threat (column 34, line 27-column 35, line 5).  However, although Ettema generally discloses use of a clone (column 32, lines 48-60), Ettema does not explicitly disclose spawning a clone to test security fixes.
Traut discloses a method that includes spawning a clone of an application container, testing one or more fixes on the clone, and deploying the clone as a replacement if the testing is successful (see column 4, lines 55-62, virtual machine is replicated and a patch can be tested on non-production fork and applied to the original after testing; again, virtual machine is equivalent to the claimed container).  Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Ettema by including the use of the cloned/forked virtual machine as in Traut, in order to allow application of patches with limited risk (see Traut, column 4, lines 58-60).
While Ettema and Traut describe virtual machines and do not explicitly use the term “application container”, Official notice is taken that it is well-known in the art that the terms “container” and “virtual machine” can be used interchangeably.  For example, see More et al, US Patent 7814494 (cited in the Office action mailed 01 May 2020), which uses the term “virtual machine” as an example of a type of container (see column 4, lines 11-14); see also Groetzner et al, US Patent 8365182 (cited in the Office action mailed 01 May 2020), which uses the term “virtual machine” as an example of a container (see column 1, lines 45-48).  Therefore, the disclosures in Ettema and Traut of virtual machines, which are a type of container, read on the recited claim limitations of containers.  Stated another way, it would have been obvious to one of ordinary skill before the effective filing date of the claimed invention to apply to application containers the teachings of Ettema and Traut related to virtual machines, as affirmed by the Board (see Decision mailed 11 October 2022).

In reference to Claim 20, Ettema discloses a method that includes gathering threat intelligence and correlating the threat intelligence with local indicators of compromise to identify an application container affected by a security threat (see column 4, lines 20-39; column 9, lines 12-40; column 10, lines 25-55; column 34, line 27-column 35, line 5, noting that the virtual machines are equivalent to the claimed containers).  However, although Ettema generally discloses use of a clone (column 32, lines 48-60), Ettema does not explicitly disclose spawning a clone to test security fixes.  
Traut discloses a method that includes spawning a clone of an application container, testing one or more fixes on the clone, and deploying the clone as a replacement if the testing is successful (see column 4, lines 55-62, virtual machine is replicated and a patch can be tested on non-production fork and applied to the original after testing; again, virtual machine is equivalent to the claimed container).  Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Ettema by including the use of the cloned/forked virtual machine as in Traut, in order to allow application of patches with limited risk (see Traut, column 4, lines 58-60).
While Ettema and Traut describe virtual machines and do not explicitly use the term “application container”, Official notice is taken that it is well-known in the art that the terms “container” and “virtual machine” can be used interchangeably.  For example, see More et al, US Patent 7814494 (cited in the Office action mailed 01 May 2020), which uses the term “virtual machine” as an example of a type of container (see column 4, lines 11-14); see also Groetzner et al, US Patent 8365182 (cited in the Office action mailed 01 May 2020), which uses the term “virtual machine” as an example of a container (see column 1, lines 45-48).  Therefore, the disclosures in Ettema and Traut of virtual machines, which are a type of container, read on the recited claim limitations of containers.  Stated another way, it would have been obvious to one of ordinary skill before the effective filing date of the claimed invention to apply to application containers the teachings of Ettema and Traut related to virtual machines, as affirmed by the Board (see Decision mailed 11 October 2022).

Claim 21 is rejected under 35 U.S.C. 103 as being unpatentable over Ettema and Traut as applied to Claim 1 above, and further in view of Reybok, Jr. et al, US Patent 10686805.
Ettema and Traut disclose everything as detailed above with respect to Claim 1 (noting the disclosure of applying a threat mitigation policy based on the threat level, see Ettema, column 34, line 64-column 35, line 1, as previously cited).  However, neither Ettema nor Traut explicitly discloses applying additional threat mitigation policies in response to an escalating threat level.  Reybok discloses a method that includes applying a threat mitigation policy and additional threat mitigation policies cumulatively in response to an escalating threat level (see column 13, line 12-column 14, line 16, discussing increases in scores or threat levels and taking additional actions in an iterative manner; see also column 26, lines 37-62, discussing remedial measures in response to increased threat scores).  Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to further modify the method of Ettema and Traut by including the additional mitigation policies as taught by Reybok, in order to provide a more robust response against a higher level of threat (see Reybok, column 13, line 12-column 14, line 16) and provide a quick response to threats (see Reybok, column 4, lines 31-63).

Conclusion

All claims are either identical to or patentably indistinct from claims in the application prior to the entry of the submission under 37 CFR 1.114 (that is, restriction would not be proper) and all claims could have been finally rejected on the grounds and art of record in the next Office action if they had been entered in the application prior to entry under 37 CFR 1.114. Accordingly, THIS ACTION IS MADE FINAL even though it is a first action after the filing of a request for continued examination and the submission under 37 CFR 1.114.  See MPEP § 706.07(b). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Zachary A Davis whose telephone number is (571)272-3870. The examiner can normally be reached Monday-Friday, 9:30am-6:00pm, Eastern Time.
Examiner interviews are available via telephone and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on (571) 272-4006. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/Zachary A. Davis/Primary Examiner, Art Unit 2492