DETAILED ACTION 
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Status of Claims
Claims 1-20 are presented for examination in this application No. 17/242,762 filed on 04/28/2021. Claims 1, 9 and 15 are independent. 
Examiner notes
 (A). Drawings submitted on 04/28/2021 comply with the provisions of 37 CFR 1.121(d), and have been fully considered by the Examiner.
(B)  Limitations have been provided with the Bold fonts in order to distinguish from the cited part of the reference (Italic).
(C).  Examiner has cited particular columns, line numbers, references, or figures in the references applied to the claims above for the convenience of the applicant. Although the specified citations are representative of the teachings of passages and figures may apply as well. It is respectfully requested from the applicant in preparing responses to fully consider the reference in entirety, as potentially teaching all or part of the claimed invention. See MPEP §§ 2141.02 and 2123.
The examiner requests, in response to this Office action, support be shown for language added to any original claims on amendment and any new claims. That is, indicate support for newly added claim language by specifically pointing to page(s) and line number(s) in the specification and/or drawing figure(s). This will assist the examiner in prosecuting the application.
When responding to this office action, Applicant is advised to clearly point out the patentable novelty which he or she thinks the claims present, in view of the state of the art disclosed by the references cited or the objections made. He or she must also show how the amendments avoid such references or objections See 37 CFR 1.111 (c).
Internet E-mail
A written authorization by Applicant is required for the Examiner to respond via Internet e-mail to any Internet correspondence which contains information subject to the confidentiality requirement as set forth in 35 U.S.C. 122, such as proposed Examiner’s Amendments or interview agenda items (MPEP 502.03; See Internet Usage Policy, 64 FR 33056 (June 21, 1999)). To authorize e-mail communications from the Examiner (e.g. proposed Examiner’s Amendments), the Applicant must place a written authorization in the record. Applicant may authorize electronic and email communication by the Examiner via PTO Automated Interview Request web service.  To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractlce. 



Information Disclosure Statement
The information disclosure statements (IDS) submitted on 04/28/2021 was filed with the application. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the references therein cited therein have been considered by the examiner.

Claim Objections
Claim 2 recites the limitation "… with the the system to transmit … .”  The second recitation of the” is redundant and the limitation should likely read “with the system to transmit … ." 
Appropriate correction is required.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-8 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.



Claim 1 recites the limitation "the network” in the line number 7.  There is insufficient antecedent basis for this limitation in the claim. For the purposes of examination, “the” network” of claim 1 will be interpreted as at least one of network.
Claim 2 recites the limitation "with the system” in the line number 4.  There is insufficient antecedent basis for this limitation in the claim. For the purposes of examination, “the system” of claim 2 will be interpreted as the target system.
Dependent Claims 2-8 depend upon Claim 1 and fail to comply with the indefinite aspect at least for the same reasons in the above discussion.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1-4, 6-7, 9-11, 13, 15-17 and 19 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Voronkov et al. (US 2014/0181801 A1).

As to claim 1, Voronkov discloses a computer program product for installing a code update at a target system in communication with a personal communication device of a user, wherein the computer program product comprises a computer readable storage medium having computer readable program instructions executed by a processor to perform operations, the operations comprising: 
receiving, from a messaging application (“SMS/MMS/e-mail”) executing on the personal communication device of the user (Fig. 1, abstract, automated deployment of a software application to be installed via a software installation package onto different user devices for different users. An initial software installation package, is obtained, along with information representing (a) associations between the users and the user devices, (b) user attributes from which access privilege level information for individual users is determinable, and (c) device attributes for each of the plurality of user devices, including network connectivity information. The initial software installation package is custom-configured for individual user devices based on the information representing (a) and (b) to produce a different specially-configured software installation packages. Each one includes installation parameters that establish functionality for the software application based on the access privilege level of the corresponding user. Data transfer channels are custom-configured for individual user devices based on the information representing (a) and (c). Note: an automated software deployment system according to one embodiment. On a network composed of devices (servers, desktop computers 101, notebooks 102 and portable devices 103) and offering a number of services (mail service, web service, antivirus protection service and others) for the users 100, see par. 0044. Further, see pars. 0090-0101 and claim 1), a code update command (“task”) over the network indicating a code update to install on the target system a code update maintained in the target system (pars. 0053-0057, The creation of a task includes several stages: [0054] Selection of the task type (installation, update, security agent setup, etc.); [0055] Setting of the task parameters; [0056] Selection of the group of objects for the task being managed; [0057] Setting up the execution schedule. Further, see Fig. 4, pars. 0024, 0028, 0036-0040 for the network communication); 
parsing (“analyzing”) the code update command to extract indication of the code update to install (par. 0089, Once one or all rules of the analyzer 230 have functioned, the resulting parameters are used to configure the installation package 131. The configurator module 240 can be implemented by a set of functions called depending on the input parameters. For the above examples, the configurator module 240 can include a certificate addition function, a component addition function, and a settings change function. The setup of an application can be performed using scripts (processed by the security agent itself, the operating system or another tool, such as an administration agent or an installation manager) executed during the launch of the installation package. Another approach for applying settings is to modify application resources (configuration files, executable files, resource files, registry keys, etc.). The installation package can contain not only modified installation files, but also can be expanded and can include additional programs, libraries, resource files or updates, which will be installed and applied during the security agent installation. Then, the configured installation package is saved by the task manager or directly by the configurator in the file storage arrangement 140) and a target system user identifier of the target system on which to install the code update (par. 0084, A created task is a data structure composed of parameters which can be viewed as IDs of devices, users, or applications. Using these IDs, the task manager module 210 sends a request to the directory service 110, which results in an organized set of attributes that characterize each object of the task. The task manager loads the received attributes in the analyzer 230, which interprets attribute values into security parameter values. Further, see pars. 0093-0098, 0058, 0060 and 0064 and Fig. 5, pars. 0103-0108 for the interface); 
generating at least one job (“task”) to install the code update on the target system (pars. 0093-0098, 0053-0057, The creation of a task includes several stages: [0054] Selection of the task type (installation, update, security agent setup, etc.); [0055] Setting of the task parameters; [0056] Selection of the group of objects for the task being managed; [0057] Setting up the execution schedule);
and transmitting the at least one job to the target system to cause the target system to process the at least one job to install the code update (pars. 0089-0090, Once one or all rules of the analyzer 230 have functioned, the resulting parameters are used to configure the installation package 131. The configurator module 240 can be implemented by a set of functions called depending on the input parameters. For the above examples, the configurator module 240 can include a certificate addition function, … The installation package can contain not only modified installation files, but also can be expanded and can include additional programs, libraries, resource files or updates, which will be installed and applied during the security agent installation. Then, the configured installation package is saved by the task manager or directly by the configurator in the file storage arrangement 140. … the configured installation package 141 is saved by the task manager module 210 or directly by the configurator module 240 in the file storage arrangement 140. The obtained parameters are used to configure not only the installation package, but also the data transfer channel. This approach recognizes that the method for transferring a file to a user device also depends on the device itself. Further, see pars. 0091-0101).

As to claim 2, Voronkov discloses the computer program product wherein the computer program product is installed on a server that receives communications from message applications on personal communication devices over the Internet (par. 0099, FIG. 4B is a schematic diagram illustrating another approach according to one embodiment for loading an installation package using a hyperlink sent through mobile communication networks. A channel for transfer of short messages (for example, SMS or MMS messages) can also be used to deliver managing messages and links to published installation packages. To support an SMS messaging service, companies may either purchase special equipment or adapt their software for outside SMS messaging service protocols and make contracts with SMS service providers, which is not always convenient. One option to implement the mobile messaging function within a standard mobile network without using additional equipment is to use a mobile application connected to a mobile administration module 402. Such mobile administration module 402 is connected on one side to an administration server 120 and on the other side to a mobile network (for example, of GSM or CDMA standard). Further, see pars. 0006, 0037, 0046 and 0062-0063, EN: wherein different administrator connect to the administrative console / server to submit installation task via the sending installation packages), and wherein the server communicates with the system to transmit the at least one job to the system over an internal network of an entity hosting the server and the system (pars. 0089-0090, Once one or all rules of the analyzer 230 have functioned, the resulting parameters are used to configure the installation package 131. The configurator module 240 can be implemented by a set of functions called depending on the input parameters. For the above examples, the configurator module 240 can include a certificate addition function, … The installation package can contain not only modified installation files, but also can be expanded and can include additional programs, libraries, resource files or updates, which will be installed and applied during the security agent installation. Then, the configured installation package is saved by the task manager or directly by the configurator in the file storage arrangement 140. … the configured installation package 141 is saved by the task manager module 210 or directly by the configurator module 240 in the file storage arrangement 140. The obtained parameters are used to configure not only the installation package, but also the data transfer channel. This approach recognizes that the method for transferring a file to a user device also depends on the device itself. Further, see pars. 0091-0101).

As to claim 3, Voronkov discloses the computer program product wherein the code update command includes a target system user identifier for the target system and a messaging application user identifier for the messaging application, wherein the operations further comprise: 
determining whether a user profile in a user profile database associates the target system user identifier and the messaging application user identifier to authenticate the user with the target system (par. 0041, A user of a device operating on the EPN is generally a company employee or authorized visitor registered on the network. In accordance with typical practice, at the time of hiring, an account is created for each employee; the account is used to store personal information, such as user name, birth date, position, and passwords, keys, or other access credentials necessary for the user to gain access to corporate resources. For company visitors, a separate profile is generally created, which limits their rights for access to network resources. In order to work on the computer network and to gain access to the network resources and applications, the user must pass an authentication. A directory service is perhaps the most common service for ensuring control over access and accounting of users and network resources. There are standards for structuring network objects on which the most popular directory service designs are based. Therefore, most computer networks in companies include a standard service containing necessary information about the users. Further, see pars. 0031, 0064, 0084, 0090), wherein the at least one job is transmitted to the system in response to the user profile associating the target system user identifier and the messaging application user identifier (par. 0058, During the operation of the remote installation master or during the creation of an installation task in the task manager 200, the administrator defines the list of devices and/or groups of devices 221, on which it is needed to install the security agents, and the version of the program 223 being installed, to which a certain set of installation files correspond. The administrator can specify a list of users and/or groups of users in addition to, or instead of, a group of devices as the targets for installation. According to various embodiments, any attributes installed in the directory service and unique for the device may be used as device and user identifiers. A link to installation files (installation package), a name or any other application ID can be used as the installation package version ID. Further, see pars. 0084, 0090 and claim 9).

As to claim 4, Voronkov discloses the computer program product wherein the user profile in the user profile database comprises a first user profile, wherein in response to the user profile from the user profile database not associating the target system user identifier the operations further comprise: 
fetching from the target system a second user profile for the target system user identifier (par. 0058, … The administrator can specify a list of users and/or groups of users in addition to, or instead of, a group of devices as the targets for installation. According to various embodiments, any attributes installed in the directory service and unique for the device may be used as device and user identifiers. A link to installation files (installation package), a name or any other application ID can be used as the installation package version ID … . Note: the list/group of users herein second user. Further, see par. 0041, 0085-0086 and 0090); 
determining whether attributes of the first user profile and the second user profile match (par. 0031,  a system according to an example embodiment carries out a process for deployment of pre-configured software in stages, where: a) on the administration server, a task is created for installation of software to a user device; b) from the computer network attributes data store, attributes of such objects are loaded which match the user's account and correspond to the user-controlled device on which it is planned to install the software; b) the software installation package and data transfer channel are configured, determining the configuration parameters by the loaded attributes in accordance with the security policy set for that user and for that device; d) the installation tasks are launched for execution; in this case, the configured installation package is loaded to the user device through the data transfer channel, and the software is installed in accordance with the configuration parameters); and 
storing (i.e. based on match the profile) the target system user identifier in the user profile database as a valid identifier associated with the messaging application user identifier, wherein the at least one job is transmitted to the system in response to the storing the target system user identifier in the user profile database as a valid (“authenticate”) identifier (pars. 0034-0035, The installation package can contain a configuration file, an installation file, and a security certificate, for example of security agents (antivirus, firewall, antispam, web antivirus and other security systems). The automation of the installation reduces the number of operations performed by the administrator when creating an agents deployment task and reduces the number of created tasks. The use of this technology allows to make the process of installation and first setup of a security tool transparent for the user. This invention can be also used for other types of software, such as office applications, database clients … the transfer of the installation package to a user device. Automatic setup includes the selection of a transfer channel depending on the device type and user account type, and the establishment of data transfer parameters. For example, the creation of a link to the installation package in a format corresponding to the data transfer channel. Note: A user of a device operating on the EPN is generally a company employee or authorized visitor registered on the network. In accordance with typical practice, at the time of hiring, an account is created for each employee; the account is used to store personal information, such as user name, birth date, position, and passwords, keys, or other access credentials necessary for the user to gain access to corporate resources. For company visitors, a separate profile is generally created, see par. 0041. Examiner Note: storing is based on match of user profile (see, par. 0031). The validation is based on user authentication (see par. 0041 ). Further, see pars. 0039, 0045, 0064 and claim 9).

As to claim 6, Voronkov discloses the computer program product wherein the personal communication device comprises a smartphone or tablet (Fig. 1, abstract, automated deployment of a software application to be installed via a software installation package onto different user devices for different users. An initial software installation package, is obtained, along with information representing (a) associations between the users and the user devices, (b) user attributes from which access privilege level information for individual users is determinable, and (c) device attributes for each of the plurality of user devices, including network connectivity information. The initial software installation package is custom-configured for individual user devices based on the information representing (a) and (b) to produce a different specially-configured software installation packages. Each one includes installation parameters that establish functionality for the software application based on the access privilege level of the corresponding user. Data transfer channels are custom-configured for individual user devices based on the information representing (a) and (c). Note: an automated software deployment system according to one embodiment. On a network composed of devices (servers, desktop computers 101, notebooks 102 and portable devices 103) and offering a number of services (mail service, web service, antivirus protection service and others) for the users 100, see par. 0044. Further, see pars. 0090-0101 and claim 1).

As to claim 7, Voronkov discloses the computer program product wherein the operations further comprise: 
Querying (“identifying”) the target system (“user device”) in a loop until a result of the job to install the code update on the target system is returned (par. 0058, … The administrator can specify a list of users and/or groups of users in addition to, or instead of, a group of devices as the targets for installation. According to various embodiments, any attributes installed in the directory service and unique for the device may be used as device and user identifiers. A link to installation files (installation package), a name or any other application ID can be used as the installation package version ID, for example. Further at par. 0075, deployment of a program on all required network devices, including devices located or organized into different structural groups, by creating a single installation task and using a single standard version of the program. In this case, an installation without additional user actions will take into account the specifics of the device and of the user. After the installation of the program, the parameters (settings) relevant for the user 100 and for the device (101-103) are applied. This result is achieved by configuring and installing an installation package which is unique for the user and device combination. Further, see pars. 0033, 0046, 0064-0068 and claims 9, 17); and 
returning the result to the messaging application as a response (“determining”) to the code update command (“execute”) (pars. 0068-0071, 0The installation process includes several stages: [0069] gathering of information (determining the installation directory, the source of the installation files, the connection parameters, setting up the update parameters, etc.); [0070] execution of the installation (copying files, making changes to the system registry); [0071] going back to any installation stage, including cancellation of the installation (in case of error or exit from the installation program). Further at 089, … administration agent or an installation manager) executed during the launch of the installation package. Another approach for applying settings is to modify application resources (configuration files, executable files, resource files, registry keys, etc.). The installation package can contain not only modified installation files, but also can be expanded and can include additional programs, libraries, resource files or updates, which will be installed and applied during the security agent installation. Then, the configured installation package is saved by the task manager or directly by the configurator in the file storage arrangement 140. Further see claim 1).

As to claim 9, Voronkov discloses a system for installing a code update at a target system in communication with a personal communication device of a user, comprising: 
a processor (par. 0030, … a combination of hardware and software, such as by a microprocessor system and a set of program instructions that adapt the module to implement the particular functionality, which (while being executed) transform the microprocessor system into a special-purpose device. A module can also be implemented … ); and 
a computer readable storage medium having computer readable program instructions executed by a processor to perform operations, the operations comprising (par. 0103, … a system memory 6, a video interface 8, an output peripheral interface 10, a network interface 12, a user input interface 14, removable 16 and non-removable 18 memory interfaces and a system bus or high-speed communications channel 20 coupling the various components. In various embodiments, the processing units 4 may have multiple logical cores that are able to process information stored on computer readable media such as the system memory 6 or memory attached to the removable 16 and non-removable 18 memory interfaces 18. … ): 
For remaining limitations see remarks regarding claim 1.

As to claim 10, it is the system claim, having similar limitations of claim 3. Thus, claim 10 is also rejected under the same rationale as cited in the rejection of claim 3.

As to claim 11, it is the system claim, having similar limitations of claim 4. Thus, claim 11 is also rejected under the same rationale as cited in the rejection of claim 4.

As to claim 13, it is the system claim, having similar limitations of claim 7. Thus, claim 13 is also rejected under the same rationale as cited in the rejection of claim 7.

As to claim 15, it is a method claim, having similar limitations of claim 1. Thus, claim 15 is also rejected under the same rationale as cited in the rejection of claim 1.

As to claim 16, it is the method claim, having similar limitations of claim 3. Thus, claim 16 is also rejected under the same rationale as cited in the rejection of claim 3.

As to claim 17, it is the method claim, having similar limitations of claim 4. Thus, claim 17 is also rejected under the same rationale as cited in the rejection of claim 4.

As to claim 19, it is the method claim, having similar limitations of claim 7. Thus, claim 18 is also rejected under the same rationale as cited in the rejection of claim 7.

Claim Rejections - 35 USC § 103

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or no obviousness.

This application currently names joint inventors. In considering patentability of the claims, the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

Claims 5, 12 and 18 are rejected under 35 U.S.C. 103 as being obvious over Voronkov et al. (US 2014/0181801 A1) in view of Latorre et al. (US 20210243184 A1).

As to claim 5, Voronkov does not explicitly disclose determining whether the target system user identifier is associated with a profile for a one-time password 
and providing the one-time password to connect to the target system to perform the fetching of the second user profile in response to determining that the target system.

However, Latorre discloses the computer program product wherein in response to the user profile from the user profile database not associating the target system user identifier the operations further comprise: 
determining whether the target system (“user device”) user identifier (par. 0016, at a first user device, through a software application installed and running in the first user device, connecting to the web server for retrieving the information resource, and sending to an authentication server an identifier of the information resource and an identifier of the user) is associated with a profile for a one-time password (par. 0080, the plugin component 115.sub.PLUG (or the web browser 115.sub.WB itself) is configured to generate and send to the authentication server 110 (together with the identifier of the web page 105.sub.WP and with the identifier of the user) also a provisional password identifying the login request to the restricted access area of the web page 105.sub.WP. The provisional password identifying the login request may for example be a one-time password (OTP), hereinafter OTP password, i.e. a password that is valid for only one login session or transaction. … ); and 
providing the one-time password to connect to the target system to perform the fetching of the second user profile in response to determining that the target system (abstract, …  an identifier of the user. At the authentication server, based on the identifiers of the information resource and of the user, an authorization request is sent to a second user device associated with the user, and which stores access credentials for logging in the reserved area. At the second user device, the user is notified of the authorization request, and upon confirmation of the authorization request by the user on the second user device, access credentials are made available to the web server. At the web server, automatic login to the reserved area is performed based on the access credentials. Further, see pars. 0017-0022 and 0029) user identifier is associated with a profile for the one-time password (par. 0080, the plugin component 115.sub.PLUG (or the web browser 115.sub.WB itself) is configured to generate and send to the authentication server 110 (together with the identifier of the web page 105.sub.WP and with the identifier of the user) also a provisional password identifying the login request to the restricted access area of the web page 105.sub.WP. The provisional password identifying the login request may for example be a one-time password (OTP), hereinafter OTP password, i.e. a password that is valid for only one login session or transaction. …).

Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Voronkov to include determining whether the target system user identifier is associated with a profile for a one-time password and providing the one-time password to connect to the target system to perform the fetching of the second user profile in response to determining that the target system, as disclosed by Latorre, because such inclusion will authenticate server an identifier of the information resource and an identifier of the user based on the identifiers of the information resource and of the user, an authorization request  (see paragraph 11 and Abstract of Latorre).

As to claim 12, it is the system claim, having similar limitations of claim 5. Thus, claim 12 is also rejected under the same rationale as cited in the rejection of claim 5.

As to claim 18, it is the method claim, having similar limitations of claim 5. Thus, claim 18 is also rejected under the same rationale as cited in the rejection of claim 5.

Claim 8, 14 and 20 rejected under 35 U.S.C. 103 as being obvious over Voronkov et al. (US 2014/0181801 A1) in view of Hartog et al. (US 11,416,587 B1).

As to claim 8, Voronkov discloses the computer program product  wherein the operations further comprise: 
and determining a messaging application service of the messaging application services to process the code update command received from the message application  (pars. 0068-0071, 0The installation process includes several stages: [0069] gathering of information (determining the installation directory, the source of the installation files, the connection parameters, setting up the update parameters, etc.); [0070] execution of the installation (copying files, making changes to the system registry); [0071] going back to any installation stage, including cancellation of the installation (in case of error or exit from the installation program). Further at 089, … administration agent or an installation manager) executed during the launch of the installation package. Another approach for applying settings is to modify application resources (configuration files, executable files, resource files, registry keys, etc.). The installation package can contain not only modified installation files, but also can be expanded and can include additional programs, libraries, resource files or updates, which will be installed and applied during the security agent installation. Then, the configured installation package is saved by the task manager or directly by the configurator in the file storage arrangement 140. Further see claim 1) and 
provide content of the code update command to a controller application to parse (“analyze”) the content of the code update command to extract the parameters indicating the code update to install and installation parameters (par. 0089, Once one or all rules of the analyzer 230 have functioned, the resulting parameters are used to configure the installation package 131. The configurator module 240 can be implemented by a set of functions called depending on the input parameters. For the above examples, the configurator module 240 can include a certificate addition function, a component addition function, and a settings change function. The setup of an application can be performed using scripts (processed by the security agent itself, the operating system or another tool, such as an administration agent or an installation manager) executed during the launch of the installation package. Another approach for applying settings is to modify application resources (configuration files, executable files, resource files, registry keys, etc.). The installation package can contain not only modified installation files, but also can be expanded and can include additional programs, libraries, resource files or updates, which will be installed and applied during the security agent installation. Then, the configured installation package is saved by the task manager or directly by the configurator in the file storage arrangement 140);

Voronkov does not explicitly disclose different messaging applications (“e-mail, SMS”) deployed in personal communication devices.

However, Hartog discloses providing a plurality of messaging application services (“email, text message”) to interface with different messaging applications deployed in personal communication devices (“smart phone, tablet”) (col.2, ll. 48-col. 4 of ll. 17, … A security code may be sent, from a data management service, via a separate communication channel, such as via email, to an administrator device used to create the site. The administrator may enter the security code into an interface provided by the site, which may communicate the security code to the data management service. Upon validating the security code, the data management service may send a number of commands to the site to install one or more security monitoring applications, such as threat detection and network analysis applications. In addition, the data management service may send a number of commands to the site to install a control agent, which gives the data management service access to control operations performed within the site, update the applications, etc., … the two services may be separate. In some aspects, by connecting directly to the internet gateway or other similar computing device of a network, and not an endpoint, such as one or more user devices (smart phones, tablets, etc.), data security concerns of obtaining copies of network traffic and generated analyzes of that data may be greatly reduced. Further, see col. 12, ll. 18-26, … the service 408, upon receiving the request to establish a data security server at operation 412, may generate a validation or security code, and send the code to the admin layer 402, for example, via a commutation channel such as email, text message, etc. The admin layer 402 may obtain the security code, at operation 416, either directly or indirectly from the service 408, and send or enter the validation code into the data security server 406, at operation 418);

Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Voronkov to include different messaging applications (“e-mail, text”) deployed in personal communication devices, as disclosed by Hartog, because such inclusion will send updates to the one or more applications 208, 210, 212, or 214. In some aspects, the application manager 220 may receive application updates and/or new applications from an application development process or system. In some aspects the application development system may be a computing device, a distributed computing system, and/or may include a network of various devices enabling multiple different actors to update (see col. 9, ll. 64-col. 10 of ll. 8 of Hartog).

As to claim 14, it is the system claim, having similar limitations of claim 8. Thus, claim 14 is also rejected under the same rationale as cited in the rejection of claim 8.
As to claim 20, it is the method claim, having similar limitations of claim 8. Thus, claim 20 is also rejected under the same rationale as cited in the rejection of claim 8.

Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Mohammad Kabir whose telephone number is (571)270-1341. The examiner can normally be reached on M-F, 8:00 am - 5:00 pm. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lewis Bullock can be reached on (571) 272-3759. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Mohammad Kabir/
Examiner, Art Unit 2199
/LEWIS A BULLOCK  JR/Supervisory Patent Examiner, Art Unit 2199