DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-20 are pending in this application.

Specification
The disclosure is objected to because of the following informalities:
In paragraph [0036], line 12, phrase “The operating system 20” should amended as “The operating system 206”. 
Appropriate corrections are required.

Claim objections
Claim 9 is objected to because of the following informalities:
In claim 9, line 5, it recites “(a) aggregating, by the notification service”. It should be amended as ““(c) aggregating, by the notification service”.
In claim 9, line 11, it recites “a device of the user;”. It should be amended as “a device of the user.”.
Appropriate correction is required.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more.  

Claim 1 is rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. 
Step 1, Statutory Category: Yes, the claim 1 is a method that recites a series of steps and therefore falls in the statutory category of a process.
Step 2A- Prong 1: Judicial Exception Recited: Yes, the claim recites: “(c) sorting, the plurality of notifications on a per user basis; and (d) sort with notifications used by each of the plurality of users.” As drafted, the claim as a whole recites a method including steps that could be performed in the human mind, but for the recitation of generic computing components. The human mind can sorting the notifications/message based on different users. For example, a person can easily evaluating/determining/judging to group/sort/dividing the plurality of messages/notifications into different groups/classes/categories according to different users. Therefore, but for the recitation of generic computing components, these steps may be a Mental Processes that can be performed in the human mind (including an observation, evaluation, judgment, opinion). 
Therefore, yes, the claims do recite judicial exceptions.
Step 2A- Prong 2: Integrated into a practical Application: No, this judicial exception is not integrated into a practical application. In particular, the claim recites additional 
Step 2B: Claim provides an Inventive Concept: No. As discussed with respect to Step 2A prong Two, the additional elements “an agent”, “a virtual machine”, “an operating system”, “one or more virtualized applications” and “a plurality of applications” (i.e., as a generic computing device performing a generic computer function, see MPEP §2106.05(b)). In addition, the limitation “establishing, one or more hooks to intercept notifications; (b) intercepting, via the one or more hooks, a plurality of notifications for a plurality of users” are insignificant pre-solution data gathering (see MPEP § 2106.05(g)), and “(d) communicating, by the agent, each user's notifications to a notification service”, which is additionally well understood, routine, conventional activity (see MPEP § 2106.05(d), courts have identified “receiving and transmitting data, storing and retrieving 

Under the 2019 PEG, a conclusion that an additional element is insignificant extra-solution activity in Step 2A should be re-evaluated in Step 2B. Here, the establishing step, intercepting step and communicating step were considered to be extra-solution activity in Step 2A as insignificant pre-solution data gathering, and well understood, routine, conventional activity, thus it is re-evaluated in Step 2B to determine if it is more than what is well understood, routine, conventional activity in the field. The establishing and intercepting steps is for the purpose of “collecting” the data, and wherein the communicating step is for “displaying” the data and these can be reached on one of court case (Electric Power Group, LLC v. Alstom S.A., 830 F.3d 1350, 1354-55, 119 USPQ2d 1739, 1742 (Fed. Cir. 2016) (collection, analysis and display data) see MPEP § 2106.05(g)). Accordingly, a conclusion that the establishing, intercepting and Berkheimer options 2.

For these reasons, there is no inventive concept in the claim, and thus the claim is ineligible. 

Claim 9 is rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. 
Step 1, Statutory Category: Yes, the claim 9 is a method that recites a series of steps and therefore falls in the statutory category of a process.
Step 2A- Prong 1: Judicial Exception Recited: Yes, the claim recites: “aggregating, notifications for the user; (d) selecting, one or more notifications from the aggregated notifications of the user, at least one of the one or more notifications comprising a notification to the user.” As drafted, the claim as a whole recites a method including steps that could be performed in the human mind, but for the recitation of generic computing components. The human mind can aggregating/merging the notifications/message and selecting/choose one of the notification from the aggregated/merged notifications. For example, a person can easily evaluating/determining/judging to group/merging/aggregating the plurality of messages/notifications into one group and further selecting/choosing one of the notification/message from the aggregated/merged group of notifications. Therefore, but for the recitation of generic computing components, these steps may be a Mental Processes that can be performed in the human mind (including an observation, evaluation, judgment, opinion). 
Therefore, yes, the claims do recite judicial exceptions.
Step 2A- Prong 2: Integrated into a practical Application: No, this judicial exception is not integrated into a practical application. In particular, the claim recites additional limitations that “receiving, a plurality of notifications for a user; (b) receiving, notifications from other applications of the user” which is insignificant pre-solution data gathering (see MPEP § 2106.05(g)). In addition, “notification service”, “an agent”, “a virtual machine”, “virtualized applications” and “a notification system of a device” are recited at a high-level of generality (i.e., as a generic computing device performing a generic computer function, see MPEP §2106.05(b)). The combination of these additional elements is no more than mere instructions to apply the exception using a generic computer component (“notification service”, “an agent”, “a virtual machine”, “virtualized applications” and “a notification system of a device”). Accordingly, even in combination, these additional elements do not integrate the abstract idea into a practical application because they not impose any meaningful limits on practicing the abstract idea. Therefore, the claim is directed to the abstract idea.
Step 2B: Claim provides an Inventive Concept: No. As discussed with respect to Step 2A prong Two, the additional elements “notification service”, “an agent”, “a virtual machine”, “virtualized applications” and “a notification system of a device” (i.e., as a generic computing device performing a generic computer function, see MPEP §2106.05(b)). In addition, the limitation “receiving, a plurality of notifications for a user; (b) receiving, notifications from other applications of the user” are insignificant pre-

Under the 2019 PEG, a conclusion that an additional element is insignificant extra-solution activity in Step 2A should be re-evaluated in Step 2B. Here, the receiving steps and communicating step were considered to be extra-solution activity in Step 2A as insignificant pre-solution data gathering, and well understood, routine, conventional activity, thus it is re-evaluated in Step 2B to determine if it is more than what is well understood, routine, conventional activity in the field. The receiving step is for the purpose of “receiving” the data, and wherein the communicating step is for “transmitting” the data and these can be reached on one of court case (Receiving or transmitting data over a network, e.g., using the Internet to gather data, Symantec, 838 F.3d at 1321, 120 USPQ2d at 1362 (utilizing an intermediary computer to forward information); TLI Communications LLC v. AV Auto. LLC, 823 F.3d 607, 610, 118 USPQ2d 1744, 1745 (Fed. Cir. 2016) see MPEP § 2106.05(d) II). Accordingly, a conclusion that the receiving Berkheimer options 2.

For these reasons, there is no inventive concept in the claim, and thus the claim is ineligible. 

Independent claim 14 is rejected for the same reason as claim 1 above. Claim 14 further recites “one or more processor”, “a memory”. These additional elements are directed to generic computer components providing generic computer functions (see MPEP § 2106.05(b)). 

With respect to the dependent claim 2, the claim elaborates that wherein the notification service sorts each user's notifications from the virtual machine with notifications of the user from a cloud based application or a file system. (“sort” the notifications, it is being treated as part of abstract idea and is analogues to Mental processes, such that concept can be performed in the human mind. In addition, the claim as a whole is a Mental Processes that can be performed in the human mind (including an observation, evaluation, judgment, opinion)).

With respected to the dependent claim 3, the claim elaborates that wherein the notification service communicates notifications sorted between the plurality of applications to one or more devices of the user. (“communicates notifications” is being treated as a well understood, routine, conventional activity such that this additional  Electric Power Group, LLC v. Alstom S.A., 830 F.3d 1350, 1354-55, 119 USPQ2d 1739, 1742 (Fed. Cir. 2016) (collection, analysis and display data) see MPEP § 2106.05(g)).

With respected to the dependent claim 4, the claim elaborates that identifying, by the notification service, duplicate notifications for the user received from the one or more virtualized applications or the operating system. (“identifying” the “duplicate” notification, it is being treated as part of abstract idea and is analogues to Mental processes, such that concept can be performed in the human mind. In addition, the claim as a whole is a Mental Processes that can be performed in the human mind (including an observation, evaluation, judgment, opinion)).

With respected to the dependent claim 5, the claim elaborates that removing, by the notification service, the duplicate notifications from the plurality of notifications for each user of the plurality of users. (“removing” the duplicated notification, it is being treated as part of abstract idea and is analogues to Mental processes, such that concept can be performed in the human mind. In addition, the claim as a whole is a Mental Processes that can be performed in the human mind (including an observation, evaluation, judgment, opinion)).

With respected to the dependent claim 6, the claim elaborates that generating, by the notification service, a plurality of subsets of notifications, each of the subsets of  Electric Power Group, LLC v. Alstom S.A., 830 F.3d 1350, 1354-55, 119 USPQ2d 1739, 1742 (Fed. Cir. 2016) see MPEP § 2106.05(g))).

With respected to the dependent claim 7, the claim elaborates that identifying, by the notification service via the agent, an action requested by the one or more virtualized applications or the operating system of the virtual machine, the action corresponding to at least one notification of the subset of notifications. (“identifying” the action, as drafted, it is being treated as part of abstract idea and is analogues to Mental processes, such that concept can be performed in the human mind. In addition, the claim as a whole is a Mental Processes that can be performed in the human mind (including an observation, evaluation, judgment, opinion)).

With respected to the dependent claim 8, the claim elaborates that identifying, by the notification service, at least one user of the plurality of users associated with the virtual machine; and providing, by the notification service, the action to a device associated with the user. (“identifying” is being treated as part of abstract idea and is analogues to Mental processes, such that concept can be performed in the human mind. “providing” the action is a well understood, routine, conventional activity such that this additional element does not integrate the abstract idea into a practical application,  Electric Power Group, LLC v. Alstom S.A., 830 F.3d 1350, 1354-55, 119 USPQ2d 1739, 1742 (Fed. Cir. 2016) see MPEP § 2106.05(g))). In addition, the claim as a whole is a Mental Processes that can be performed in the human mind (including an observation, evaluation, judgment, opinion)).

With respected to the dependent claim 10, the claim elaborates that wherein responsive to the one or more notifications, a virtual session of the user is established by the user on the device of the user to connect to the virtualized application. (“establish” virtual session by the device of the user, it is directed to generic computer components providing generic computer functions (see MPEP § 2106.05(b)).

With respected to the dependent claim 11, the claim elaborates that wherein the notifications from the other applications include at least one of a web application notifications, a Software as a service (SaaS) application notifications, or a file notifications. (different “notifications” (i.e., web application notification), it is directed to generic computer components providing generic computer functions (see MPEP § 2106.05(b)).

With respected to the dependent claim 12, the claim elaborates that generating, by the notification service, an alert for the device of the user to indicate an action requested by the one or more virtualized applications or the operating system of the virtual machine. (“generating” the alert by the notification service is being treated as analysis/manipulate the data, it is a well understood, routine, conventional activity such  Electric Power Group, LLC v. Alstom S.A., 830 F.3d 1350, 1354-55, 119 USPQ2d 1739, 1742 (Fed. Cir. 2016) see MPEP § 2106.05(g))).

With respected to the dependent claim 13, the claim elaborates that providing, by the notification service, a plurality of alerts to one or more devices of the user, the plurality of alerts corresponding to the selected one or more notifications (“providing” the alert by the notification service is being treated as a well understood, routine, conventional activity such that this additional element does not integrate the abstract idea into a practical application, such evidence can be found in Electric Power Group, LLC v. Alstom S.A., 830 F.3d 1350, 1354-55, 119 USPQ2d 1739, 1742 (Fed. Cir. 2016) see MPEP § 2106.05(g))).

Dependent claims 15-20 recite the same features as applied to claims 2-7 above, therefore they are also rejected under the same rationale.


Claim Rejections - 35 USC § 112(b)
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

Claims 1-20 are rejected under 35 U.S.C. 112(b), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
As per claims 1 and 14 (line# refers to claim 1):
In line 4, the claim recites the phrase “intercept notifications”. However, prior to this phrase at line 1, the claim recites “delivery of notifications”. Thus, it is unclear whether the second recitation of “notifications” is the same or different from the first recitation of “notifications”.

In lines 6-7, the claim recites the phrase “a plurality of users”. However, prior to this phrase at line 5, the claim recites “a plurality of users”. Thus, it is unclear whether the second recitation of “a plurality of users” is the same or different from the first recitation of “a plurality of users”.

	In line 9, the claim recites the phrase “user’s notification”. However, prior to this phrase at lines 6-7, the claim recites “a plurality of notifications for a plurality of users”. Thus, it is unclear whether the second recitation of “user’s notification” is the same or different from the first recitation of “a plurality of notifications for a plurality of users”.

	In line 10, the claim recites “a plurality of applications used by each of the plurality of users”. It is not clearly indicated where “plurality of applications” originated (i.e., is “plurality of applications” executed by the virtual machine or at the notification 

As per claims 7 and 20 (line# refers to claim 7):
	Line 3, “the subset of notifications” lacks antecedence basis.

As per claim 9:
	In line 5, it recites the phrase “notifications for the user”. However, prior to this phrase at lines 2-3, the claim 9 recites “a plurality of notifications for a user”. Thus, it is unclear whether the second recitation of “notifications for the user” is the same or different from the first recitation of “a plurality of notifications for a user”. If they are same, same name should be used.

	In lines 5-6, “the plurality of virtualized applications” and “the plurality of other applications” lack antecedence basis. It is uncertain if “the plurality of virtualized applications” and “the plurality of other applications” intent to refer to “virtualized applications” and “other applications” as cited in claim 9, lines 3-4. If they are same, same name should be used.

	In line 9, it recites the phrase “a virtualized application”. However, prior to this phrase at line 3, the claim recites “virtualized applications”. Thus, it is unclear whether the second recitation of “a virtualized application” is the same or different from the first recitation of “virtualized applications”.

As per claims 2-6, 8, 10-13 and 15-19:
They are method and system claims that depend on claims 1, 9 and 14 above. Therefore, they have same deficiencies as claims 1, 9 and 14 above.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-3, and 13-16 are rejected under 35 U.S.C. 103 as being unpatentable over Srinivasan et al. (US. Patent. 10,362,046 B1) in view of Boyd (US. Patent. 6,993,013 B1) and further in view of QIU et al. (US Pub. 2019/0288965 A1). 

As per claim 1, Srinivasan teaches the invention substantially as claimed including A method for controlling delivery of notifications based on a user (Srinivasan, Fig. 1, 102 customer, 146 security information; Col 6, lines 18-19, the customer 102 may add a security rule; Col 5, lines 21-23, the customer 102 has one or , the method comprising: 
(a) establishing, by an agent executed by a virtual machine, one or more hooks to intercept notifications from an operating system of the virtual machine and one or more virtualized applications executed by the virtual machine accessible by a plurality of users (Srinivasan, Fig. 1, 122 Agent; Figs. 3 and 5, 522 Agent, 520 virtual machine; Col 15, lines 5-23, The agent 522 may be a process or application executed by the virtual machine 520…The agent 522 may execute one or more "hooks" in a kernel of an operating system of the virtual machines 520. For example the agent 522 may execute a hook (as establishing the hook, since the hook is executed and is established/used for intercepting the messages/notification) that intercepts messages generated by the operating system when processes are created or terminated by the operating system or other software executed by the virtual machine 520 (as one or more virtualized applications). The executable code that handles such intercepted function calls, events, or messages may be referred to in the context of the present disclosure as a "hook." Executing a hook by the agent 522 or other entity as described herein covers a range of techniques which may be used to alter or augment the behavior of an operating system, applications, or of other executable code by at least intercepting function calls, messages, or events passed between applications, including the operating system; Col 10, lines 55-58, virtual machine 320 may be provided to the customers…and the customers may utilize the virtual machine 320, lines 63-67, the customer 302 with an interface, such as the user interface described above n connection with FIG. 2, to manage and interact (as accessible) with the security service 310, the agents 322, and/or the virtual machines 320); 
(b) intercepting, by the agent via the one or more hooks, a plurality of notifications for a plurality of users generated by the one or more virtualized applications or the operating system (Srinivasan, Col 15, lines 9-15, The agent 522 may execute one or more "hooks" in a kernel of an operating system of the virtual machines 520. For example the agent 522 may execute a hook that intercepts messages generated by the operating system when processes are created or terminated by the operating system or other software executed by the virtual machine 520; Col 5, lines 21-23, the customer 102 has one or more administrators that receive alerts associated with security information; Col 10, lines 55-58, virtual machine 320 may be provided to the customers (as plurality of users)…and the customers may utilize the virtual machine 320); 
 (d) communicating, by the agent, each user's notifications to a notification service to identify with notifications from a plurality of applications used by each of the plurality of users (Srinivasan, Fig. 4, 410 security service (as notification service), 620 virtual machines, 422 agents; Col 15, lines 22-26, intercepting function calls, messages, or events passed between applications, including the operating system. The agent 522 may then generate a stream of additional information corresponding to various hooks executed by the agent 522 and provide the stream to the security service 510 (as communicating, each user’s notification to security service (as notification service)); Col 10, lines 44-48, a server computer 342 may host a first virtual machine…operated by a first customer and may host a second virtual machine second customer (as agents within each VM used by different customer); Col 15, lines 56-59, The security service 510 may process information obtained from the agents 522 and/or operational information 504 based at least in part on the set of security rules defined by the customer, lines 60-62, the security service 510 may identify malicious activity indicated in operational information 504 at various levels from various sources; Col 16, lines 9-12, This information may be correlated by the security service 510 to determine a subset of the IP address associated with malicious activity (e.g., the binaries executed by the virtual machines 520 match known malware), lines 17-19, The security service 510 can then transmit an alarm to the 100 different customers).

Srinivasan fails to specifically teach (c) sorting, by the agent, the plurality of notifications on a per user basis, and after communicating each user's notifications to the notification service, it further sort with notifications.

However, Boyd teaches (c) sorting, by the agent, the plurality of notifications (Boyd, Fig. 2, 104 soft switch (as agent); Col 6, lines 33-46, Each of the CPs 124, 126 and 128 are coupled to a corresponding protocol message file 130, 132 and 134, respectively…The CPs 124, 126 and 128 are configured to control the transfer of voice and data by endpoints such as the IADs 114-1 and 114-2 when telephone calls are initiated by the telephones coupled to the IADs 114-1 and 114-2. The switch 104 also includes a load balancer (not shown) which monitors the number of exchanges being direct incoming signaling messages to selected ones of the CPs 124, 126 and 128), and
after communicating each user's notifications to the notification service, it further sort with notifications (Boyd, Fig. 2, 140 sorted protocol messages file; Col 7, lines 5-12, The first software tool 136 includes a sorting algorithm which enables the tool to sort plural entries based upon a series of comparisons of a parameter, for example, date/time, common to all of the entries, thereby enabling the proactive analysis system 120 to generate the sorted protocol message directory 140 from the contents of the first, second and third protocol message directories 130, 132 and 134).

It would have been obvious to one having ordinary skill in the art before the effective filling date of the claimed invention to have combined the teaching of Srinivasan with Boyd because Boyd’s teaching of sorting the messages/data (as notification) would have provided Srinivasan’s system with the advantage and capability to easily managing the notifications based on their associated parameters which improving the system efficiency.

Srinivasan and Boyd fail to specifically teach sorting the plurality of notifications based on a per user basis.

However, QIU teaches sorting the plurality of notifications based on a per user basis (QIU, [0136] lines 4-7, the messages may be arranged in accordance with the arranged on a per user basis).

It would have been obvious to one having ordinary skill in the art before the effective filling date of the claimed invention to have combined the teaching of Srinivasan and Boyd with QIU because QIU’s teaching of arranging the messages based on a per user basis would have provided Srinivasan and Boyd’s system with the advantage and capability to grouping and arranging the messages/notifications based on the users which improving the system efficiency and user experience.

As per claim 2, Srinivasan, Boyd and QIU teach the invention according to claim 1 above. Srinivasan further teaches wherein the notification service identify each user's notifications from the virtual machine with notifications of the user from a cloud based application or a file system (Srinivasan, Fig. 4, 410 security service (as notification service), 620 virtual machines, 422 agents; Col 15, lines 56-59, The security service 510 may process information obtained from the agents 522 and/or operational information 504 based at least in part on the set of security rules defined by the customer, lines 60-62, the security service 510 may identify malicious activity indicated in operational information 504 at various levels from various sources; Col 16, lines 9-12, This information may be correlated by the security service 510 to determine a subset of the IP address associated with malicious activity (e.g., the binaries executed by the virtual machines 520 match known malware) [Examiner noted: the security service (as notification service) identifying the malicious activities from all the  notifications are sorted (Boyd, Fig. 2, 140 sorted protocol messages file; Col 7, lines 5-12, The first software tool 136 includes a sorting algorithm which enables the tool to sort plural entries based upon a series of comparisons of a parameter, for example, date/time, common to all of the entries, thereby enabling the proactive analysis system 120 to generate the sorted protocol message directory 140 from the contents of the first, second and third protocol message directories 130, 132 and 134).

As per claim 3, Srinivasan, Boyd and QIU teach the invention according to claim 1 above. Srinivasan further teaches wherein the notification service communicates notifications identified between the plurality of applications to one or more devices of the user (Srinivasan, Fig. 1, 102 customer; Fig. 8, 802 user device (see Col 20, line 24, user device 802); Col 16, lines 15-18, the security service 510 observes the same IP address attempting to connect to 100 different customer virtual machines. The security service 510 can then transmit an alarm to the 100 different customers). In addition, Boyd teaches notifications are sorted (Boyd, Fig. 2, 140 sorted protocol messages file; Col 7, lines 5-12, The first software tool 136 includes a sorting algorithm which enables the tool to sort plural entries based upon a series of comparisons of a parameter, for example, date/time, common to all of the entries, thereby enabling the proactive analysis system 120 to generate the sorted protocol message directory 140 from the contents of the first, second and third protocol message directories 130, 132 and 134).

As per claim 13, Srinivasan, Boyd and QIU teach the invention according to claim 1 above. Srinivasan further teaches providing, by the notification service, a plurality of alerts to one or more devices of the user, the plurality of alerts corresponding to the selected one or more notifications (Srinivasan, Fig. 1, 102 customer; Fig. 8, 802 user device (see Col 20, line 24, user device 802); Col 15, lines 60-62, the security service 510 may identify malicious activity indicated in operational information 504 at various levels from various sources; Col 16, lines 9-20, This information may be correlated by the security service 510 to determine a subset of the IP address associated with malicious activity (e.g., the binaries executed by the virtual machines 520 match known malware)…the security service 510 observes the same IP address attempting to connect to 100 different customer virtual machines. The security service 510 can then transmit an alarm to the 100 different customers).
 
As per claim 14, it is a system claim of claim 1 above. Therefore it is rejected for the same reason as claim 1 above. In addition, Srinivasan further teaches the agent having one or more processors coupled to a memory (Srinivasan, Col 2, lines 9-10, agent, executed by customer-operated computing resources; Col 17, lines 19-28,  any other processes described, or variations and/or combinations of those processes) may be performed under the control of one or more computer systems including executable instructions and/or other data, and may be implemented as executable instructions executing collectively on one or more processors. The executable instructions and/or other data may be stored on a non-transitory computer-readable storage medium (e.g., 

As per claims 15-16, they are system claims of claims 2-3 respectively above. Therefore, they are rejected for the same reasons as claims 2-3 respectively above.


Claims 4-5 and 17-18 are rejected under 35 U.S.C. 103 as being unpatentable over Srinivasan, Boyd and QIU, as applied to claims 1 and 14 respectively above, and further in view of Schwartz (US Pub. 2018/0324122 A1).

As per claim 4, Srinivasan, Boyd and QIU teach the invention according to claim 1 above. Srinivasan teaches identifying, by the notification service, notifications for the user received from the one or more virtualized applications or the operating system (Srinivasan, Fig. 4, 410 security service (as notification service), 620 virtual machines, 422 agents; Col 15, lines 56-59, The security service 510 may process information obtained from the agents 522 and/or operational information 504 based at least in part on the set of security rules defined by the customer, lines 60-62, the security service 510 may identify malicious activity indicated in operational information 504 at various levels from various sources; Col 16, lines 9-12, This information may be correlated by the security service 510 to determine a subset of the IP address associated with malicious activity (e.g., the binaries executed by the virtual machines 520 match known malware)).

Srinivasan, Boyd and QIU fail to specifically teach identifying duplicate notifications.

However, Schwartz teaches identifying duplicate notifications (Schwartz, claim 5, determining whether the new notification is a duplicate of an existing notification).

It would have been obvious to one having ordinary skill in the art before the effective filling date of the claimed invention to have combined the teaching of Srinivasan, Boyd and QIU with Schwartz because Schwartz’s teaching of determining the duplicate notification and removing the duplicated notification would have provided Srinivasan, Boyd and QIU’s system with the advantage and capability to prevent unnecessary transmission for the duplicated notification which improving the system performance and efficiency.

As per claim 5, Srinivasan, Boyd, QIU and Schwartz teach the invention according to claim 4 above. Srinivasan teaches the notification service, identify the notifications from the plurality of notifications for each user of the plurality of users (Srinivasan, Fig. 4, 410 security service (as notification service), 620 virtual machines, 422 agents; Col 15, lines 56-59, The security service 510 may process information obtained from the agents 522 and/or operational information 504 based at least in part on the set of security rules defined by the customer, lines 60-62, the identify malicious activity indicated in operational information 504 at various levels from various sources; Col 16, lines 9-12, This information may be correlated by the security service 510 to determine a subset of the IP address associated with malicious activity (e.g., the binaries executed by the virtual machines 520 match known malware)).
In addition, Schwartz further teaches removing the duplicate notifications (Schwartz, claim 5, determining whether the new notification is a duplicate of an existing notification in the notification queue, and if it is determined that the new notification is a duplicate, removing the new notification).

As per claims 17-18, they are system claims of claims 4-5 respectively above. Therefore, they are rejected for the same reasons as claims 4-5 respectively above.

Claims 6 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Srinivasan, Boyd and QIU, as applied to claims 1 and 14 respectively above, and further in view of ILIC (US Pub. 2017/0364823 A1).

As per claim 6, Srinivasan, Boyd and QIU teach the invention according to claim 1 above. Srinivasan teaches generating, by the notification service, a plurality of notifications, each of the notifications intended for a different user of the plurality of users (Srinivasan, Col 15, lines 60-62, the security service 510 may identify malicious activity indicated in operational information 504 at various levels from various sources; Col 16, lines 9-20, This information may be correlated by the security service associated with malicious activity (e.g., the binaries executed by the virtual machines 520 match known malware)…the security service 510 observes the same IP address attempting to connect to 100 different customer virtual machines. The security service 510 can then transmit an alarm to the 100 different customers).

Srinivasan, Boyd and QIU fail to specifically teach generating, a plurality of subsets of notifications, each of the subsets of notifications intended for a different user of the plurality of users.

However, ILIC teaches generating, a plurality of subsets of notifications, each of the subsets of notifications intended for a different user of the plurality of users (ILIC, [0060] lines 16-26, notification system 320 may receive 100,000 notifications from notification provider 310 directed to a group of users (e.g., 100,000 users assuming all notifications are directed at different users), and based on the notification-type values of the notifications and the characteristic type values of the recipients may determine a subset of 40,000 of the notifications for sending to a corresponding subset of the group of users (e.g., 40,000 users assuming all notifications are directed at different users)).

It would have been obvious to one having ordinary skill in the art before the effective filling date of the claimed invention to have combined the teaching of Srinivasan, Boyd and QIU with ILIC because ILIC’s teaching of generating/determining 

As per claim 19, Srinivasan, Boyd and QIU teach the invention according to claim 14 above. Srinivasan teaches generate a plurality of notifications, each of the notifications intended for a different user of the plurality of users (Srinivasan, Col 15, lines 60-62, the security service 510 may identify malicious activity indicated in operational information 504 at various levels from various sources; Col 16, lines 9-20, This information may be correlated by the security service 510 to determine a subset of the IP address associated with malicious activity (e.g., the binaries executed by the virtual machines 520 match known malware)…the security service 510 observes the same IP address attempting to connect to 100 different customer virtual machines. The security service 510 can then transmit an alarm to the 100 different customers). In addition, QIU teaches the plurality of notifications based on the per user basis (QIU, [0136] lines 4-7, the messages may be arranged in accordance with the degree of importance attached to the messages, or may be arranged on a per user basis).

Srinivasan, Boyd and QIU fail to specifically teach generate a plurality of subsets of notifications, each of the subsets of notifications intended for a different user of the plurality of users.

generate a plurality of subsets of notifications, each of the subsets of notifications intended for a different user of the plurality of users. (ILIC, [0060] lines 16-26, notification system 320 may receive 100,000 notifications from notification provider 310 directed to a group of users (e.g., 100,000 users assuming all notifications are directed at different users), and based on the notification-type values of the notifications and the characteristic type values of the recipients may determine a subset of 40,000 of the notifications for sending to a corresponding subset of the group of users (e.g., 40,000 users assuming all notifications are directed at different users)).

It would have been obvious to one having ordinary skill in the art before the effective filling date of the claimed invention to have combined the teaching of Srinivasan, Boyd and QIU with ILIC because ILIC’s teaching of generating/determining different subset of notifications which is correspond to the subset of group of users would have provided Srinivasan, Boyd and QIU’s system with the advantage and capability to easily managing and transmitting the notifications which improving the system performance.


Claims 7, 12 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Srinivasan, Boyd and QIU, as applied to claims 1 and 14 respectively above, and further in view of Staker et al. (US Pub. 2012/0179916 A1).

As per claim 7, Srinivasan, Boyd and QIU teach the invention according to claim 1 above. Srinivasan further teaches identifying, by the notification service via the agent, the action corresponding to at least one notification of the subset of notifications (Srinivasan, Col 5, lines 26-35, The agent 122 may be set to continuously monitor the customer-operated computing resources …When the agent 122 determines to perform a mitigation operation (as action) in response to a security threat detected based at least in part on the security rules 148, a message (as at least one notification of subset of notifications) or other alert may be transmitted to the customer 102 or designated administrator indicating security information 146 and/or the mitigation operation performed by the agent).

Srinivasan, Boyd and QIU fail to specifically teach the 4837-6893-8135.1Atty Docket No. 099011-4451 (Q18-4_WS_034US)action requested by the one or more virtualized applications or the operating system of the virtual machine.

However, Staker teaches the 4837-6893-8135.1Atty Docket No. 099011-4451 (Q18-4_WS_034US)action requested by the one or more virtualized applications or the operating system of the virtual machine (Staker, [0539] lines 11-14, security operations (as action) requested by applications 5520 of virtual machine 5510 may be transmitted to security module 5570).

It would have been obvious to one having ordinary skill in the art before the effective filling date of the claimed invention to have combined the teaching of Srinivasan, Boyd and QIU with Staker because Staker’s teaching of security 

As per claim 12, Srinivasan, Boyd and QIU teach the invention according to claim 1 above. Srinivasan further teaches generating, by the notification service, an alert for the device of the user to indicate notification (Srinivasan, Col 15, lines 60-62, the security service 510 may identify malicious activity indicated in operational information 504 at various levels from various sources; Col 16, lines 9-20, This information may be correlated by the security service 510 to determine a subset of the IP address associated with malicious activity (e.g., the binaries executed by the virtual machines 520 match known malware)…the security service 510 observes the same IP address attempting to connect to 100 different customer virtual machines. The security service 510 can then transmit an alarm to the 100 different customers; Fig. 8, 802 user device (see Col 20, line 24, user device 802)).

Srinivasan, Boyd and QIU fail to specifically teach the generated alert also including an action requested by the one or more virtualized applications or the operating system of the virtual machine.

However, Staker teaches the 4837-6893-8135.1Atty Docket No. 099011-4451 (Q18-4_WS_034US)action requested by the one or more virtualized applications or the operating system of the virtual machine (Staker, [0539] lines 11-

It would have been obvious to one having ordinary skill in the art before the effective filling date of the claimed invention to have combined the teaching of Srinivasan, Boyd and QIU with Staker because Staker’s teaching of security operations/action requested by the applications running within the virtual machine would have provided Srinivasan, Boyd and QIU’s system with the advantage and capability to improving the system security which providing user-independent security (see Staker [0060], provides for user-independent security, portability, availability).

As per claim 20, it is a system claim of claim 7 above. Therefore, it is rejected for the same reason as claim 7 above.

Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over Srinivasan, Boyd, QIU and Staker, as applied to claim 7 above, and further in view of Dintenfass et al. (US Pub. 2018/0324186 A1).

As per claim 8, Srinivasan, Boyd, QIU and Staker teach the invention according to claim 7 above. Srinivasan teaches identifying, by the notification service, at least one user of the plurality of users associated with the virtual machine (Srinivasan, Col 10, lines 44-48, a server computer 342 may host a first virtual machine…operated a first customer and may host a second virtual machine instantiated…that is operated by a second customer; Col 15, lines 56-59, The security service 510 may process information obtained from the agents 522 and/or operational information 504 based at least in part on the set of security rules defined by the customer, lines 60-62, the security service 510 may identify malicious activity indicated in operational information 504 at various levels from various sources; Col 16, lines 9-12, This information may be correlated by the security service 510 to determine a subset of the IP address associated with malicious activity (e.g., the binaries executed by the virtual machines 520 match known malware), lines 17-19, The security service 510 can then transmit an alarm to the 100 different customers); and providing, by the notification service, the alert to a device associated with the user (Srinivasan, Fig. 1, 102 customer; Fig. 8, 802 user device (see Col 20, line 24, user device 802); Col 16, lines 15-18, the security service 510 observes the same IP address attempting to connect to 100 different customer virtual machines. The security service 510 can then transmit an alarm to the 100 different customers).

Srinivasan, Boyd, QIU and Staker fail to specifically teach providing the action to a device associated with the user.

However, Dintenfass teaches providing the action to a device associated with the user (Dintenfass, [0073] lines 2-4, providing the action step to a computing device associated with a second user).

.

Claims 9-10 are rejected under 35 U.S.C. 103 as being unpatentable over Srinivasan et al. (US. Patent. 10,362,046 B1) in view of Boyd (US. Patent. 6,993,013 B1). 

As per claim 9, Srinivasan teaches the invention substantially as claimed including A method comprising 
(a) receiving, by a notification service from an agent executed by a virtual machine, a plurality of notifications for a user from virtualized applications executed by the virtual machine (Srinivasan, Fig. 1, 102 customer; Fig. 5, 510 security service (as notification service), 522 Agent, 520 virtual machine; Col 15, lines 5-15, The agent 522 may be a process or application executed by the virtual machine 520…The agent 522 may execute one or more "hooks" in a kernel of an operating system of the virtual machines 520. For example the agent 522 may execute a hook that intercepts messages generated by the operating system when processes are or other software executed by the virtual machine 520. Lines 22-26, intercepting function calls, messages, or events passed between applications, including the operating system. The agent 522 may then generate a stream of additional information corresponding to various hooks executed by the agent 522 and provide the stream to the security service 510; Col 10, lines 55-58, virtual machine 320 may be provided to the customers…and the customers may utilize the virtual machine 320. lines 63-67, the customer 302 with an interface, such as the user interface described above in connection with FIG. 2, to manage and interact with the security service 310, the agents 322, and/or the virtual machines 320;
(b) receiving, by the notification service, notifications from other applications of the user (Srinivasan, Fig. 4, 410 security service (as notification service), 620 virtual machines, 422 agents; Col 15, lines 22-26, intercepting function calls, messages, or events passed between applications, including the operating system. The agent 522 may then generate a stream of additional information corresponding to various hooks executed by the agent 522 and provide the stream to the security service 510; [Examiner noted: the agents (see Fig. 4, 422 agents) within the each virtual machines is providing message/stream/notification from other applications to the security service (as notification service)] ; 
(a) identifying, by the notification service, notifications for the user from the plurality of virtualized applications and the plurality of other applications (Srinivasan, Fig. 4, 410 security service (as notification service), 620 virtual machines, 422 agents; Col 15, lines 56-59, The security service 510 may process information obtained from the agents 522 and/or operational information 504 based at least in part identify malicious activity indicated in operational information 504 at various levels from various sources; Col 16, lines 9-12, This information may be correlated by the security service 510 to determine a subset of the IP address associated with malicious activity (e.g., the binaries executed by the virtual machines 520 match known malware) [Examiner noted: the security service (as notification service) identifying the malicious activities from all the messages/notifications received from the agents, see Fig. 4, different agents 422]; 
(d) selecting, by the notification service, one or more notifications from the identified notifications of the user, at least one of the one or more notifications comprising a notification to the user from a virtualized application (Srinivasan, Col 15, lines 60-62, the security service 510 may identify malicious activity indicated in operational information 504 at various levels from various sources; Col 16, lines 9-20, This information may be correlated by the security service 510 to determine a subset of the IP address associated with malicious activity (e.g., the binaries executed by the virtual machines 520 match known malware)…the security service 510 observes the same IP address attempting to connect to 100 different customer virtual machines. The security service 510 can then transmit an alarm to the 100 different customers [Examiner noted: the malicious activity with the same IP address of the operational information(as notification) is determined/selected from the identified malicious operational information, and then the alarm/notification is send to the corresponding user]; and 
(e) communicating, by the notification service, the selected one or more notifications to a notification system of a device of the user (Srinivasan, Fig. 1, 102 customer; Fig. 8, 802 user device (see Col 20, line 24, user device 802); Col 16, lines 15-18, the security service 510 observes the same IP address attempting to connect to 100 different customer virtual machines. The security service 510 can then transmit an alarm to the 100 different customers; Col 18, lines 54-57, an electronic client device 802, which can include any appropriate device (as notification system of a device of the user) operable to send and/or receive requests, messages, or information over an appropriate network).

Srinivasan fails to specifically teach the received notifications are aggregating/aggregated.

However, Boyd teaches the received notifications are aggregating/aggregated (Boyd, Fig. 2, 136 Merge CP messages Tool; Col 2, lines 49-52, The first software tool merges the signaling messages maintained in the plurality of signaling message files and places the merged signaling messages into a sorted signaling message file).

It would have been obvious to one having ordinary skill in the art before the effective filling date of the claimed invention to have combined the teaching of Srinivasan with Boyd because Boyd’s teaching of merging and sorting the messages/data (as notification) would have provided Srinivasan’s system with the 

As per claim 10, Srinivasan and Boyd teach the invention according to claim 9 above. Srinivasan further teaches wherein responsive to the one or more notifications, a virtual session of the user is established by the user on the device of the user to connect to the virtualized application (Srinivasan, Col 6, lines 3-10, the customer 102 may define particular action to take in response to particular security risks or threat levels. For example, a low security risk issue, such as out of date software, is simply reported in the security information 146, while a high security risk, such as use of a deprecated authentication protocol, would cause the agent 122 to perform immediate remedial/mitigation operation; Col 10, lines 55-58, virtual machine 320 may be provided to the customers…and the customers may utilize the virtual machine 320, lines 63-67, the customer 302 with an interface, such as the user interface described above in connection with FIG. 2, to manage and interact with the security service 310, the agents 322, and/or the virtual machines 320 (as virtual session established, since the customer is defining particular action in response to the notification)).

Claim 11 is rejected under 35 U.S.C. 103 as being unpatentable over Srinivasan and Boyd, as applied to claim 9 above, and further in view of TRAN et al. (US Pub. 2020/0327202 A1).

As per claim 11, Srinivasan and Boyd teach the invention according to claim 9 above. Srinivasan and Boyd fail to specifically teach wherein the notifications from the other applications include at least one of a web application notifications, a Software as a service (SaaS) application notifications, or a file notifications.

However, TRAN teaches wherein the notifications from the other applications include at least one of a web application notifications, a Software as a service (SaaS) application notifications, or a file notifications (TRAN, [0020] lines 9-13, provide safety event notifications including but not be limited to e-mail, short message service (SMS), mobile application notification, web application notification, notifications on an interface dashboard of the cloud platform, etc.).

It would have been obvious to one having ordinary skill in the art before the effective filling date of the claimed invention to have combined the teaching of Srinivasan and Boyd with TRAN because TRAN’s teaching of different applications’ notification would have provided Srinivasan and Boyd’s system with the advantage and capability to allow the system to address different situations based on received notifications which improving the system security.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZUJIA XU whose telephone number is (571)272-0954.  The examiner can normally be reached on M-F 9:00-5:30 EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Meng-Ai An can be reached on (571) 272-3756.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/MENG AI T AN/Supervisory Patent Examiner, Art Unit 2195