DETAILED ACTION
This Office Action is in response to the communication filed on 12/17/2020. 
Claim 12 has been previously canceled. Claims 1-11 and 13-21 are pending. 
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 12/17/2020 has been entered.
Response to Arguments
Applicant's Remarks filed on 12/17/2020 have been fully considered.
The objection to claim 5 has been withdrawn upon further consideration of the claim. 
The rejection of claim 3 under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite has been withdrawn in view of the amendment of the claim.
In response to Applicant's argument on pages 7-12 of Remarks that the cited references do not teach the newly added features of requesting user authorization to access content items in the amended independent claims, this argument is moot in view of the new grounds of rejection presented below and in view of newly found prior art. In response to Applicant's arguments that the remaining dependent claims are patentable because they depend from allowable independent claims, Examiner respectfully disagrees since the base claims from which they depend are not in condition for allowance.
Claim Objections
Claims 4, 7, and 17 are objected to because of the following informalities: 
"the folder" as recited in claim 4 should read "the at least one folder." 
"identified content item(s)" as recited in claims 7 and 17 should read "one or more identified content items."
Appropriate correction is required.
Claim Rejections - 35 USC § 103

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 7-9, 13-16, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Kaipu et al. (US 2017/0118186 A1) in view of Faitelson et al. (US 2011/0060916 A1) further in view of Hotes et al. (US 2010/0242097 A1).
Claim 1, Kaipu teaches:
A computing device comprising:
at least one application access record storing references to content items stored at the computing device; (e.g. fig. 1, [0027], "The application content 129 can be associated with corresponding application content indexes 136a-136c…The application content indexes 136a can be regarded as search indexes 
at least one local store storing other content items not referenced in the application access record; (e.g. fig. 1, [0026], "The applications 126 can be associated with first application content 129a, second application content 129b, and third application content 129c…that is stored in a client data store 133. The application content 129 can include files and other types of data that the corresponding application 126 can access and process. The first application 126a can access and process the first application content 129a, the second application 126b can access and process the second application content 129b, and the third application 126c can access and process the third application content 129c": the client data store 133 storing the second application content 129b and the third application content 129c)
a hardware processor executing at least one application, the application having ability to access the content items referenced in the application access record, the application being restricted from accessing the other content items not referenced in the application access record; (e.g. [0031], "The client device 106 can also include an operating system that can create sandboxes 156a-156c 
an operating system, when executed by the hardware processor, is configured to: search the local store, identify at least one of the other content 
Kaipu teaches search the local store (see above) and does not explicitly teach but Faitelson teaches search a local store without a request to perform the search from a user. (e.g. [0025], "at predetermined time intervals the system searches each individual data element for the appearance of any of a predetermined list of confidential information related terms")
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings described by Faitelson into the invention of Kaipu. The motivation for such an 
Kaipu-Faitelson combination teaches the user, the identified at least one of the other content items, the application (see above) and does not explicitly teach but Hotes teaches send, to a user, a request to access an identified at least one of other content items by an application; and upon receiving authorization to access the identified at least one of the other content items, access the at least one of the other content items. (e.g. [0021], "a user-query to permit a user to provide an authorization or a portion of an authorization to provide a permission to the application program 14 to access the protected resource 24" [0022], "An authorization to provide the permission to access the protected resource is received…Permission to access the protected resource is provided to the application program in response to receiving the authorization…and data produced by the protected resource is cryptographically signed")
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings described by Hotes into the invention of Kaipu-Faitelson combination. The 
Claim 7, Kaipu-Faitelson-Hotes combination teaches wherein the operating system is configured to store a reference to identified content item(s) and to repeat the search of the local store at scheduled intervals. (e.g. Kaipu fig. 1, [0027], [0041]-[0046]; Faitelson [0083])
Claim 8, Kaipu-Faitelson-Hotes combination teaches wherein the operating system is configured, in response to a request from the application, to suggest the identified at least one of the other content items to the user, during execution of the application at the computing device. (e.g. Kaipu [0041]-[0046], [0054])
Claim 9, Kaipu-Faitelson-Hotes commination teaches wherein the operating system is configured to suggest the identified the at least one of the other content items by generating a graphical user interface element and rendering the graphical user interface element over a display associated with the application. (e.g. Kaipu [0029], [0054])
Claim 13, Kaipu-Faitelson-Hotes combination teaches wherein the operating system is configured to receive, in reply to a response, a request to 
Claim 14, Kaipu teaches:
A method comprising:
at an application access record, storing references to content items stored at a computing device; (e.g. fig. 1, [0027], "The application content 129 can be associated with corresponding application content indexes 136a-136c (collectively, the "application content indexes 136"). The application content indexes 136a can be regarded as search indexes that components can search to identify application content 129 that matches to a particular search query")
storing other content items not referenced in the application access record in at least one local store of the computing device; (e.g. fig. 1, [0026], "The applications 126 can be associated with first application content 129a, second application content 129b, and third application content 129c (collectively, the "application content 129") that is stored in a client data store 133. The application content 129 can include files and other types of data that the corresponding application 126 can access and process. The first application 126a can access and process the first application content 129a, the second application 126b can access 
at a processor of the computing device, executing at least one application, the application having ability to access the content items referenced in the application access record, the application being restricted from accessing the other content items not referenced in the application access record; and (e.g. [0031], "The client device 106 can also include an operating system that can create sandboxes 156a-156c (collectively, the sandboxes 156) for the respective applications 126. The sandboxes 156 can be regarded as being virtual containers for the respective applications 126 and associated resources. The sandboxes 156 can isolate resources, such as code and the application content 129, for the respective applications 126. For example, the sandbox 156a can isolate the first application content 129a so that only the first application 126a can retrieve the first application content 129a from the client data store 133. Accordingly, the first application 126a can access the first application content 129a from the client data store 133, but the second application 126b, and the third application 126c cannot retrieve the first application content 129a from the client data store 133" [0034], "The application content 129 can be stored in the client data store 133 and 
at an operating system of the computing device: searching the local store to identify at least one of the other content items on a basis of criteria. (e.g. [0032], "the operating system can allow the applications 126 to transfer data, such as application content 129, between each other" [0041]-[0044], "When the second application 126b receives the message from the search requester 146a…determine whether the received message includes a communication key indicating that the first application 126a is authorized to communicate with the second application 126b and request the second application 126b to perform searches…determine whether the communication key is authentic…If…determines that the communication key is authentic…the search provider 143b can search the second application content 129b…the search provider 143b can collect information regarding the resources…As will be described below, the search provider 143b can provide this information to the search requester 146a of the first application 126a" [0045]-[0046], "When the search provider 143a has finished searching the second application content index 136b or the second application content 129b, the search provider 143b can generate a message that represents the search results…a search result can specify 
Kaipu teaches searching the local store (see above) and does not explicitly teach but Faitelson teaches searching a local store without a request to perform the search from a user. (e.g. [0025], "at predetermined time intervals the system searches each individual data element for the appearance of any of a predetermined list of confidential information related terms")
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings described by Faitelson into the invention of Kaipu. The motivation for such an implementation would be for the purpose of compiling a list of confidential data elements and recommending encrypting the confidential data elements to protect the confidential data elements and thus providing a more secured and improved data management system (Faitelson [0010], [0083]-[0084]).
Kaipu-Faitelson combination teaches the user, the identified at least one of the other content items (see above) and does not explicitly teach but Hotes teaches upon receiving authorization from a user to access an identified at least 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings described by Hotes into the invention of Kaipu-Faitelson combination. The motivation for such an implementation would be for the purpose of providing a user the control to prevent unauthorized access to content stored on the user's device and protecting unauthorized access to user data that are considered private or confidential (Hotes [0004]).
Claim 15, Kaipu-Faitelson-Hotes combination teaches storing the identified at least one of the other content items at a configuration database of the computing device. (e.g. Kaipu fig. 1, [0026]-[0027], [0034]-[0035])

Claim 20, Kaipu teaches:
One or more computer-readable storage devices comprising computer-executable instructions that, when executed by a computing system, direct the computing system to perform operations comprising:
at an application access record, storing references to content items stored at a computing device and within a sandbox of an application installed at the computing device; (e.g. fig. 1, [0027], "The application content 129 can be associated with corresponding application content indexes 136a-136c (collectively, the "application content indexes 136"). The application content indexes 136a can be regarded as search indexes that components can search to identify application content 129 that matches to a particular search query" [0034], "The application content 129 can be stored in the client data store 133 and isolated from various components in the client device 106 by virtue of the sandboxes 156 that are established by the operating system")
storing other content items not referenced in the application access record at a local store of the computing device; (e.g. fig. 1, [0026], "The applications 126 
at a processor of the computing device, executing the application, the application being restricted from accessing content items not referenced in the application access record; and (e.g. fig. 1, [0023], "the application is executed in a client device 106" [0031], "The client device 106 can also include an operating system that can create sandboxes 156a-156c (collectively, the sandboxes 156) for the respective applications 126. The sandboxes 156 can be regarded as being virtual containers for the respective applications 126 and associated resources. The sandboxes 156 can isolate resources, such as code and the application content 129, for the respective applications 126. For example, the sandbox 156a can isolate the first application content 129a so that only the first application 126a can retrieve the first application content 129a from the client data store 
at an operating system of the computing device: searching the local store to identify at least one of the other content items on a basis of criteria. (e.g. [0032], "the operating system can allow the applications 126 to transfer data, such as application content 129, between each other" [0041]-[0044], "When the second application 126b receives the message from the search requester 146a…determine whether the received message includes a communication key indicating that the first application 126a is authorized to communicate with the second application 126b and request the second application 126b to perform searches…determine whether the communication key is authentic…If…determines that the communication key is authentic…the search provider 143b can search the second application content 129b…the search provider 143b can collect information regarding the resources…As will be described below, the search provider 143b can provide this information to the 
Kaipu teaches searching the local store (see above) and does not explicitly teach but Faitelson teaches searching a local store without a request to perform the search from a user. (e.g. [0025], "at predetermined time intervals the system searches each individual data element for the appearance of any of a predetermined list of confidential information related terms")
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings described by Faitelson into the invention of Kaipu. The motivation for such an implementation would be for the purpose of compiling a list of confidential data elements and recommending encrypting the confidential data elements to 
Kaipu-Faitelson combination teaches the user, the identified at least one of the other content items (see above) and does not explicitly teach but Hotes teaches upon receiving authorization from a user to access an identified at least one of other content items, access the at least one of the other content items. (e.g. [0021], "a user-query to permit a user to provide an authorization or a portion of an authorization to provide a permission to the application program 14 to access the protected resource 24" [0022], "An authorization to provide the permission to access the protected resource is received…Permission to access the protected resource is provided to the application program in response to receiving the authorization…and data produced by the protected resource is cryptographically signed")
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings described by Hotes into the invention of Kaipu-Faitelson combination. The motivation for such an implementation would be for the purpose of providing a user the control to prevent unauthorized access to content stored on the user's .
Claim 2 is rejected under 35 U.S.C. 103 as being unpatentable over Kaipu et al. (US 2017/0118186 A1) in view of Faitelson et al. (US 2011/0060916 A1) in view of Hotes et al. (US 2010/0242097 A1) further in view of Krstic et al. (US 2012/0311702 A1) .
Claim 2, Kaipu-Faitelson-Hotes combination teaches the criteria (see above) and does not explicitly teach but Krstic 702 teaches a criteria include one or more of: a content item size, a specified content item type, a number of content items. (e.g. [0008], [0033], [0035])
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings described by Krstic 702 into the invention of Kaipu-Faitelson-Hotes combination. The motivation for such an implementation would be for the purpose of allowing an application to extend an original sandbox, creating a modified sandbox environment wherein the modified sandbox environment includes and provides access to resources (Krstic 702 [0033]).
Claims 3, 4, 18, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Kaipu et al. (US 2017/0118186 A1) in view of Faitelson et al. .
Claim 3, Kaipu-Faitelson-Hotes combination teaches the operating system, search the local store and the other content items (see above) and does not explicitly teach but Cohen teaches search a folder tree of a local store to identify at least one folder comprising other content items. (e.g. [0036]-[0037], [0060], [0161], [0325])
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings described by Cohen into the invention of Kaipu-Faitelson-Hotes combination. The motivation for such an implementation would be for the purpose of obtaining suggestions for information content and improving a search for content in an information space (Cohen [0002]).
Claim 4, Kaipu-Faitelson-Hotes-Cohen combination teaches wherein the operating system is configured to compute an accumulated number of content items of interest for each folder of the folder tree, where the accumulated number of content items of interest is computed as the number of content items which meet the criteria and which are in the folder itself plus the number of 
Claim 18, Kaipu-Faitelson-Hotes combination teaches searching the local store, and the other content items (see above) and does not explicitly teach but Cohen teaches search a folder tree of a local store to identify at least one folder comprising other content items. (e.g. [0036]-[0037], [0060], [0161], [0325])
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings described by Cohen into the invention of Kaipu-Faitelson-Hotes combination. The motivation for such an implementation would be for the purpose of obtaining suggestions for information content and improving a search for content in an information space (Cohen [0002]).
Claim 19, Kaipu-Faitelson-Hotes-Cohen combination teaches computing an accumulated number of content items of interest for each folder of the folder tree, where the accumulated number of content items of interest is computed as the number of content items which meet the criteria and which are in the at least one folder itself plus the number of content items which meet the criteria in subfolders of the at least one folder. (e.g. Cohen [0160]-[0162])
Claims 5, and 6 are rejected under 35 U.S.C. 103 as being unpatentable over Kaipu et al. (US 2017/0118186 A1) in view of Faitelson et al. (US 2011/0060916 A1) in view of Hotes et al. (US 2010/0242097 A1) in view of Cohen et al. (US 2016/0140447 A1) further in view of Krstic et al. (US 2013/0185764 A1).
Claim 5, Kaipu-Faitelson-Hotes-Cohen combination teaches wherein the operating system is configured to search the folder tree by traversing the folder tree from a root of the folder tree and inspecting the accumulated number of content items (e.g. Cohen [0036]-[0037], [0060], [0160]-[0162], [0325]) and does not explicitly teach but Krstic 764 teaches if the at least one folder passes at least one rule, storing an identifier of the at least one folder as a folder which may be suggested to a user for access by an application. (e.g. [0023]-[0024], [0029])
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings described by Krstic 764 into the invention of Kaipu-Faitelson-Hotes-Cohen combination. The motivation for such an implementation would be for the purpose of allowing an application access to a previously trusted file or folder even after the termination of the application (Krstic 764 [0024]).
Claim 6, Kaipu-Faitelson-Hotes-Cohen-Krstic 764 combination teaches wherein the operating system is configured to store the identifier of the at least 
Claims 10, 17, and 21 are rejected under 35 U.S.C. 103 as being unpatentable over Kaipu et al. (US 2017/0118186 A1) in view of Faitelson et al. (US 2011/0060916 A1) in view of Hotes et al. (US 2010/0242097 A1) further in view of Staley et al. (US 2016/0026815 A1).
Claim 10, Kaipu-Faitelson-Hotes combination teaches wherein the operating system is configured to add the identified at least one of the other content items or references to the identified at least one of the other content items to the application access record (e.g. Kaipu [0027], [0030], [0035]), and does not explicitly teach but Staley teaches add an identified at least one of other content items or references to the identified at least one of the other content items to an application access record, only when user input has been received authorizing the addition. (e.g. [0039])
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings described by Staley into the invention of Kaipu-Faitelson-Hotes combination. The motivation for such an implementation would be for the purpose of restricting which users can add items to a collection folder and providing a content 
Claim 17, Kaipu-Faitelson-Hotes combination teaches adding identified other item(s) to the application access record (e.g. Kaipu [0027], [0030], [0035]), and does not explicitly teach but Staley teaches adding identified other item(s) to an application access record only when authorization from the user has been received. (e.g. [0039])
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings described by Staley into the invention of Kaipu-Faitelson-Hotes combination. The motivation for such an implementation would be for the purpose of restricting which users can add items to a collection folder and providing a content management system that protects user data in which a user can store content items without being able to access content items stored by other users (Staley [0003], [0039]).
Claim 21, Kaipu-Faitelson-Hotes combination teaches wherein the computer-executable instructions cause the operating system to add the identified at least one of the other content items or references to the identified at 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings described by Staley into the invention of Kaipu-Faitelson-Hotes combination. The motivation for such an implementation would be for the purpose of restricting which users can add items to a collection folder and providing a content management system that protects user data in which a user can store content items without being able to access content items stored by other users (Staley [0003], [0039]).
Claim 11 is rejected under 35 U.S.C. 103 as being unpatentable over Kaipu et al. (US 2017/0118186 A1) in view of Faitelson et al. (US 2011/0060916 A1) in view of Hotes et al. (US 2010/0242097 A1) in view of Staley et al. (US 2016/0026815 A1) further in view of Hornqvist (US 2008/0306954 A1).
Claim 11, Kaipu-Faitelson-Hotes-Staley combination teaches the operating system, the application and the addition to the application access record (see 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings described by Hornqvist into the invention of Kaipu-Faitelson-Hotes-Staley combination. The motivation for such an implementation would be for the purpose of updating a permission cache and protecting the privacy of files based on user defined access permissions (Hornqvist [0005], [0176]).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: US 2002/0099944 discloses a method which enables a user to prevent unauthorized access to files stored on a computer.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to AMIE C LIN whose telephone number is (571)272-7752.  The examiner can normally be reached on M-F 9:00AM -5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/AMIE C. LIN/           Examiner, Art Unit 2436