DETAILED ACTION
Authorization for Internet Communications
The examiner encourages Applicant to submit an authorization to communicate with the examiner via the Internet by making the following statement (from MPEP 502.03):
“Recognizing that Internet communications are not secure, I hereby authorize the USPTO to communicate with the undersigned and practitioners in accordance with 37 CFR 1.33 and 37 CFR 1.34 concerning any subject matter of this application by video conferencing, instant messaging, or electronic mail. I understand that a copy of these communications will be made of record in the application file.”

Please note that the above statement can only be submitted via Central Fax, Regular postal mail, or EFS Web (PTO/SB/439). 
Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Examiner Notes
Examiner cites particular columns and line numbers in the references as applied to the claims below for the convenience of the applicant. Although the specified citations are representative of the teachings in the art and are applied to the specific limitations within the individual claim, other passages and figures may apply as well.  It is respectfully requested that, in preparing responses, the applicant fully consider the references in entirety as potentially teaching all or part of the claimed invention, as well as the context of the passage as taught by the prior art or disclosed by the examiner.

Claim Rejections - 35 USC § 103
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject 

Claims 1, 2, 4, 7, 8, 10, 12, 15-18, and 20 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over You et al. (US PG PUB 2018/0174161) in view of Breton et al. (U.S. PG PUB 2019/0081982).

Regarding claim 1, You teaches a system comprising: a memory storing processor-executable program code (see Fig. 5 Main Memory); and a processor to execute the processor-executable program code (see Fig. 5 Processor) in order to cause the system to: 
configure the second API endpoint with a specification of integration details for a subscriber system to subscribe to events on the first API endpoint corresponding to the generated second API endpoint (see ¶ [0093] “Using the selected API endpoints, enrichment service 124 generates one or more API requests to obtain enrichment data from one or more plugged-in enrichment systems (Operation 406). The requests may include authentication requests per the authorization method specified in the endpoint data (e.g., Oauth 1.0, Oauth 2.0, etc.) and/or HTTP requests complying with the source API, in accordance with one or more embodiments. The requests (e.g., HTTP requests) may include the object to be enriched or may omit the object depending on the source API.”); and 
store the configuration information of the second API endpoint in a database of subscribers to the first API endpoint (see Fig. 2B, and ¶ [0065] “FIG. 2B illustrates example data structure 210 that defines a set of API endpoints in accordance with one or more embodiments. Data structure 210 is a database table comprising a set of rows representing different endpoints and a set of column representing different endpoint attributes. The API endpoint attributes may include, but are not limited to one or more of the following: [0066] ID--This field stores a unique identifier for the API endpoint. The ID depicted in the example is a sequence of integer values. However, other values may be assigned as unique identifiers depending on the particular implementation.”).
You does not expressly disclose, however, Breton teaches generate, for a first Application Programming Interface (API) endpoint exposed by a cloud application to facilitate communication with a client, a second API endpoint (see ¶ [0011] “A scalable cloud-based endpoint security system facilitates implementation of a security policy on a plurality of endpoints. Each endpoint has an endpoint security 
corresponding to the first API exposed by the cloud application (see ¶[0019] “The cloud server 150 facilitates implementation of a security policy on a plurality of endpoints 120 that form part of an enterprise network. Implementing the security policy may include, for example, deploying or updating the endpoint agents 300 on the endpoints 120, configuring the endpoint agents based on the security policy, sending commands to the endpoints to perform various tasks such as running or scheduling scans or remediating vulnerabilities, and obtaining various security-related data from the endpoints such as state information or scan results”), 
the second API endpoint configured with a specification of integration details for a subscriber system to subscribe to events on the first API endpoint (See ¶ [0026] “This account is used to send commands to the endpoints 120 (e.g., to configure the endpoints or perform a specified task). Configuration is done, for example, on a machine-by-machine basis, enterprise-wide, or on groups of endpoints. Configuration includes setting security policies (e.g., firewall policies, real-time protection policies), scheduling scans, updating malware definitions, or causing actions such as rebooting the endpoints. Furthermore, the configuration may provide machine identifiers for each of the endpoints 120 to be managed by the cloud server 150.”).
Hence, it would have been obvious to one of ordinary skill in the art to modify the teachings of You by adapting the teachings of Breton to distribute updates or send commands to large numbers of connected endpoint devices in an automatic and efficient way (see ¶ [0002] of Breton).

Regarding claim 2, You teaches the processor to execute the processor- executable program 
receive, from a client using the cloud application, a request to the first API endpoint (see ¶ [0032] “In response to the request, the enrichment framework may determine how to generate an API request (or set of API requests) for each source using the API endpoint data. The framework may then send one or more API requests to respective sources to obtain analytic metadata from the sources.”).
You does not expressly disclose, however, Breton teaches determine, based on referencing the configuration of the second API endpoint stored in the database of subscribers, at least one subscriber system is subscribed to the first API endpoint (see ¶[0035] “Each instance of the communication server 260 may subscribe to all messages transmitted by the pub/sub server 250. Upon receiving a message, the communication server 260 determines whether it serves the endpoint specified as the target of the message (e.g., by comparing the identifier against its stored list of endpoint identifiers). If the communication server 260 determines that the message is targeted to an endpoint 120 that it serves, the communication server 260 transmits the message to the appropriate endpoint 120.”);
 redirect, in response to the determining that at least one subscriber system is subscribed to the first endpoint, the request to the first API endpoint to the at least one subscriber system subscribed to the first API endpoint (see ¶[0055] “The communications manager 370 then routes the command to the subscribing plug-in 330. The plug-in 330 executes the command and may generate a response that is sent back to the communication manager 370. The communication manager 370 may format the response from the plug-in 330 (which may include adding an identifier identifying the plug-in 330 that provided the response data) and send the response to the cloud server 150. If the communications manager 370 receives a message indicating a command type to which no plug-in is subscribed, it may return a message to the cloud server 150 notifying the cloud server 150 that the command does not apply to any installed plug-in 330.”).
Hence, it would have been obvious to one of ordinary skill in the art to modify the teachings of You by adapting the teachings of Breton to distribute updates or send commands to large numbers of connected endpoint devices in an automatic and efficient way (see ¶ [0002] of Breton).

Regarding claim 4, You teaches the processor to execute the processor- executable program 
Regarding claim 7, You teaches wherein a second API endpoint is generated for all endpoints exposed by the cloud application (see ¶ [0023] “A server-side API (e.g., host 145 server API 121) is a programmatic interface comprising one or more publicly exposed endpoints (e.g., to clients 101, 105 over network 120) with a defined request-response message system, often expressed in lightweight data-interchange formats such as Web Sockets, JSON or XML. The API 121 may be exposed to clients 101, 105 via the network 120, e.g., where the host 145 is often an HTTP-based web server providing online functionality 122. The host 145 receives API requests from clients 101, 105 for functionality 122 of the host provided by the API 121. In turn, the host 145 processes a request to the API 121 to generate a host response including content and/or data on the host 145 and/or one or more external databases and/or servers that was requested by the client via the API request. In some embodiments, host 145 API 121 data may be exchanged with a client over a Web Socket, which can include real-time data pushed to the client. The host 145 transmits the response the client to provide the requested host functionality 122 provided by the API 121.”).
Regarding claim 8, You teaches wherein a single instance of the second API endpoint is generated and configured to integrate one or more subscriber systems to the cloud application for requests on all endpoints exposed by the cloud application (see ¶ [0042] “Example integration functions available through the frontend may include, but are not limited to, (a) defining API endpoints for external sources to "plug-in" to the SRM system; (b) mapping objects and object types to API endpoints for plugged-in sources; (c) mapping analytic metadata to object attributes; (d) defining weights for different objects, object types, sources, and/or metrics, and (e) defining user-provided formulas/logic for 
Regarding claim 9, is a method claim, corresponding to system claim 1 above, and is rejected for the same reasons. 
Regarding claims 10, 12, and 15-16, are method claims corresponding to system claims 2, 4, 7-8 above. Therefore, they are rejected for the same reasons. 
Regarding claim 17, is an independent medium claim, corresponding to method claim 1 above, and is rejected for the same reason. In addition, You teaches a non-transitory, computer readable medium storing instructions (see Fig. 5), which when executed by at least one processor cause a computer to perform
Regarding claims 18 and 20, are medium claims, corresponding to system claims 2 and 4 above, and are rejected for the same reasons.

Claims 5 and 13 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over You et al. (US PG PUB 2018/0174161) in view of Breton et al. (U.S. PG PUB 2019/0081982, as applied in claims 1 and 9 above, further in view of Gino et al. (US PG PUB 2020/0159731).

Regarding claim 5, You does not expressly disclose the processor to execute the processor- executable program code in order to cause the system to: determine a sequenced order in which to redirect the request to the first API endpoint to the at least one subscribed subscriber system and to direct the request to the first API endpoint to executable logic of the cloud application.
However, Gino teaches the processor to execute the processor- executable program code in order to cause the system to: determine a sequenced order in which to redirect the request to the first API endpoint to the at least one subscribed subscriber system and to direct the request to the first API endpoint to executable logic of the cloud application (see ¶ [0074] “Query engine 84 can extract operations from the unified query to determine the checks, typecasting, and transformations (e.g., filter, limit, sort) in order to perform on the results of each individual query and accurately sequences the individual queries with transformed results of earlier queries used as parameters for following queries where required. Based on the language specification, results can be obtained from any and/or all stages 
Hence, it would have been obvious to one of ordinary skill in the art to modify the teachings of You by adapting the teachings of Gino for the purposes of processing a unified query that comprises a sequence of endpoint queries.
Regarding claim 13 is a method claim that corresponds with claim 5 above, therefore, it is rejected for the same reasons.

Claims 6 and 14 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over You et al. (US PG PUB 2018/0174161) in view of Thoresen et al. (US PG PUB 2018/0270608).

Regarding claim 6, You does not expressly disclose wherein the redirecting of the request to the first API endpoint to the at least one subscribed subscriber system comprises notifying the third-party system of the request.
However, Thoresen teaches wherein the redirecting of the request to the first API endpoint to the at least one subscribed subscriber system comprises notifying the third-party system of the request (see ¶ [0118] “e.g., third party users such as within stores, hospitals, government, etc.) can then subscribe to events to be notified as they are generated. For example, as a tracked device within a WDDTAS installation moves from zone to zone, the servers (or edge sensors in some cases) can generate notifications which are forwarded to the subscribed parties or clients”).
Hence, it would have been obvious to one of ordinary skill in the art to modify the teachings of You by adapting the teachings of Thoresen for the purposes of improved notification system.
Regarding claim 14 is a method claim that corresponds with claim 6 above, therefore, it is rejected for the same reasons.
Response to Arguments
Applicant’s arguments with respect to claim(s) 1, 2, 4-10, 12-18 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Support for Amendments and Newly Added Claims
Applicants are respectfully requested, in the event of an amendment to claims or submission of new claims, that such claims and their limitations be directly mapped to the specification, which provides support for the subject matter.  This will assist in expediting compact prosecution.  MPEP 714.02 recites: “Applicant should also specifically point out the support for any amendments made to the disclosure. See MPEP § 2163.06. An amendment which does not comply with the provisions of 37 CFR 1.121(b), (c), (d), and (h) may be held not fully responsive. See MPEP § 714.”  Amendments not pointing to specific support in the disclosure may be deemed as not complying with provisions of 37 C.F.R.  1.121(b), (c), (d), and (h) and therefore held not fully responsive.  Generic statements such as “Applicants believe no new matter has been introduced” may be deemed insufficient.
Interview Requests
In accordance with 37 CFR 1.133(a)(3), requests for interview must be made in advance.  Interview requests are to be made by telephone (571-270-7848) call or FAX (571-270-8848).  Applicants must provide a detailed agenda as to what will be discussed (generic statement such as “discuss §102 rejection” or “discuss rejections of claims 1-3” may be denied interview).  The detail agenda along with any proposed amendments is to be written on a PTOL-413A or a custom form and should be faxed (or emailed, subject to MPEP 713.01.I / MPEP 502.03) to the Examiner at least 5 business days prior to the scheduled interview. Interview requests submitted within amendments may be denied because the Examiner was not notified, in advance, of the Applicant Initiated Interview Request and due to time constraints may not be able to review the interview request to prior to the mailing of the next Office Action.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CARINA YUN whose telephone number is (571)270-7848.  The examiner can normally be reached on Mon, Weds, Thurs, 9-4.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to call.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


Carina Yun
Patent Examiner
Art Unit 2194

/CARINA YUN/Examiner, Art Unit 2194