DETAILED ACTION
Claims 1-19 are pending in the application.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. 

Examiner’s Notes
The Examiner cites particular sections in the references as applied to the claims below for the convenience of the applicant(s). Although the specified citations are representative of the teachings in the art and are applied to the specific limitations within the individual claim, other passages and figures may apply as well. It is respectfully requested that, in preparing responses, the applicant(s) fully consider the references in their entirety as potentially teaching all or part of the claimed invention, as well as the context of the passage as taught by the prior art or disclosed by the Examiner.

Priority
Receipt is acknowledged of certified copies of papers required by 37 CFR 1.55.
Should applicant desire to obtain the benefit of foreign priority under 35 U.S.C. 119(a)-(d) prior to declaration of an interference, a certified English translation of the foreign application must be submitted in reply to this action.  37 CFR 41.154(b) and 41.202(e).
Failure to provide a certified translation may result in no benefit being accorded for the non-English application.

Specification
The use of the terms ANDROID, LINUX, JAVA, PYTHON, and BLUETOOTH, which are trade names or marks used in commerce, has been noted in this application. The terms should be accompanied by the generic terminology; furthermore the terms should be capitalized wherever they appear or, where appropriate, include a proper symbol indicating use in commerce such as ™, SM , or ® following the terms.
Although the use of trade names and marks used in commerce (i.e., trademarks, service marks, certification marks, and collective marks) are permissible in patent applications, the proprietary nature of the marks should be respected and every effort made to prevent their use in any manner which might adversely affect their validity as commercial marks.

Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitation(s) is/are: 
“a memory” and “a processor” in claim 10; and
“the processor” in claims 11-18.
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 1-5, 10-14, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over O’Brien et al. (US 6,658,571 B1; from IDS filed on 11/11/2020; hereinafter O’Brien) in view of Kumar et al. (US 2005/0071856 A1; from IDS filed on 11/11/2020; hereinafter Kumar).

With respect to claim 1, O’Brien teaches: A method for managing a feature node in a kernel, comprising: 
initiating a first request by calling an interface function (see e.g. O’Brien, from column 3, line 65 to column 4, line 4: “Security master 103 provides a kernel-based facility for installing, configuring, monitoring and removing security modules 105. Security master 103 further provides entry points for the following functions: registering a security module 105, intercepting system calls, releasing system calls, and communicating messages between security modules 105 and user space 104”), wherein the first request is used to perform an operation on the feature node in the kernel (see e.g. O’Brien, column 3, lines 65-67: “Security master 103 provides a kernel-based facility for installing, configuring, monitoring and removing security modules 105”; and column 4, lines 5-13: “Security manager 111 provides an interface for communicating with security master 103, thereby allowing user 113 to configure and control security modules 105 from user space 104. Management functions available to user 113 include: the ability to list a set of rules that are being enforced by each security module 105, the ability to load a new set of rules for a particular security module 105, and the ability to log and view activity within security framework 101”); 
searching, … a table for an entry corresponding to the feature node (see e.g. O’Brien, column 5, lines 28-36: “operating systems include a system call table (ST) that contains pointers to handlers for the various system calls. In order to invoke a security module 105 when a system call is intercepted, security master 103 modifies the system call table (ST) of the operating system of computing system 100. For each system call being wrapped, security master 103 redirects each pointer from the standard handler within the operating system to a corresponding system call wrapper within security master 103”), wherein the entry comprises a node identifier of the feature node and a user handle identifier of the feature node (see e.g. O’Brien, column 5, lines 37-44: “security framework 101 includes security module system call table (SM-SCT) 205 having a plurality of entries, each entry includes the following fields: a pointer to the original system call handler within the operating system, pointers to pre-processing and post-processing software for each security module 105 that is monitoring the system call, and a pointer to the corresponding wrapper within security master 103”), … the user handle identifier has a mapping relationship with a kernel handle identifier (see e.g. O’Brien, column 5, lines 33-36: “For each system call being wrapped, security master 103 redirects each pointer from the standard handler within the operating system to a corresponding system call wrapper within security master 103”), and the kernel handle identifier identifies the feature node running in the kernel (see e.g. O’Brien, column 5, lines 34-46: “redirects each pointer from the standard handler within the operating system to a corresponding system call wrapper within security master 103 …a pointer to the corresponding wrapper within security master 103. The wrapper invokes the pre-processing software, executes the system call handler within the operating system and invokes the post-processing software”); and 
performing the operation on the feature node based on the user handle identifier (see e.g. O’Brien, column 5, lines 57-66: “After receiving each system call 301, the operating system of computing system 100 invokes the wrapper within security master 103 according to the security module system call table (SM-SCT) 205, which in turn issues a call 303 to each security module 105 that is monitoring system call 301 to initiate pre-call processing. Pre-call and post-call processing are used to enforce the respective security module's 105 particular security policy or to initiate other actions by security module 105”).
O’Brien does not but Kumar teaches:
based on a keyword in a function name of the interface function (see e.g. Kumar, paragraph 18: “a number of module configuration tables may be generated and stored in a kernel memory”; paragraph 20: “Each module is identified by a name or handle, which is uniquely associated with the particular module, such as the name of the file system or system call”; and paragraph 39: “Modules are needed when the functionality they provide is referred to by name (such as a push of a streams module or the mount of a filesystem)”), …the node identifier of the feature node comprises the keyword (see e.g. Kumar, paragraph 20: “Each module is identified by a name or handle, which is uniquely associated with the particular module, such as the name of the file system or system call”; and paragraph 39: “Modules are needed when the functionality they provide is referred to by name”),
O’Brien and Kumar are analogous art because they are in the same field of endeavor: managing access to kernel functions. Therefore, it would have been obvious to one with ordinary skill in the art before the effective filing date of the claimed invention to modify O’Brien with the teachings of Kumar. The motivation/suggestion would be to improve the efficiency of accessing kernel functions.

With respect to claim 2, O’Brien as modified teaches: The method according to claim 1, wherein the method further comprises: 
determining the node identifier of the feature node (see e.g. O’Brien, column 5, lines 37-44: “security framework 101 includes security module system call table (SM-SCT) 205 having a plurality of entries, each entry includes the following fields: a pointer to the original system call handler within the operating system, pointers to pre-processing and post-processing software for each security module 105 that is monitoring the system call, and a pointer to the corresponding wrapper within security master 103”); 
loading the feature node in the kernel based on the node identifier of the feature node (see e.g. O’Brien, column 3, lines 38-40: “Security modules 105 are kernel-loadable modules that make and enforce application-specific or resource-specific policy decisions for applications 107”; and column 3, lines 56-57: “Security modules 105 may be loaded within kernel 102 while computing system 100 is running”); and 
when the feature node is successfully loaded, adding the entry comprising the node identifier of the feature node and the user handle identifier of the feature node to the table (see e.g. O’Brien, column 5, lines 16-22: “When registering with security master 103, each security module 105 provides a message handler to be called when a program sends user commands 206 to the security module 105. The security module 105 may also supply a reply queue if it wishes to respond to any messages it receives. Device 203 facilitates communication between user space 104 and security master 103”; and column 5, lines 28-36: “a system call table (ST) that contains pointers to handlers for the various system calls… For each system call being wrapped, security master 103 redirects each pointer from the standard handler within the operating system to a corresponding system call wrapper within security master 103. In one embodiment, security framework 101 includes security module system call table (SM-SCT) 205 having a plurality of entries, each entry includes the following fields: a pointer to the original system call handler within the operating system, pointers to pre-processing and post-processing software for each security module 105 that is monitoring the system call, and a pointer to the corresponding wrapper within security master 103”), wherein the user handle identifier is a handle identifier in a user space (see e.g. O’Brien, column 5, lines 21-22: “facilitates communication between user space 104 and security master 103”).

With respect to claim 3, O’Brien as modified teaches: The method according to claim 2, wherein the loading of the feature node in the kernel based on the node identifier of the feature node comprises:
 loading the feature node based on the node identifier and a storage path of the feature node (see e.g. O’Brien, column 5, lines 16-19: “When registering with security master 103, each security module 105 provides a message handler to be called when a program sends user commands 206 to the security module 105”; and column 5, lines 37-44: “security module system call table (SM-SCT) 205 having a plurality of entries, each entry includes the following fields: a pointer to the original system call handler within the operating system, pointers to pre-processing and post-processing software for each security module 105 that is monitoring the system call, and a pointer to the corresponding wrapper within security master 103”), wherein the storage path indicates a path along which the feature node is loaded into the kernel (see e.g. O’Brien, column 5, lines 37-44: “security module system call table (SM-SCT) 205 having a plurality of entries, each entry includes the following fields: a pointer to the original system call handler within the operating system, pointers to pre-processing and post-processing software for each security module 105 that is monitoring the system call, and a pointer to the corresponding wrapper within security master 103”).

With respect to claim 4, O’Brien as modified teaches: The method according to claim 2, wherein the loading of the feature node in the kernel based on the node identifier of the feature node comprises: 
loading the feature node based on the node identifier and an access permission of the feature node, wherein the access permission indicates whether an application program is allowed to access the feature node (see e.g. O’Brien, column 5, line 63 to column 6, line 4: “Pre-call and post-call processing are used to enforce the respective security module's 105 particular security policy or to initiate other actions by security module 105. For example, this processing could include additional auditing of system calls 301 such as auditing parameters-and results; performing access checks and making access decisions for computing resources 106; modifying parameters of system call 301; and passing information to user daemon 109”).

With respect to claim 5, O’Brien as modified teaches: The method according to claim 4, wherein the entry further comprises the access permission (see e.g. O’Brien, column 5, line 63 to column 6, line 4: “Pre-call and post-call processing are used to enforce the respective security module's 105 particular security policy or to initiate other actions by security module 105. For example, this processing could include additional auditing of system calls 301 such as auditing parameters-and results; performing access checks and making access decisions for computing resources 106; modifying parameters of system call 301; and passing information to user daemon 109”), and the method further comprises: 
passing, by the application program, the user handle identifier by using the interface function (see e.g. O’Brien, column 5, line 63 to column 6, line 4: “Pre-call and post-call processing are used to enforce the respective security module's 105 particular security policy or to initiate other actions by security module 105. For example, this processing could include additional auditing of system calls 301 such as auditing parameters-and results; performing access checks and making access decisions for computing resources 106; modifying parameters of system call 301; and passing information to user daemon 109”); and 
determining the access permission of the feature node in the entry of the feature node based on the user handle identifier (see e.g. O’Brien, column 5, line 63 to column 6, line 4: “Pre-call and post-call processing are used to enforce the respective security module's 105 particular security policy or to initiate other actions by security module 105. For example, this processing could include additional auditing of system calls 301 such as auditing parameters-and results; performing access checks and making access decisions for computing resources 106; modifying parameters of system call 301; and passing information to user daemon 109”).

With respect to claims 10-14: Claims 10-14 are directed to a device for managing a feature node in a kernel, comprising a memory and a processor configured to perform active functions corresponding to the method disclosed in claims 1-5, respectively; please see the rejections directed to claims 1-5 above which also cover the limitations recited in claims 10-14. Note that, O’Brien also discloses a computing system 100 comprising a memory and a central-processing unit to implement the method disclosed in claims 1-5 (see e.g. O’Brien, column 3, lines 13-25).

With respect to claim 19: Claim 19 is directed to a non-transitory computer readable storage medium, having stored therein a program that causes a computer to execute a process corresponding to the method disclosed in claim 1; please see the rejection directed to claim 1 above which also covers the limitations recited in claim 19. Note that, O’Brien also discloses storage media (e.g. a memory) storing instructions that causes a computing system to execute a process corresponding to the method recited in claim 1 (see e.g. O’Brien, column 3, lines 13-25).

Allowable Subject Matter
Claims 6 and 15 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

CONCLUSION
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Conover (US 7,487,548 B1) discloses granular access control for kernel functions by maintaining a handle table for user mode processes and intercepting kernel function calls by a hooking mechanism to determine authorized access to the kernel functions.
Spilo et al. (US 6,134,601) discloses maintaining tables that reflect allocated handles in use and determining resource allocation conditions by intercepting kernel function calls.

Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Umut Onat whose telephone number is (571)270-1735. The examiner can normally be reached M-Th 9:00-7:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Hyung (Sam) S Sough can be reached on (571) 272-6799. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/UMUT ONAT/Primary Examiner, Art Unit 2194