DETAILED ACTION 
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Status of Claims

Claims 1-20 are presented for examination in this application No. 17/209,487 filed on . Claims 1 and 17 are independent. 

Examiner notes
(A).  Drawings submitted on 03/23/2021 comply with the provisions of 37 CFR 1.121(d), and have been fully considered by the Examiner.
(B)  Limitations have been provided with the Bold fonts in order to distinguish from the cited part of the reference (Italic).
(C).  Examiner has cited particular columns, line numbers, references, or figures in the references applied to the claims above for the convenience of the applicant. Although the specified citations are representative of the teachings of passages and figures may apply as well. It is respectfully requested from the applicant in preparing responses to fully consider the reference in entirety, as potentially teaching all or part of the claimed invention. See MPEP §§ 2141.02 and 2123.
The examiner requests, in response to this Office action, support be shown for language added to any original claims on amendment and any new claims. That is, indicate support for newly added claim language by specifically pointing to page(s) and line number(s) in the specification and/or drawing figure(s). This will assist the examiner in prosecuting the application.
When responding to this office action, Applicant is advised to clearly point out the patentable novelty which he or she thinks the claims present, in view of the state of the art disclosed by the references cited or the objections made. He or she must also show how the amendments avoid such references or objections See 37 CFR 1.111 (c).
Internet E-mail
A written authorization by Applicant is required for the Examiner to respond via Internet e-mail to any Internet correspondence which contains information subject to the confidentiality requirement as set forth in 35 U.S.C. 122, such as proposed Examiner’s Amendments or interview agenda items (MPEP 502.03; See Internet Usage Policy, 64 FR 33056 (June 21, 1999)). To authorize e-mail communications from the Examiner (e.g. proposed Examiner’s Amendments), the Applicant must place a written authorization in the record. Applicant may authorize electronic and email communication by the Examiner via PTO Automated Interview Request web service.  To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractlce. 

Claim Objections
5.	Claim 1 is objected to because of the following informality: Because of in the writing limitation has the phrase "to for" - appears to be a word missing between to and for or the phrase is grammatically incorrect at the line 8 of claim 1.
Appropriate correction is required.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 1 rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.


Claim 1 recites the limitation "the class file" in the lines of 5, 8, 9 15, 17 lacks antecedent basis due to each binary object corresponding to a class file in the preamble.  There is insufficient antecedent basis for this limitation in the claim.

Claim 1 further recites the limitation "executing the binary code instead of binary code corresponding to the class file..." in line 15-16. In the preamble indicates binary objects are corresponding to the class file and only one binary code was generated from the modified class file. It is unclear what the other binary code is from.

Claim 1 recites the limitation "wherein the inducting includes inducting into the application only the binary code corresponding to the modified class file, and not binary code corresponding to the whole application.", in the line 19-20. If the binary code of the modified class file is inducted into the application this would make it binary code corresponding to the whole application. Thus the claim limitation is confusing and indefinite. It appears it should be not binary objects corresponding to other or unmodified class files.

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claim 10 is rejected under 35 U.S.C. 112, first paragraph, as failing to comply with the written description requirement.  
The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor(s), at the time the application was filed, had possession of the claimed invention.  
The storing / generating of logs for the test results then it is unclear how one does such without aggregating error information when testing involves (within the level of one of ordinary skill in the art). 
DETERMINING WHETHER THE FULL SCOPE OF A COMPUTER-IMPLEMENTED FUNCTIONAL CLAIM LIMITATION IS ENABLED: To satisfy the enablement requirement of 35 U.S.C. 112(a) or pre-AIA  35 U.S.C. 112, first paragraph, the specification must teach those skilled in the art how to make and use the full scope of the claimed invention without "undue experimentation." See, e.g., In re Wright, 999 F.2d 1557, 1561, 27 USPQ2d 1510, 1513 (Fed. Cir. 1993); In re Wands, 858 F.2d 731, 736-37, 8 USPQ2d 1400, 1402 (Fed. Cir. 1988). In In re Wands, the court set forth the following factors to consider when determining whether undue experimentation is needed: (1) the breadth of the claims; (2) the nature of the invention; (3) the state of the prior art; (4) the level of one of ordinary skill; (5) the level of predictability in the art; (6) the amount of direction provided by the inventor; (7) the existence of working examples; and (8) the quantity of experimentation needed to make or use the invention based on the content of the disclosure. Wands, 858 F.2d at 737, 8 USPQ2d 1404. The undue experimentation determination is not a single factual determination; rather, it is a conclusion reached by weighing all the factual considerations. Id. For instance in regards to factors 3, 4 and 5 factors, reference Pappas teaches at paragraph 0016 that the testing of the source code / binary involves reading a detailed test results / report. Hence, the results are stored in logs to be subsequently read.  In regards to factors 1, 2 and 7 – the description of the testing operation occurs at the following paragraphs in the filed specification:
[19] The updating may include updating only the class file. The testing may include testing performance of the modified class file without testing performance of the entire application. The methods may include providing to the database a copy of the updated class file, and not new copies of all other class files of the application. The methods may include providing to the database a copy of the updated class file, and not a new copy of any other class files of the application.
[22] The method may include identifying the run-time behavior in code of the web application. The method may include testing performance of the class file exhibiting the behavior. The method may include compiling the modified class file in a developer instance that does not include compilations of the other class files of the web application. The method may include comparing a test output from a compilation of the modified class file to an expected output of the compilation. 
[23] The testing may be a testing that does not include rebuilding the entire web application. The testing may be a testing that does not include deploying the entire web application in a run- time environment. The testing may be a testing that does not include deploying binary code corresponding to the modified class file in an offline data center that is configured, when online to respond to no less than 1,000,000 requests per day. The testing may be a testing that does not include providing a token to validate an external service call made by code corresponding to a class file that has a purpose that is different from a purpose of the modified class file. 
[24] The testing may be a testing that does not include aggregating run-time error logs corresponding to the class files of the web application.
[25] The testing may be a testing that does not include performing a regression of first outputs from a modified version of the web application against second outputs that come from a previous version of the web application. The regression may be a regression that evaluates backward compatibility. 
[28] FIG. 1 shows a prior-art approach to changing behavior of a web-based application of which a first instance runs at a first datacenter. At step 100, an enterprise may engage in a decision to commit to rebuilding the application. At step 102, a development team beings to work in a development environment to develop and test a new version of the application. At step 104, the development team undertakes, in a quality assurance ("QA") environment, a QA testing process of the new version of the application. At step 106, the development team undertakes a product deployment process for the new version of the application. At step 108, the enterprise routes all traffic intended for the first instance to a second instance at a second datacenter that continues to run a second instance of the application that is similar or identical to the first instance. At step 110, the enterprise begins to deploy, at the first data center, an updated version of the application. At step 112, the enterprise formulates tokens to validate calls to external data and authentication services for the revised part of the new version of the application. At step 114, the enterprise checks the results of the calls and determines whether the results are correct or in error. The checking involves aggregating logs of runtime errors. At step 116, the enterprise formulates tokens to validate calls to external data and authentication services for the entire new version of the application, and compares the results to the results of the same test as applied to the previous version of the application. The comparison involves a regression analysis that tests backwards compatibility of the changed parts of the new version. At step 118, the enterprise may decide that a regression score is too low to go "live" with the new version. If the regression score is too low to go "live" with the new version, the process reverts to commit-and- rebuild step 100.
[55] Fig. 7 shows illustrative steps of a developer environment process 700. At step 702 a developer in the system may receive a functionality alert. At step 704, the developer may identify a proposed run-time change. At step 706, the developer may identify a class for which run-time change is desired. At step 708, the developer may modify a file for which run-time 
change is desired. At step 710, the developer may test the file in the developer environment. At step 712, the developer may formulate metadata for a dynamic configuration database. At step 714, the developer may push the modified file and the metadata to the dynamic configuration database. 

It is noted that only paragraphs 0024 and 0028 provide any clarifying language regarding the testing.  Paragraph 0024 states the same level of generality (with no explanation) as to how the testing is achieved.  Paragraph 0054, is explicit that the validation (e.g. testing) involves aggregating logs of runtime errors.  Thus the only working example showing the testing involves the direct usage of logs that is contrary to the claims.  Therefore, claim 10 is not enabled based on the Wands factors outlined herein and the claim is rejected under 35 USC 112 (a). . See (MPEP 2161.01(a) and 2164.04)


Claim Rejections - Double Patenting
Claims 1-20 of this application is patentably indistinct from claims 1-22 of Application No. 17/209,472.  Pursuant to 37 CFR 1.78(e) or pre-AIA  37 CFR 1.78(b), when two or more applications filed by the same applicant contain patentably indistinct claims, elimination of such claims from all but one application may be required in the absence of good and sufficient reason for their retention during pendency in more than one application. Applicant is required to either cancel the patentably indistinct claims from all but one application or maintain a clear line of demarcation between the applications. See MPEP § 822.
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees.  A nonstatutory double patenting rejection is appropriate where the claims at issue are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the reference application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The USPTO internet Web site contains terminal disclaimer forms which may be used.  Please visit http://www.uspto.gov/forms/.  The filing date of the application will determine what form should be used.  A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission.  For more information about eTerminal Disclaimers, refer to http://www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.  

Claims 1-20 are rejected on the ground of non-statutory non-provisional obviousness type double patenting as being unpatentable over claims 1-22 of U.S. Patent No. 8,893,116.  Although the conflicting claims are not identical, they are not patentably distinct from each other because method for deploying a web application including a plurality of binary objects, each corresponding to a class file, the method comprising: isolating from the plurality of class files a class file in which a run-time behavior occurs; updating the class file to produce a modified class file that does not have the behavior based on same components having almost similar functionality. The patent claims incorporate limitations of instant application as describe below:

Instant Application 17/209,487


Patent 11,321,063
1. A method for deploying a web application including a plurality of binary objects, each corresponding to a class file, the method comprising: isolating from the plurality of class files a class file in which a run-time behavior occurs; updating the class file to produce a modified class file that does not have the behavior; testing performance of the modified class file; writing metadata to for class file; storing the class file in a dynamic configuration database; recognizing the modified class file as being modified; using a cron job processor, reading the metadata; compiling the modified class file into binary code; using the metadata, inducting into the application, in a run-time environment, the binary code corresponding to the modified class file; executing the binary code instead of binary code corresponding to the class file in which the run-time behavior occurs; after the executing, removing the binary code corresponding to the class file in which the run-time behavior occurs from the run-time environment; 
wherein the inducting includes inducting into the application only the binary code corresponding to the modified class file, and not binary code corresponding to the whole application.  
Claim 1 (left) is rejected under ODP as being obvious over claim 1 of Patent 11,321,063 in view of Pappas et al. (US 2015/008,9656 A1).
Note claim 1. A method for deploying a web application including a plurality of binary objects, each corresponding to a class file, the method comprising: isolating from the plurality of class files a class file in which a run-time behavior occurs; updating the class file to produce a modified class file that does not have the behavior; testing performance of the modified class file; writing metadata to for class file; storing the class file in a dynamic configuration database; recognizing the modified class file as being modified; using a cron job processor, reading the metadata; compiling the modified class file into binary code; using the metadata, inducting into the application, in a run-time environment, the binary code corresponding to the modified class file; executing the binary code instead of binary code corresponding to the class file in which the run-time behavior occurs; after the executing, removing the binary code corresponding to the class file in which the run-time behavior occurs from the run-time environment; 
wherein the updating the class file includes updating only the class file.

      Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Patented 11,321,063 to include the inducting includes inducting into the application only the binary code corresponding to the modified class file, and not binary code corresponding to the whole application, as disclosed by Pappas, for the purpose of alleviating security vulnerabilities in a binary representation of a software application, a binary code portion determined to be associated with a security vulnerability is replaced with a replacement binary code that can avoid such vulnerability without substantially changing the functionality of the code portion that was replaced. The replacement binary code can be selected based on properties and/or context of the code portion to be replaced (see Abstract of Pappas).
2. The method of claim 1 further comprising identifying the run-time behavior in code of the web application.  
Claim 2 (left) is rejected under ODP as being obvious over claim 3 of Patent 11,321,063. in view of Pappas et al. (US 2015/008,9656 A1).
Note 3. (original) The method of claim 1 further comprising identifying the run-time behavior in code of the web application.
    Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Patented 11,321,063 to include identifying the run-time behavior in code of the web application, as disclosed by Pappas, for the purpose of alleviating security vulnerabilities in a binary representation of a software application, a binary code portion determined to be associated with a security vulnerability is replaced with a replacement binary code that can avoid such vulnerability without substantially changing the functionality of the code portion that was replaced. The replacement binary code can be selected based on properties and/or context of the code portion to be replaced (see Abstract of Pappas).
3. The method of claim 1 further comprising testing performance of the class file exhibiting the behavior.  
Claim 3 (left) is rejected under ODP as being obvious over claim 4 of Patent 11,321,063 in view of Pappas et al. (US 2015/008,9656 A1).
    Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Patented 11,321,063 to include testing performance of the class file exhibiting the behavior, as disclosed by Pappas, for the purpose of alleviating security vulnerabilities in a binary representation of a software application, a binary code portion determined to be associated with a security vulnerability is replaced with a replacement binary code that can avoid such vulnerability without substantially changing the functionality of the code portion that was replaced. The replacement binary code can be selected based on properties and/or context of the code portion to be replaced (see Abstract of Pappas).
4. The method of claim 1 wherein the testing comprises compiling the modified class file in a developer instance that does not include compilations of the other class files of the web application.  
Claim 4 (left) is rejected under ODP as being obvious over claim 5 of Patent 11,321,063 in view of Pappas et al. (US 2015/008,9656 A1).
    Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Patented 11,321,063 to include testing comprises compiling the modified class file in a developer instance that does not include compilations of the other class files of the web application, as disclosed by Pappas, for the purpose of alleviating security vulnerabilities in a binary representation of a software application, a binary code portion determined to be associated with a security vulnerability is replaced with a replacement binary code that can avoid such vulnerability without substantially changing the functionality of the code portion that was replaced. The replacement binary code can be selected based on properties and/or context of the code portion to be replaced (see Abstract of Pappas).
5. The method of claim 4 wherein the testing further comprises comparing a test output from a compilation of the modified class file to an expected output of the compilation.  
Claim 5 left, is rejected under ODP as being obvious over claim 6 of Patent 11,321,063 in view of Pappas et al. (US 2015/008,9656 A1).
Note: 5. (original) The method of claim 1 wherein the testing comprises compiling the modified class file in a developer instance that does not include compilations of the other class files of the web application.
        Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Patented 11,321,063 to include wherein the testing comprises compiling the modified class file in a developer instance that does not include compilations of the other class files of the web application, as disclosed by Pappas, for the purpose of alleviating security vulnerabilities in a binary representation of a software application, a binary code portion determined to be associated with a security vulnerability is replaced with a replacement binary code that can avoid such vulnerability without substantially changing the functionality of the code portion that was replaced. The replacement binary code can be selected based on properties and/or context of the code portion to be replaced (see Abstract of Pappas).
6. The method of claim 1 wherein the testing does not include rebuilding the entire web application.  
Claim 6 left, is rejected under ODP as being obvious over claim 7 of Patent 11,321,063 in view of Pappas et al. (US 2015/008,9656 A1).
       Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Patented 11,321,063 to include the testing does not include rebuilding the entire web application, as disclosed by Pappas, for the purpose of alleviating security vulnerabilities in a binary representation of a software application, a binary code portion determined to be associated with a security vulnerability is replaced with a replacement binary code that can avoid such vulnerability without substantially changing the functionality of the code portion that was replaced. The replacement binary code can be selected based on properties and/or context of the code portion to be replaced (see Abstract of Pappas).

7. The method of claim 1 wherein the testing does not include deploying the entire web application in a run-time environment.  
Claim 7. Left, is rejected under ODP as being obvious over claim 8 of Patent  by Patent 11,321,063 in view of Pappas et al. (US 2015/008,9656 A1).

Note: 7. (original) The method of claim 1 wherein the testing does not include rebuilding the entire web application.

     Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Patented 11,321,063 to include the testing does not include deploying the entire web application in a run-time environment, as disclosed by Pappas, for the purpose of alleviating security vulnerabilities in a binary representation of a software application, a binary code portion determined to be associated with a security vulnerability is replaced with a replacement binary code that can avoid such vulnerability without substantially changing the functionality of the code portion that was replaced. The replacement binary code can be selected based on properties and/or context of the code portion to be replaced (see Abstract of Pappas).
8. The method of claim 1 wherein the testing does not include deploying binary code corresponding to the modified class file in an offline data center that is configured, when online to respond to no less than 1,000,000 requests per day.  
Claim 8 left, is rejected under ODP as being obvious over claim 9 of Patent 11,321,063 in view of Pappas et al. (US 2015/008,9656 A1).

Note: 9. (original) The method of claim 1 wherein the testing does not include deploying binary code corresponding to the modified class file in an offline data center that is configured, when online to respond to no less than 1,000,000 requests per day.

        Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Patented 11,321,063 to include testing does not include deploying binary code corresponding to the modified class file in an offline data center that is configured, when online to respond to no less than 1,000,000 requests per day, as disclosed by Pappas, for the purpose of alleviating security vulnerabilities in a binary representation of a software application, a binary code portion determined to be associated with a security vulnerability is replaced with a replacement binary code that can avoid such vulnerability without substantially changing the functionality of the code portion that was replaced. The replacement binary code can be selected based on properties and/or context of the code portion to be replaced (see Abstract of Pappas).

9. The method of claim 1 wherein the testing does not include providing a token to validate an external service call made by code corresponding to a class file that has a purpose that is different from a purpose of the modified class file.  
Claim 9 left, is rejected under ODP as being obvious over claim 10 of Patent 11,321,063 in view of Pappas et al. (US 2015/008,9656 A1).

Note: 10. (original) The method of claim 1 wherein the testing does not include providing a token to validate an external service call made by code corresponding to a class file that has a purpose that is different from a purpose of the modified class file.

          Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Patented 11,321,063 to include wherein the testing does not include providing a token to validate an external service call made by code corresponding to a class file that has a purpose that is different from a purpose of the modified class file, as disclosed by Pappas, for the purpose of alleviating security vulnerabilities in a binary representation of a software application, a binary code portion determined to be associated with a security vulnerability is replaced with a replacement binary code that can avoid such vulnerability without substantially changing the functionality of the code portion that was replaced. The replacement binary code can be selected based on properties and/or context of the code portion to be replaced (see Abstract of Pappas).
10. The method of claim 1 wherein the testing does not include aggregating run-time error logs corresponding to the class files of the web application.  
Claim 10 left, is rejected under ODP as being obvious over claim 11 of Patent 11,321,063 in view of Pappas et al. (US 2015/008,9656 A1).
Note: 11. (original) The method of claim 1 wherein the testing does not include aggregating run-time error logs corresponding to the class files of the web application.

         Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Patented 11,321,063 to include wherein the testing does not include aggregating run-time error logs corresponding to the class files of the web application, as disclosed by Pappas, for the purpose of alleviating security vulnerabilities in a binary representation of a software application, a binary code portion determined to be associated with a security vulnerability is replaced with a replacement binary code that can avoid such vulnerability without substantially changing the functionality of the code portion that was replaced. The replacement binary code can be selected based on properties and/or context of the code portion to be replaced (see Abstract of Pappas).

11. The method of claim 1 wherein the testing does not include performing a regression of first outputs from a modified version of the web application against second outputs that come from a previous version of the web application.  
Claim 11 left, is rejected under ODP as being obvious over claim 12 of Patent 11,321,063 in view of Pappas et al. (US 2015/008,9656 A1).
Note: 12. (original) The method of claim 1 wherein the testing does not include performing a regression of first outputs from a modified version of the web application against second outputs that come from a previous version of the web application.

     Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Patented 11,321,063 to include wherein the testing does not include performing a regression of first outputs from a modified version of the web application against second outputs that come from a previous version of the web application, as disclosed by Pappas, for the purpose of alleviating security vulnerabilities in a binary representation of a software application, a binary code portion determined to be associated with a security vulnerability is replaced with a replacement binary code that can avoid such vulnerability without substantially changing the functionality of the code portion that was replaced. The replacement binary code can be selected based on properties and/or context of the code portion to be replaced (see Abstract of Pappas).
12. The method of claim 11 wherein the regression is configured to evaluate backward compatibility.  
Claim 12 left is rejected under ODP as being obvious over claim 12 of Patent 11,321,063 in view of Pappas et al (US 2015/0089656 A1) and further in view of Schwabe et al. (US 6,986,132 B1)

          Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Patented 11,321,063 to include the inducting includes inducting into the application only the binary code corresponding to the modified class file, and not binary code corresponding to the whole application, as disclosed by Pappas, for the purpose of alleviating security vulnerabilities in a binary representation of a software application, a binary code portion determined to be associated with a security vulnerability is replaced with a replacement binary code that can avoid such vulnerability without substantially changing the functionality of the code portion that was replaced. The replacement binary code can be selected based on properties and/or context of the code portion to be replaced (see Abstract of Pappas).
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Pappas to include the method wherein the regression is configured to evaluate backward compatibility, as disclosed by Schwabe, for the purpose of detecting whether an extra field or method is present in the binary file but not defined in the API definition file. (see col. 23, ll. 12-15 of Schwabe).

13. The method of claim 1 further comprising: routing a flow of service requests to a data center of a plurality of data centers based on geographic proximity between a request and the data center; receiving at the data center a first request; then, performing the isolating; then, 14performing the executing; continuing to route request to the data center during the isolating.  
Claim 13 left is rejected under ODP as being obvious over claim 14 of Patent 11,321,063 in view of over Pappas et al (US 2015/0089656 A1) 

14. The method of claim 1 further comprising: routing a flow of service requests to a data center of a plurality of data centers based on geographic proximity between a request and the data center; receiving at the data center a first request; then, performing the isolating; then, performing the executing; continuing to route request to the data center during the updating.  
Claim 14 left is rejected under ODP as being obvious over claim 15 of Patent 11,321,063 in view of over Pappas et al (US 2015/0089656 A1) 

Note: 15. (original) The method of claim 1 further comprising: routing a flow of service requests to a data center of a plurality of data centers based on geographic proximity between a request and the data center; receiving at the data center a first request; then, performing the isolating; then, performing the executing; continuing to route request to the data center during the updating.

Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Patented 11,321,063 to include the inducting includes inducting into the application only the binary code corresponding to the modified class file, and not binary code corresponding to the whole application, as disclosed by Pappas, for the purpose of alleviating security vulnerabilities in a binary representation of a software application, a binary code portion determined to be associated with a security vulnerability is replaced with a replacement binary code that can avoid such vulnerability without substantially changing the functionality of the code portion that was replaced. The replacement binary code can be selected based on properties and/or context of the code portion to be replaced (see Abstract of Pappas).

15. The method of claim 1 further comprising: routing a flow of service requests to a data center of a plurality of data centers based on geographic proximity between a request and the data center; receiving at the data center a first request; then, performing the isolating; then, performing the executing; continuing to route request to the data center during the testing.  
Claim 15 left is rejected under ODP as being obvious over claim 16 of Patent 11,321,063 in view of Pappas et al (US 2015/0089656 A1). 
        
     Note: 16. (original) The method of claim 1 further comprising: routing a flow of service requests to a data center of a plurality of data centers based on geographic proximity between a request and the data center; receiving at the data center a first request; then, performing the isolating; then, performing the executing; continuing to route request to the data center during the testing.
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Patented 11,321,063 to include the inducting includes inducting into the application only the binary code corresponding to the modified class file, and not binary code corresponding to the whole application, as disclosed by Pappas, for the purpose of alleviating security vulnerabilities in a binary representation of a software application, a binary code portion determined to be associated with a security vulnerability is replaced with a replacement binary code that can avoid such vulnerability without substantially changing the functionality of the code portion that was replaced. The replacement binary code can be selected based on properties and/or context of the code portion to be replaced (see Abstract of Pappas).

16. The method of claim 1 further comprising: routing a flow of service requests to a data center of a plurality of data centers based on geographic proximity between a request and the data center; receiving at the data center a first request; then, performing the isolating; then, performing the executing; continuing to route request to the data center during the writing.  
Claim 16 left is rejected under ODP as being obvious over claim 14 of Patent 11,321,063 in view of Pappas et al (US 2015/0089656 A1) and further in view of Torun et al. (US 11,163,669 B1)

        Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Patented 11,321,063 to include the inducting includes inducting into the application only the binary code corresponding to the modified class file, and not binary code corresponding to the whole application, as disclosed by Pappas, for the purpose of alleviating security vulnerabilities in a binary representation of a software application, a binary code portion determined to be associated with a security vulnerability is replaced with a replacement binary code that can avoid such vulnerability without substantially changing the functionality of the code portion that was replaced. The replacement binary code can be selected based on properties and/or context of the code portion to be replaced (see Abstract of Pappas).

Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Pappas to include running a web application on a virtual machine, the web application providing to a first user a service, as disclosed by Torun, for the purpose of providing deployment service and tool to manage the software application. (see col. 3, ll. 19-30, of Torun).
17. A method for deploying web applications, the method comprising: running a web application on a virtual machine, the web application: providing to a first user a service; and including an old class file; updating the class file to form a new class file; storing the new class file in a dynamic configuration database; 15in response to a query from a user identifying the application, from among a plurality of applications, as corresponding to the query; in a run-time environment of the application, inducting into the application, a first executable object having a class identifier, and not inducting a second executable object having the same class identifier, the inducting operating on an executable object corresponding to the new class file, and not to the old class file.  
Claim 17 left is rejected under ODP as being obvious over claim 17 of Patent 11,321,063 in view of Pappas et al (US 2015/0089656 A1).

Note: 17. (currently amended) A method for deploying web applications, the method comprising: running a web application on a virtual machine, the web application: providing to a first user a service; and including an old class file; updating the class file to form a new class file; storing the new class file in a dynamic configuration database; in response to a query from a user identifying the application, from among a plurality of applications, as corresponding to the query; selecting, in a run-time environment of the application, from a first executable object having a class identifier and a second executable object having the same class identifier, the executable object corresponding to the new class file, and not to the old class file; when the web application is a first web application that provides a first service to a first user, the new class file is a first new class file, and the query is a first query: running a second web application on second virtual machine, the second web application: providing to a second user a second service that is different from the first service; and including a second old class file; updating the second old class file to form a second new class file; storing the second old class file in the dynamic configuration database; in response to a second query from a second user: identifying in the plurality of applications the second application as being associated with the second query; and selecting, in a run-time environment of the second application, from a first executable object having a class identifier and a second executable object having the same class identifier, the executable object corresponding to the second new class file; and storing, in the dynamic configuration database: first metadata corresponding to the first new class file; and second metadata corresponding to the second new class file.

       Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Patented 11,321,063 to include the inducting includes inducting into the application only the binary code corresponding to the modified class file, and not binary code corresponding to the whole application, as disclosed by Pappas, for the purpose of alleviating security vulnerabilities in a binary representation of a software application, a binary code portion determined to be associated with a security vulnerability is replaced with a replacement binary code that can avoid such vulnerability without substantially changing the functionality of the code portion that was replaced. The replacement binary code can be selected based on properties and/or context of the code portion to be replaced (see Abstract of Pappas).

18. The method of claim 17 further comprising, when the web application is a first web application that provides a first service to a first user, the new class file is a first new class file, and the query is a first query: running a second web application on second virtual machine, the second web application: providing to a second user a second service that is different from the first service; and including a second old class file; updating the second old class file to form a second new class file; storing the second old class file in the dynamic configuration database; in response to a second query from a second user: identifying in the plurality of applications the second application as being associated with the second query; selecting, in a run-time environment of the second application, from a first executable object having a class identifier and a second executable object having the same class identifier, the executable object corresponding to the second new class file.  
Claim 18 left is rejected under ODP as being obvious over claim 17 of Patent 11,321,063 in view of Pappas et al (US 2015/0089656 A1).
Note: 17. (currently amended) A method for deploying web applications, the method comprising: running a web application on a virtual machine, the web application: providing to a first user a service; and including an old class file; updating the class file to form a new class file; storing the new class file in a dynamic configuration database; in response to a query from a user identifying the application, from among a plurality of applications, as corresponding to the query; selecting, in a run-time environment of the application, from a first executable object having a class identifier and a second executable object having the same class identifier, the executable object corresponding to the new class file, and not to the old class file; when the web application is a first web application that provides a first service to a first user, the new class file is a first new class file, and the query is a first query: running a second web application on second virtual machine, the second web application: providing to a second user a second service that is different from the first service; and including a second old class file; updating the second old class file to form a second new class file; storing the second old class file in the dynamic configuration database; in response to a second query from a second user: identifying in the plurality of applications the second application as being associated with the second query; and selecting, in a run-time environment of the second application, from a first executable object having a class identifier and a second executable object having the same class identifier, the executable object corresponding to the second new class file; and storing, in the dynamic configuration database: first metadata corresponding to the first new class file; and second metadata corresponding to the second new class file.

         Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Patented 11,321,063 to include the inducting includes inducting into the application only the binary code corresponding to the modified class file, and not binary code corresponding to the whole application, as disclosed by Pappas, for the purpose of alleviating security vulnerabilities in a binary representation of a software application, a binary code portion determined to be associated with a security vulnerability is replaced with a replacement binary code that can avoid such vulnerability without substantially changing the functionality of the code portion that was replaced. The replacement binary code can be selected based on properties and/or context of the code portion to be replaced (see Abstract of Pappas).

19. The method of claim 17 further comprising: routing a flow of service requests to a data center of a plurality of data centers based on geographic proximity between a request and the data center; performing the inducting; and continuing to route request to the data center during the inducting.  
Claim 19 (left) is rejected under ODP as being obvious over claim 17 of Patent 11,321,063 in view of Pappas et al (US 2015/0089656 A1) and further in view of Torun et al. (US 11,163,669 B1)

        Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Patented 11,321,063 to include the inducting includes inducting into the application only the binary code corresponding to the modified class file, and not binary code corresponding to the whole application, as disclosed by Pappas, for the purpose of alleviating security vulnerabilities in a binary representation of a software application, a binary code portion determined to be associated with a security vulnerability is replaced with a replacement binary code that can avoid such vulnerability without substantially changing the functionality of the code portion that was replaced. The replacement binary code can be selected based on properties and/or context of the code portion to be replaced (see Abstract of Pappas).
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Pappas to include routing a flow of service requests to a data center of a plurality of data centers based on geographic proximity between a request and performing the inducting and continuing to route request to the data center during the inducting, as disclosed by Torun, for the purpose of grouping of compute instances in this manner may be used to isolate particular customers from one another, isolate requests originating from particular geographies, or to isolate other types of requests from one another for security, performance, or other reasons. (see col. 11, ll. 8-12, of Torun).
	
20. The method of claim 19 further comprising configuring a cron job processor to periodically poll a database to determine which of a plurality of executable objects to induct in the inducting step.
Claim 20 left is rejected under ODP as being obvious over claim 20 of Patent 11,321,063 in view of Pappas et al (US 2015/0089656 A1) in further view of Torun et al. (US 11,163,669 B1) 
       Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Patented 11,321,063 to include the inducting includes inducting into the application only the binary code corresponding to the modified class file, and not binary code corresponding to the whole application, as disclosed by Pappas, for the purpose of alleviating security vulnerabilities in a binary representation of a software application, a binary code portion determined to be associated with a security vulnerability is replaced with a replacement binary code that can avoid such vulnerability without substantially changing the functionality of the code portion that was replaced. The replacement binary code can be selected based on properties and/or context of the code portion to be replaced (see Abstract of Pappas).





Claim Rejections - 35 USC § 103

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

Claims 1-11 are rejected under 35 U.S.C. 103 as being obvious over Pappas et al (US 2015/0089656 A1) in view of Hashmi et al (US 2013/0326333 A1).

As to claim 1, Pappas discloses a method for deploying a web application including a plurality of binary objects, each corresponding to a class file, the method comprising: 
isolating from the plurality of class files a class file in which a run-time behavior occurs (pars. 0026-0028, … it is determined that in a binary file 202, a vulnerability is associated with the use of unchecked data 204, such as user-supplied data received in an input field of a webpage. … with reference to FIG. 2B, a binary patching system 252 determines that the software application includes an XSS vulnerability 254. The system 252 also determines whether the runtime of the software application is based on Java 256 or includes the .NET framework 258. It should be understood that Java runtime and .NET framework … ultimate software behavior is identified, allowing the user to select which portions determined to be defective may be replaced with the identified patches); 
updating the class file to produce a modified class file that does not have the behavior (pars. 0019-0020, once a suitable patch (e.g., the patch 114a) is selected, the portion identified as associated with the defect (e.g., the portion 112) is replaced with the selected patch. … As such, in these situations, simply invoking a secure function/method with any additional or different parameters as necessary, instead of invoking the unsecure function/method, can adequately address the vulnerability. Therefore, in some embodiments, the replacement binary patch modifies only the invocation of a function/method identified as vulnerable. Further, see pars. 0022-0025, 0026, 0029); 
testing performance of the modified class file (par. 0029, replacement of the identified portion with a matching patch can cure or at least mitigating the defect, without requiring intervention by skilled personnel, thereby decreasing the time-to-deliver in the SDLC and/or cost of software development. An analysis of the expected behavior of the software application after the replacement can ensure or at least minimize the risk that the replacement is not inconsistent with the remainder of the application ... These systems can also be incorporated with static, dynamic, and/or manual assessment systems, which can be used for testing the patched binary to verify that the automated remediation did not substantially modify the originally specified behavior of the software system …);
writing (“patch”) metadata to for class file (“Java module”)(pars. 0023-0024, The calls to java/lang/math/Random are replaced with calls to the more secure java/security/SecureRandom module. Similarly, a C/C++ executable which calls "strcpy" of an arbitrary (e.g., variable length) input into a fixed sized buffer, thereby introducing a vulnerability, may be modified to call "strncpy" instead … the patches are modified before they are applied to the binary files. For instance, in the above mentioned strcpy example, applying the strncpy fix requires knowledge of the length of the destination buffer, and setting that length as the maximum length to copy. …  the patches are modified before they are applied to the binary files. For instance, in the above mentioned strcpy example, applying the strncpy fix requires knowledge of the length of the destination buffer, and setting that length as the maximum length to copy); 
storing the class file in a dynamic configuration database (par. 0018, To identify suitable patches, the functionality associated with the identified portion may be compared with alternatives that provide the same or similar functionality, but in a more secure manner. These alternatives may be accessed from a library and/or a database of patches 116. … . Further at par. 0031, … The input and/or output devices can include one or more of the following: Random Access Memory (RAM), Redundant Array of Independent Disks (RAID), floppy drive, CD, DVD, magnetic disk, internal hard drive, external hard drive, memory stick, or other storage device capable of being accessed by a processing element as provided herein. Further, see par. 0004, the present invention can detect and cure vulnerabilities in software applications, at least in part, by programmatically analyzing one or more binary files corresponding to the compiled software application. The analysis of the binary files can be performed statically, i.e., without requiring execution of the software application. A portion of the binary file is identified as being associated with a defect. A replacement, e.g., a binary patch, for the identified portion is explored in a library or database of patches. In some instances, modifying the software binary files using a patch can change the behavior of the application); 
recognizing the modified class file as being modified (par. 0023,  By applying a selected binary patch, i.e., by replacing in the binary files the portion identified to be defective with a patch, the system can modify insecure instruction patterns to transform them into more secure ones. For example, the patching system may modify the compiled class files in a Java module that calls java/lang/math/Random, which is determined not to be a highly secure component … . Further, see pars. 0018, 0022-0028); 
compiling the modified class file into binary code (par. 0016, With reference to FIG. 1, the binary patching system 102 reads in the detailed test results/report 104 of a static binary analysis of one or more binary files 106a-c obtained by compiling a software application. In some embodiments, the binary files 106a-c correspond only to one or more modules of the software application … . Further, see pars. 0023-0025, 0029); 
using the metadata, inducting into the application, in a run-time environment, the binary code corresponding to the modified class file (par. 0026, … The replacement patch 206 may obtain filtered data 212 and may invoke the function/method via a modified call/invocation 214 [i.e. inducting] that uses the filtered data 212 (e.g., data determined not to expose or exploit a vulnerability in the software application), instead of the unchecked data 204. In various embodiments, the suitable patch 206 is selected based on, at least in part, a runtime environment and/or context of the software application); 
executing the binary code instead of binary code corresponding to the class file in which the run-time behavior occurs (par. 0027, … FIG. 2B, a binary patching system 252 determines that the software application includes an XSS vulnerability 254. The system 252 also determines whether the runtime of the software application is based on Java 256 or includes the .NET framework 258. It should be understood that Java runtime and .NET framework are illustrative only and that other runtimes such as C/C++ execution environment, Ruby, etc., are also within the scope of various embodiments. A context of the location where the vulnerability 254 was detected is also determined by the binary patching system 25 … runtime-environment specific encoders such as encodes for HTML 266a-b, encoders for HTML attributes 268a-b, and JavaScript encoders 270a-b. As described with reference to FIG. 2A, the replacement patch can invoke the functions/methods that may be vulnerable to unchecked data using the filtered, e.g., sanitized data, thereby mitigating or avoiding such security vulnerabilities. Further, see par. 0097 and 14); 
after the executing, removing (“replacing”) the binary code corresponding to the class file in which the run-time behavior occurs from the run-time environment (Abstract, In a binary patching system for alleviating security vulnerabilities in a binary representation of a software application, a binary code portion determined to be associated with a security vulnerability is replaced with a replacement binary code that can avoid such vulnerability without substantially changing the functionality of the code portion that was replaced. The replacement binary code can be selected based on properties and/or context of the code portion to be replaced. Further at par. 0027, … runtime-environment specific encoders such as encodes for HTML 266a-b, encoders for HTML attributes 268a-b, and JavaScript encoders 270a-b. As described with reference to FIG. 2A, the replacement patch can invoke the functions/methods that may be vulnerable to unchecked data using the filtered, e.g., sanitized data, thereby mitigating or avoiding such security vulnerabilities); 
wherein the inducting includes inducting into the application only the binary code corresponding to the modified class file, and not binary code corresponding to the whole application (abstract, In a binary patching system for alleviating security vulnerabilities in a binary representation of a software application, a binary code portion determined to be associated with a security vulnerability is replaced with a replacement binary code that can avoid such vulnerability without substantially changing the functionality of the code portion that was replaced. The replacement binary code can be selected based on properties and/or context of the code portion to be replaced. Further at par. 0004, the present invention can detect and cure vulnerabilities in software applications, at least in part, by programmatically analyzing one or more binary files corresponding to the compiled software application. The analysis of the binary files can be performed statically, i.e., without requiring execution of the software application. A portion of the binary file is identified as being associated with a defect. A replacement, e.g., a binary patch, for the identified portion is explored in a library or database of patches. In some instances, modifying the software binary files using a patch can change the behavior of the application. Further, see pars. 0016-0017, and 0021-0024).

Pappas does not explicitly disclose cron job processor, reading the metadata.
However, Hashmi discloses using a cron job processor, reading the metadata (par. 0060, … a DOM (Document Object Model) is an Application Programming Interface (API) to navigate and manipulate HTML documents. In this embodiment of the invention, a cron job 416 is provided to periodically wake up and poll external source for changes. The cron job 416 performs this activity for all MWs that have synchronized pages from external sources. The cron job uses data created and stored by Marker Index Processor 408 into the Storage 420 to locate the contents on the external source the user had marked for integration and synchronization with the MW. The cron job 416 may update the data created by the Marker Index Processor 408. In another embodiment of the synchronization, the external source may be modified to be fitted with a method such as a piece of code to watch for changes on the external source and inform MCMS to synchronize the MW content);

Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Pappas to include cron job processor, reading the metadata, as disclosed by Hashmi, for the purpose of performing this update to synchronize with the sources. (see paragraph 0060 of Hashmi).

As to claim 2, Pappas discloses the method further comprising identifying the run-time behavior in code of the web application (par. 0027, For example, with reference to FIG. 2B, a binary patching system 252 determines that the software application includes an XSS vulnerability 254. The system 252 also determines whether the runtime of the software application is based on Java 256 or includes the .NET framework 258. It should be understood that Java runtime and .NET framework are illustrative only and that other runtimes such as C/C++ execution environment, Ruby, etc., are also within the scope of various embodiments. A context of the location where the vulnerability 254 was detected is also determined by the binary patching system 252. Examples of contexts include, but are not limited to, HTML contexts 260a-b, HTML Attribute contexts 262a-b, and JavaScript contexts 264a-b. The nature of the vulnerability that any unchecked data can expose or exploit generally though not necessarily depends on the runtime environment and/or the context. As such, in some embodiments, the system 252 selects a suitable filter to sanitize the unchecked data. Examples of filters include, but are not limited to, runtime-environment specific encoders such as encodes for HTML 266a-b, encoders for HTML attributes 268a-b, and JavaScript encoders 270a-b. As described with reference to FIG. 2A, the replacement patch can invoke the functions/methods that may be vulnerable to unchecked data using the filtered, e.g., sanitized data, thereby mitigating or avoiding such security vulnerabilities).

As to claim 3, Pappas discloses the method further comprising testing performance of the class file exhibiting the behavior (par. 0029, …. An analysis of the expected behavior of the software application after the replacement can ensure or at least minimize the risk that the replacement is not inconsistent with the remainder of the application, and that it did not introduce additional flaws. The remediation of flaws without any or minimal development effort can be a significant value-add for a security as a service system. These systems can also be incorporated with static, dynamic, and/or manual assessment systems, which can be used for testing the patched binary to verify that the automated remediation did not substantially modify the originally specified behavior of the software system).

As to claim 4, Pappas discloses the method wherein the testing comprises compiling the modified class file in a developer instance that does not include compilations of the other class files of the web application (par. 0016, With reference to FIG. 1, the binary patching system 102 reads in the detailed test results/report 104 of a static binary analysis of one or more binary files 106a-c obtained by compiling a software application. In some embodiments, the binary files 106a-c correspond only to one or more modules of the software application … . Further, see pars. 0023, 0029).

As to claim 5, Pappas discloses the method wherein the testing further comprises comparing a test output from a compilation of the modified class file to an expected output of the compilation (par. 0029, these systems can also be incorporated with static, dynamic, and/or manual assessment systems, which can be used for testing the patched binary to verify that the automated remediation did not substantially modify the originally specified behavior of the software system. This can save both development and QA efforts. Advantageously, as software execution is not essential in static systems, the detection and mitigation of vulnerabilities can be performed as some components of a large software system are developed and compiled, before all components are developed and the entire software is assembled. Further, see pars. 0016, 0019-0020).

As to claim 6, Pappas discloses the method wherein the testing does not include rebuilding the entire web application (par. 0029, replacement of the identified portion with a matching patch can cure or at least mitigating the defect, without requiring intervention by skilled personnel, thereby decreasing the time-to-deliver in the SDLC and/or cost of software development. An analysis of the expected behavior of the software application after the replacement can ensure or at least minimize the risk that the replacement is not inconsistent with the remainder of the application ... These systems can also be incorporated with static, dynamic, and/or manual assessment systems, which can be used for testing the patched binary to verify that the automated remediation did not substantially modify the originally specified behavior of the software system … . Note: Patching does not rebuild the entire application);

As to claim 7, Pappas discloses the method wherein the testing does not include deploying the entire web application in a run-time environment (par. 0016, FIG. 1, the binary patching system 102 reads in the detailed test results/report 104 of a static binary analysis of one or more binary files 106a-c obtained by compiling a software application. In some embodiments, the binary files 106a-c correspond only to one or more modules of the software application and not to the entire application. It should be understood that three files are illustrative only, and that as few as a single file and more than three files (e.g., 5, 10, 40, 100) binary files that may collectively represent the software application are within the scope of various embodiments. The binary patching system 102 can determine the location of software security defects within the compiled binaries by analyzing the reports, i.e., test results 104. For example, the names of functions/methods invoked by the software application or a module thereof may be compared to the names in a specified list of functions/methods known to be vulnerable to intentional. Further, see pars. 0026 and 0029).

As to claim 8, Pappas disclose the method wherein the testing does not include deploying binary code corresponding to the modified class file in an offline data center that is configured, when online to respond to no less than 1,000,000 requests per day (par. 0029, replacement of the identified portion with a matching patch can cure or at least mitigating the defect, without requiring intervention by skilled personnel, thereby decreasing the time-to-deliver in the SDLC and/or cost of software development. An analysis of the expected behavior of the software application after the replacement can ensure … which can be used for testing the patched binary to verify that the automated remediation did not substantially modify the originally specified behavior of the software system. This can save both development and QA efforts. Advantageously, as software execution is not essential in static systems, the detection and mitigation of vulnerabilities can be performed as some components of a large software system are developed and compiled, before all components are developed and the entire software is assembled. Note The testing involve only perform test during development stage so there is no factor involve related to deployment. So, it would be obvious when online to respond to no less than 1,000,000 requests per day).

As to claim 9, Pappas discloses the method wherein the testing does not include providing a token to validate an external service call made by code corresponding to a class file that has a purpose that is different from a purpose of the modified class file (par. 0029, An analysis of the expected behavior of the software application after the replacement can ensure or at least minimize the risk that the replacement is not inconsistent with the remainder of the application, and that it did not introduce additional flaws. The remediation of flaws without any or minimal development effort can be a significant value-add for a security as a service system. These systems can also be incorporated with static, dynamic, and/or manual assessment systems, which can be used for testing the patched binary to verify that the automated remediation did not substantially modify the originally specified behavior of the software system. Note: testing procedure does not require any validation. Further see par. 0016).

As to claim 10, Pappas discloses the method wherein the testing does not include aggregating run-time error logs corresponding to the class files of the web application (par. 0029, An analysis of the expected behavior of the software application after the replacement can ensure or at least minimize the risk that the replacement is not inconsistent with the remainder of the application, and that it did not introduce additional flaws. The remediation of flaws without any or minimal development effort can be a significant value-add for a security as a service system. These systems can also be incorporated with static, dynamic, and/or manual assessment systems, which can be used for testing the patched binary to verify that the automated remediation did not substantially modify the originally specified behavior of the software system. Note: During testing there is no error log corresponding to the class file of the web application. Further, see par. 0016).

As to claim 11, Pappas discloses the method wherein the testing does not include performing a regression of first outputs from a modified version of the web application against second outputs that come from a previous version of the web application (par. 0029, An analysis of the expected behavior of the software application after the replacement can ensure or at least minimize the risk that the replacement is not inconsistent with the remainder of the application, and that it did not introduce additional flaws. The remediation of flaws without any or minimal development effort can be a significant value-add for a security as a service system. These systems can also be incorporated with static, dynamic, and/or manual assessment systems, which can be used for testing the patched binary to verify that the automated remediation did not substantially modify the originally specified behavior of the software system. Note testing does not involve first outputs from a modified version of the web application against second outputs that come from a previous version of the web application. Further, see par. 0016).

Claim 12 is rejected under 35 U.S.C. 103 as being obvious over Pappas et al (US 2015/0089656 A1) in view of Hashmi et al (US 2013/0326333 A1) and further in view of Schwabe et al. (US 6,986,132 B1).
As to claim 12, Pappas does not explicitly disclose the method wherein the regression is configured to evaluate backward compatibility. 

However, Schwabe discloses the method wherein the regression is configured to evaluate backward compatibility  (col. 23, ll. 65 of col. 24, ll. 8, … the version of a referenced binary file is the same version as its corresponding API definition file. As discussed previously, both the Java.TM. specification and the Java Card.TM. specification define behavior where the version of a referenced binary file is a newer version than the one used during preparation of the referencing binary file. Furthermore, these specifications define changes that can be made when revising a binary file that result in the new version being backward compatible with the previous version. When a newer version is backward compatible with an older version it is said to be binary compatible. Further, see col. 24, ll. 9- of col. 25 ll. 22).

Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Pappas to include the method wherein the regression is configured to evaluate backward compatibility, as disclosed by Schwabe, for the purpose of detecting whether an extra field or method is present in the binary file but not defined in the API definition file. (see col. 23, ll. 12-15 of Schwabe).

Claims 13-20 are rejected under 35 U.S.C. 103 as being obvious over Pappas et al (US 2015/0089656 A1) in view of Hashmi et al (US 2013/0326333 A1) and further in view of Torun et al. (US 11,163,669 B1).

As to claim 13, Pappas does not explicitly disclose the method further comprising: routing a flow of service requests to a data center of a plurality of data centers based on geographic proximity between a request and the data center; receiving at the data center a first request; then, performing the isolating; then, performing the executing; 
continuing to route request to the data center during the isolating.

However, Torun discloses the method further comprising: 
routing a flow of service requests to a data center of a plurality of data centers based on geographic proximity between a request (col. 3, ll. 54 to col. 4, ll. 13, … when a computing environment supporting a distributed software application receives a request generated by an automated testing application, the computing environment typically routes the request to one or more of the compute instances available to process the request at each layer as the request flows through the system … ) and the data center (col. 5, ll. 62 of col. 6, ll. 5, FIG. 1 is a block diagram illustrating an environment for measuring test coverage during a phased deployment of a software update according to some embodiments. In some embodiments, one or more of a computing environment 108, a code deployment service 102, an automated testing application 104, and a storage service 106 operate as part of a service provider network 100 and each comprise one or more software modules executed by one or more electronic devices at one or more geographic locations and data centers managed by the service provider);
receiving at the data center a first request (col. 16, ll. 29 – col.17 of ll. 4, …  an automated testing application 104 generates a plurality of test requests 136, each request corresponding to a test from the test list(s) 126, which requests may be received by one or more of the compute instances of the test deployment group 112. FIG. 7 illustrates an example provider network (or “service provider system”) environment according to some embodiments. A provider network 700 may provide resource virtualization to customers via one or more virtualization services 710 that allow customers to purchase, rent, or otherwise obtain instances 712 of virtualized resources, including but not limited to computation and storage resources, implemented on devices within the provider network or networks in one or more data centers … ); 
then, performing the isolating (col. 11, ll. 1-58, … the grouping of compute instances in this manner may be used to isolate particular customers from one another, isolate requests originating from particular geographies, or to isolate other types of requests from one another for security, performance, or other reasons. For this reason, in some embodiments, a frontend layer such as application layer 114A may be configured to identify requests generated by an automated testing application 104 and to distribute these requests to any compute instance in other application layers (including those that cross instance groups) to better ensure that compute instances within a test deployment group are able to eventually receive such requests); 
then, performing the executing (col. 11, ll. 30-58, … identify a test to which the request corresponds based on a test identifier included with the request. The compute instance 110 can then update an entry in the test coverage table 128 indicating that the test request has been observed by the compute instance. For example, if a compute instance in the test deployment group 112 receives a test request 136 indicating that it corresponds to a test named “test-A” (which request may trigger the application B 120 running on the compute instance to execute particular functionality to be tested by the automated testing application 104), the compute instance can process the request and, assuming no validation or other errors are identified, update the test coverage table 128 to indicate that the test request was observed. … ); 
continuing to route request to the data center during the isolating (col. 11, ll. 30-58… the compute instance can process the request and, assuming no validation or other errors are identified, update the test coverage table 128 to indicate that the test request was observed. The compute instance running application B 120 can continue to update the test coverage table 128 in this manner during the lifespan of the application or, if the test coverage table 128 is persisted in other storage, across multiple independent executions of the application. For example, if the application B 120 is a serverless application that is invoked each time a request is received, the application may store the test coverage table 128 at a remote storage location that can be accessed across separate invocations of the serverless application).

For remaining limitations see remarks regarding claim 13.

Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Pappas to include routing a flow of service requests to a data center of a plurality of data centers based on geographic proximity between a request and the data center and  receiving at the data center a first request; then, performing the isolating and then, performing the executing and continuing to route request to the data center during the isolating, as disclosed by Torun, for the purpose of generating automated testing procedure when user request come from user. (see col. 3, ll. 54 – col.4, ll. 13 of Torun).

As to claim 14, Torun discloses the method of further comprising: 
continuing to route request to the data center during the updating (col. 15, ll. 18-35, The operations 500 further include, at block 504, sending a plurality of requests to the computing environment, each of the plurality of requests corresponding to one test of the set of tests and including an identifier of the test to which the request corresponds. For example, the automated testing application 104 shown in FIG. 1 is configured to send a plurality of test requests 136 to the computing environment 108 to test the operation of application A 116, application B 118, the updated application B 120, or any combination thereof. The test requests 136 may be received by one or more of the compute instances 110 of the test deployment group 112 directly from the automated testing application 104 or indirectly via other compute instances 110 of the computing environment (for example, via a frontend application layer 114A). For example, requests received by a compute instance 110 of the computing environment 108 may be configured to route the requests to other compute instances of the environment for further processing. Further, see claim 1).

For remaining limitations see remarks regarding claim 13.

Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Pappas to include routing a flow of service requests to a data center of a plurality of data centers based on geographic proximity between a request and the data center and  receiving at the data center a first request; then, performing the isolating and then, performing the executing and continuing to route request to the data center during the updating, as disclosed by Torun, for the purpose of generating automated testing procedure when user request come from user. (see col. 3, ll. 54 – col.4, ll. 13 of Torun).

As to claim 15, Torun discloses the method of further comprising: 
continuing to route request to the data center during the testing (col. 15, ll. 18-35, The operations 500 further include, at block 504, sending a plurality of requests to the computing environment, each of the plurality of requests corresponding to one test of the set of tests and including an identifier of the test to which the request corresponds. For example, the automated testing application 104 shown in FIG. 1 is configured to send a plurality of test requests 136 to the computing environment 108 to test the operation of application A 116, application B 118, the updated application B 120, or any combination thereof. The test requests 136 may be received by one or more of the compute instances 110 of the test deployment group 112 directly from the automated testing application 104 or indirectly via other compute instances 110 of the computing environment (for example, via a frontend application layer 114A). For example, requests received by a compute instance 110 of the computing environment 108 may be configured to route the requests to other compute instances of the environment for further processing. Further see claim 1).

Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Pappas to include routing a flow of service requests to a data center of a plurality of data centers based on geographic proximity between a request and the data center and  receiving at the data center a first request; then, performing the isolating and then, performing the executing and continuing to route request to the data center during the testing, as disclosed by Torun, for the purpose of generating automated testing procedure when user request come from user. (see col. 3, ll. 54 – col.4, ll. 13 of Torun).

As to claim 16, Torun discloses the method further comprising: 
continuing to route request to the data center during the writing (col. 10, ll. 34-64, FIG. 2 is a block diagram illustrating a computing environment routing requests received from an automated testing application. As shown in FIG. 2, an automated testing application 104 generates test requests 136, where some or all of the requests include metadata identifying a test to which the request corresponds. In the example of FIG. 2, a compute instance 110 of a frontend application layer 114A receives and distributes requests to one of the compute instances 110 in the backend application layer 114B. For example, a compute instance 110 of the frontend application layer 114A may add the received requests to a buffer used as a request queue that is consumed by compute instances in the backend application layer 114B, or the compute instances 110 of the frontend application layer 114A can call compute instances in the backend application layer 114B directly. In an embodiment, the frontend application layer 114A passes an unmodified copy of requests to the backend application layer 114B, or the frontend application layer 114A may modify requests in some way but retain the metadata identifying a test to which the request corresponds. As shown in FIG. 2, assuming an approximately equal distribution of requests from the frontend application layer 114A to compute instances of the backend application layer 114B, and further assuming that only 1% of the compute instances supporting the backend application layer 114B have received the updated software application B 120 identified as “version 1.1,” then approximately 99% of the test requests are consumed by a compute instance 110 outside of the test deployment group 112, while the remaining 1% are consumed by a compute instance 110 that is part of the test deployment group 112).

For remaining limitations see remarks regarding claim 13.

Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Pappas to include routing a flow of service requests to a data center of a plurality of data centers based on geographic proximity between a request and the data center and  receiving at the data center a first request and then, performing the isolating and then, performing the executing and continuing to route request to the data center during the writing, as disclosed by Torun, for the purpose of generating automated testing procedure when user request come from user. (see col. 3, ll. 54 – col.4, ll. 13 of Torun).

As to claim 17, Pappas discloses a method for deploying web applications, the method comprising: 
including an old class file (par. 0020, In some situations, the binary code providing the replacement functionality may be included already in the one or more binary files 106a-106c of the software application. Such code may be included, for example, in a library 106b linked to one or more binaries corresponding to the software application. As such, in these situations, simply invoking a secure function/method with any additional or different parameters as necessary, instead of invoking the unsecure function/method, can adequately address the vulnerability. Therefore, in some embodiments, the replacement binary patch modifies only the invocation of a function/method identified as vulnerable. Further, see pars. 0022-0024 and 0028-0029.  Note: the old file is being modified); 
updating the class file to form a new class file (par. 23, By applying a selected binary patch, i.e., by replacing in the binary files the portion identified to be defective with a patch, the system can modify insecure instruction patterns to transform them into more secure ones. For example, the patching system may modify the compiled class files in a Java module that calls java/lang/math/Random, which is determined not to be a highly secure component. The calls to java/lang/math/Random are replaced with calls to the more secure java/security/SecureRandom module. Similarly, a C/C++ executable which calls "strcpy" of an arbitrary (e.g., variable length) input into a fixed sized buffer, thereby introducing a vulnerability, may be modified to call "strncpy" instead, so as to limit the length of data copied into the destination buffer, preventing buffer overflows); 
storing the new class file in a dynamic configuration database (par. 0018, To identify suitable patches, the functionality associated with the identified portion may be compared with alternatives that provide the same or similar functionality, but in a more secure manner. These alternatives may be accessed from a library and/or a database of patches 116. … . Further at par. 0031, … The input and/or output devices can include one or more of the following: Random Access Memory (RAM), Redundant Array of Independent Disks (RAID), floppy drive, CD, DVD, magnetic disk, internal hard drive, external hard drive, memory stick, or other storage device capable of being accessed by a processing element as provided herein. Further, see par. 0004, the present invention can detect and cure vulnerabilities in software applications, at least in part, by programmatically analyzing one or more binary files corresponding to the compiled software application. The analysis of the binary files can be performed statically, i.e., without requiring execution of the software application. A portion of the binary file is identified as being associated with a defect. A replacement, e.g., a binary patch, for the identified portion is explored in a library or database of patches. In some instances, modifying the software); 
in a run-time environment of the application, inducting into the application (par. 0016, FIG. 1, the binary patching system 102 reads in the detailed test results/report 104 of a static binary analysis of one or more binary files 106a-c obtained by compiling a software application. In some embodiments, the binary files 106a-c correspond only to one or more modules of the software application and not to the entire application. It should be understood that three files are illustrative only, and that as few as a single file and more than three files (e.g., 5, 10, 40, 100) binary files that may collectively represent the software application are within the scope of various embodiments. The binary patching system 102 can determine the location of software security defects within the compiled binaries by analyzing the reports, i.e., test results 104. For example, the names of functions/methods invoked by the software application or a module thereof may be compared to the names in a specified list of functions/methods, a first executable object having a class identifier, and not inducting a second executable object having the same class identifier, the inducting operating on an executable object corresponding to the new class file, and not to the old class file (par. 0023, By applying a selected binary patch, i.e., by replacing in the binary files the portion identified to be defective with a patch, the system can modify insecure instruction patterns to transform them into more secure ones. For example, the patching system may modify the compiled class files in a Java module that calls java/lang/math/Random, which is determined not to be a highly secure component. The calls to java/lang/math/Random are replaced with calls to the more secure java/security/SecureRandom module. Similarly, a C/C++ executable which calls "strcpy" of an arbitrary (e.g., variable length) input into a fixed sized buffer, thereby introducing a vulnerability, may be modified to call "strncpy" instead, so as to limit the length of data copied into the destination buffer, preventing buffer overflows. Further, see pars. 0020, 0028-0029).

Hashmi discloses in response to a query from a user identifying the application, from among a plurality of applications, as corresponding to the query (par. 0045, web App or site easily searchable by Web Search Engines such as Google, Yahoo, Bing etc. Marketing Content Designer 252 is a set of functionality that enables a user to create marketing material such as Advertisement campaigns as mobile content and included in the mobile website. The methods to provide this set of functionality may include a module for creating and editing rich content such as text, images, video etc. for marketing messages. The content may be presented in a variety of forms such as a flash screen upon opening the mobile website on the mobile device, or as part of another page in the created mobile website. The Plugin Manager 258 provides a means to extend the content and features of the MW by enabling the integration of content that may be static, such as an email form or an uploaded image gallery, as well dynamic, such as up-to-date information from another website or from a database-driven interface, from a plurality of sources. The Plugin Manager 258 consists of functionality to integrate extensions in the MW such as Graphical Map for location display, interactive forms to submit inquiries, image galleries, QR code generator, animation etc. In the current embodiment of the invention, the invention makes use of specific and uniquely identifiable tags to indicate inclusion of a plugin module); 

Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Pappas to include in response to a query from a user identifying the application, from among a plurality of applications, as corresponding to the query a, as disclosed by Hashmi, for the purpose of making use of specific and uniquely identifiable application. (see paragraph 0045 of Hashmi).

Torun discloses running a web application on a virtual machine, the web application (col. 6, ll. 52-col. 7 of ll. 20,  … a VM (which can execute on a same physical host as other compute instances), a container, one or more serverless functions, or any other computing resource capable of executing the software application. Each of the compute instances 110 supporting one or more of the software applications running in the computing environment 108 may be created using a service of the service provider network 100 (for example, a hardware virtualization service, a container service, a serverless compute service), or managed by a user directly in a on-premises or other type of computing environment. The example distributed software application system shown in FIG. 1, for example, might represent a web application, including a frontend “web” application layer 114A implemented by the application A 116 that is configured to route some or all requests received by the frontend (for example, in the form of API or other types of Hypertext Transfer Protocol (HTTP)-based requests) to a backend, “data” layer implemented by the separate application B 118. Although the distributed software application system illustrated in FIG. 1 includes two separate application layers, a distributed software system can include only a single layer or any number of distinct layers depending on a desired system architecture. The development of software applications using separate application layers generally enables developers to create flexible and reusable software application components that may be part of a larger software-based system): 
providing to a first user a service (col. 7, ll. 35-53, … a software update is available for deployment can be based on the code deployment service 102 receiving a request from a user 144 using electronic device(s) 142 and accessing the service via a web-based interface, a CLI, or other any type of interface. In other examples, the code deployment service 102 may determine that a software update is available for deployment based on a notification received from another internal or external service (for example, based on a notification received when code is committed to a particular repository), based on a notification from a vendor of the software application that is to be updated, from an administrator of the service provider network 100, or from any other source. In some embodiments, the code deployment service 102 is a component of or works in coordination with a more comprehensive code deployment pipeline service or application (not shown) that can be used more generally to provide continuous integration and delivery of updates to software applications); 

Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Pappas to include running a web application on a virtual machine, the web application
providing to a first user a service, as disclosed by Torun, for the purpose of providing deployment service and tool to manage the software application. (see col. 3, ll. 19-30, of Torun).

As to claim 18, Pappas discloses the method further comprising, when the web application is a first web application that provides a first service to a first user, the new class file is a first new class file, and the query is a first query: 
updating the second old class file to form a second new class file (pars. 0019-0020, once a suitable patch (e.g., the patch 114a) is selected, the portion identified as associated with the defect (e.g., the portion 112) is replaced with the selected patch. … As such, in these situations, simply invoking a secure function/method with any additional or different parameters as necessary, instead of invoking the unsecure function/method, can adequately address the vulnerability. Therefore, in some embodiments, the replacement binary patch modifies only the invocation of a function/method identified as vulnerable. Further, see pars. 0022-0023, 0026, 0029. Note: there are plurality of class file is being modified. It obvious the other file is second old and new class file prior to modification ); 
storing the second old class file in the dynamic configuration database (par. 0018, To identify suitable patches, the functionality associated with the identified portion may be compared with alternatives that provide the same or similar functionality, but in a more secure manner. These alternatives may be accessed from a library and/or a database of patches 116. … . Further at par. 0031, … The input and/or output devices can include one or more of the following: Random Access Memory (RAM), Redundant Array of Independent Disks (RAID), floppy drive, CD, DVD, magnetic disk, internal hard drive, external hard drive, memory stick, or other storage device capable of being accessed by a processing element as provided herein. Further, see par. 0004, the present invention can detect and cure vulnerabilities in software applications, at least in part, by programmatically analyzing one or more binary files corresponding to the compiled software application. The analysis of the binary files can be performed statically, i.e., without requiring execution of the software application. A portion of the binary file is identified as being associated with a defect. A replacement, e.g., a binary patch, for the identified portion is explored in a library or database of patches. In some instances, modifying the software binary files using a patch can change the behavior of the application); 

Hashmi discloses in response to a second query from a second user: identifying in the plurality of applications the second application as being associated with the second query (par. 0045, web App or site easily searchable by Web Search Engines such as Google, Yahoo, Bing etc. Marketing Content Designer 252 is a set of functionality that enables a user to create marketing material such as Advertisement campaigns as mobile content and included in the mobile website. The methods to provide this set of functionality may include a module for creating and editing rich content such as text, images, video etc. for marketing messages. The content may be presented in a variety of forms such as a flash screen upon opening the mobile website on the mobile device, or as part of another page in the created mobile website. The Plugin Manager 258 provides a means to extend the content and features of the MW by enabling the integration of content that may be static, such as an email form or an uploaded image gallery, as well dynamic, such as up-to-date information from another website or from a database-driven interface, from a plurality of sources. The Plugin Manager 258 consists of functionality to integrate extensions in the MW such as Graphical Map for location display, interactive forms to submit inquiries, image galleries, QR code generator, animation etc. In the current embodiment of the invention, the invention makes use of specific and uniquely identifiable tags to indicate inclusion of a plugin module. Note: there are plurality of application is being query. It obvious the other query is associated with the second query);
selecting, in a run-time environment of the second application, from a first executable object having a class identifier and a second executable object having the same class identifier, the executable object corresponding to the second new class file (par. 0045, web App or site easily searchable by Web Search Engines such as Google, Yahoo, Bing etc. Marketing Content Designer 252 is a set of functionality that enables a user to create marketing material such as Advertisement campaigns as mobile content and included in the mobile website. The methods to provide this set of functionality may include a module for creating and editing rich content such as text, images, video etc. for marketing messages. The content may be presented in a variety of forms such as a flash screen upon opening the mobile website on the mobile device, or as part of another page in the created mobile website. The Plugin Manager 258 provides a means to extend the content and features of the MW by enabling the integration of content that may be static, such as an email form or an uploaded image gallery, as well dynamic, such as up-to-date information from another website or from a database-driven interface, from a plurality of sources. The Plugin Manager 258 consists of functionality to integrate extensions in the MW such as Graphical Map for location display, interactive forms to submit inquiries, image galleries, QR code generator, animation etc. In the current embodiment of the invention, the invention makes use of specific and uniquely identifiable tags to indicate inclusion of a plugin module. Note: there are plurality of application is being executable object having a class identifier. It obvious the other class file is associated with the class identifyer. Further, the application being selected in run-time website, see pars. 0027, 0037 and 0068 and claim 29).

Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Pappas to include in response to a second query from a second user: identifying in the plurality of applications the second application as being associated with the second query and selecting, in a run-time environment of the second application, from a first executable object having a class identifier and a second executable object having the same class identifier, the executable object corresponding to the second new class file, as corresponding to the query a, as disclosed by Hashmi, for the purpose of making use of specific and uniquely identifiable application. (see paragraph 0045 of Hashmi).

Torun discloses running a second web application on second virtual machine, the second web application (col. 6, ll. 52-col. 7 of ll. 20,  … a VM (which can execute on a same physical host as other compute instances), a container, one or more serverless functions, or any other computing resource capable of executing the software application. Each of the compute instances 110 supporting one or more of the software applications running in the computing environment 108 may be created using a service of the service provider network 100 (for example, a hardware virtualization service, a container service, a serverless compute service), or managed by a user directly in a on-premises or other type of computing environment. The example distributed software application system shown in FIG. 1, for example, might represent a web application, including a frontend “web” application layer 114A implemented by the application A 116 that is configured to route some or all requests received by the frontend (for example, in the form of API or other types of Hypertext Transfer Protocol (HTTP)-based requests) to a backend, “data” layer implemented by the separate application B 118. Although the distributed software application system illustrated in FIG. 1 includes two separate application layers, a distributed software system can include only a single layer or any number of distinct layers depending on a desired system architecture. The development of software applications using separate application layers generally enables developers to create flexible and reusable software application components that may be part of a larger software-based system. Note: VM comprises of multiple application under different VM. Thus one of plurality VM and web application considered as second web application and second VM, see Fig. 8, col. 18, ll. 20-35): 
providing to a second user a second service that is different from the first service (col. 5, ll. 62 of col. 6, ll. 5, FIG. 1 is a block diagram illustrating an environment for measuring test coverage during a phased deployment of a software update according to some embodiments. In some embodiments, one or more of a computing environment 108, a code deployment service 102, an automated testing application 104, and a storage service 106 operate as part of a service provider network 100 and each comprise one or more software modules executed by one or more electronic devices at one or more geographic locations and data centers managed by the service provider. The computing environment comprise of multiple user and server as well. So, it obvious the other server is second server which is different then first service); and 
including a second old class file (par. 0020, In some situations, the binary code providing the replacement functionality may be included already in the one or more binary files 106a-106c of the software application. Such code may be included, for example, in a library 106b linked to one or more binaries corresponding to the software application. As such, in these situations, simply invoking a secure function/method with any additional or different parameters as necessary, instead of invoking the unsecure function/method, can adequately address the vulnerability. Therefore, in some embodiments, the replacement binary patch modifies only the invocation of a function/method identified as vulnerable. Further, see pars. 0022-0024 and 0028-0029.  Note: there are plurality of file is being modified. It obvious the other file is second old file prior to modification);

Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Pappas to include running a second web application on second virtual machine, the second web application providing to a second user a second service that is different from the first service and including a second old class file, as disclosed by Torun, for the purpose of providing deployment service and tool to manage the software application. (see col. 3, ll. 19-30, of Torun).

As to claim 19, Torun discloses the method further comprising: 
routing a flow of service requests to a data center of a plurality of data centers based on geographic proximity between a request (col. 3, ll. 54 to col. 4, ll. 13, … when a computing environment supporting a distributed software application receives a request generated by an automated testing application, the computing environment typically routes the request to one or more of the compute instances available to process the request at each layer as the request flows through the system … ) and the data center (col. 5, ll. 62 of col. 6, ll. 5, FIG. 1 is a block diagram illustrating an environment for measuring test coverage during a phased deployment of a software update according to some embodiments. In some embodiments, one or more of a computing environment 108, a code deployment service 102, an automated testing application 104, and a storage service 106 operate as part of a service provider network 100 and each comprise one or more software modules executed by one or more electronic devices at one or more geographic locations and data centers managed by the service provider);
performing the inducting (par. 0026, … The replacement patch 206 may obtain filtered data 212 and may invoke the function/method via a modified call/invocation 214 [i.e. inducting] that uses the filtered data 212 (e.g., data determined not to expose or exploit a vulnerability in the software application), instead of the unchecked data 204. In various embodiments, the suitable patch 206 is selected based on, at least in part, a runtime environment and/or context of the software application); and 
continuing to route request to the data center during the inducting (col. 11, ll. 20-58, … the compute instance can process the request and, assuming no validation or other errors are identified, update the test coverage table 128 to indicate that the test request was observed. The compute instance running application B 120 can continue to update the test coverage table 128 in this manner during the lifespan of the application or, if the test coverage table 128 is persisted in other storage, across multiple independent executions of the application. For example, if the application B 120 is a serverless application that is invoked each time a request is received, the application may store the test coverage table 128 at a remote storage location that can be accessed across separate invocations of the serverless application).

Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Pappas to include routing a flow of service requests to a data center of a plurality of data centers based on geographic proximity between a request and performing the inducting and continuing to route request to the data center during the inducting, as disclosed by Torun, for the purpose of grouping of compute instances in this manner may be used to isolate particular customers from one another, isolate requests originating from particular geographies, or to isolate other types of requests from one another for security, performance, or other reasons. (see col. 11, ll. 8-12, of Torun).

As to claim 20, Hashmi discloses the method further comprising configuring a cron job processor to periodically poll a database to determine which of a plurality of executable objects to induct in the inducting step (par. 0052 and 0061, The Page Aggregator 262 takes a plurality of pages created by the aforementioned Designer Modules 234 through 258 and organizes these pages as an organized and integrated collection in the form of a MW. The User can launch a Simulator 266 to preview the generated MW and then publish it using the Publisher 270 which creates the necessary database records and files into the Storage 280, which constitute a full functioning MW for user access from mobile devices. ... FIG. 4a presents a block diagram for one embodiment of the invention's integration and synchronization method between the external source content and MW content. The Content Marker 404 enables the user to selectively mark some or all of the content on the external source 412 and request the MCMS to track same. … The cron job 416 performs this activity for all MWs that have synchronized pages from external sources. The cron job uses data created and stored by Marker Index Processor 408 into the Storage 420 to locate the contents on the external source the user had marked for integration and synchronization with the MW. The cron job 416 may update the data created by the Marker Index Processor 408. …).

Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Pappas to include the method further comprising configuring a cron job processor to periodically poll a database to determine which of a plurality of executable objects to induct in the inducting step, as disclosed by Hashmi, for the purpose of performing this update to synchronize with the sources. (see paragraph 0060 of Hashmi).


Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Mohammad Kabir whose telephone number is (571)270-1341. The examiner can normally be reached on M-F, 8:00 am - 5:00 pm. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lewis Bullock can be reached on (571) 272-3759. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Mohammad Kabir/
Examiner, Art Unit 2199
/LEWIS A BULLOCK  JR/Supervisory Patent Examiner, Art Unit 2199