DETAILED ACTION
This office action is in response to the Amendment filed December 23, 2020. 
Claims 1-8,11-12, and 15-21 are pending. 
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
Applicant's arguments filed December 23, 2020 have been fully considered but they are not persuasive. Applicant’s arguments regarding the amended limitations concerning concurrent execution for “a pre-determined period of time” are not persuasive as they are not consistent with the broadest reasonable interpretation of the claims consistent with applicants’ specification. Regarding the time period applicant’s specification states “For some period of time, both application A and application B might handle incoming requests by accepting the connection at S930. After few seconds, or a pre-determined period of time, the system may switch off application A at S940. As a result, there is little or no downtime involved in upgrading the application.” (Spec. ¶34). In interpreting “a pre-determined period of time” claim limitation, therefore, Applicant’s example from the arguments (“e.g. a few seconds”) is not read into the claims, and the Examiner maintains that a broad but reasonable interpretation of “a pre-determined period of time” includes a period of time prior to a given event, and as such, the claim limitation is taught or suggested by the MUC reference which teaches such current execution until the time where a signal specifying the end of that time period is received. . 



Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-8, 11, 12, and 15-21 are is/are rejected under 35 U.S.C. 103 as being unpatentable over “Kamble” (US PG Publication 2014/0101649) in view of “Venkata” (US Patent 10,534,601) and further in view of “Fairkichen” (US PG Publication 2015/0033324) and further in view of “Muc” (Qiang, Weizhong, et al. "MUC: Updating cloud applications dynamically via multi-version execution." Future Generation Computer Systems 74 (2017): 254-264.”)


Regarding Claim 1, Kamble teaches: 
(e.g. Kamble Fig. 1, 16)
and a memory storage device including instructions that when executed by the computer processor enable the system to: (e.g. Kamble Fig. 1, 28)
(ii) execute an original instance of an application process within the deployment,  (See Kamble, 910, Fig. 9, ¶78 teaching operating the original controller VM instance)


(iv) determine that a configuration update is to be made to the application process,  (See Kamble, 920, Fig. 9, ¶78 teaching identifying that a patch to the controller VM to implement a new version is available to be applied)

(v) start an additional instance of the application process, with the updated configuration, (See Kamble, 940-950, Fig. 9, ¶78 teaching creating a synchronized replica of the controller VM and executing it, where newer version of software may be deployed on replica as discussed in ¶61) 

and (vi) switch off the original instance of the application1 process. (Kamble ¶61 “In some embodiments, an In Service Software Upgrade (ISSU) or hitless upgrade of the stand-by controller may be achieved according to the following general steps.  A newer version of an upgraded application may be installed on the operating system of an existing VM, for example, the VM with the controller being replicated.  Synchronization of local processes may be performed.  Local dynamic libraries may be installed.  Switchover may use new processes while aborting old processes”)

Kamble does not teach, but Venkata teaches:
(i) create a listening delegator process, associated with a listener file descriptor, within a deployment, wherein the listening delegator processor does not implement an accept protocol,  (See Venkata 302, Figs. 2A-2E, Col. 5, 35-53, “In one example, directing component 302 is a light-weight indirection module that functions to direct in-bound packet flows to an active PFC, such as PFC 304.  Directing component 302 is further configured to switch or redirect in-bound packet flows from active PFC 304 to an upgraded PFC, such as PFC 304', during an ISSU of virtual router 30, as described below.  In some examples, directing component 302 is an rx_handler register function.”) [Here, Venkata teaches registering a handle (a “listener file descriptor”)  with the directing component (“listening delegator processor”) which redirects incoming connection requests to the processes 304, 304’ based on the registered handles e.g. in table 310]

…with the listener file descriptor such that incoming connection requests are received by the listening delegator process and forwarded to the original instance of the application process,  (See Venkata 302, Figs. 2A-2E, Col. 5, 35-53, “In one example, directing component 302 is a light-weight indirection module that functions to direct in-bound packet flows to an active PFC, such as PFC 304.  Directing component 302 is further configured to switch or redirect in-bound packet flows from active PFC 304 to an upgraded PFC, such as PFC 304', during an ISSU of virtual router 30, as described below.  In some examples, directing component 302 is an rx_handler register function.”) [Here, Venkata teaches registering a handle (a “listener file descriptor”)  with the directing component (“listening delegator processor”) which redirects incoming connection requests to the processes 304, 304’ based on the registered handles e.g. in table 310]

…within the deployment, such that incoming connection requests are received by the listening delegator process and forwarded to the additional instance of the application process, (See Venkata 302, Figs. 2A-2E, Col. 5, 35-53, “In one example, directing component 302 is a light-weight indirection module that functions to direct in-bound packet flows to an active PFC, such as PFC 304.  Directing component 302 is further configured to switch or redirect in-bound packet flows from active PFC 304 to an upgraded PFC, such as PFC 304', during an ISSU of virtual router 30, as described below.  In some examples, directing component 302 is an rx_handler register function.”) [Here, Venkata teaches registering a handle (a “listener file descriptor”)  with the directing component (“listening delegator processor”) which redirects incoming connection requests to the processes 304, 304’ based on the registered handles e.g. in table 310]

In addition, it would have been obvious to one of ordinary skill in the art prior to the effective filing date of the application to combine the teachings of Kamble and those of 
of the disclosure may upgrade one or more components of a virtual router while 
ensuring customer traffic flow and customer applications executing within the 
cloud data center continue without interruption and without rebuilding flow 
state records each time an ISSU is performed.” (Col. 1, Ln66 to Col. 2, Ln 5). 

Kamble does not teach, but Fainkichen teaches:
(iii) intercept a socket creation call from the original instance of the application process process and replace it… (See Fainkichen ¶In a further variation, the system intercepts a socket-creation request from an application on the virtual machine, and creates the socket on the host system on behalf of the virtual machine…” and further ¶32 “In one embodiment, a paravirtualized TCP (PVTCP) function replaces the conventional vNIC in the VM, which typically connects a VM to a virtual switch residing in a hypervisor.  A paravirtualization (PV) client module that runs in guest kernel 130 and an offload engine (referred to as a host PVTCP module herein) that runs in host kernel 110 jointly provide this PVTCP function.  FIG. 2 illustrates an exemplary MVP architecture that facilitates a PVTCP function, 
in accordance with an embodiment.  In this example, guest kernel 130 includes a 
guest PVTCP module 216, which intercepts all network services requested, such 
as socket requests, by guest applications 132.  Guest PVTCP module 216 then 
proxies these requests off to a host PVTCP module 206 in host kernel 110 via a 
high-speed shared-memory communication channel 214.  Host PVTCP module 206 requests the corresponding sockets from host kernel 110 on behalf of guest 
applications 132.  In addition, to transmit and receive network traffic for 
guest applications 132, host PVTCP module 206 communicates via host-created 
sockets with a host network protocol stack 208, which is responsible for 
transmitting and receiving all network traffic through a host physical NIC 212.”) [Here, Fainkichen teaches intercepting socket requests from guest applications and in their place implementing the paravirtualized TCP function to carryout receiving of packets and forwarding to the guess applications, similar to the directing component 302 of Venkata discussed previously. Moreover, it would have been obvious to one of ordinary skill to apply the interception of socket requests in Fainkichen to the socket requests in Kamble (¶72) used for synchronizing replicated VMs in the upgrade process in order to redirect requests amongst the server VMs.]

In addition, it would have been obvious to one of ordinary skill in the art prior to the effective filing date of the application to combine the teachings of Kamble and those of Fainkichen because Fainkichen teaches “…discretionary control of which software 
components on a mobile device can access a VPN connection is desirable” and provides a technique for such control. (¶6). 

Kamble et al do not further teach, but MUC teaches:
wherein both the original and the additional instances handle incoming connection requests for a pre-determined period of time, (See concurrent version execution as discussed in Abstract, Section 1 etc. See specifically concurrent execution of e.g. Ps and Ps’ of Fig. 2) . (See concurrent version execution as discussed in Abstract, Section 1 etc. See specifically concurrent execution of e.g. Ps and Ps’ of Fig. 2, as well as Fig. 3, and further section 5.5 teaching concurrent execution during the period of time between beginning of the update to the update_all_finished signal )

In addition, it would have been obvious to one of ordinary skill in the art prior to the effective filing date of the application to combine the teachings of Kamble et al with those of MUC as each is directed to upgrading in-service software systems and MUC “propose[d] an improved DSU system to update cloud applications dynamically, and utilize the multi-version execution approach to handle the inconsistent issue.” (Abstract). 








Regarding dependent claims 2-5, these references further teach: 

(See e.g. Kamble ¶63, 110, and Fig. 9, ¶78 discuss the use of virtual machines as elements within the deployment that carries out the patch updating procedure in Kamble) [it is noted here that applicant’s claim directed to “comprises at least one…a virtual machine” includes deployments utilizing one or multiple virtual machines or containers. In the event applicant intends the claims to require all the elements “within the deployment” to exist “within a single virtual machine” a amendment to the claims to specifically claim such an embodiment would be necessary]

3. The system of claim 1. wherein the updater platform is implemented via a Linulx operating systemn. (see e.g. Fainkichen ¶24 “Furthermore, although the VPN-isolation mechanism described herein uses Linux "namespaces," as further described below, as the underlying enabling technology, the methods described herein are applicable to any operating systemthat supports kernel managed namespaces or other similar types of containers. “)




4. The system of claim 3. wherein the listening delegator process is open on and bonund to an Internet Protocol ("IP") address and port. (See Venkata e.g. 302, Fig. 2a-2e and further regarding IP address and port Col. 4, Ln 15-34 “For example, a "flow" can be defined by the five values used in a 
header of a packet, or "five-tuple," i.e., the protocol, Source IP address, 
Destination IP address, Source port and Destination port that are used to route 
packets through the physical network.  For example, the protocol specifies the 
communications protocol, such as TCP or UDP, and Source port and Destination 
port refer to source and destination ports of the connection.  A set of one or 
more packet data units (PDUs) that match a particular flow entry represent a 
flow.  Flows may be broadly classified using any parameter of a PDU, such as 
source and destination data link (e.g., MAC) and network (e.g., IP) addresses, 
a Virtual Local Area Network (VLAN) tag, transport layer information, a 
Multiprotocol Label Switching (MPLS) or Generalized MPLS (GMPLS) label, and an ingress port of a network device receiving the flow.  For example, a flow may 
be all PDUs transmitted in a Transmission Control Protocol (TCP) connection, 
all PDUs sourced by a particular MAC address or IP address, all PDUs having the 
same VLAN tag, or all PDUs received at the same switch port.”)

s'. The system of claim 3. wherein the incoming connection requests are associated withl Transmi1ssion Control Protocol (" TCP") sockets. (See Venkata e.g. 302, Fig. 2a-2e and further regarding TCP Col. 4, Ln 15-34 “For example, a "flow" can be defined by the five values used in a 
header of a packet, or "five-tuple," i.e., the protocol, Source IP address, 
Destination IP address, Source port and Destination port that are used to route 
packets through the physical network.  For example, the protocol specifies the 
communications protocol, such as TCP or UDP, and Source port and Destination 
port refer to source and destination ports of the connection.  A set of one or 
more packet data units (PDUs) that match a particular flow entry represent a 
flow.  Flows may be broadly classified using any parameter of a PDU, such as 
source and destination data link (e.g., MAC) and network (e.g., IP) addresses, 
a Virtual Local Area Network (VLAN) tag, transport layer information, a 
Multiprotocol Label Switching (MPLS) or Generalized MPLS (GMPLS) label, and an ingress port of a network device receiving the flow.  For example, a flow may 
be all PDUs transmitted in a Transmission Control Protocol (TCP) connection, 
all PDUs sourced by a particular MAC address or IP address, all PDUs having the 
same VLAN tag, or all PDUs received at the same switch port.”)

Claims 11 and 15 are rejected on the same basis as claim 1 above. 
Clams 12, 16,17, 18 are rejected on the same basis as claims 2-5 respectively above. 




Regarding Claim 6, Kamble et al teaches the limitations of claims 1 and 3 above, but does not further teach, while MUC teaches: 
6. The system of claim 3. wherein the listener delegator 1)rocess utilizes send() calls. Recv() calls. and ancillary data. (See send and recv calls in Section 5.4, Fig. 5, as well as transfer of additional data between version in e.g. Fig. 5 as well as objcopy in Section 6.5)
In addition, it would have been obvious to one of ordinary skill in the art prior to the effective filing date of the application to combine the teachings of Kamble et al with those of MUC as each is directed to upgrading in-service software systems and MUC “propose[d] an improved DSU system to update cloud applications dynamically, and utilize the multi-version execution approach to handle the inconsistent issue.” (Abstract). 

Regarding Claims 7-10, MUC further teaches:
7. The system of claim 3. wherein intercepted incoming connection requests have file descriptors replaced using trace or gdb.(See interception with ptrace in section 5.3)

S. The systemn of claim 3. wherein a wrapper around the instances of the application process get the listener file descriptor. (See section 5.4, Fig. 5, wrapping system calls from application processors to handle system calls between versions including 



Claims 13, 14, 19, 20 and 21 are rejected on the same basis as claims 9, 10, 6, 7, and 8 respectively above. 

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. The prior art in the PTO-892 form describe additional prior art relevant with respect to applicant’s argued claim limitations. Specifically, US PG Pub 2014/0047115, Fig. 2 describes a software update system in which old and new verisons execute concurrently for a set duration specified by the user in a deployment management system.  Additionally, US PG Pub 2018/0293067 to Hirshberg teaches a system of concurrently running new and old VM OS versions for a set period of testing in ¶¶108-109 during an update. 
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MATTHEW J BROPHY whose telephone number is (571)270-1642.  The examiner can normally be reached on Monday-Friday, 9am-4:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Wei Zhen can be reached on 571-272-3708.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





MJB
4/29/2021