DETAILED ACTION
Claims 1-18 are pending in the application.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 2, 6, 8, 10 and 15-18 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Pub. No. 2019/0253 A1 to Jaisinghani in view of U.S. Pub. No. 20170315827 A1 to Patil et al. and further in view of U.S. Pub. No. 2019/0087431 A1 to Qiu et al. and further in view of U.S. Pub. No. 2007/0156729 A1 to Shaylor.

As to claim 1, Jaisinghani teaches a method, by a microkernel executing on a computing system, comprising
receiving, by the microkernel from an application (Microkernel 210/Dispatcher 212/Registry Module 402), a first system call (client requests) requesting to communicate with a service registry (service registry), the first system call being associated with an operation request, and wherein the microkernel is located in a kernel space (“...The microkernel 210 provides life cycle and service level management for each subsystem (e.g., the service manager 204, the dispatcher 212, the configuration manager 214, the provisioning manager 216, the resource manager 218, and the lock manger 220). It also provides a service registry capability, and a service lookup capability to register and lookup the service endpoints of the subsystems respectively...The dispatcher 212 serves as the entry point into the management system 102. It receives all client requests, determines the subsystem to which the request is targeted by doing a lookup in the microkernel 210 and then dispatches the request to the target subsystem. It also provides user authentication and authorization for the management system 102, and creates and maintains user sessions. User FIG. 4 is a block diagram of a microkernel 210 according to various embodiments. The microkernel 210 comprises a registry module 402, a controller module 404, and has access to a topology database 406...The registry module 402 is responsible for storing and accessing the registry entries of the service managers 204 in the service layer 302. The registry module 402 may additionally store registry information corresponding to the management services. In operation, the registry module 402 provides lookup services to the service managers 204...” paragraphs 0037/0038/0056/0057); and
sending, by the microkernel in response to the first system call, a first instruction to the service registry (“...The microkernel 210 provides life cycle and service level management for each subsystem (e.g., the service manager 204, the dispatcher 212, the configuration manager 214, the provisioning manager 216, the resource manager 218, and the lock manger 220). It also provides a service registry capability, and a service lookup capability to register and lookup the service endpoints of the subsystems respectively...The dispatcher 212 serves as the entry point into the management system 102. It receives all client requests, determines the subsystem to which the request is targeted by doing a lookup in the microkernel 210 and then dispatches the request to the target subsystem. It also provides user authentication and authorization for the management system 102, and creates and maintains user sessions. User authentication may be delegated to another server distinct from the management system 102. User authorization may be performed internally based on roles and privileges of a particular user. Upon successful authentication and authorization, a user session is created, and the session persists until a period of time is elapsed or when the user logs out...FIG. 4 is a block diagram of a microkernel 210 according to various embodiments. The microkernel 210 comprises a registry module 402, a controller module 404, and has access to a topology database 406...The registry module 402 is responsible for storing and accessing the registry entries of the service managers 204 in the service layer 302. The registry module 402 may additionally store registry information corresponding to the management services. In operation, the registry module 402 provides lookup services to the service managers 204...” paragraphs 0037/0038/0056/0057). 
Jaisinghani silent with reference to wherein the service registry is located in a user space,
receiving, by the microkernel from the service registry, a second system call requesting to communicate with at least one of an application service or a protocol service, the second system call being associated with the operation request, wherein the application service and the protocol service are both located in the user space, 
sending, by the microkernel in response to the second system call, a second instruction to at least one of the application service or the protocol service, and
receiving, by the microkernel from at least one of the application service or the protocol service, a third system call requesting to communicate with a driver service, the third system call being associated with the operation request, wherein the driver service is located in the user space; and sending, by the microkernel in response to the third system call, a third instruction to the driver service.  
Patil teaches wherein the service registry is located in a user space (the application layer registry hives) (“...To implement this abstraction, LRFD 340 intercepts any registry operation to determine whether the operation is directed to a registry hive of one of the mounted layers rather than to the operating system's registry hive. For example, in response to receiving a request to obtain a value of a particular registry subkey, LRFD 340 may be configured to first access registry hive 313 to determine if it includes the key (e.g., by determining whether the subkey is stored under the AppLayer311 subkey). If the subkey is found in registry hive 313, LRFD 340 may respond with its value. However, if the subkey is not found in registry hive 313, LRFD 340 may then access registry hive 323 to perform the same process. If LRFD 340 does not find the subkey in registry hive 323, it would then allow the operating system to fulfill the request in a normal fashion...Accordingly, LRFD 340 is configured to iteratively access the application layer registry hives when handling a registry operation. If none of the application layer registry hives have the subkey that is the target of the registry operation, LRFD 340 will pass the registry operation on to operating system 302 for normal processing...When it receives a modifying registry operation, LRFD 340 can perform substantially the same processing as when a non-modifying registry operation is received to update the key/value in the merged hive. However, in such cases, LRFD 340 can additionally update the key/value in the source registry hive (i.e., the OS or application layer registry hive where the key/value is stored). FIG. 6A and 6B depict how this can be done...” paragraphs 0021/0022/0050).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claim invention to modify the system of Jaisinghani with the teaching of Patil because the teaching of Patil would improve the system of Jaisinghani by allowing kernel space resources to be available in the user space so as to eliminate or reduce latency associated with accessing in the kernel space.
Qiu teaches receiving, by the microkernel (operating system employed by device (e.g., in microkernel architectures) from the service registry (FUSE 108: NOTE services (application services/K/V store are REGISTERED with FUSE 108), a second system call requesting to communicate with at least one of an application service or a protocol service, the second system call being associated with the operation request, wherein the application service and the protocol service are both located in the user space (KVFS library 114/key-value (KV) storage engine 116), and
The division between user space 120A software and kernel space 120B software is dependent on the type of operating system employed by device (e.g., in microkernel architectures)...Second, VFS 106 routes system calls to FUSE 108. In the illustrated embodiment, FUSE 108 is a kernel-level module for allowing access to user space 120A filesystems without modifying the kernel. That is, FUSE 108 allows for user-installed filesystems co-existing with kernel-level filesystems. Examples of user space filesystems include sshfs, MooseFS, and others. In general, user space filesystems may be mounted by executing an application that registers the user space filesystem with FUSE 108. On subsequent system calls, VFS 106 routes any system calls to a user space filesystem to FUSE 108. FUSE-based file operations are routed by FUSE 108 to a corresponding FUSE library in user space 120A, such as KVFS library 114. A FUSE library generally defines a number of endpoints conforming to a standardized interface that FUSE 108 understands. In some embodiments, the library may additionally include supplemental interfaces that may be called directly from an application...In the illustrated embodiment, the installed filesystems of system 100 includes a key-value filesystem (KVFS) implemented as a user space module 110 and/or a kernel space module 118. As used herein, KVFS user space module 110 and KVFS kernel module 118 are referred to, collectively, as a key-value filesystem (KVFS) module when refer to operations performed by both modules...The system 100 may include either the KVFS user space module 110 or the module 118, or may include both depending on the specific installation of the KFVS. Both KVFS user space module 110 and module 118 communicate with an underlying key-value (KV) storage engine 116 as described herein. The user space and a kernel space implementation differ in the specific processing, both of which are described herein, yet generally perform the same operations. That is, the routing of requests to module 110 and module 118 is performed 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claim invention to modify the system of Jaisinghani and Patil with the teaching of Qiu because the teaching of Qiu would improve the system of the effective filing date of the claim invention 
Shaylor teaches receiving, by the microkernel (microkernel) from at least one of the application service or the protocol service, a third system call requesting to communicate with a driver service, the third system call being associated with the operation request (message passing system/message passing architecture), wherein the driver service is located in the user space (user space) (“...In an operating system architecture such as that shown in FIG. 2, drivers and other system components are not part of the microkernel. As a result, input/output (I/O) requests are passed to the drivers using a message passing system. The sender of the request calls the microkernel and the microkernel copies the request into the driver (or other task) and then switches user mode execution to that task to process the request. When processing of the request is complete, the microkernel copies any results back to the sender task and the user mode context is switched back to the sender task. The use of such a message passing system therefore enables drivers (e.g., disk driver 230) to be moved from the microkernel to a task in user-space...FIG. 3 illustrates an exemplary structure of a message 300. As noted above, a message such as message 300 can be sent from one task to another using the Send directive, and received by a task using the Receive directive. The architecture used in microkernel 100 is based on a message passing architecture in which tasks communicate with one another via messages sent through microkernel 100. Message 300 is an example of a structure which may be used for inter-task communications in microkernel 100. Message 300 includes an I/O channel identifier 305, an operation code 310, a result field 315, argument fields 320 and 325, and a data description record (DDR) 330. DDR 330 may be, for example, a DDR according to embodiments of the present invention. I/O channel identifier 305 is used to indicate the I/O channel of the task receiving the message. Operation code 310 indicates the operation that is being requested by the sender of the message. Result field 315 is available to allow the task receiving the message to communicate the result of the actions requested by the message to the message's sender. In a similar manner, argument fields 320 and 325 allow a sender to provide parameters to a receiver to enable the receiver to carry out the requested actions. DDR 330 is the vehicle by which data (if needed) is transferred from the sending task to the receiving task. As will be apparent to one of skill in the art, while argument fields 320 and 325 are discussed in terms of parameters, argument fields 320 and 325 can also be viewed as simply carrying small amounts of specific data...FIG. 8 illustrates the message passing architecture used in microkernel 100 to facilitate communications between a client task (a client 810) and a server task (a server 820). In this message passing architecture, information is passed from client 810 to server 820 using a message. This is illustrated in FIG. 8 as the passing of a message 830 through microkernel 100, which appears at server 820 as a message 840. As will be understood by one of skill in the art, although the passing of message 830 through microkernel 100 is depicted as a copy operation (as is indicated by the difference in reference numerals between message 830 and message 840), message 830 can be passed to server 820 simply by reference. In that case, no copying of message 830 would actually occur, and only a reference indicating the location of the information held in message 830 would travel from client 810 to server 820...FIG. 9 illustrates the first step in the process of message passing. A message 900 is copied into a thread control block 910 as message 920. Message 900 uses a format such as that shown in FIGS. 3-7, illustrated therein as message 300, to pass data or information regarding access to the data, and so is basically a data structure containing data and/or other information. In contrast, thread control block 910 is used to provide a control mechanism for a thread controlled thereby. In the present invention, the functionality of the thread control block is extended to include a message, allowing the thread control block to both control a thread and task I/O as well. A thread, in contrast to a message or thread control block, may be conceptualized as a execution path through a program, as is discussed more fully below...” paragraphs 0045/0064/0081/0082), and sending, by the microkernel in response to the third system call, a third instruction to the driver service (“...In an operating system architecture such as that shown in FIG. 2, drivers and other system components are not part of the microkernel. As a result, input/output (I/O) requests are passed to the drivers using a message passing system. The sender of the request calls the microkernel and the microkernel copies the request into the driver (or other task) and then switches user mode execution to that task to process the request. When processing of the request is complete, the microkernel copies any results back to the sender task and the user mode context is switched back to the sender task. The use of such a message passing system therefore enables drivers (e.g., disk driver 230) to be moved from the microkernel to a task in user-space...FIG. 3 illustrates an exemplary structure of a message 300. As noted above, a message such as message 300 can be sent from one task to another using the Send directive, and received by a task using the Receive directive. The architecture used in microkernel 100 is based on a message passing architecture in which tasks communicate with one another via messages sent through microkernel 100. Message 300 is an example of a structure which may be used for inter-task communications in microkernel 100. Message 300 includes an I/O channel identifier 305, an operation code 310, a result field 315, argument fields 320 and 325, and a data description record (DDR) 330. DDR 330 may be, for example, a DDR according to embodiments of the present invention. I/O channel identifier 305 is used to indicate the I/O channel of the task receiving the message. Operation code 310 indicates the operation that is being requested by the sender of the message. Result field 315 is available to allow the task receiving the message to communicate the result of the actions requested by the message to the message's sender. In a similar manner, argument fields 320 and 325 allow a sender to provide parameters to a receiver to enable the receiver to carry out the requested actions. DDR 330 is the vehicle by which data (if needed) is transferred from the sending task to the receiving task. As will be apparent to one of skill in the art, while argument fields 320 and 325 are discussed in terms of parameters, argument fields 320 and 325 can also be viewed as simply carrying small amounts of specific data...FIG. 8 illustrates the message passing architecture used in microkernel 100 to facilitate communications between a client task (a client 810) and a server task (a server 820). In this message passing architecture, information is passed from client 810 to server 820 using a message. This is illustrated in FIG. 8 as the passing of a message 830 through microkernel 100, which appears at server 820 as a message 840. As will be understood by one of skill in the art, although the passing of message 830 through microkernel 100 is depicted as a copy operation (as is indicated by the difference in reference numerals between message 830 and message 840), message 830 can be passed to server 820 simply by reference. In that case, no copying of message 830 would actually occur, and only a reference indicating the location of the information held in message 830 would travel from client 810 to server 820...FIG. 9 illustrates the first step in the process of message passing. A message 900 is copied into a thread control block 910 as message 920. Message 900 uses a format such as that shown in FIGS. 3-7, illustrated therein as message 300, to pass data or information regarding access to the data, and so is basically a data structure containing data and/or other information. In contrast, thread control block 910 is used to provide a control mechanism for a thread controlled thereby. In the present invention, the functionality of the thread control block is extended to include a message, allowing the thread control block to both control a thread and task I/O as well. A thread, in contrast to a message or thread control block, may be conceptualized as a execution path through a program, as is discussed more fully below...” paragraphs 0045/0064/0081/0082).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claim invention to modify the system of Jaisinghani, Patil and Qiu with the teaching of Shaylor because the teaching of Shaylor would improve the system of the effective filing date of the claim invention to modify the system of Jaisinghani, Patil and Qiu by providing a technique to provide driver service.

The resource manager 218 is responsible for reserving and allocating actual, concrete resources. Reservations may be leased, that is, the reservations expire if not used by a particular service by a particular time. The reservations may be permanent (or up to a specified maximum duration) by performing a resource allocation based on a service deployment command issued by the user (e.g. a systems administrator). The resource manager 218 may further dynamically assign resources and periodically adjust the resource allocation between services...” paragraph 0042). 

As to claim 6, Patil teaches the method of Claim 1, wherein the application service comprises one of a key-value store (application layer registry hive where the key/value is stored), a motion service or an event service (“...To implement this abstraction, LRFD 340 intercepts any registry operation to determine whether the operation is directed to a registry hive of one of the mounted layers rather than to the operating system's registry hive. For example, in response to receiving a request to obtain a value of a particular registry subkey, LRFD 340 may be configured to first access registry hive 313 to determine if it includes the key (e.g., by determining whether the subkey is stored under the AppLayer311 subkey). If the subkey is found in registry hive 313, LRFD 340 may respond with its value. However, if the subkey is not found in registry hive 313, LRFD 340 may then access registry hive 323 to perform the same process. If LRFD 340 does not find the subkey in registry hive 323, it would then allow the operating system to fulfill the request in a normal fashion...Accordingly, LRFD 340 is configured to iteratively access the application layer registry hives when handling a registry operation. If none of the application layer registry hives have the subkey that is the target of the registry operation, LRFD 340 will pass the registry operation on to operating system 302 for normal processing...When it receives a modifying registry operation, LRFD 340 can perform substantially the same processing as when a non-modifying registry operation is received to update the key/value in the merged hive. However, in such cases, LRFD 340 can additionally update the key/value in the source registry hive (i.e., the OS or application layer registry hive where the key/value is stored). FIG. 6A and 6B depict how this can be done...” paragraphs 0021/0022/0050).


As to claim 8, Shaylor teaches the method of Claim 1, wherein the third system call identifies the driver service of a plurality of driver services to send the third instruction (“...In an operating system architecture such as that shown in FIG. 2, drivers and other system components are not part of the microkernel. As a result, input/output (I/O) requests are passed to the drivers using a message passing system. The sender of the request calls the microkernel and the microkernel copies the request into the driver (or other task) and then switches user mode execution to that task to process the request. When processing of the request is complete, the microkernel copies any results back to the sender task and the user mode context is switched back to the sender task. The use of such a message passing system therefore enables drivers (e.g., disk driver 230) to be moved from the microkernel to a task in user-space...FIG. 3 illustrates an exemplary structure of a message 300. As noted above, a message such as message 300 can be sent from one task to another using the Send directive, and received by a task using the Receive directive. The architecture used in microkernel 100 is based on a message passing architecture in which tasks communicate with one another via messages sent through microkernel 100. Message 300 is an example of a structure which may be used for inter-task communications in microkernel 100. Message 300 includes an I/O channel identifier 305, an operation code 310, a result field 315, argument fields 320 and 325, and a data description record (DDR) 330. DDR 330 may be, for example, a DDR according to embodiments of the present invention. I/O channel identifier 305 is used to indicate the I/O channel of the task receiving the message. Operation code 310 indicates the operation that is being requested by the sender of the message. Result field 315 is available to allow the task receiving the message to communicate the result of the actions requested by the message to the message's sender. In a similar manner, argument fields 320 and 325 allow a sender to provide parameters to a receiver to enable the receiver to carry out the requested actions. DDR 330 is the vehicle by which data (if needed) is transferred from the sending task to the receiving task. As will be apparent to one of skill in the art, while argument fields 320 and 325 are discussed in terms of parameters, argument fields 320 and 325 can also be viewed as simply carrying small amounts of specific data...FIG. 8 illustrates the message passing architecture used in microkernel 100 to facilitate communications between a client task (a client 810) and a server task (a server 820). In this message passing architecture, information is passed from client 810 to server 820 using a message. This is illustrated in FIG. 8 as the passing of a message 830 through microkernel 100, which appears at server 820 as a message 840. As will be understood by one of skill in the art, although the passing of message 830 through microkernel 100 is depicted as a copy operation (as is indicated by the difference in reference numerals between message 830 and message 840), message 830 can be passed to server 820 simply by reference. In that case, no copying of message 830 would actually occur, and only a reference indicating the location of the information held in message 830 would travel from client 810 to server 820...FIG. 9 illustrates the first step in the process of message passing. A message 900 is copied into a thread control block 910 as message 920. Message 900 uses a format such as that shown in FIGS. 3-7, illustrated therein as message 300, to pass data or information regarding access to the data, and so is basically a data structure containing data and/or other information. In contrast, thread control block 910 is used to provide a control mechanism for a thread controlled thereby. In the present invention, the functionality of the thread control block is extended to include a message, allowing the thread control block to both control a thread and task I/O as well. A thread, in contrast to a message or thread control block, may be conceptualized as a execution path through a program, as is discussed more fully below...” paragraphs 0045/0064/0081/0082), and sending, by the microkernel in response to the third system call, a third instruction to the driver service (“...In an operating system architecture such as that shown in FIG. 2, drivers and other system components are not part of the microkernel. As a result, input/output (I/O) requests are passed to the drivers using a message passing system. The sender of the request calls the microkernel and the microkernel copies the request into the driver (or other task) and then switches user mode execution to that task to process the request. When processing of the request is complete, the microkernel copies any results back to the sender task and the user mode context is switched back to the sender task. The use of such a message passing system therefore enables drivers (e.g., disk driver 230) to be moved from the microkernel to a task in user-space...FIG. 3 illustrates an exemplary structure of a message 300. As noted above, a message such as message 300 can be sent from one task to another using the Send directive, and received by a task using the Receive directive. The architecture used in microkernel 100 is based on a message passing architecture in which tasks communicate with one another via messages sent through microkernel 100. Message 300 is an example of a structure which may be used for inter-task communications in microkernel 100. Message 300 includes an I/O channel identifier 305, an operation code 310, a result field 315, argument fields 320 and 325, and a data description record (DDR) 330. DDR 330 may be, for example, a DDR according to embodiments of the present invention. I/O channel identifier 305 is used to indicate the I/O channel of the task receiving the message. Operation code 310 indicates the operation that is being requested by the sender of the message. Result field 315 is available to allow the task receiving the message to communicate the result of the actions requested by the message to the message's sender. In a similar manner, argument fields 320 and 325 allow a sender to provide parameters to a receiver to enable the receiver to carry out the requested actions. DDR 330 is the vehicle by which data (if needed) is transferred from the sending task to the receiving task. As will be apparent to one of skill in the art, while argument fields 320 and 325 are discussed in terms of parameters, argument fields 320 and 325 can also be viewed as simply carrying small amounts of specific data...FIG. 8 illustrates the message passing architecture used in microkernel 100 to facilitate communications between a client task (a client 810) and a server task (a server 820). In this message passing architecture, information is passed from client 810 to server 820 using a message. This is illustrated in FIG. 8 as the passing of a message 830 through microkernel 100, which appears at server 820 as a message 840. As will be understood by one of skill in the art, although the passing of message 830 through microkernel 100 is depicted as a copy operation (as is indicated by the difference in reference numerals between message 830 and message 840), message 830 can be passed to server 820 simply by reference. In that case, no copying of message 830 would actually occur, and only a reference indicating the location of the information held in message 830 would travel from client 810 to server 820...FIG. 9 illustrates the first step in the process of message passing. A message 900 is copied into a thread control block 910 as message 920. Message 900 uses a format such as that shown in FIGS. 3-7, illustrated therein as message 300, to pass data or information regarding access to the data, and so is basically a data structure containing data and/or other information. In contrast, thread control block 910 is used to provide a control mechanism for a thread controlled thereby. In the present invention, the functionality of the thread control block is extended to include a message, allowing the thread control block to both control a thread and task I/O as well. A thread, in contrast to a message or thread control block, may be conceptualized as a execution path through a program, as is discussed more fully below...” paragraphs 0045/0064/0081/0082).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claim invention to modify the system of Jaisinghani, Patil and Qiu with the teaching of Shaylor because the teaching of Shaylor would improve the system of the effective filing date of the claim invention to modify the system of Jaisinghani, Patil and Qiu by providing a technique to provide driver service.

drivers block, a driver for a universal serial bus (USB), a driver for a peripheral component interconnect (PCI), a driver for a display, or a driver for an inertial measurement unit (IMU) (“...In an operating system architecture such as that shown in FIG. 2, drivers and other system components are not part of the microkernel. As a result, input/output (I/O) requests are passed to the drivers using a message passing system. The sender of the request calls the microkernel and the microkernel copies the request into the driver (or other task) and then switches user mode execution to that task to process the request. When processing of the request is complete, the microkernel copies any results back to the sender task and the user mode context is switched back to the sender task. The use of such a message passing system therefore enables drivers (e.g., disk driver 230) to be moved from the microkernel to a task in user-space...FIG. 3 illustrates an exemplary structure of a message 300. As noted above, a message such as message 300 can be sent from one task to another using the Send directive, and received by a task using the Receive directive. The architecture used in microkernel 100 is based on a message passing architecture in which tasks communicate with one another via messages sent through microkernel 100. Message 300 is an example of a structure which may be used for inter-task communications in microkernel 100. Message 300 includes an I/O channel identifier 305, an operation code 310, a result field 315, argument fields 320 and 325, and a data description record (DDR) 330. DDR 330 may be, for example, a DDR according to embodiments of the present invention. I/O channel identifier 305 is used to indicate the I/O channel of the task receiving the message. Operation code 310 indicates the operation that is being requested by the sender of the message. Result field 315 is available to allow the task receiving the message to communicate the result of the actions requested by the message to the message's sender. In a similar manner, argument fields 320 and 325 allow a sender to provide parameters to a receiver to enable the receiver to carry out the requested actions. DDR 330 is the vehicle by which data (if needed) is transferred from the sending task to the receiving task. As will be apparent to one of skill in the art, while argument fields 320 and 325 are discussed in terms of parameters, argument fields 320 and 325 can also be viewed as simply carrying small amounts of specific data...FIG. 8 illustrates the message passing architecture used in microkernel 100 to facilitate communications between a client task (a client 810) and a server task (a server 820). In this message passing architecture, information is passed from client 810 to server 820 using a message. This is illustrated in FIG. 8 as the passing of a message 830 through microkernel 100, which appears at server 820 as a message 840. As will be understood by one of skill in the art, although the passing of message 830 through microkernel 100 is depicted as a copy operation (as is indicated by the difference in reference numerals between message 830 and message 840), message 830 can be passed to server 820 simply by reference. In that case, no copying of message 830 would actually occur, and only a reference indicating the location of the information held in message 830 would travel from client 810 to server 820...FIG. 9 illustrates the first step in the process of message passing. A message 900 is copied into a thread control block 910 as message 920. Message 900 uses a format such as that shown in FIGS. 3-7, illustrated therein as message 300, to pass data or information regarding access to the data, and so is basically a data structure containing data and/or other information. In contrast, thread control block 910 is used to provide a control mechanism for a thread controlled thereby. In the present invention, the functionality of the thread control block is extended to include a message, allowing the thread control block to both control a thread and task I/O as well. A thread, in contrast to a message or thread control block, may be conceptualized as a execution path through a program, as is discussed more fully below...” paragraphs 0045/0064/0081/0082), and sending, by the microkernel in response to the third system call, a third instruction to the driver service (“...In an operating system architecture such as that shown in FIG. 2, drivers and other system components are not part of the microkernel. As a result, input/output (I/O) requests are passed to the drivers using a message passing system. The sender of the request calls the microkernel and the microkernel copies the request into the driver (or other task) and then switches user mode execution to that task to process the request. When processing of the request is complete, the microkernel copies any results back to the sender task and the user mode context is switched back to the sender task. The use of such a message passing system therefore enables drivers (e.g., disk driver 230) to be moved from the microkernel to a task in user-space...FIG. 3 illustrates an exemplary structure of a message 300. As noted above, a message such as message 300 can be sent from one task to another using the Send directive, and received by a task using the Receive directive. The architecture used in microkernel 100 is based on a message passing architecture in which tasks communicate with one another via messages sent through microkernel 100. Message 300 is an example of a structure which may be used for inter-task communications in microkernel 100. Message 300 includes an I/O channel identifier 305, an operation code 310, a result field 315, argument fields 320 and 325, and a data description record (DDR) 330. DDR 330 may be, for example, a DDR according to embodiments of the present invention. I/O channel identifier 305 is used to indicate the I/O channel of the task receiving the message. Operation code 310 indicates the operation that is being requested by the sender of the message. Result field 315 is available to allow the task receiving the message to communicate the result of the actions requested by the message to the message's sender. In a similar manner, argument fields 320 and 325 allow a sender to provide parameters to a receiver to enable the receiver to carry out the requested actions. DDR 330 is the vehicle by which data (if needed) is transferred from the sending task to the receiving task. As will be apparent to one of skill in the art, while argument fields 320 and 325 are discussed in terms of parameters, argument fields 320 and 325 can also be viewed as simply carrying small amounts of specific data...FIG. 8 illustrates the message passing architecture used in microkernel 100 to facilitate communications between a client task (a client 810) and a server task (a server 820). In this message passing architecture, information is passed from client 810 to server 820 using a message. This is illustrated in FIG. 8 as the passing of a message 830 through microkernel 100, which appears at server 820 as a message 840. As will be understood by one of skill in the art, although the passing of message 830 through microkernel 100 is depicted as a copy operation (as is indicated by the difference in reference numerals between message 830 and message 840), message 830 can be passed to server 820 simply by reference. In that case, no copying of message 830 would actually occur, and only a reference indicating the location of the information held in message 830 would travel from client 810 to server 820...FIG. 9 illustrates the first step in the process of message passing. A message 900 is copied into a thread control block 910 as message 920. Message 900 uses a format such as that shown in FIGS. 3-7, illustrated therein as message 300, to pass data or information regarding access to the data, and so is basically a data structure containing data and/or other information. In contrast, thread control block 910 is used to provide a control mechanism for a thread controlled thereby. In the present invention, the functionality of the thread control block is extended to include a message, allowing the thread control block to both control a thread and task I/O as well. A thread, in contrast to a message or thread control block, may be conceptualized as a execution path through a program, as is discussed more fully below...” paragraphs 0045/0064/0081/0082).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claim invention to modify the system of Jaisinghani, Patil and Qiu with the teaching of Shaylor because the teaching of Shaylor would improve the system of the effective filing date of the claim invention to modify the system of Jaisinghani, Patil and Qiu by providing a technique to provide driver service.

As to claim 15, Shaylor teaches the method of Claim 1, further comprising: receiving a first response to the third instruction from the driver service, wherein the first response is associated with the operation request; and sending the first response to the application service or the protocol service (“...In an operating system architecture such as that shown in FIG. 2, drivers and other system components are not part of the microkernel. As a result, input/output (I/O) requests are passed to the drivers using a message passing system. The sender of the request calls the microkernel and the microkernel copies the request into the driver (or other task) and then switches user mode execution to that task to process the request. When processing of the request is complete, the microkernel copies any results back to the sender task and the user mode context is switched back to the sender task. The use of such a message passing system therefore enables drivers (e.g., disk driver 230) to be moved from the microkernel to a task in user-space...FIG. 3 illustrates an exemplary structure of a message 300. As noted above, a message such as message 300 can be sent from one task to another using the Send directive, and received by a task using the Receive directive. The architecture used in microkernel 100 is based on a message passing architecture in which tasks communicate with one another via messages sent through microkernel 100. Message 300 is an example of a structure which may be used for inter-task communications in microkernel 100. Message 300 includes an I/O channel identifier 305, an operation code 310, a result field 315, argument fields 320 and 325, and a data description record (DDR) 330. DDR 330 may be, for example, a DDR according to embodiments of the present invention. I/O channel identifier 305 is used to indicate the I/O channel of the task receiving the message. Operation code 310 indicates the operation that is being requested by the sender of the message. Result field 315 is available to allow the task receiving the message to communicate the result of the actions requested by the message to the message's sender. In a similar manner, argument fields 320 and 325 allow a sender to provide parameters to a receiver to enable the receiver to carry out the requested actions. DDR 330 is the vehicle by which data (if needed) is transferred from the sending task to the receiving task. As will be apparent to one of skill in the art, while argument fields 320 and 325 are discussed in terms of parameters, argument fields 320 and 325 can also be viewed as simply carrying small amounts of specific data...FIG. 8 illustrates the message passing architecture used in microkernel 100 to facilitate communications between a client task (a client 810) and a server task (a server 820). In this message passing architecture, information is passed from client 810 to server 820 using a message. This is illustrated in FIG. 8 as the passing of a message 830 through microkernel 100, which appears at server 820 as a message 840. As will be understood by one of skill in the art, although the passing of message 830 through microkernel 100 is depicted as a copy operation (as is indicated by the difference in reference numerals between message 830 and message 840), message 830 can be passed to server 820 simply by reference. In that case, no copying of message 830 would actually occur, and only a reference indicating the location of the information held in message 830 would travel from client 810 to server 820...FIG. 9 illustrates the first step in the process of message passing. A message 900 is copied into a thread control block 910 as message 920. Message 900 uses a format such as that shown in FIGS. 3-7, illustrated therein as message 300, to pass data or information regarding access to the data, and so is basically a data structure containing data and/or other information. In contrast, thread control block 910 is used to provide a control mechanism for a thread controlled thereby. In the present invention, the functionality of the thread control block is extended to include a message, allowing the thread control block to both control a thread and task I/O as well. A thread, in contrast to a message or thread control block, may be conceptualized as a execution path through a program, as is discussed more fully below...” paragraphs 0045/0064/0081/0082), and In an operating system architecture such as that shown in FIG. 2, drivers and other system components are not part of the microkernel. As a result, input/output (I/O) requests are passed to the drivers using a message passing system. The sender of the request calls the microkernel and the microkernel copies the request into the driver (or other task) and then switches user mode execution to that task to process the request. When processing of the request is complete, the microkernel copies any results back to the sender task and the user mode context is switched back to the sender task. The use of such a message passing system therefore enables drivers (e.g., disk driver 230) to be moved from the microkernel to a task in user-space...FIG. 3 illustrates an exemplary structure of a message 300. As noted above, a message such as message 300 can be sent from one task to another using the Send directive, and received by a task using the Receive directive. The architecture used in microkernel 100 is based on a message passing architecture in which tasks communicate with one another via messages sent through microkernel 100. Message 300 is an example of a structure which may be used for inter-task communications in microkernel 100. Message 300 includes an I/O channel identifier 305, an operation code 310, a result field 315, argument fields 320 and 325, and a data description record (DDR) 330. DDR 330 may be, for example, a DDR according to embodiments of the present invention. I/O channel identifier 305 is used to indicate the I/O channel of the task receiving the message. Operation code 310 indicates the operation that is being requested by the sender of the message. Result field 315 is available to allow the task receiving the message to communicate the result of the actions requested by the message to the message's sender. In a similar manner, argument fields 320 and 325 allow a sender to provide parameters to a receiver to enable the receiver to carry out the requested actions. DDR 330 is the vehicle by which data (if needed) is transferred from the sending task to the receiving task. As will be apparent to one of skill in the art, while argument fields 320 and 325 are discussed in terms of parameters, argument fields 320 and 325 can also be viewed as simply carrying small amounts of specific data...FIG. 8 illustrates the message passing architecture used in microkernel 100 to facilitate communications between a client task (a client 810) and a server task (a server 820). In this message passing architecture, information is passed from client 810 to server 820 using a message. This is illustrated in FIG. 8 as the passing of a message 830 through microkernel 100, which appears at server 820 as a message 840. As will be understood by one of skill in the art, although the passing of message 830 through microkernel 100 is depicted as a copy operation (as is indicated by the difference in reference numerals between message 830 and message 840), message 830 can be passed to server 820 simply by reference. In that case, no copying of message 830 would actually occur, and only a reference indicating the location of the information held in message 830 would travel from client 810 to server 820...FIG. 9 illustrates the first step in the process of message passing. A message 900 is copied into a thread control block 910 as message 920. Message 900 uses a format such as that shown in FIGS. 3-7, illustrated therein as message 300, to pass data or information regarding access to the data, and so is basically a data structure containing data and/or other information. In contrast, thread control block 910 is used to provide a control mechanism for a thread controlled thereby. In the present invention, the functionality of the thread control block is extended to include a message, allowing the thread control block to both control a thread and task I/O as well. A thread, in contrast to a message or thread control block, may be conceptualized as a execution path through a program, as is discussed more fully below...” paragraphs 0045/0064/0081/0082).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claim invention to modify the system of Jaisinghani, Patil and Qiu with the teaching of Shaylor because the teaching of Shaylor would improve the system of the effective filing date of the claim invention to modify the system of Jaisinghani, Patil and Qiu by providing a technique to provide driver service.

As to claim 16, Qiu teaches the method of Claim 15, further comprising: receiving a second response to the second instruction from the application service or the protocol service, wherein the second response is associated with the operation request; and sending the second response to the application (“...Finally, the return value is transmitted to the calling application via a return value of the system call provided by glibc 104. Thus, from the perspective of applications 102, the system call to write, and the return value, appear as a standard interface (e.g., identical to a system call to another installed operating system), while the underlying mechanics of storing the write buffer differ significantly from, for example, writing a file Finally, KVFS kernel module 118 also returns the return value of any operations to VFS 106 and, ultimately, to applications 102 in the manner described with respect to the user space implementation...” paragraphs 0042/0045). 

As to clams 17 and 18, see the rejection of claim 1 above, expect for one or more computer-readable non-transitory storage media, one or more processors; and a non-transitory memory.
Jaisinghani teaches one or more computer-readable non-transitory storage media, one or more processors; and a non-transitory memory

Claims 3-5 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Pub. No. 2019/0253367 A1 to Jaisinghani in view of U.S. Pub. No. 2017/0315827 A1 to Patil et al. and further in view of U.S. Pub. No. 2019/0087431 A1 to Qiu et al. and further in view of U.S. Pub. No. 2007/0156729 A1 to Shaylor as applied to claim 1 above, and further in view of U.S. Pub. No. 2005/0114870 A1 to Song et al.

Song teaches wherein the service registry determines whether the application has permission to access at least one of the application service or the protocol service, and wherein the service registry sends the second system call in response to determining the application has permission to access at least one of the application service or the protocol service (“...When the application software is initiated or executed, it may require various registry values to process the application software. Normally, registry keys are accessed through various queries to its subsystem for all accesses to the registry database 300. When a user process issues a registry query, the subsystem invokes the corresponding service call to request the operation on behalf of the caller. Here, the privatized virtual registry system 302 driver receives the registry query requests from normal application software and secured application software to open, create, read, write, delete, close and other registry calls to access the registry database 300. Any registry query that is received from a user process by the privatized virtual registry system 302 driver for a registry key or value residing on a real registry database, the privatized virtual registry system 302 driver redirects the request to the operating system 100 registry system driver to manage the real registry database. Before forwarding the request to operating system registry system driver, however the privatized virtual registry system 302 driver checks to see if any registry queries representing privatized virtual registry system. Therefore, the privatized virtual registry system driver module intercepts the registry query before it reaches the operating system registry system to provide a secured registry value from a secured registry pack provided by the cache database...In FIG. 8 at step 304, the said privatized virtual registry system driver intercepts for an open, create, read, write, delete, close or other registry query calls. The origination of the intercepted registry call received from the user process for a particular application software process can be established by identifying the process id. At step 306 in FIG. 8, the source or the requested process for the intercepted registry call is established. This registry query is classified into two categories as shown in FIG. 8 at step 308. That is classified either as a query from the normal application or a query from the secured application software created under the application wrapper 120. As shown in FIG. 8 at step 322, privatized virtual registry system driver will dispatch the registry query received from normal application software process directly to the operating system registry system driver to service the registry query to normal application software. The operating system registry system driver performs appropriate processing and returns the results to privatized virtual registry system driver and the privatized virtual registry system 302 eventually returns the results to the requesting process. Hence the state of OS registry system access is unchanged for normal application software. Registry query received from secured application software is filtered and serviced based on various conditions shown in FIG. 8 at steps 310, 314 and 318. Conditions are made to protect the registry values and to service the various registry operations. At step 310, the registry call established as secured application is further verified that if the requested registry call belongs to the same process then the registry call is serviced (Step 312) with the secured registry data source corresponding to the process ID otherwise further the call is verified (Step 314) that if access to other process resource is permitted for this requested call then the registry call is serviced (Step 316) within the permitted resource. Finally, for the process ID established as secured application software and if the registry call does not belong to same process or within the permitted resource then that requested registry call is rejected (Step 320) and returned to the requesting process. Thus, the registry access for the secured application is serviced privately within their private data resource...” paragraphs 0041/0042).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claim invention to modify the system of Jaisinghani, Patil, Qiu and Shaylor with the teaching of Song because the teaching of Song would improve the system of the effective filing date of the claim invention to modify the system of Jaisinghani, Patil, Qiu and Shaylor by providing a secure access to computing resources.

As to claim 4, Jaisinghani as modified by Patil, Qiu and Shaylor teaches the method of Claim 3, however it is silent with reference to wherein the operation request is associated with an operation to be performed, and wherein the application identifies the application service or 
Song teaches wherein the operation request is associated with an operation to be performed, and wherein the application identifies the application service or the protocol service to send the second instruction based on the operation to be performed (“...When the application software is initiated or executed, it may require various registry values to process the application software. Normally, registry keys are accessed through various queries to its subsystem for all accesses to the registry database 300. When a user process issues a registry query, the subsystem invokes the corresponding service call to request the operation on behalf of the caller. Here, the privatized virtual registry system 302 driver receives the registry query requests from normal application software and secured application software to open, create, read, write, delete, close and other registry calls to access the registry database 300. Any registry query that is received from a user process by the privatized virtual registry system 302 driver for a registry key or value residing on a real registry database, the privatized virtual registry system 302 driver redirects the request to the operating system 100 registry system driver to manage the real registry database. Before forwarding the request to operating system registry system driver, however the privatized virtual registry system 302 driver checks to see if any registry queries representing privatized virtual registry system. Therefore, the privatized virtual registry system driver module intercepts the registry query before it reaches the operating system registry system to provide a secured registry value from a secured registry pack provided by the cache database...In FIG. 8 at step 304, the said privatized virtual registry system driver intercepts for an open, create, read, write, delete, close or other registry query calls. The origination of the intercepted registry call received from the user process for a particular application software process can be established by identifying the process id. At step 306 in FIG. 8, the source or the requested process for the intercepted registry call is established. This registry query is classified into two categories as shown in FIG. 8 at step 308. That is classified either as a query from the normal application or a query from the secured application software created under the application wrapper 120. As shown in FIG. 8 at step 322, privatized virtual registry system driver will dispatch the registry query received from normal application software process directly to the operating system registry system driver to service the registry query to normal application software. Registry query received from secured application software is filtered and serviced based on various conditions shown in FIG. 8 at steps 310, 314 and 318. Conditions are made to protect the registry values and to service the various registry operations. At step 310, the registry call established as secured application is further verified that if the requested registry call belongs to the same process then the registry call is serviced (Step 312) with the secured registry data source corresponding to the process ID otherwise further the call is verified (Step 314) that if access to other process resource is permitted for this requested call then the registry call is serviced (Step 316) within the permitted resource. Finally, for the process ID established as secured application software and if the registry call does not belong to same process or within the permitted resource then that requested registry call is rejected (Step 320) and returned to the requesting process. Thus, the registry access for the secured application is serviced privately within their private data resource...” paragraphs 0041/0042).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claim invention to modify the system of Jaisinghani, Patil, Qiu and Shaylor with the teaching of Song because the teaching of Song would improve the system of the effective filing date of the claim invention to modify the system of Jaisinghani, Patil, Qiu and Shaylor by providing a secure access to computing resources.

As to claim 5, Jaisinghani as modified by Patil, Qiu and Shaylor teaches the method of Claim 3, however it is silent with reference to receiving, from the service registry in response to the service registry determining the application has permission to access at least one of the application service or the protocol service, a fourth system call to establish a connection between at least one of the application service or the protocol service to the application.  
Song teaches receiving, from the service registry in response to the service registry determining the application has permission to access at least one of the application service or the protocol service, a fourth system call to establish a connection between at least one of the application When a user process issues a registry query, the subsystem invokes the corresponding service call to request the operation on behalf of the caller. Here, the privatized virtual registry system 302 driver receives the registry query requests from normal application software and secured application software to open, create, read, write, delete, close and other registry calls to access the registry database 300. Any registry query that is received from a user process by the privatized virtual registry system 302 driver for a registry key or value residing on a real registry database, the privatized virtual registry system 302 driver redirects the request to the operating system 100 registry system driver to manage the real registry database. Before forwarding the request to operating system registry system driver, however the privatized virtual registry system 302 driver checks to see if any registry queries representing privatized virtual registry system. Therefore, the privatized virtual registry system driver module intercepts the registry query before it reaches the operating system registry system to provide a secured registry value from a secured registry pack provided by the cache database...In FIG. 8 at step 304, the said privatized virtual registry system driver intercepts for an open, create, read, write, delete, close or other registry query calls. The origination of the intercepted registry call received from the user process for a particular application software process can be established by identifying the process id. At step 306 in FIG. 8, the source or the requested process for the intercepted registry call is established. This registry query is classified into two categories as shown in FIG. 8 at step 308. That is classified either as a query from the normal application or a query from the secured application software created under the application wrapper 120. As shown in FIG. 8 at step 322, privatized virtual registry system driver will dispatch the registry query received from normal application software process directly to the operating system registry system driver to service the registry query to normal application software. The operating system registry system driver performs appropriate processing and returns the results to privatized virtual registry system driver and the privatized virtual registry system 302 eventually returns the results to the requesting process. Hence the state of OS registry system access is unchanged for normal application software. Registry query received from secured application software is filtered and serviced based on various conditions shown in FIG. 8 at steps 310, 314 and 318. Conditions are made to protect the registry values and to service the various registry operations. At step 310, the registry call established as secured application is further verified that if the requested registry call belongs to the same process then the registry call is serviced (Step 312) with the secured registry data source corresponding to the process ID otherwise further the call is verified (Step 314) that if access to other process resource is permitted for this requested call then the registry call is serviced (Step 316) within the permitted resource. Finally, for the process ID established as secured application software and if the registry call does not belong to same process or within the permitted resource then that requested registry call is rejected (Step 320) and returned to the requesting process. Thus, the registry access for the secured application is serviced privately within their private data resource...” paragraphs 0041/0042).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claim invention to modify the system of Jaisinghani, Patil, Qiu and Shaylor with the teaching of Song because the .

Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over U.S. Pub. No. 2019/0253367 A1 to Jaisinghani in view of U.S. Pub. No. 20170315827 A1 to Patil et al. and further in view of U.S. Pub. No. 2019/0087431 A1 to Qiu et al. and further in view of U.S. Pub. No. 2007/0156729 A1 to Shaylor as applied to claim 1 above, and further in view of U.S. Pub. No. 2008/0147755 A1 to Chapman et al.

As to claim 7, Jaisinghani as modified by Patil, Qiu and Shaylor teaches the method of Claim 1, however it is silent with reference to wherein the protocol service comprises one of a volume service, a network service, a dynamic host configuration protocol, or a wifi service.
Chapmann teaches wherein the protocol service comprises one of a volume service, a network service, a dynamic host configuration protocol, or a wifi service (network protocol layers) (“...Again to summarize, as used herein, the term "storage operating system" generally refers to the computer-executable code operable on a storage system that implements In this sense, Data ONTAP.TM. software is an example of such a storage operating system implemented as a microkernel. The storage operating system can also be implemented as an application program operating over a general-purpose operating system, such as UNIX.RTM. or Windows NT.RTM., or as a general-purpose operating system with configurable functionality, which is configured for storage applications as described herein...The organization of the preferred storage operating system for the exemplary filer is now described briefly. However, it is expressly contemplated that the principles of this invention can be implemented using a variety of alternate storage operating system architectures. As shown in FIG. 4, the storage operating system 400 comprises a series of software layers, including a media access layer 405 of network drivers (e.g., an Ethernet driver). The operating system further includes network protocol layers, such as the Internet Protocol (IP) layer 410 and its supporting transport mechanisms, the Transport Control Protocol (TCP) layer 415 and the User Datagram Protocol (UDP) layer 420. A file system protocol layer provides multi-protocol data access and, to that end, includes support for the CIFS protocol 425, the NFS protocol 430 and the Hypertext Transfer Protocol (HTTP) protocol 435. In addition, the storage operating system 400 includes a disk storage layer 440 that implements a disk storage protocol, such as a RAID protocol, and a disk driver layer 445, that implements a disk control protocol such as the small computer system interface (SCSI)...” paragraphs 0040/0041).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claim invention to modify the system of Jaisinghani, Patil, Qiu and Shaylor with the teaching of Chapman because the teaching of Chapman would improve the system of the effective filing date of the claim invention to modify the system of Jaisinghani, Patil, Qiu and Shaylor by providing a technique of allowing for varying selection of network protocols.

Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over U.S. Pub. No. 2019/0253367 A1 to Jaisinghani in view of U.S. Pub. No. 2019/0087431 A1 to Qiu et al. and further in view of U.S. Pub. No. 20170315827 A1 to Patil et al. and further in view of U.S. Pub. No. 2007/0156729 A1 to Shaylor as applied to claim 8 above, and further in view of U.S. Pub. No. 2015/0040181 A1 to Cook et al.


Cook teaches wherein the application service or the protocol service identifies the driver service to send the third instruction based on the second instruction, wherein the first instruction is associated with an operation to be performed by the driver service (“...The FRXDRV 202 may thus be configured to use the rules/assignments information in determining whether to "hide" certain resource from the user. For example, when the FRXDRV 202 receives an IO request or registry IO request to enumerate files, directories, keys, or values that are determined to be hidden based on rules/assignments information, the FRXDRV 202 may be configured to pass the operation request to the file system drivers 114, configuration manager 108 or other operating system components, as applicable, and to receive the results. The FRXDRV 202 may then remove the undesired (i.e., hidden) entries from the results and then complete the IO request or registry IO request by passing the altered results back up to the caller entity, e.g., the filter manager, the IO manager 106, or the configuration manager 108...The FRXDRV 202 opens the rules/assignments file 204 and loads the rules/assignments information into its internal data structures. Then when an open/create request is issued for a directory, file, or a registry key, or when a modify request is issued for a registry value, the FRXDRV 202 intercepts the request and looks at the rules/assignments information in its internal data structures to determine if the request should be redirected. If so, the FRXDRV 202 re-targets the request to the new location (as determined by the destination specified in the applicable rule)...” paragraph 0032/0041).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claim invention to modify the system of Jaisinghani, Patil, Qiu and Shaylor with the teaching of Cook because the teaching of Cook would improve the system of the effective filing date of the claim invention to modify the system of Jaisinghani, Patil, Qiu and Shaylor by providing a technique of controlling where and how requests are processed to produce optimal use of resources.

Claims 11-13 are rejected under 35 U.S.C. 103 as being unpatentable over U U.S. Pub. No. 2019/0253367 A1 to Jaisinghani in view of U.S. Pub. No. 2019/0087431 A1 to Qiu et al. and further in view of U.S. Pub. No. 20170315827 A1 to Patil et al. and further in view of U.S. Pub. No. 2007/0156729 A1 to Shaylor as applied to claim 1 above, and further in view of U.S. Pub. No. 2016/0162264 A1 to Wong et al.

As to claim 11,  Jaisinghani as modified by Patil, Qiu and Shaylor teaches the method of Claim 1, however it is silent with reference to wherein the service registry is one of a plurality of privileged services, and wherein the plurality of privileged services further comprises one of, a launcher, a loader, a device manager, or a permission broker.  
Wong teaches wherein the service registry is one of a plurality of privileged services, and wherein the plurality of privileged services further comprises one of, a launcher, a loader, a device manager, or a permission broker (“...The application 100 may also comprise an extensibility framework 104. The extensibility framework 104 may include a loader 106 and a service registry 108. The loader 106 may act to load a given set of bundles 102A-102C (or more generally, any combination of components, bundles, and features). In an example embodiment, different bundle loaders are used for different environments (e.g., browser, desktop, etc.). A bundle may be represented by a bundle manifest (a bundle.js file in an example embodiment). The bundle manifest may declare what is provided by the bundle and any dependencies the bundle has. The service registry 108 may be a data structure or data structures that store loaded components (service implementations) and may act to keep track of which components provide which service. The loader 106 may act to load the bundles 102A-102C (or more generally, any combination of components, bundles, and features) into the service registry, and the service registry 108 may then keep track of which bundles 102A-102C (or more generally, any combination of components, bundles, and features) depend on services provided by other bundles 102A-102C (or more generally, any combination of components, bundles, and features)...FIG. 6 is a sequence diagram illustrating a method 600 for running an extensibility framework, in accordance with an example embodiment. The method 600 may utilize an application bootstrap 602, a loader 604, a service registry 606, and a bundle 608. The term bundle should be interpreted broadly to encompass any combination of components, either at the component, bundle, or feature level. At operation 610, the application bootstrap 602 may call a loader 604, which at operation 612 may load one or more bundles into the service registry 606. At operation 614 the service registry 606 may send a confirmation message to the loader 604, which at operation 616 confirms to the application bootstrap 602 that the bundle(s) have been loaded...” paragraphs 00221/0029).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claim invention to modify the system of Jaisinghani, Patil, Qiu and Shaylor with the teaching of Wong because the teaching of Wong would improve the system of the effective filing date of the claim invention to modify the system of Jaisinghani, Patil, Qiu and Shaylor by providing an extensibility framework for use with dynamic computer programming languages (Wong paragraph 0001).

As to claim 12, Shaylor teaches the method of Claim 11, wherein each of the application service or the protocol service, the driver service, and the privileged service are running on separate processes (“...In an operating system architecture such as that shown in FIG. 2, drivers and other system components are not part of the microkernel. As a result, input/output (I/O) requests are passed to the drivers using a message passing system. The sender of the request calls the microkernel and the microkernel copies the request into the driver (or other task) and then switches user mode execution to that task to process the request. When processing of the request is complete, the microkernel copies any results back to the sender task and the user mode context is switched back to the sender task. The use of such a message passing system therefore enables drivers (e.g., disk driver 230) to be moved from the microkernel to a task in user-space...FIG. 3 illustrates an exemplary structure of a message 300. As noted above, a message such as message 300 can be sent from one task to another using the Send directive, and received by a task using the Receive directive. The architecture used in microkernel 100 is based on a message passing architecture in which tasks communicate with one another via messages sent through microkernel 100. Message 300 is an example of a structure which may be used for inter-task communications in microkernel 100. Message 300 includes an I/O channel identifier 305, an operation code 310, a result field 315, argument fields 320 and 325, and a data description record (DDR) 330. DDR 330 may be, for example, a DDR according to embodiments of the present invention. I/O channel identifier 305 is used to indicate the I/O channel of the task receiving the message. Operation code 310 indicates the operation that is being requested by the sender of the message. Result field 315 is available to allow the task receiving the message to communicate the result of the actions requested by the message to the message's sender. In a similar manner, argument fields 320 and 325 allow a sender to provide parameters to a receiver to enable the receiver to carry out the requested actions. DDR 330 is the vehicle by which data (if needed) is transferred from the sending task to the receiving task. As will be apparent to one of skill in the art, while argument fields 320 and 325 are discussed in terms of parameters, argument fields 320 and 325 can also be viewed as simply carrying small amounts of specific data...FIG. 8 illustrates the message passing architecture used in microkernel 100 to facilitate communications between a client task (a client 810) and a server task (a server 820). In this message passing architecture, information is passed from client 810 to server 820 using a message. This is illustrated in FIG. 8 as the passing of a message 830 through microkernel 100, which appears at server 820 as a message 840. As will be understood by one of skill in the art, although the passing of message 830 through microkernel 100 is depicted as a copy operation (as is indicated by the difference in reference numerals between message 830 and message 840), message 830 can be passed to server 820 simply by reference. In that case, no copying of message 830 would actually occur, and only a reference indicating the location of the information held in message 830 would travel from client 810 to server 820...FIG. 9 illustrates the first step in the process of message passing. A message 900 is copied into a thread control block 910 as message 920. Message 900 uses a format such as that shown in FIGS. 3-7, illustrated therein as message 300, to pass data or information regarding access to the data, and so is basically a data structure containing data and/or other information. In contrast, thread control block 910 is used to provide a control mechanism for a thread controlled thereby. In the present invention, the functionality of the thread control block is extended to include a message, allowing the thread control block to both control a thread and task I/O as well. A thread, in contrast to a message or thread control block, may be conceptualized as a execution path through a program, as is discussed more fully below...” paragraphs 0045/0064/0081/0082), and sending, by the microkernel in response to the third system call, a third instruction to the driver service (“...In an operating system architecture such as that shown in FIG. 2, drivers and other system components are not part of the microkernel. As a result, input/output (I/O) requests are passed to the drivers using a message passing system. The sender of the request calls the microkernel and the microkernel copies the request into the driver (or other task) and then switches user mode execution to that task to process the request. When processing of the request is complete, the microkernel copies any results back to the sender task and the user mode context is switched back to the sender task. The use of such a message passing system therefore enables drivers (e.g., disk driver 230) to be moved from the microkernel to a task in user-space...FIG. 3 illustrates an exemplary structure of a message 300. As noted above, a message such as message 300 can be sent from one task to another using the Send directive, and received by a task using the Receive directive. The architecture used in microkernel 100 is based on a message passing architecture in which tasks communicate with one another via messages sent through microkernel 100. Message 300 is an example of a structure which may be used for inter-task communications in microkernel 100. Message 300 includes an I/O channel identifier 305, an operation code 310, a result field 315, argument fields 320 and 325, and a data description record (DDR) 330. DDR 330 may be, for example, a DDR according to embodiments of the present invention. I/O channel identifier 305 is used to indicate the I/O channel of the task receiving the message. Operation code 310 indicates the operation that is being requested by the sender of the message. Result field 315 is available to allow the task receiving the message to communicate the result of the actions requested by the message to the message's sender. In a similar manner, argument fields 320 and 325 allow a sender to provide parameters to a receiver to enable the receiver to carry out the requested actions. DDR 330 is the vehicle by which data (if needed) is transferred from the sending task to the receiving task. As will be apparent to one of skill in the art, while argument fields 320 and 325 are discussed in terms of parameters, argument fields 320 and 325 can also be viewed as simply carrying small amounts of specific data...FIG. 8 illustrates the message passing architecture used in microkernel 100 to facilitate communications between a client task (a client 810) and a server task (a server 820). In this message passing architecture, information is passed from client 810 to server 820 using a message. This is illustrated in FIG. 8 as the passing of a message 830 through microkernel 100, which appears at server 820 as a message 840. As will be understood by one of skill in the art, although the passing of message 830 through microkernel 100 is depicted as a copy operation (as is indicated by the difference in reference numerals between message 830 and message 840), message 830 can be passed to server 820 simply by reference. In that case, no copying of message 830 would actually occur, and only a reference indicating the location of the information held in message 830 would travel from client 810 to server 820...FIG. 9 illustrates the first step in the process of message passing. A message 900 is copied into a thread control block 910 as message 920. Message 900 uses a format such as that shown in FIGS. 3-7, illustrated therein as message 300, to pass data or information regarding access to the data, and so is basically a data structure containing data and/or other information. In contrast, thread control block 910 is used to provide a control mechanism for a thread controlled thereby. In the present invention, the functionality of the thread control block is extended to include a message, allowing the thread control block to both control a thread and task I/O as well. A thread, in contrast to a message or thread control block, may be conceptualized as a execution path through a program, as is discussed more fully below...” paragraphs 0045/0064/0081/0082).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claim invention to modify the system of Jaisinghani, Patil, Qiu and Wong with the teaching of Shaylor because the teaching of Shaylor would improve the system of the effective filing date of the claim invention to modify the system of Jaisinghani, Patil, Qiu and Wong by providing a technique to provide driver service.

As to claim 13, Patil teaches the method of Claim 11, wherein the privileged service is associated with a first privilege level, wherein the first privilege level is associated with a first level of access to data and resources not accessible to the application service, protocol service, or the driver service (the application layer registry hives) (“...To implement this abstraction, LRFD 340 intercepts any registry operation to determine whether the operation is directed to a registry hive of one of the mounted layers rather than to the operating system's registry hive. For example, in response to receiving a request to obtain a value of a particular registry subkey, LRFD 340 may be configured to first access registry hive 313 to determine if it includes the key (e.g., by determining whether the subkey is stored under the AppLayer311 subkey). If the subkey is found in registry hive 313, LRFD 340 may respond with its value. However, if the subkey is not found in registry hive 313, LRFD 340 may then access registry hive 323 to perform the same process. If LRFD 340 does not find the subkey in registry hive 323, it would then allow the operating system to fulfill the request in a normal fashion...Accordingly, LRFD 340 is configured to iteratively access the application layer registry hives when handling a registry operation. If none of the application layer registry hives have the subkey that is the target of the registry operation, LRFD 340 will pass the registry operation on to operating system 302 for normal processing...When it receives a modifying registry operation, LRFD 340 can perform substantially the same processing as when a non-modifying registry operation is received to update the key/value in the merged hive. However, in such cases, LRFD 340 can additionally update the key/value in the source registry hive (i.e., the OS or application layer registry hive where the key/value is stored). FIG. 6A and 6B depict how this can be done...” paragraphs 0021/0022/0050).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claim invention to modify the system of .

Claims 14 is rejected under 35 U.S.C. 103 as being unpatentable over U.S. Pub. No. 2019/0253367 A1 to Jaisinghani in view of U.S. Pub. No. 20170315827 A1 to Patil et al. and further in view of U.S. Pub. No. 2019/0087431 A1 to Qiu et al. and further in view of U.S. Pub. No. 2007/0156729 A1 to Shaylor and further in view of U.S. Pub. No. 2016/0162264 A1 to Wong et al. and further in view of U.S. Pub. No. 2019/0251294 A1 to Goodridge et al. as applied to claim 11 above, and further in view of U.S. Pub. No. 2019/0080102 A1 to Teal.

As to claim 14, Jaisinghani as modified by Patil, Qiu and Shaylor the method of Claim 11, however it is silent with reference to wherein the application service or the protocol service has permission to establish inter-process communication (IPC) calls with the driver service, and wherein the 
Goodridge teaches wherein the driver service has permission to establish IPC calls (of inter-process communication) with the privileged service (“...In this example, the registry filter driver 703 is configured to establish a set of registry access rules for each process 221. Suitably, in response to creation of the process 221a, the registry filter driver 703 is configured to message the service 701. In reply, the registry filter driver 703 receives, as at step 602, a set of registry access rules for that process 221a. Messaging between the registry filter driver 703 and the service 701 may be performed by any convenient form of inter-process communication. Conveniently, the service 701 gathers meta-data in relation to the new process 221a which is used to query the policy file 750 via the policy service 720. The registry access rules may be retrieved, for example, based on UID, GUID, PID and/or PPID, amongst others, as already discussed above. Thus, a tailored set of registry access rules is established appropriate to the particular user process 221a. Any attempt subsequently by the process 221a to access the registry 204 will be subject to those access control rules, which here are imposed by the registry filter driver 703... In one example, the registry filter driver 703 is configured to temporarily modify a discretionary access control list (DACL) for a particular key in the registry 204. In particular, the security descriptor (SD) structure is modified, by including an appropriate access control entry (ACE) within the DACL. In one example, the SD structure for the key may be obtained such as by using the registry callback RegNtPreQueryKeySecurity, or is obtained within the callback by calling ZwQuerySecurityObject. The SD comprises an owner SID, a group SID, the system access control list (ACL) and the DACL. Initially, the SD from the key will be in self-referential format using relative offsets rather than pointers, allowing the SD structure to be copied as a contiguous block of memory while maintaining integrity. Suitably, the registry filter driver 703 converts the SD to absolute format. An appropriate access control entry (ACE) may be added, particularly ALLOW_ACCESS or DENY_ACCESS. In this case, the registry filter driver 703 then converts the SD back to self-relative format and, assuming that the size constraints are met, copies the modified SD back into the user buffer returned to the caller process 221a. The callback may then return an appropriate status to the configuration manager 205, such as returning STATUS_CALLBACK_BYPASS. The modified SD may then permit (or deny) access to the relevant key upon presentation of the SID of the logged-in user, which previously would not have been the outcome. In one example, when the configuration manager 205 receives STATUS_CALLBACK_BYPASS from the driver 703, STATUS_SUCCESS is returned to the calling process 221a. In this example, the configuration manager 205 does not further process the operation, i.e. any post-notification callback for this registry operation does not occur. The example embodiments may also, or alternatively, use impersonation, as described below...” paragraphs 0052/0063).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claim invention to modify the system of Jaisinghani, Qiu, Patil, Shaylor and Wong with the teaching of Goodridge because the teaching of Goodridge would improve the system of Jaisinghani, Qiu, Patil, Shaylor and Wong by providing a mechanism for operating system that allows processes to communicate with each other.
Teal teaches wherein the application service (protected computing objects such as registry keys) or the protocol service has permission to establish inter-process communication (IPC) calls (monitoring and controlling interprocess communications) with the driver service kernel-based endpoint protection driver) (“...Endpoint security is improved by monitoring and controlling interprocess communications through a kernel-based endpoint protection driver. A list of protected computing objects such as registry keys, files, processes and directories is stored in the kernel and secured with reference to a trust authority external to the kernel and the endpoint. Protected processes are further controlled from unauthorized access and use by monitoring all interprocess communications through the endpoint protection driver and preventing unprotected processes from passing (potentially unsafe) data to protected processes... In another aspect, a method for securing interprocess communications on an endpoint disclosed herein includes storing a tamper protection cache in a kernel space of an operating system on the endpoint, where a memory of the endpoint includes the kernel space and a user space, and where the tamper protection cache identifies one or more protected processes for protection when executing in the user space, monitoring execution of processes in the user space of the endpoint with an endpoint protection driver executing in the kernel space, directing an interprocess communication from a first process in the user space to a second process in the user space through the endpoint protection driver, and conditionally managing the interprocess communication according to a protected status of each of the first process and the second process in the tamper protection cache... The endpoint defense driver 1750 can use these caches in a variety of ways to support secure operation of an endpoint protection system. For example, as noted above, by directing interprocess communications and file system operations through the endpoint defense driver 1750, security and tamper prevention can be ensured on an object-by-object basis, e.g., for registry keys, files, processes, directories, and so forth. The endpoint defense driver 1750 can also set and retrieve information about new processes as they are launched in the user space 1704...” paragraphs 0014/0016/0304).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claim invention to modify the system of Jaisinghani, Qiu, Patil, Shaylor, Wong and Goodridge with the teaching of Teal because the teaching of Teal would improve the system of Jaisinghani, Qiu, Patil, Shaylor, Wong and Goodridge by providing a technique of protecting processes from unauthorized access (Teal paragraph 0014).

Response to Arguments
Applicant’s arguments with respect to claims have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHARLES E ANYA whose telephone number is (571)272-3757.  The examiner can normally be reached on Mon-Fir. 9-6pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Dennis Chow can be reached on 571-272-7767.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR 






/CHARLES E ANYA/Primary Examiner, Art Unit 2194