DETAILED ACTION
	This is in response to the application filed on April 30, 2019 where Claims 1 – 26, of which Claims 1, 9, and 20 are in independent form, are presented for examination.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Priority
Receipt is acknowledged of certified copies of papers required by 37 CFR 1.55.
101 Analysis
	Claims 1, 9, and 20 are directed to determining if an application running on an application host can be upgraded based on comparing metadata associated with a first process event with statistical metadata associated with a previous version of the application.  While the use of hashes and other mathematical computations to generate values and comparing those values are generally not considered statutory, the application of the features for application hosts in a data center characterize improvements to a particular technical field of detecting application behavior that is not malicious based on a previous version [See Specification, Para. 0003, 0011-12].  Therefore, the claims integrate the judicial exception into a practical application and satisfies Step 2A, Prong Two of the 2019 Revised 101 Patent Eligibility Guidelines as patent eligible subject matter.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):

(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claim 26 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
1.	Claim 26 recites the limitation “the plurality of application hosts" in which a single application host is recited in Claim 20, which Claim 26 is dependent upon.  There is insufficient antecedent basis for this limitation in the claim.  For claim interpretation, the claim will be interpreted as having one application host.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

Claims 1 – 7 and 20 – 26 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by PGPub. 2016/0196135 (hereinafter “Mavinakayanahalli”).
2.	Regarding Claims 1 and 20, Mavinakayanahalli discloses of a non-transitory machine-readable storage medium encoded with instructions that, when executed by a processor of a computing system [Figs. 1 and 6 – 10; Para. 0062, 0070-71], cause the processor to: 

determine whether the process event is associated with a valid upgrade of the application by looking up an availability of the process event in a process upgrade repository [Figs. 5, 8, and 10; Para. 0057, 0059, 0082, 0087; determining if the address passed from the debug register is for a function that is hotpatched]; and 
when the process event is not available in the process upgrade repository [Figs. 1, 7, and 8; Para. 0026, 0057-59, 0080; when new hotpatch received and applied; e.g., new upgrade triggers hotpatching of a particular function with an updated version]: 
compare the metadata associated with the process event with statistical metadata associated with a previous version of the application stored in the process upgrade repository [Figs. 5, 7, and 9; Para. 0027, 0033-35, 0080, 0085; various static attributes and dynamic attributes included in the selection criteria, such as process name, process ID, etc.; after hotpatch of the update, receiving the address of the existing version of the function; address set in the debug register as a function that is hotpatched]; 
detect that the process event is associated with the valid upgrade of the application based on the comparison [Figs. 5, 9, and 10; Para. 0057, 0059, 
notify an application in-guest unit running on the application host that the process event is associated with the valid upgrade based on the detection [Figs. 7 and 10, Para. 0087; return control to the processor with the new address for the updated version of the function]. 
3.	Regarding Claim 2, Mavinakayanahalli discloses the limitations of Claim 1 above.  Mavinakayanahalli further discloses of correlating, by the application in-guest unit, behaviors corresponding to the first process event with behaviors corresponding to the previous version of the application [Fig. 9; Para. 0084-85; address of existing version of the function], and wherein the behaviors comprise at least one of network connections, system calls, and system files associated with the first process event [Fig. 9; Para. 0084-85; software request to execute a first instruction of the function (e.g., system call)].
4. 	Regarding Claim 3, Mavinakayanahalli discloses the limitations of Claim 1 above.  Mavinakayanahalli further discloses that the first application host is one of a physical server [Fig. 6; Para. 0030, 0062; running instance of software may be Software as a Service hosted on a cloud computing environment server], a virtual machine, and a container. 
5.	Regarding Claim 4, Mavinakayanahalli discloses the limitations of Claim 1 above.  Mavinakayanahalli further discloses that the metadata comprises at least one of process binary hash information, process binary signing information, and process publisher information [Para. 0034; e.g., process name, process ID, process group ID].
Claims 5 and 23, Mavinakayanahalli discloses the limitations of Claims 1 and 20 above.  Mavinakayanahalli further discloses of:
detecting that the first process event is not associated with the valid upgrade of the application based on the comparison [Fig. 10; Para. 0087; determine if attributes of the process requesting the function match the selection criteria for hotpatch]; and
 notifying the application in-guest unit running on the first application host that the first process event is not associated with the valid upgrade based on the detection [Fig. 10; Para. 0087, if no match, return address of existing version passed].
7. 	Regarding Claims 6 and 22, Mavinakayanahalli discloses the limitations of Claims 1 and 20 above.  Mavinakayanahalli further discloses that comparing the metadata associated with the first process event with the statistical metadata associated with the previous version of the application comprises:
determining a process corresponding to the process information associated with the first process event from a process upgrade repository [Fig. 9; Para. 0085; detect a request to execute a first instruction of a function at the address of the existing version of the function];
retrieving the statistical metadata associated with the previous version of the application from the process upgrade repository based on the determined process [Fig. 9; Para. 0085; detect a request to execute a first instruction of a function at the address of the existing version of the function debug register set with the address of the existing version and set in execute mode]; and

8. 	Regarding Claims 7 and 24, Mavinakayanahalli discloses the limitations of Claims 6 and 20 above.  Mavinakayanahalli further discloses of:
updating the process upgrade repository with an updated version of the application upon detecting that the first process event is associated with the valid upgrade of the application [Fig. 8; Para. 0083; add new value pair of addresses to hotpatch list].
9.	Regarding Claim 21, Mavinakayanahalli discloses the limitations of Claim 20 above.  Mavinakayanahalli further discloses of notify[ing] the application in-guest unit running on the application host that the process event is associated with the valid upgrade when the process event is available in the process upgrade repository [Fig. 7 and 10; Para. 0087; attributes of the process match the selection criteria for the hotpatch, also address of updated version of the function in hotpatch list; return control to the processor with the new address for the updated version of the function].
10.	Regarding Claim 25, Mavinakayanahalli discloses the limitations of Claim 20 above.  Mavinakayanahalli further discloses of:
receiv[ing] upgrade catalogues corresponding to an updated version of the application [Figs. 1 and 5; Para. 0023, 0026-27; one or more updates included in the hotpatch for a running instance of sfotware];
pars[ing] process information and corresponding metadata of a process associated with the updated version of the application from the upgrade catalogues 
updat[ing] the process upgrade repository with the parsed process information and the corresponding metadata as the updated version of the application [Figs. 7 and 8; Para. 0083; add pair of address values of the existing version and the updated version of the function to the hotpatch list].
11.	Regarding Claim 26, Mavinakayanahalli discloses the limitations of Claim 20 above.  Mavinakayanahalli further discloses of:
retriev[ing] one or more process events associated with a valid upgrade of the application from the 
updat[ing] the process upgrade repository with process information and metadata associated with the retrieved one or more process events associated with the valid upgrade of the application [Figs. 5 and 8; Para. 0057-59, 0083; set debug register and add address values of the existing version and the updated version of the function to the hotpatch list].
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 8 – 19 are rejected under 35 U.S.C. 103 as being unpatentable over Mavinakayanahalli, in view of PGPub. 2011/0265077 (hereinafter “Collision”).
12.	Regarding Claim 8, Mavinakayanahalli discloses the limitations of Claim 7 above.  Mavinakayanahalli further discloses of:
receiving process information and corresponding metadata associated with a second process event of the application running on a 
looking-up the process upgrade repository to detect that the second process event is associated with the updated version of the application [Fig. 9; Para. 0085; detect a request to execute a first instruction of a function at the address of the existing version of the function debug register set with the address of the existing version and set in execute mode]; and
notifying an application in-guest unit running on the 
Mavinakayanahalli further discloses that the software may represent Software as a Service delivered by a hosted service in a cloud computing environment [Para. 0030]  While the Office opines that a cloud computing environment comprises a plurality of hosts, Collision is used to describe a cloud computing environment.

13.	Regarding Claim 9, Mavinakayanahalli discloses a system [Figs. 1 and 6; Para. 0062, 0070-71] comprising:
a 
an application in-guest unit running on 

receive process information and corresponding metadata associated with a first process event from the application in-guest unit running on a first application host of the plurality of application hosts [Figs. 1, 5, and 7; Para. 0026-27, 0080; new hotpatch comprising the update and selection criteria for the update is received for an application]; 
compare the metadata associated with the first process event with statistical metadata associated with a previous version of the application [Figs. 5, 7, and 9; Para. 0027, 0033-35, 0080, 0085; various static attributes and dynamic attributes included in the selection criteria, such as process name, process ID, etc.; after hotpatch of the update, receiving the address of the existing version of the function; address set in the debug register as a function that is hotpatched]; 
detect that the first process event is associated with a valid upgrade of the application based on the comparison [Figs. 5, 9, and 10; Para. 0057, 0059, 0082, 0087; determining that the address passed from the debug register is for a function that is hotpatched]; and 
notify the application in-guest unit running on the first application host that the first process event is associated with the valid upgrade based on the 
Mavinakayanahalli further discloses that the software may represent Software as a Service delivered by a hosted service in a cloud computing environment [Para. 0030]  While the Office opines that a cloud computing environment comprises a plurality of hosts, Collision is used to describe a cloud computing environment.  Mavinakayanahalli, however, does not specifically disclose of a management node communicatively coupled to the plurality of application hosts via a network, wherein the management node comprises an application update detection unit to perform the functions of Mavinakayanahalli hotpatch controller.
Collision discloses a system and method updating of web applications within a cloud computing environment [Abstract].  Collison further discloses that the application execution space of a cloud computing environment comprises a plurality of web application hosts, such as containers or virtual machines, that each can run instances of the application [Figs. 1 and 5; Para. 0012-13, 0017-18, 0028; applicant can be re-deployed on a different or many application hosts for, as an example, load balancing purposes. It would have been obvious to one skilled in the art before the effective filing date of the current invention to incorporate the teachings of Collision with Mavinakayanahalli since both systems utilize cloud computing environment to host applications.  The combination would enable the Mavinakayanahalli system to deploy applications on a plurality of application hosts that are common within a cloud computing environment.  The motivation to do so is to utilize known and established 
Collision further discloses of a cloud controller that deploys application packages on the application hosts and can communicate with other component via network protocols (a management node communicatively coupled to the plurality of application hosts via a network) [Para. 0014, 0017].  Collision additionally discloses that cloud controller receives updates and determines which particular files are needed for a particular application update (the management node comprises an application update detection unit) [Fig. 4B, Para. 0023-24].  It would have been obvious to one skilled in the art before the effective filing date of the current invention to incorporate the teachings of Collision with Mavinakayanahalli since both systems apply incremental updates to an existing application file.  The combination would enable the Mavinakayanahalli system to scale the hotpatching and/or updating of applications to all application hosts running within the cloud computing environment.  The motivation to do so is to minimize the amount of data transmitted between the developer and the cloud computing environment (obvious to one skilled in the art).
14.	Regarding Claim 10, Mavinakayanahalli, in view of Collision, discloses the limitations of Claim 9 above.  Mavinakayanahalli further discloses of:
detect[ing] that the first process event is not associated with the valid upgrade of the application based on the comparison [Fig. 10; Para. 0087; determine if attributes of the process requesting the function match the selection criteria for hotpatch]; and 

15.	Regarding Claim 11, Mavinakayanahalli, in view of Collision, discloses the limitations of Claim 10 above.  Mavinakayanahalli further discloses that the application in-guest unit is to: 
permit execution behaviors of the first process event upon receiving the notification that the first process event is associated with the valid upgrade of the application, wherein permitting execution behavior comprises correlating behaviors corresponding to the first process event with behaviors corresponding to the previous version of the application [Figs. 5 and 10; Para. 0054-56, 0087; allow updated version of function when the process requesting access to the function meets selection criteria for the updated function]; and 
exclude execution behaviors of the first process event upon receiving the notification that the first process event is not associated with the valid upgrade of the application [Figs. 5 and 10; Para. 0054-56, 0087; deny access to updated version of function when the process requesting access to the function does not meet selection criteria], wherein the behaviors comprise at least one of network connections, system calls, and system files associated with the first process event [Fig. 9; Para. 0084-85; software request to execute a first instruction of the function (e.g., system call)].
16.	Regarding Claim 12, Mavinakayanahalli, in view of Collision, discloses the limitations of Claim 9 above.  Mavinakayanahalli further discloses that the first application host is one of a physical server, a virtual machine, and a container [].
Claim 13, Mavinakayanahalli, in view of Collision, discloses the limitations of Claim 9 above.  Mavinakayanahalli further discloses that the application in-guest unit is to:
capture the process information and the corresponding metadata associated with the first process event [Figs. 5, 7, and 9; Para. 0027, 0033-35, 0080, 0085; various static attributes and dynamic attributes included in the selection criteria, such as process name, process ID, etc.; after hotpatch of the update, receiving the address of the existing version of the function; address set in the debug register as a function that is hotpatched]; and
transmit the captured process information and the corresponding metadata to the application update detection unit when the first process event is occurred for a first time [Fig. 8; Para. 0083; set debug register and add address values of the existing version and the updated version of the function to the hotpatch list].
18.	Regarding Claim 14, Mavinakayanahalli, in view of Collision, discloses the limitations of Claim 9 above.  Collision further discloses that the management node is communicatively coupled to a process upgrade repository to store statistical process information and corresponding metadata associated with the plurality of applications [Fig. 4A; Para. 0023; cloud controller maintain its own table of fingerprint entries for hash value/file size pairs as cloud controller fingerprint file].
19.	Regarding Claim 15, Mavinakayanahalli, in view of Collision, discloses the limitations of Claim 14 above.  Mavinakayanahalli further discloses that the application update detection unit is to:

retrieve the statistical metadata associated with the previous version of the application from the process upgrade repository based on the determined process [Fig. 9; Para. 0085; detect a request to execute a first instruction of a function at the address of the existing version of the function debug register set with the address of the existing version and set in execute mode]; and
compare the metadata associated with the first process event with the retrieved statistical metadata [Fig. 9; Para. 0085; detect a request to execute a first instruction of a function at the address of the existing version of the function].
20.	Regarding Claim 16, Mavinakayanahalli, in view of Collision, discloses the limitations of Claim 14 above.  Collision further discloses that the management node comprises a process updating unit to update the process upgrade repository with an updated version of the application when the application update detection unit detects that the first process event is associated with the valid upgrade of the application [Fig. 4A, 4B; Para. 0023-24; cloud controller maintain its own table of fingerprint entries for hash value/file size pairs as cloud controller fingerprint file and updates the cloud controller fingerprint file based on updates received from developer].
21.	Regarding Claim 17, Mavinakayanahalli, in view of Collision, discloses the limitations of Claim 16 above.  Collision further discloses that the process updating unit is to:

parse process information and corresponding metadata of a process associated with the updated version of the application from the upgrade catalogues [Fig. 4A, 4B; Para. 0023-24; cloud controller determines in any entries in the web application fingerprint file are missing from the entries of cloud controller fingerprint file]; and
update the process upgrade repository with the parsed process information and the corresponding metadata as the updated version of the application [Fig. 4A, 4B; Para. 0023-24; once the missing files are sent to the cloud controller, the cloud storage fingerprint file is updated].
22.	Regarding Claim 18, Mavinakayanahalli, in view of Collision, discloses the limitations of Claim 17 above.  Mavinakayanahalli further discloses that the process updating unit is to: 
retrieve one or more process events associated with a valid upgrade of the application from the plurality of application hosts [Figs. 5 and 8; Para. 0057-59, 0083; determine address of existing version of a function updated by the hotpatch and a new address of an updated version of the function]; and 
update the process upgrade repository with process information and metadata associated with the retrieved one or more process events associated with the valid upgrade of the application [Figs. 5 and 8; Para. 0057-59, 0083; set debug register and add address values of the existing version and the updated version of the function to the hotpatch list].
Claim 19, Mavinakayanahalli, in view of Collision, discloses the limitations of Claim 18 above.  The combination of Mavinakayanahalli and Collision further discloses that the application update detection unit is to: 
receive process information and corresponding metadata associated with a second process event of the application running on a second application host [Mavinakayanahalli, Figs. 1, 5, and 7; Para. 0026-27, 0080; new hotpatch comprising the update and selection criteria for the update is received for an application; Collision, Figs. 1 and 5; Para. 0012-13, 0017-18, 0028; second application host]; 
look-up the process upgrade repository to detect that the second process event is associated with the updated version of the application [Mavinakayanahalli, Figs. 5, 7, and 9; Para. 0027, 0033-35, 0080, 0085; various static attributes and dynamic attributes included in the selection criteria, such as process name, process ID, etc.; after hotpatch of the update, receiving the address of the existing version of the function; address set in the debug register as a function that is hotpatched]; and 
notify an application in-guest unit running on the second application host that the second process event is associated with the valid upgrade based on the detection [Mavinakayanahalli, Figs. 7 and 10, Para. 0087; return control to the processor with the new address for the updated version of the function; Collision, Figs. 1 and 5; Para. 0012-13, 0017-18, 0028; second application host].
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: PGPub. 2019/0065165 – system and method for deploying applications on cloud computing infrastructure; U.S. Patent 10,620,937 – system and method for detecting function updates on web applications.
Contacts
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Tae K. Kim, whose telephone number is (571) 270-1979.  The examiner can normally be reached on Monday - Friday (10:00 AM - 6:30 PM EST).
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Jorge Ortiz-Criado, can be reached on (571) 272-7624.  The fax phone number for submitting all Official communications is (703) 872-9306.  The fax phone number for submitting informal communications such as drafts, proposed amendments, etc., may be faxed directly to the examiner at (571) 270-2979.

/TAE K KIM/Primary Examiner, Art Unit 2496