DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In communications filed on 12/28/2020. Claims 1, 6-7, 9-15, 17-18, and 20 are amended. Claims 3-4, 8, and 19 cancelled.  Claims 1-2, and 5-7, 9-18, and 20 are pending in this examination.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.   This examination is in response to US Patent Application No. 15/932,254.
  					Examiner Note
Applicant is encouraged to schedule an interview with the examiner prior to the next communication to compact prosecution of the case.
Claims 1 and 10 recites "a processor”. The processor has been described on
Paragraph 62 of the specification as:  " a central processing unit (CPU) or microprocessor” thus establishing a hardware description. 
Applicant’s amendment to independent claims obviates previously raised claims 1-2, 5-7, 9-16 U.S.C .112(b) second paragraph, rejection. 
Examiner has withdrawn the second and third set of rejections submitted in the last office action.
The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure.
DODONOV (US20160328485) (filed in IDS 09/28/2020) discloses [¶37, for example, when a user activates a client web browser application 124 of the client device 102 to browse or navigate web pages… The processor 114 may in turn execute a cache manager 116 to reserve a portion of the memory 118 (e.g., the browser cache 120) for the web browser for storing data and code… the cache manager 116 may perform logical organization and management of the browser cache 120 of the client device 102], and [¶45], and [¶52, …In one aspect, the cache manager 116 may create two clusters in the browser cache 120: a first cluster comprising a main search web page (e.g., Yandex.com) and several search result web pages along with respective resources including images, texts, JavaScript etc.; and a second cluster comprising the email web page and respective resources].
Terminal Disclaimer
The terminal disclaimer filed on 07/29/2020 disclaiming the terminal portion of any patent granted on this application, which would extend beyond the expiration date of U.S. Patent application No. 15/865,887, 15/932,242, and 15/932,245 have been reviewed and is accepted.  The terminal disclaimer has been recorded.

Response to Arguments
Although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims.  See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993).  

Applicant's arguments filed 12/28/2020 have been fully considered but they are not persuasive:
Applicant submits on page 16-19 of remarks filed on 12/28/2020 that  that the combination of Burckart et al. and Barton et al. does not teach or suggest all of the elements as recited in this claim. In specific, claim 1, as amended, recites a software-based zone control module stored configured to be executed by the processor in the memory and controlled by the browser module, the zone control module further configured to establish a first zone of control and a second zone of control for isolating communications between the first and second encrypted communication links.
Examiner respectfully disagrees with applicant argument for claim 1 filed on 12/28/2020 on pages 16-19 of remarks.
Burckart discloses this limitation as : [¶19, Application programs 144 include a browser 146.  Browser 146 includes program modules and instructions enabling a World Wide Web (WWW) client (i.e., computer 100) to send and receive network messages to the Internet.  Computer 100 may utilize HyperText Transfer Protocol (HTTP) messaging to enable communication with server 150 and Web Server 152], and [¶17, System memory 136 is defined as a lowest level of volatile memory in computer 100.  This volatile memory may include additional higher levels of volatile memory (not shown), including, but not limited to, cache memory]; and
 a  software-based zone control module stored configured to be executed by the processor in the memory and controlled by the browser module., the zone control module further configured to establish at least one zone of control for isolating communications between each of the two or more secure communication links [¶21, Within browser 146 is a web page partitioning logic 210, which partitions the master web page 206 into multiple partition caches 212a-i. Together, these multiple partition caches 212a-i form a partitioned web page 214, which is sent to a display 110.  Partitioned web page 214 is made up of multiple partitions 216a-i. In a manner that is described in more detail below, updated content 218 for each of the partition caches 212 (and the corresponding partitions 216) is also pulled from content server 202 and transmitted to browser 146 via web server 152], and [¶22, As described in block 304, such a master web page can be partitioned into multiple partitions, or, as described in FIG. 2, into multiple partition caches 212 as shown in FIG. 2, to create a partitioned web page.  Each partition in the partition web page is correlated/matched with/to a partition cache (block 306) in the browser]; and 

		establish first and second encrypted communication link with respective first and second external computing devices; the first and second encrypted communication links[¶16, Computer 100 is able to communicate with a server 150 and a Web Server 152 via a network 128 using a network interface 130, which is coupled to system bus 106.  Network 128 may be an external network such as the Internet or an internal network such as an Ethernet or a Virtual Private Network (VPN)].

		Examiner Note: Barton  also discloses this limitation as: [¶75, virtual private network Connections].

	Examiner Note: It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to indicate that in Burckart application, browser partition webpages to multiple partitions (zones) which each partitions has its own corresponding partition cache and each partition can get their own updated content from servers over the encrypted VPN link.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-2, 5-7, 9-18, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over US Patent No. 2009/0024916 issued to Burckart et al (“Burckart”) (filed in IDS 09/28/2020) in view of US Patent Application No. 2014/0032691  issued to Barton..
Regarding claim 1, Burckart discloses a  software-based browser module stored in the memory and configured to be executed by the processor and configured to establish a communication link to at least one of the one or more external computing devices [¶19, Application programs 144 include a browser 146.  Browser 146 includes program modules and instructions enabling a World Wide Web (WWW) client (i.e., computer 100) to send and receive network messages to the Internet.  Computer 100 may utilize HyperText Transfer Protocol cache memory]; and
 a  software-based zone control module stored configured to be executed by the processor in the memory and controlled by the browser module., the zone control module further configured to establish at least one zone of control for isolating communications between each of the two or more secure communication links [¶21, Within browser 146 is a web page partitioning logic 210, which partitions the master web page 206 into multiple partition caches 212a-i. Together, these multiple partition caches 212a-i form a partitioned web page 214, which is sent to a display 110.  Partitioned web page 214 is made up of multiple partitions 216a-i. In a manner that is described in more detail below, updated content 218 for each of the partition caches 212 (and the corresponding partitions 216) is also pulled from content server 202 and transmitted to browser 146 via web server 152], and [¶22, As described in block 304, such a master web page can be partitioned into multiple partitions, or, as described in FIG. 2, into multiple partition caches 212 as shown in FIG. 2, to create a partitioned web page.  Each partition in the partition web page is correlated/matched with/to a partition cache (block 306) in the browser]; and 
		a processor configured to execute instructions stored in a memory; a hardware-based communication module coupled to the processor and configured to communicate with one or more external computing devices through a computer network using the communication link through the browser module [¶19, Application programs 144 include a browser 146.  Browser 146 includes program modules and instructions enabling a World Wide 
 a cache memory exclusively associated with the first zone of control and configured to store data associated with communications within the first zone of control such that access to the cache memory from any other communication channel outside of the first zone of control is prevented as: [¶21, Within browser 146 is a web page partitioning logic 210, which partitions the master web page 206 into multiple partition caches 212a-i. Together, these multiple partition caches 212a-i form a partitioned web page 214, which is sent to a display 110.  Partitioned web page 214 is made up of multiple partitions 216a-i. In a manner that is described in more detail below, updated content 218 for each of the partition caches 212 (and the corresponding partitions 216) is also pulled from content server 202 and transmitted to browser 146 via web server 152], and [¶22, As described in block 304, such a master web page can be partitioned into multiple partitions, or, as described in FIG. 2, into multiple partition caches 212 as shown in FIG. 2, to create a partitioned web page.  Each partition in the partition web page is correlated/matched with/to a partition cache (block 306) in the browser], and [¶17, System memory 136 is defined as a lowest level of volatile memory in computer 100.  This volatile memory may include additional higher levels of volatile memory (not shown), including, but not limited to, cache memory]; and 
	Examiner Note: Barton also discloses this limitation as: [¶119 For example, each computerized apparatus may include a communications interface to connect to a communications medium such as a network, memory to cache and/or persistently store information, and processing circuitry to execute an operating system and local applications], 
		 Burckart discloses wherein establish first and second encrypted communication link with respective first and second external computing devices; the first and second encrypted communication links[¶16, Computer 100 is able to communicate with a server 150 and a Web Server 152 via a network 128 using a network interface 130, which is coupled to system bus 106.  Network 128 may be an external network such as the Internet or an internal network such as an Ethernet or a Virtual Private Network (VPN)].
		Examiner Note: Barton also discloses this limitation as: [¶75, virtual private network Connections].
	Burckart does not explicitly disclose, however, Barton discloses wherein Serial No.: 15/932,254 Atty Docket No.: 011172.003US1 Atty/Agent: Kevin D. Jablonskicommunications are isolated in the first zone of control, the communication module further configured to establish a local hotspot network wherein communications through the local hotspot network are isolated in the first  zone of control [ ¶71, Referring now to the physical hardware layer of a cloud computing environment, availability zones 201-202 (or zones) may refer to a collocated set of physical computing resources.  Zones may be geographically separated from other zones in the overall cloud of computing resources.  For example, zone 201 may be a first cloud datacenter located in California, and zone 202 may be a second cloud datacenter located in Florida…], and [see FIG.9, ¶208-210, assigned to one 
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Burckart with the teaching of Barton in order  for imposing control over managed applications ,such as web browser, executing on mobile computing devices. The browser application may use multiple private data vaults to 
Regarding claim 2, Burckart discloses wherein the communication link comprises a virtual private network communication link [¶16, Computer 100 is able to communicate with a server 150 and a Web Server 152 via a network 128 using a network interface 130, which is coupled to system bus 106.  Network 128 may be an external network such as the Internet or an internal network such as an Ethernet or a Virtual Private Network (VPN)].
Regarding claim 5, Burckart  does not explicitly disclose, however Barton discloses wherein the local hotspot network comprises a Wi-Fi network¶208-210, assigned to one device, and/or a single user assigned to multiple devices 920).  The mobile devices 920 are preferably configured to communicate with the enterprise system 910 (also referred to herein as an "enterprise network") over a communication network 925.  The communication network 925 can comprise a wireless carrier network, the Internet, a wide area network, a WIFI network, and the like…The enterprise system 910 preferably includes an external firewall 922 and an internal firewall 924.  Each firewall 922, 924 can comprise a device or set of devices designed to permit or deny network transmissions based upon certain criteria…firewalls 922 and 924 or other devices of the enterprise system 910 to filter mobile devices' access requests based on a set of gateway rules, in order to protect the enterprise system 910 from unauthorized access while permitting legitimate communications to pass.  As will be described in further detail below, such access rules can be used to regulate access based on, e.g., mobile device properties, user properties, the specific enterprise resources 930 for which access is requested].
Regarding claim 6, Burckart  does not explicitly disclose, however Barton discloses, wherein communications through the local hotspot network in the  comprise encrypted communications[ ¶¶222-225, the user launches an enterprise mobile application; (6) decrypt encrypted message attachments received from the secure mobile gateway 928, such as encrypted attachments to email messages received from other members of the user's enterprise; (7) maintain a secure key store that is accessible by enterprise applications for obtaining keys for encrypting and decrypting data], and [¶¶410-412, Utilizing the specialized communication channel may provide extra cryptographic protection beyond that provided by a standard SSL channel between the client device 2505 and the proxy device 2510…].
Regarding claim 7, Burckart does not explicitly disclose, however Barton discloses, further comprising a second browser module configured to facilitate communications in the local hotspot network outside of the first zone of control [¶71, Referring now to the physical hardware layer of a cloud computing environment, availability zones 201-202 (or zones) may refer to a collocated set of physical computing resources.  Zones may be geographically separated from other zones in the overall cloud of computing resources.  For example, zone 201 may be a first cloud datacenter located in California, and zone 202 may be a second cloud datacenter located in Florida…], and [see FIG.9, ¶208-210, assigned to one device, and/or a single user assigned to multiple devices 920).  The mobile devices 920 are preferably configured to communicate with the enterprise system 910 (also referred to herein as an "enterprise network") over a communication network 925.  The communication network 925 can comprise a wireless carrier network, the Internet, a wide area network, a WIFI network, and the like…The enterprise system 910 preferably includes an external firewall 922 and an internal firewall 924.  Each firewall 922, 924 can comprise a device or set of devices designed to permit or deny network transmissions based upon certain criteria…firewalls 922 and 924 or other devices of the enterprise system 910 to filter mobile devices' access requests based on a set of 
Regarding claim 9, Burckart does not explicitly disclose, however Barton discloses, where the browser module is isolated within the computing device when the hotspot establishment is initiated from the one or more external computing devices [¶71, Referring now to the physical hardware layer of a cloud computing environment, availability zones 201-202 (or zones) may refer to a collocated set of physical computing resources.  Zones may be geographically separated from other zones in the overall cloud of computing resources.  For example, zone 201 may be a first cloud datacenter located in California, and zone 202 may be a second cloud datacenter located in Florida…], and [see FIG.9, ¶208-210, assigned to one device, and/or a single user assigned to multiple devices 920).  The mobile devices 920 are preferably configured to communicate with the enterprise system 910 (also referred to herein as an "enterprise network") over a communication network 925.  The communication network 925 can comprise a wireless carrier network, the Internet, a wide area network, a WIFI network, and the like…The enterprise system 910 preferably includes an external firewall 922 and an internal firewall 924.  Each firewall 922, 924 can comprise a device or set of devices designed to permit or deny network transmissions based upon certain criteria…firewalls 922 and 924 or other devices of the enterprise system 910 to filter mobile devices' access requests based on a set of gateway rules, in order to protect the enterprise system 910 from unauthorized access while permitting legitimate communications to pass.  As will be described in further detail below, such 
Regarding claim 10, the claim is interpreted and rejected for the same rational set forth in claim 1.
Regarding claim 11, Burckart  does not explicitly disclose, however Barton discloses, further comprising a third local computing device configured to connect to the local hotspot network and configured to communicate data through the first zone of control[ ¶¶71, 201, 208-210, 325, 511].
Regarding claim 12, Burckart  does not explicitly disclose, however Barton discloses, further comprising a third local computing device configured to connect to the local hotspot network and configured to communicate data through the local hotspot network and isolated from other communications within the first  zone of control [¶¶, 71, 201, 298-210, 325].
Regarding claim 13,  Burckart  does not explicitly disclose, however Barton discloses, further comprising a third local computing device configured to connect to the local hotspot network and configured to communicate data through the local hotspot network that is isolated from other communications within the first e zone of control [¶¶, 71, 201, 298-210, 325].
Regarding claim 14, Burckart  does not explicitly disclose, however Barton discloses, further comprising a second server computing device configured to communicate data through the computer network to the first local computing device that is isolated from other communications within the first  zone of control 
Regarding claim 15, Burckart does not explicitly disclose, however Barton discloses further comprising proxy server computing device coupled between the server-computing device and the first local computing device configured to facilitate communications within the first zone of control [¶¶397-399, 403-408].
Regarding claim 16, the claim is interpreted and rejected for the same rational set forth in claim 1
Regarding claim 17, Burckart  does not explicitly disclose, however Barton discloses, further comprising disallowing communications to and from the second local computing device outside of the first  zone of control [¶¶ 200, 233, 613-615].
Regarding claim 18, Burckart does not explicitly disclose, however Barton discloses, further comprising instantiating a second browser to coordinate communication outside of the zone of control [¶¶62, 75-76, 79].
Regarding claim 20, Burckart does not explicitly disclose, however Barton discloses   further comprising restricting the data coordinated by the instantiated browser within the first zone of control from access by communication or computation occurring outside of the first zone of control without impacting communications outside of the first zone of control [¶¶62, 75-76, 79].

Conclusion
Applicants are encouraged to take advantage of the After Final Consideration Pilot 2.0 (AFCP 2.0) which authorizes non-production time for consideration of responses filed after a final rejection. The purpose of the pilot is to compact prosecution of the case. The request must include 1) A signed AFCP request form (PTO/SB/434 or equivalent) that includes a statement that applicant is requesting consideration under the AFCP; 2) An amendment to at least one independent claim that does not broaden the scope of the independent claim in any aspect; and 3) A statement that applicant is willing and available to participate in any interview initiated by the examiner concerning the present response.  In the limited amount 
                                                                                                                
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.                                                                                                                                                                     

Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHAHRIAR ZARRINEH whose telephone number is (571)272-1207.  The examiner can normally be reached on Monday-Friday, 8:30am-5:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw can be reached on 571-272-3867.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/SHAHRIAR ZARRINEH/Examiner, Art Unit 2497