DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Amendment
This Office action is in response to the amendment filed 11/30/2020. Claims 5, 7, and 17 have been amended; claims 10-11 and 22-23 have been canceled; new claims 25-28 have been added.
Response to Arguments
Applicant's arguments filed 11/30/2020 with respect to the rejection of claims 1-8 and 13-20 under 35 U.S.C. 103 as being unpatentable over Hitomi in view of Campbell have been fully considered but they are not persuasive.
In response to applicant's arguments against the references individually (i.e., there is no disclosure of using software containers in Campbell) (Remarks, page 11, first paragraph), one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 
Applicant argues that the proposed modification would seem to preclude file sharing when the applications are not part of same logical software application, which is contrary to the teachings of Hitomi (Remarks, page 11, second paragraph). Hitomi already discloses file sharing between applications that are not part of the same logical application. Campbell is relied upon for file sharing between applications that are part of the same logical application. Those two features are not mutually exclusive, and, therefore, the modification would not preclude file sharing when the applications are not part of same logical software application. 
Applicant argues that it is assumed on a smartphone that a user has access to all of their own data, which is not analogous to the server-based architecture of Hitomi (Remarks, page 11, third paragraph). First, Hitomi discloses utilizing his method on a personal computer (par. [0072]) on which the user is assumed to have access to all of his own data. Second, not only Hitomi but Campbell also utilizes a server-based architecture (Fig. 1; col. 4, lines 28-35).
Applicant argues that Hitomi “is unrelated to financial transactions. Instead, Hitomi relates to sharing Writer files, which are documents in OpenOffice, between software containers. OpenOffice is not used to conduct financial transactions. Thus, one of ordinary skill in the art looking to improve OpenOffice document sharing would not be prompted to modify Hitomi based on Campbell’s smartphone credit card sharing features” (Remarks, page 11, last paragraph). First, Hitomi teaching is not only restricted to OpenOffice application. Hitomi also discloses using other types of application such as game software applications (par. [0053]) and streaming software applications (par. [0054). Second, whereas OpenOffice is not used to conduct financial .
Claim Objections
Claim 28 is objected to under 37 CFR 1.75 as being a substantial duplicate of claim 17. When two claims in an application are duplicates or else are so close in content that they both cover the same thing, despite a slight difference in wording, it is proper after allowing one claim to object to the other as being a substantial duplicate of the allowed claim. See MPEP § 608.01(m).
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 7 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention. The amended claim 7 recites the limitation “controlling an operational state of the first software container by a container engine running on a computing device that is different from the host computing device”. The controlling step of claim 7 is performed by a computing device different from the host computing device. However, claim 7 is dependent upon claim 1 which is directed to a method implemented by the host computing device. It is not clear how a step performed by one device is part of the steps performed by another device.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-4, 6, 8, 13-16, 18-20 and 26 are rejected under 35 U.S.C. 103 as being unpatentable over Hitomi et al. (US 2008/0109876 A1) in view of Campbell et al. (US 9,747,468 B1).
Regarding claims 1 and 13, Hitomi teaches a method of sharing a resource between software containers (Fig. 1: rules based access to protected resources), the method implemented by a host computing device and comprising:
	detecting a request from a first software application in a first software container to access a resource of a second software application operating in a second software container that is different from the first software container (par. [0032]: application requests a resource in another container associated with a DMZ; par. [0025]: DMZ of an application on the second container, e.g. OpenOffice application with Writer files), an operational state of the second software container being controlled by a 
	accepting or rejecting the request based on stored rules (par. [0036]: rules for read/write access used at the DMZ to allow subsequent access by the requestor).
	Hitomi does not disclose accepting or rejecting the request based on whether the first and second software applications are part of a same logical software application. Campbell discloses accepting or rejecting a request, from a first software application to access a resource of a second software application, based on whether the first and second software applications are part of a same logical software application (i.e., request is approved if the first and second software applications are in the same group or folder so that they can communicate with each other to achieve a specific purpose such as to pay a merchant using reward points from a credit card account, to book a flight using points from a particular airline, etc.) (Fig. 2, steps 230-240; col. 5, lines 11-20; col. 3, lines 4-50). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Hitomi’s method to accept or reject the request based on whether the first and second software applications are part of a same logical software application, as taught by Campbell. The motivation for doing so would have been to facilitate sharing of data between applications for conducting different types of transactions.
Regarding claims 2 and 14, Hitomi further discloses that detecting the request comprises intercepting the request before the request is delivered to the second software container (par. [0035]: the request is intercepted by the DMZ); accepting the request comprises instructing the host computing device to deliver the request to the 
Regarding claims 3 and 15, Campbell further discloses determining whether the first and second software applications are part of a same logical software application (i.e., determining if the first and second software applications are in the same group or folder); and accepting the request based on the first and second software applications being part of the same logical software application (Fig. 2, steps 230-240; col. 5, lines 11-20; col. 3, lines 4-50).
Regarding claims 4 and 16, Hitomi further discloses a DMZ separate from the first and second software containers, the DMZ determining whether a rule is checked to ensure that the requestor is allowed access to resource (par. [0027], [0034]-[0035]: a DMZ is a virtual area in which resource requests of resources kept in or associated with a container are honored or refused). Hitomi does not explicitly teach that the DMZ is itself a “container.” However, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to recognize that the “virtual area” described by Hitomi may be considered a software container as it contains instructions that are virtualized separately from the other software containers. Doing so would be the substitution of one known technique with an equivalent known technique yielding the same results.
Regarding claims 6 and 18, Hitomi further discloses determining whether the requested resource is marked as shared for the first software container by an entry in a security registry (par. [0036]: rules for read/write access used at the DMZ to allow subsequent access by the requestor); accepting the request based on the requested resource being marked as shared for the first software container by an entry in the security registry (par. [0035]: when the requestor is allowed access, the request is forwarded from the DMZ to the software container); and rejecting the request based on the requested resource not being marked as shared for the first software container (par. [0033]: if it is determined that rule-based access is not granted, then access to the resource is restricted and the application may end). Campbell discloses determining whether the first and second software applications are part of a same logical software application (Fig. 2, steps 230-240; col. 5, lines 11-20).
Regarding claim 19, Hitomi further teaches that an operational state of the second software container is controlled by a container engine running on the host computing device (par. [0047]: software application maybe paused, restarted, etc.). The claim language “an operational state of the first software container is controlled by a container engine running on a computing device that is different from the host computing device” does not limit the host computing device of claim 13 because the container engine is on a different device (see MPEP 2111.04).
Regarding claims 8 and 20, Hitomi further discloses instructing the host computing device to accept an additional request to access a resource in the second software application based on the additional request being received from the second 
Regarding claim 26, Hitomi further discloses that the determining is performed based on one or more of: an application registry (par. [0034]: the DMZ includes a table that correlates the requestor to a resource; instead of a table, a known or convenient structure could be used to manage access rules); and a file in the second software container (par. [0034]: rules associated with resources inside the container or another container).
Claims 9 and 21 are rejected under 35 U.S.C. 103 as being unpatentable over Hitomi in view of Campbell as applied to claims 1 and 13 above, and further in view of Warila et al. (US 2008/0313282). Regarding claims 9 and 24, Hitomi and Campbell do not teach wherein said accepting or rejecting the request is further based on whether the first software container is digitally signed. Warila teaches a certificate with a digital signature of an application is verified by a software container before performing a restricted activity (par. [0477]). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Hitomi and Campbell by incorporating the teachings of Warila because they are directed towards management of software containers. Although Hitomi does not specifically contemplate accepting or rejecting requests based on the container being digitally signed, Warila teaches the known concept of verifying digital signatures of applications to perform restricted activity. Therefore, one of ordinary skill in the art would recognize that the requests of Hitomi may be dependent on a similar digital signature of the first .
Claims 12 and 24 are rejected under 35 U.S.C. 103 as being unpatentable over Hitomi in view of Campbell as applied to claims 1 and 13 above, and further in view of McCorkendale et al. (US 8,977,842). Regarding claims 12 and 24, Hitomi and Campbell do not teach wherein if the requested resource is an encrypted file in the second software container and the request is one to open the file, the method comprises decrypting the encrypted file prior to providing the file to the first software container; and wherein if the requested resource is an encrypted file in the second software container and the request is one to write data to the file, the method comprises receiving the data from the first software container in unencrypted form and encrypting the data prior to saving it in the encrypted file in the second software container. McCorkendale teaches a hypervisor security extension container that uses VM private and public keys to encrypt and decrypt data transmitted between VMs (col. 2, II. 46-54; col. 2, II. 61-64; col. 7, II. 40-55). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Hitomi and Campbell by incorporating the teachings of McCorkendale because they are directed towards management of software sandboxes. Although Hitomi does not specifically contemplate transmission of encrypted data, McCorkendale teaches the known concept of using a middleman like the hypervisor security extension container to perform encryption and decryption operations on behalf of communicating software. Therefore, one of ordinary skill in the art would recognize that the containers of Hitomi may similarly depend on the .
Allowable Subject Matter
Claims 5, 17, 25 and 27-28 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
The following is a statement of reasons for the indication of allowable subject matter. The prior art of record fails to teach - (i) the determining is based on one or more of: a runtime parameter included in a request to start the second software container; and an environment variable accessible to the container engine; and (ii) the first software application in the first software container is a webserver application; the second software application in the second container is a database application; and the logical software application that the webserver application and database application are part of is a Customer Relationship Management (CRM) system – in combination with the limitations recited in the base claim and/or intervening claim(s).
Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MINH DINH whose telephone number is (571)272-3802.  The examiner can normally be reached on Mon-Fri: 9 AM - 5:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Nickerson can be reached on 469-295-9235.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access 




/MINH DINH/Primary Examiner, Art Unit 2432