DETAILED ACTION

Status of Claims

This action is in reply to the communication filed on 11/18/2020.
Claim 19 has been cancelled.
Claims 1-18 are currently pending and have been examined.

	Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
Applicant’s arguments filed 11/18/2020 have been considered but are not persuasive for the reasons described below.

On pg. 7 of the Remarks, Applicant essentially argues:
“Escandell discloses the process of loading kernel modules (equivalent to KEXTs) into the kernel. Escandell discloses that an ELF (Executable and Linkable Format) is loaded from the user space into a block of temporary memory allocated to hold the entire ELF. One of skill in the art would understand that memory in a modern operating system divides the virtual memory into user space and kernel space. That is, the user space is any part of the memory not assigned to the operating system kernel. One of skill in the art also understands that only a portion of the user space is allocated to an application. Other applications have access to other portions of the user space. Modern Operating systems sandbox applications such that they can only access a portion of the memory assigned to them and cannot access the data of other applications to avoid a malicious application from accessing restricted data or corrupting 

The portion of user-space occupied by the ELF KLM is the address space of the process which “defines the module to load and invokes the appropriate init_module user-space system call to begin the loading process” (¶0027) where it is stored in a data buffer, a pointer (location) to which is provided in the call to init_module1. The ELF image is subsequently copied into the kernel from this location by the kernel function load_module  via “copy_from_user”. Accordingly, the combination set forth in the rejections substituting the KEXT loading method in the embodiment of Halvorsen at pg. 430-431 with the insmod/init_module technique of Escandell teaches:
 “In some cases, it may be desirable to load the KEXT on demand, rather than at system boot. For example, in the case of a VPN (Virtual Private Network) application, it may come with a KEXT to handle a custom network level encryption scheme or install a virtual VPN interface. This KEXT is only needed for as long as the application remains active. Having it active wastes memory resources, and loading it at boot may potentially impact startup time. Furthermore, since the KEXT interacts with the network stack, it may actually get in the way and impact the system's network performance. In this case, the application may wish to load and unload the KEXT dynamically. This can be achieved by [the application executing instructions to “define the [KEXT] to load (copy the assembly to an application data space) and invoke the init_module user-space system call (send a register request to a service with a location of the assembly in the application data space) to begin the loading process”]

Followed by the reciprocal actions performed by the load_module function to copy and load the KEXT/KLM into the kernel as shown in the rejections.

“The Linux interface for loading kernel modules has had (since kernel 2.6.0) the following form:
int init_module(void *module_image, unsigned long len, 
const char *param_values);
The caller supplies the ELF image of the to-be-loaded module via the memory buffer pointed to by module_image; len specifies the size of that buffer. (The param_values argument is a string that can be used to specify initial values for the module's parameters.)
The main users of init_module() are the insmod and modprobe commands. However any privileged user-space application (i.e., one with the CAP_SYS_MODULE capability) can load a module in the same way that these commands do, via a three-step process: opening a file that contains a suitably built ELF image, reading or mmap()ing the file's contents into memory, and then calling init_module().”

On pg. 7 of the Remarks, Applicant further argues:
“Further, as disclosed by Escandell, the load_module which copies the ELF into a temporary portion of user space is executed by the kernel (see paragraph 29 of Escandell) rather than the application.”

Examiner notes load_module copies the ELF from user space to a temporary portion of the kernel memory (explicitly stated in ¶0032 and inherent to the “copy_from_user” function2) 




“In the claimed invention, the version mismatch of the application and the service functions is prevented by including a package containing the necessary service functions in the application (see paragraph 26 of the Present Application). Each application can carry the appropriate version of the service functions…Halvorsen in view of Escandell fail to disclose or suggest the combination of a) the application including an assembly of at least one service function binary”
 
Halvorsen discloses a number of examples of bundling KEXTs with corresponding application software, including in the primary embodiment relied upon in the combination: 
“In some cases, it may be desirable to load the KEXT on demand, rather than at system boot. For example, in the case of a VPN (Virtual Private Network) application, it may come with a KEXT to handle a custom network level encryption scheme or install a virtual VPN interface.” (pg. 430, last para.)

“Rarely will you distribute only the KEXT itself; it often requires additional bundled software. For example, a computer graphics card may be delivered with a system preferences pane, a framework used to access the device's special features, applications for upgrading firmware, and perhaps bundled applications that show off the card's capabilities like games” (pg. 429, para. 1).

See also pg. 434-441, sect. “Packaging KEXTs and Software” for additional examples and relevant discussion.
For the reasons described above, Applicant’s arguments regarding the combination of Halvorsen and Escandell are unpersuasive, and the rejections have been maintained.




Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1, 2, 5, 8, 11-13, and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Halvorsen et al. (OS X and iOS Kernel Programming) in view of Escandell (US 2012/0005445 A1).

Claims 1, 2 and 13:
Halvorsen discloses the limitations as shown in the rejections below.
Regarding the overall mapping between major claim elements and elements of Halverson:
An information handling system comprising: a hardware processor executing an application [user application, particularly application specialized/specific to driver/device that manages device settings/preferences]…an application data space [user space]…an assembly [kernel extension (KEXT)/device driver] of at least one service function binary…a service [kernel]…memory location used by the service [kernel space] (see pg. 2-3; pg. 12, last para.).
Regarding hardware device [subsystem] access and the privileges of the two types of memory locations (“copying” limitations discussed below in view of Escandell), Halvorsen discloses: 
the application limited to a subset of allowable APIs or limited to user level privileges, the service function [KEXT/device driver functions] binary executable to change an operation of the subsystem [hardware device]…the application data space [user space] accessible by the application, wherein code executed from the application data space does not have sufficient access privileges to change the operation of the subsystem…memory location [kernel space] used by the service [kernel], wherein code executed from the memory location by the service is executable with sufficient access privileges to hardware and system level components to change the operation of the subsystem (see at least pg. 1; pg. 2, para. 1; pg. 3, para. 1-3; pg. 6-7, § Operating System Services; pg. 13, para. 1)
“the code required to support each hardware component is packaged into a special type of kernel extension known as a driver (pg. 2, para. 1)…Any code that runs as part of the kernel, such as driver code, is said to run in "kernel space." Code that runs in kernel space is granted privileges that standard user applications do not have, such as the ability to directly read and write to hardware devices…the standard application code that users work with are said to run in "user space." Software that runs in user space has no direct access to hardware. Therefore, to access hardware, user code must send a request to the kernel…the kernel provides its own set of APIs (pg. 3, para. 1-3)…The kernel is a privileged process and has the ability to perform operations that are not available to user processes, but are necessary for configuring the system. When control transfers to the kernel, such as following a system call, the CPU enters a privileged mode while kernel code is executed and then drops back to restricted privileges before returning to the user process (pg. 7, para. 1)…Programs that are run by the user cannot touch hardware without calling upon services provided by the operating system. In handling services that involve peripheral hardware devices, the operating system may need to call functions provided by the driver of that device” (pg. 13, para. 1).

(Claims 2 and 13 specific) each service function binary including instructions that when executed by the service perform a service [kernel/OS] level task to change an operation of the subsystem as required by the application (In addition to citations above, see pg. 1: “applications that users run rely on services provided by the operating system to perform tasks while they execute…kernel extensions [are] code that provides services to applications”)
Regarding applications particularly configured to provide a user interface for configuring hardware, Halvorsen discloses:
an application [user application specialized/specific to driver/device that manages device settings/preferences] including instructions to provide a user interface [“preferences pane”] for configuring a subsystem of the information handling system (see pg. 429, first para: “KEXT often requires additional bundled software. For example…a system preferences pane”; pg. 414, § Kernel Control KPI, para. 2; pg. 430-431, § Loading Preferences and Settings; pg. 12, last para.). Exemplary quotations:

“The KPI is intended to allow a user space program to control and configure a KEXT. For example, let's say you had implemented a custom firewall NKE (Network Kernel Extension). You could then use the kernel control API to tell your firewall which addresses or ports it should block traffic from” (pg. 414, § Kernel Control KPI, para. 2).

“Many drivers may need some user-configurable per-device preferences or settings. For example, an audio device may have settings to control output volume level…you must implement a user-space application to handle this for you…If the settings are specific to an application that uses the driver or device exclusively, you can manage the settings from the application itself and optionally restore the settings to a previous state once the application exits. The helper program or daemon may be able to run with the privileges of a normal user if the user client or kernel control it interacts with permits it” (pg. 430-431, § Loading Preferences and Settings).

Regarding handling a call from the application to a driver function in the kernel to access/configure hardware, Halvorsen discloses:
the application configured to: …send a service call for the service function binary to the service; the service configured to: …receive the service call from the application; and execute the requested service function binary and return the result to the application (see at least pg. 6-7, § Operating System Services; pg. 12, last para.; pg. 13, para. 1). Exemplary quotations: 



See additionally pg. 69-98, “Chapter 5: Interacting with Drivers from Applications” for an exhaustive description of the “different mechanisms through which a driver can provide its services to user space applications” (pg. 69).
Regarding the application sending a register request and the service loading the service function (these limitations discussed further below in view of Escandell), Halvorsen discloses:
the application configured to…send a register request (request KEXT load) to the service… the service configured to: …receive the register request from the application; load the service function binary (see at least pg. 430, last para. – pg. 431, para. 2; pg. 11, § “Hardware and Drivers”, para. 2; pg. 415-416, § Kernel Control Registration)
“Driver code is loaded into the operating system kernel and is granted the same privileges as the rest of the kernel, including the ability to directly access hardware” (pg. 11, § “Hardware and Drivers”, para. 2).

“it may be desirable to load the KEXT on demand, rather than at system boot. For example, in the case of a VPN (Virtual Private Network) application, it may come with a KEXT to handle a custom network level encryption scheme or install a virtual VPN interface. This KEXT is only needed for as long as the application remains active. Having it active wastes memory resources, and loading it at boot may potentially impact startup time...In this case, the application may wish to load and unload the KEXT dynamically. This can be achieved by using a script like the preceding one” (pg. 430, last para. – pg. 431, para. 2)


service) where the KEXT/driver is loaded into kernel space with HW access privileges, but does not elaborate the low-level memory operations or specific details of the process and does not specifically disclose first copying the assembly to an application data space followed by the register request specifying the location of the assembly in the application data space and copying the assembly from the application data space into the kernel.
Escandell, however, is directed to kernel loadable module (KLMs) (assembly including at least one service function) such as the KEXTs disclosed by Halvorsen. From Escandell ¶0012 (emphasis added):
“In computing, a kernel loadable module (KLM) or Kernel Module (KMOD) is an object file that contains code to extend the running kernel, or "base kernel", of an operating system with a modular kernel. For example, most current Unix-like systems and Microsoft Windows support kernel loadable modules, although they might use a different name for them, such as "kernel extension" ("kext") in the Apple Macintosh OS X. KLMs are typically used to add support for new hardware and/or file systems, or for adding system calls.”

Escandell further discloses (¶0027-0033) low-level details of a KLM/KEXT load process which includes defining the module in user space (copy the assembly to an application data space) and performing an init_module system call (send a register request to kernel/service), which implicitly includes the address location of the assembly in the application data space (emphasis added and [text] inserted to show mapping to claim language): 
“The process of KLM loading may be initiated in user space, for example, by using the UNIX insmod (insert module) function. In one embodiment, the insmod command defines the module to load [copy the assembly to an application data space] and invokes the appropriate init_module user-space system call [send a register request to a service] to begin the loading process. The init_module function then works through the system call layer and into the kernel [receive the register request from the application] to a kernel function such as sys_init_module. The sys_init_module function represents the primary function for module loading (¶0027)…When the kernel function sys_init_module is called, it begins with a bring the module into the kernel and perform the necessary configuration (¶0029)…KLMs may follow the Executable and Linkable Format (ELF). The internal details of module loading are ELF module parsing and manipulation. The load_module function begins by allocating a block of temporary memory to hold the entire ELF module. The ELF module is then read from user space into the temporary memory using the function copy_from_user [copy the assembly from the application data space to a memory location used by the service] (¶0030)...Any optional KLM arguments are loaded from user space into another allocated block of kernel memory, and the module state is updated to indicate that the KLM is being loaded (¶0031)… Previously, the KLM sections were loaded into kernel (temporary) memory, and it is known which are persistent and which can be removed. The next step is to allocate the final location for the module in memory and move the necessary sections (indicated in the ELF headers by SHF_ALLOC, or the sections that occupy memory during execution) [load the service function binary]” (¶0032).

For the load_module function to copy the module from user space inherently requires the location in user space memory where it is stored which arguably must have been supplied with the init_module call, but for completeness of record Examiner refers to the “init_module(2)  Linux man page”3 to make this teaching explicit.
It would have been obvious to one of ordinary skill in the art at the time the application was filed to substitute the KEXT load function of Halvorsen with the Linux “insmod”4 load function described by Escandell as it represents the simple substitution of one kernel extension/module load function with an equivalent with predictable results. 

Claim 8:
Halvorsen discloses the limitations as shown in the following rejections:
an assembly [kernel extension (KEXT)/device driver] including at least one service function having instructions that when executed by a service [OS kernel] perform a service level [kernel level] task required by an application to change an operation of a subsystem [hardware device] of an information handling system; and the application limited to a subset of allowable APIs or limited to user level privileges…an application data space [user space, “copying” further discussed below in view of Escandell], the application data space accessible by the application, wherein code executed from the application data space does not have sufficient access privileges to change the operation of the subsystem (see at least pg. 1; pg. 2, para. 1; pg. 3; pg. 6-7, § Operating System Services; pg. 13, para. 1)
“An important role of the operating system is to manage the computer's hardware resource…the code required to support each hardware component is packaged into a special type of kernel extension known as a driver (pg. 2, para. 1)…isolate the core operating system code (the kernel) from the applications and services that are run by the user. Any code that runs as part of the kernel, such as driver code, is said to run in "kernel space." Code that runs in kernel space is granted privileges that standard user applications do not have, such as the ability to directly read and write to hardware devices…the standard application code that users work with are said to run in "user space." Software that runs in user space has no direct access to hardware. Therefore, to access hardware, user code must send a request to the kernel (pg. 3, para. 1)…Programs that are run by the user cannot touch hardware without calling upon services provided by the operating system. In handling services that involve peripheral hardware devices, the operating system may need to call functions provided by the driver of that device” (pg. 13, para. 1).

the application [user application specialized/specific to driver/device that manages device settings/preferences] including instructions that when executed: provide a user interface [“preferences pane”] for configuring a subsystem (see pg. 429, first para: “KEXT often requires 
“The KPI is intended to allow a user space program to control and configure a KEXT. For example, let's say you had implemented a custom firewall NKE (Network Kernel Extension). You could then use the kernel control API to tell your firewall which addresses or ports it should block traffic from” (pg. 414, § Kernel Control KPI, para. 2).

“Many drivers may need some user-configurable per-device preferences or settings. For example, an audio device may have settings to control output volume level…you must implement a user-space application to handle this for you…If the settings are specific to an application that uses the driver or device exclusively, you can manage the settings from the application itself and optionally restore the settings to a previous state once the application exits. The helper program or daemon may be able to run with the privileges of a normal user if the user client or kernel control it interacts with permits it” (pg. 430-431, § Loading Preferences and Settings).

register [request KEXT load] with the service (see at least pg. 430, last para. – pg. 431, para. 2; pg. 415-416, § Kernel Control Registration)
“it may be desirable to load the KEXT on demand, rather than at system boot. For example, in the case of a VPN (Virtual Private Network) application, it may come with a KEXT to handle a custom network level encryption scheme or install a virtual VPN interface. This KEXT is only needed for as long as the application remains active. Having it active wastes memory resources, and loading it at boot may potentially impact startup time...In this case, the application may wish to load and unload the KEXT dynamically. This can be achieved by using a script like the preceding one.” 

call the service function via the service (see pg. 3; pg. 6, § Operating System Services; pg. 12). Exemplary quotations: 


See additionally pg. 69-98, Chapter 5: Interacting with Drivers from Applications for an exhaustive description of the “different mechanisms through which a driver can provide its services to user space applications” (pg. 69).
an application package comprising: an assembly…and the application (see at least pg. 429: “Rarely will you distribute only the KEXT itself; it often requires additional bundled software. For example, a computer graphics card may be delivered with a system preferences pane”; pg. 441: “The PackageMaker software is the preferred way of distributing more complex software packages on Mac OS X; i.e., things that include multiple components, such as KEXTs, helper daemons, and end-user applications.”
As shown above, Halvorsen discloses performing a KEXT load process to register a KEXT module/ device driver with the OS (service), but does not elaborate the low-level steps of the process and does not specifically disclose copying the assembly to an application data space and/or provide the assembly location in the application data space to the service.
Escandell, however, is directed to kernel loadable module (KLMs) (assembly including at least one service function) such as the KEXTs disclosed by Halvorsen as specifically disclosed in Escandell ¶0012. 
Escandell further discloses (¶0027-0033) low-level details of a KLM/KEXT load process which includes defining the module in user space (copying the assembly to an application data space) and performing an init_module (send a register request) system call which implicitly includes the address location of the assembly in the application data space (emphasis added):
user space, for example, by using the UNIX insmod (insert module) function. In one embodiment, the insmod command defines the module to load and invokes the appropriate init_module user-space system call to begin the loading process. The init_module function then works through the system call layer and into the kernel to a kernel function such as sys_init_module (¶0027)…When the kernel function sys_init_module is called, it begins with a permissions check to see whether the caller can actually perform the requested operation. Then, the load_module function is called (¶0029)… KLMs may follow the Executable and Linkable Format (ELF)...The load_module function begins by allocating a block of temporary memory to hold the entire ELF module. The ELF module is then read from user space into the temporary memory using the function copy_from_user (¶0030)...Any optional KLM arguments are loaded from user space into another allocated block of kernel memory” (¶0031).

For the load_module function to copy the module from user space inherently requires the location in user space memory where it is stored which arguably must have been supplied with the init_module call, but for completeness of record Examiner refers to the “init_module(2)  Linux man page”5 to make this teaching explicit.
It would have been obvious to one of ordinary skill in the art at the time the application was filed to substitute the KEXT load function of Halvorsen with the Linux “insmod” load function described by Escandell as it represents the simple substitution of one kernel extension/module load function with an equivalent with predictable results. 





Claims 5, 11, 12, and 16: 
The combination of Halvorsen/Escandell discloses the limitations as shown in the rejections above. Furthermore, Halvorsen discloses wherein the service deletes the copy of the assembly from the memory location when the application is closed (is no longer active)…wherein the instructions to register with the service include instructions to register each time the application is launched (on demand when application activates) (see at least pg. 430, last para. – pg. 431, para. 2):
“it may be desirable to load the KEXT on demand, rather than at system boot. For example, in the case of a VPN (Virtual Private Network) application, it may come with a KEXT to handle a custom network level encryption scheme or install a virtual VPN interface. This KEXT is only needed for as long as the application remains active. Having it active wastes memory resources, and loading it at boot may potentially impact startup time...In this case, the application may wish to load and unload the KEXT dynamically. This can be achieved by using a script like the preceding one. The application would need to run with root privileges in order to load and unload the KEXT.”

See also Escandell ¶0012 and 0016:
“When the functionality provided by a KLM is desired, loading is initiated by the operating system and the KLM is allocated space in memory. When no longer required, the KLM can be unloaded in order to free memory (¶0012)…One advantage to KLMs is that the memory footprint of a kernel can be decreased by dynamically loading only those elements that are needed. For example, in an embedded system, where memory and processing resources are typically limited, the use of KLMs can allow the embedded system to use a small base kernel and only load KLMs as needed to avoid loading unused functionality” (¶0016)

Claims 7 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Halvorsen et al. (OS X and iOS Kernel Programming) in view of Escandell et al. (US 2012/0005445 A1) in further view of Shin et al. (Supporting Application-Oriented Kernel Functionality for Resource Constrained Wireless Sensor Nodes)

Claims 7 and 18: 
The combination of Halvorsen/Escandell discloses the limitations as shown in the rejections above. The combination of Halvorsen/Escandell does not specifically disclose wherein the service is configured to delete the copy of the assembly from the memory location when the application is deleted or updated.
Shin, however, discloses a “RETOS” system which includes “a framework that dynamically reconfigures the kernel’s functionality according to the needs of the application” (Abstract) by utilizing “Loadable Kernel Module (LKM) that modularizes system functionalities as kernel modules and dynamically replaces them” (pg. 750, § 2.2, last para). Shin further discloses (pg. 755, para. 1; pg. 750, Fig. 1) wherein the service (LKM system) is configured to delete (remove) the copy of the assembly (kernel module) from the memory location (dynamic kernel) when the application is deleted or updated (uninstalled or reconfigured):
“The RETOS LKM system supports kernel-level optimizing techniques…RETOS supports dynamic application installment and each application requires different modules. Thus, the LKM system needs to acquire modules that are required by the installed application. Furthermore, to maintain an optimized system, the system must always keep a minimal requirement scheme by removing unused modules and acquiring newly required modules over the network with the change of application reconfiguration, which changes the requirements of the kernel functionality” (pg. 755, para. 1).

It would have been obvious to one of ordinary skill in the art at the time the application was filed to modify Halvorsen/Escandell with Shin’s automated kernel reconfiguration techniques because it facilitates OS level optimization according to the requirements of the applications deployed on the system including reducing storage costs by removing unused modules (pg. 755, para. 1; pg. 757, § 5).

Claims 3, 9, and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Halvorsen et al. (OS X and iOS Kernel Programming) in view of Escandell et al. (US 2012/0005445 A1) in further view of Bos et al. (Safe Kernel Programming in the OKE).

Claims 3, 9, and 14: 
The combination of Halvorsen/Escandell discloses the limitations as shown in the rejections above. Halvorsen/Escandell do not specifically disclose wherein the register request includes a trust certificate or is signed by the trust certificate and the service is further configured to verify the trust certificate prior to copying the assembly to the memory location.
Bos, however, discloses (pg. 143, sect. III-A) an extension to the insmod Linux module loader wherein the register request (request to load kernel module) includes a trust certificate or is signed by the trust certificate (e.g. credential, public key(s), and/or MD5 message digest) and the service is further configured to verify the trust certificate prior to copying the assembly (kernel module) to the memory location (kernel memory):
“The existing Linux code loading facilities (insmod and rmmod) are extended with a new code loader (CL) which accepts blobs of code, together with authentication and credentials, from any party. The blobs of code are simple kernel module object files, i.e., using a layout based on the standard object file formats. The CL sits between non-privileged users and the normal code loading facilities provided by Linux. Anyone with the right credentials for a blob of code is allowed to load it into the kernel, so there is an (implicit) record of who is authorised to load what modules. The CL checks the credentials against the code and if they match, it loads the code in the kernel. The process is illustrated in Figure 1. The user offers the object file to the CL, which checks the user’s credentials and if they match the module, the module is pushed into the kernel…trust delegation is encoded in a credential containing the public keys of both the authoriser and the licensee, as well as the ‘rights’ granted by the authoriser to the licensee.”

.

Claims 4, 10 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Halvorsen et al. (OS X and iOS Kernel Programming) in view of Escandell et al. (US 2012/0005445 A1) in further view of Vaddagiri et al. (US 2011/0154364 A1).

Claims 4, 10 and 15: 
The combination of Halvorsen/Escandell discloses the limitations as shown in the rejections above. Halvorsen/Escandell do not specifically disclose wherein the service call includes a trust certificate or is signed by the trust certificate and the service is further configured to verify the trust certificate prior to performing the requested service function. 
Vaddagiri, however, discloses an analogous system where “additional Kernel Extensions can be added to Kernel space. Each of the Kernel Extensions has its own set of System Services (also known as System Calls)…The additional Kernel Extensions provide more System Services to the applications” (¶0033). Vaddagiri further discloses wherein the service call includes a trust certificate (credentials, hash) or is signed by the trust certificate and the service is further configured to verify the trust certificate prior to performing the requested service function  (¶0007, 0027, 0031-0032; FIG. 5).


. 

Claims 6 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Halvorsen et al. (OS X and iOS Kernel Programming) in view of Escandell et al. (US 2012/0005445 A1) in further consideration of Khan et al. (Linux kernel Performance Improvement with Loadable Kernel Module Management).

Claims 6 and 17: 
The combination of Halvorsen/Escandell discloses the limitations as shown in the rejections above. Regarding the limitation of wherein the service maintains the copy of the assembly in the memory location when the application is closed, Halvorsen discloses an embodiment in pg. 430, last para. – pg. 431, para. 2 where an application without root privileges may load a KEXT on demand which would be maintained in memory after the application closes if it is not granted root privileges: 
“It is possible to allow a KEXT to be loaded by a non-root user by modifying its plist file to include the following: <key>0SBundleAllowUserload</key> <true/> 
While this will allow a non-privileged process or user to load the KEXT, root privileges are still required to unload the KEXT afterward”

Thus Halvorsen discloses at least one embodiment which teaches the limitation incidentally, and Halvorsen’s example in pg. 430, first para., where KEXTs are simply loaded at system startup and maintained in memory regardless of whether apps which use them are opened or closed shows it as a viable alternative. 

“Linux is equipped with loadable kernel module in order to provide facility to load modules at run time without rebooting the system. Although administrator can load these modules, still some modules remain untouched that leads to security and performance problems. Kernel supporting loadable kernel module faces problems like booting overheads caused by unrequired extra module loading and cpu clock cycles wastage in periodic processing for extra loaded modules. We provide automatic module management module that will automatically sense the needed services and keep started corresponding modules service while turning off remaining modules service at the same time” (pg. 533, Abstract).

“LKM can be loaded automatically when the kernel first needs it….Automatic kernel module loading is really not worth the complexity in most modern systems. It may make sense in a very small memory system but the amount of memory these modules uses is so cheap today that we will normally be a lot better off just loading all the modules might need via startup scripts and leaving them loaded (pg. 535, sect. 2.1.3)…If details are known of modules being in use, modules usage count and all installed available modules, we can manage them easily. The modules which are not used even once, they can be removed from system and the modules which are used rarely can unloaded initially and can be loaded on demand basis” (pg. 536, col. 1, para. 6).

It would have been obvious to one of ordinary skill in the art at the time the invention was filed for Halvorsen/Escandell to maintain an application demand loaded KEXT in memory indefinitely after the application has terminated because it is a selection from two possible identified, predictable solutions (unload the KEXT or do not unload), with a reasonable expectation of success based on well-understood trade-offs between system responsiveness and memory capacity as evidenced by Khan.

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry of a general nature or relating to the status of this application or concerning this communication or earlier communications from the Examiner should be directed to Paul Mills whose telephone number is 571-270-5482.  The Examiner can normally be reached on Monday-Friday 11:00am-8:00pm.  If attempts to reach the examiner by telephone are unsuccessful, the Examiner’s supervisor, Emerson Puente can be reached at 571-272-3652.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see  http://portal.uspto.gov/external/portal/pair .  Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866.217.9197 (toll-free). Any response to this action should be mailed to:
Commissioner of Patents and Trademarks
Washington, D.C.  20231
or faxed to 571-273-8300.
Hand delivered responses should be brought to the United States Patent and Trademark Office Customer Service Window:
Randolph Building
401 Dulany Street
Alexandria, VA 22314.
/P. M./
Paul Mills
02/27/2021


/EMERSON C PUENTE/               Supervisory Patent Examiner, Art Unit 2196                                                                                                                                                                                         




    
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
    

    
        1 “int init_module(void *module_image, unsigned long len, const char *param_values)…The module_image argument points to a buffer containing the binary image to be loaded; len specifies the size of that buffer. The module image should be a valid ELF image, built for the running kernel.”
        2 “The copy_from_user function copies a block of data from user space into a kernel buffer. it accepts a destination buffer (in kernel space), a source buffer (from user space), and a length defined in bytes.”
        3 “int init_module(void *module_image, unsigned long len, const char *param_values)…The module_image argument points to a buffer containing the binary image to be loaded; len specifies the size of that buffer.”
        
        4 To ensure clarity of record, Examiner notes there are two versions of “insmod” and associated “init_module” known in the art, either/both of which meet the limitations cited above. Escandell describes the implementation for Linux ver. 2.6 and later, the earlier implementation is described in “Understanding the Linux Kernel - Appendix B. Modules” included with this Action. 
        5 See footnote #1 above.