DETAILED ACTION
This Office Action is in response to the Amendment filed on 02/25/2021.
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the instant Amendment, filed on 02/25/2021, no claim have been amended. 
Claims 1-20 have been examined and are pending in this application. Claims 1, 8, and 15 are independent.
Response to Arguments/Remarks
As to the objections to claim 15, the objections are withdrawn, as Applicant has explained and submitted that the claim does not directed to any transitory medium.
Applicants’ arguments in the instant Amendment, filed on 02/25/2021, with respect to the prior-art rejections to claims 1-20 are rejected under 35 U.S.C. 103, and limitations listed below, have been fully considered but they are not persuasive.
Applicant’s Remarks: As to the independent claims1, the Applicant submits that the applied prior art Peterson and Scott does not teach the  limittaion. Specifically, Soctt does not teach the limitation “removing one or more public access features associated with the first component, wherein the first component is no longer subject to public access from any application”  to provide an evedence the  Applicant states  (Applicant Arguments/Remarks, 02/25/2021, page 8).
The Examiner disagrees with the Applicants. The Examiner respectfully submits that applied reference teaches the addressed limitations. Scott teaches the limitations that are addressed in the rejection. Examiner, respectfully, points out that Applicant’s argument that “In contrast to Stott, the present claims prevent incoming access to the application. As Stott works in a complete opposite manner as the present claims,” The claim limitation recites, in lines 4-5, “at least a first component of the first application is subject to public access from any application,” and then recites, in line 7, “no longer subject to public access from any application.” A person with ordinary skill in the art would understand, a set of “any application”, would include the claimed ‘first application.” Therefore, Applicant’s argument as that claimed invention is directed to preventing “incoming access to the application” as oppose to Scott’s teaching of preventing “outside access” is not accurate, as if access to the claimed component is 
Referred lines of applied prior art Scott (Stott: col. 10, lines 39-65), describes a mechanism where process performs prohibiting [i.e. preventing] an application performing operations those are identified as potentially damaging. In regards to “preventing outside access,” the disclosure of Scott refers as to the dangerous operation that would not have been prevented if the identified operations of the application were not prohibited or restricted. Applicant is correct on the fact that “Stott is preventing the application itself from connecting to something that is harmful.” However, as addressed above that “any application” would capture the scope of the “first application,” and the application preventing certain harmful operation of itself internally, would broadly read on the addressed limitations.
Even giving the hypothetical scenario that the claim language is amended to recite, preventing access from “any application other than the first application” or preventing access from “any other application.” Scott teaching would explicitly teach the limitation, as once the system/application is identified a harmful code/module/operation, and prevented access from itself, There is no rational explanation of why the identified operation would not be prevented from outside system or applications. In column, 11, lines049-57, Scott, discusses aid in preventing these outside calls of controlling/using of harmful code/operations. 
Applicant’s Remarks: As to independent claims 8 and 15, the Applicant submits similar aurguments as to claim 1, and claims are patenable over the combination of Peterson . (Applicant Arguments/Remarks, 02/25/2021, page 8).

Additionally, as to the dependent claims 2-7, 9-14, and 16-20, the Applicant argues that the claims are allowable at least based on their dependency from the allowable base claim) (Applicant Arguments/Remarks, 02/25/2021, page 8).
The Examiner disagrees with the Applicants. The Examiner respectfully submits that the dependent claims 2-7, 9-14, and 16-20 are rejected at least based on the rationale and response presented to the argument for their respective base claims, and the reference applied to the claims 2-7, 9-14, and 16-20.
Claim Rejections - 35 USC § 103
 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective 
Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Peterson (“Peterson,” US 2015/0007259, published on 01/01/2015), in view of Scott et al (“Scott,” US 7,774,620, patented on 08/10/2020).
As to claim 1, Peterson teaches a computer-implemented method for building a secure computing device application, the method (Peterson: pars 0008-0010, 0027, a system and method for customizing application security, by applying security rules on selected portion of code, resulting fine-tuning of security features of the application) comprising:
scanning one or more communication interfaces of a first application (Peterson: pars 0010, 0042, target code may be parsed in a certain manner and linked against the app security program; object code provides an interface to the mobile device operating system); and
adding, to the first application, a first module to control access to data to or from the first component via one or more security rules, wherein the scanning, the determining, the removing, and the adding are performed by a first computing device at compile time (Peterson: pars 0010-0011, 0042, 0054, 0075, dynamic library [module] is injected into the app; class files for the app security program are generated based on the one or more policies (rules). Java class files are replaced with the class files generated based on the policies. Runtime policy compiler inputs the policy parameter. Source code is compiled to object code and is then linked to SDK libraries).
Peterson does not explicitly teach determining, in response to the scanning, that at least a first component of the first application is subject to public access from any application; and
removing one or more public access features associated with the first component, wherein the first component is no longer subject to public access from any application.
However, in an analogous art, Scott teaches determining, in response to the scanning, that at least a first component of the first application is subject to public access from any application (Stott: col. 5, lines 16-31, col 10, lines 50-54, canning its constituent parts to find links, data sources, web services, and other pieces of code that can indicate a potential compromise to security; find universal resource locators (URLs) indicating that the application attempts to communicate with remote locations [i.e. public accessible component]); and
removing one or more public access features associated with the first component, wherein the first component is no longer subject to public access from any application (Stott: col. 10, lines 39-65, a mechanism where process performs prohibiting [i.e. preventing] an application performing operations those are identified as potentially damaging. potentially damaging operations found in the application are neutralized, so that no data source outside the application boundaries can be contacted. Application access rights are removed based on the rule).
before the effective filing date of the claimed invention to combine the teachings of Scott with the method/system of Peterson for the benefit of providing a user with a means for scanning the component of application that is openly accessible by any application and system/subsystem, and restricting the access control to the application for enhancing security during runtime stage (Stott: col. 5, lines 16-31; col 10, lines 39-65). 
As to claim 2, the combination of Peterson and Scott teaches the method of claim 1, 
Peterson further teaches wherein the first application is executed on a mobile device and the first application receives a first invocation message from a second application executing on the mobile device, the first invocation message requesting to write a first set of data to the first component Peterson: pa. 70, when the security-related processing is over, the app security program calls the original "write" function in the app code to complete the call), the first module causes the first application to:
obtain a first set of details associated with the write (Peterson: pars 0003, 0070, security for apps running on mobile devices. The app code invokes a "write" function);
compare the first set of details with the one or more security rules to determine whether the write may occur; and
restrict, based on at least the one or more security rules, the first invocation message by blocking the write of the first set of data to the first component (Peterson: pars 0046, 0070, write" function is eventually called or used by the app security program, but not used initially [i.e. restricted]. The data involved or needed for the function may be processed (e.g., encrypted, scrambled, etc.); all information the app creates is stored in encrypted form).
As to claim 3, the combination of Peterson and Scott teaches the method of claim 2, 
Peterson further teaches wherein the first module causes the first application to further determine that the first invocation message from the second application is associated with an unauthorized injection attack, wherein the restricting is further based on the determining (Peterson: pars 0053, 0056, 0071, 0082, security program able to identify anomalous system call behavior of an app to identify malicious Trojan apps that act outside of their published intent; prevent rogue apps from gaining access to and stealing confidential data on the phone. Implements countermeasures in the binary executable to prevent malicious parties, such as hackers or any third-party, from inserting malware, doing harm to the cod,).
As to claim 4, the combination of Peterson and Scott teaches the method of claim 1, 
Peterson further teaches wherein the first application includes a list of particular applications that are allowed to call the first application, and wherein a first rule of the one or more security rules is based on the list of particular applications that are allowed to call the first application (Peterson: pars 0052-0053, 0070-0071, link or invocation is not in a library or other data structure of the app security wrapping code, then it is replaced or shimmed with an invocation to the security software library. Implements countermeasures in the binary executable to prevent malicious parties, such as hackers or any third-party, from inserting malware, doing harm to the code).
As to claim 5, the combination of Peterson and Scott teaches the method of claim 1, 
Peterson further teaches wherein a first rule of the one or more security rules permits a first set of data to be injected to the first component, the one or more security rules including a second rule to block a second set of data to be injected to the first component application (Peterson: pars 0023, 0052-0053, selecting an action point, creating target code and injecting the code into wrapped apps. New policy output is input to a policy definition file which is generated at runtime and includes various types of code and extensions. A wrapper definition file input to an app wrapper component, which generates secure app by injecting custom binary code (native or bytecode) into an app).
As to claim 6, the combination of Peterson and Scott teaches the method of claim 1, 
Peterson further teaches wherein the first application is managed by an Android operating system (Peterson: par 41, operating system of Android phone).
As to claim 7, the combination of Peterson and Scott teaches the method of claim 1, 
Peterson further teaches wherein the one or more security rules includes a first rule to permit a second application to read the data from the first component, the one or more security rules including a second rule to block the second application from writing any of the data to the first component (Peterson: pars 0048-0049, if the call is to save data on the mobile device memory, the secured app may actually back up the data to a storage area in the cloud or on the Internet (i.e., off the device). The app is partially crippled so that the app can only access unclassified data and wherein classified information is nullified based on various policy parameters).
As to claim 8, Peterson teaches a system for building a secure computing device application, the system comprising: a computing device having a processor; and a computer readable storage medium having program instructions embodied therewith, the program instructions executable by the processor to cause the system (Peterson: pars 0008-0010, 0027, a system and method for customizing application security, by applying security rules on selected portion of code, resulting fine-tuning of security features of the application) to: 
scan one or more communication interfaces of a first application (Peterson: pars 0010, 0042, target code may be parsed in a certain manner and linked against the app security program; object code provides an interface to the mobile device operating system); and
add, to the first application, a first module to control access to data to or from the first component via one or more security rules (Peterson: pars 0010-0011, 0042, 0054, 0075, dynamic library [module] is injected into the app; class files for the app security program are generated based on the one or more policies (rules). Java class files are replaced with the class files generated based on the policies. Runtime policy compiler inputs the policy parameter. Source code is compiled to object code and is then linked to SDK libraries).
Peterson does not explicitly teach determine, in response to the scanning, that at least a first component of the first application is subject to public access from any application; and

However, in an analogous art, Scott teaches determine, in response to the scanning, that at least a first component of the first application is subject to public access from any application (Stott: col. 5, lines 16-31, col 10, lines 50-54, canning its constituent parts to find links, data sources, web services, and other pieces of code that can indicate a potential compromise to security; find universal resource locators (URLs) indicating that the application attempts to communicate with remote locations [i.e. public accessible component]); and
remove one or more public access features associated with the first component, wherein the first component is no longer subject to public access from any application (Stott: col. 10, lines 39-65, a mechanism where process performs prohibiting [i.e. preventing] an application performing operations those are identified as potentially damaging. potentially damaging operations found in the application are neutralized, so that no data source outside the application boundaries can be contacted. Application access rights are removed based on the rule).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Scott with the method/system of Peterson for the benefit of providing a user with a means for scanning the component of application that is openly accessible by any application and system/subsystem, and restricting the access control to the application for enhancing security during runtime stage (Stott: col. 5, lines 16-31; col 10, lines 39-65).
As to claim 9, the claim limitations are similar to the limitation of claim 2, and rejected for the same reason set forth for claim 2.
As to claim 10, the combination of Peterson and Scott teaches the system of claim 8, 
Peterson further teaches wherein a first rule of the one or more security rules permits any explicit invocations to be sent from the first application, the first rule not permitting any implicit invocations to be sent from the first application, the explicit invocations identifying a specific recipient application by name, the implicit invocations identifying a particular action to be executed without identifying a particular recipient application by name (Peterson: par. 56; identity-based [name] control of apps or services and highly granular control over app behavior [particular action]; par. 99; the code written by the app developer is tied to a specific customizable action point. It is also useful to note that each action point is associated with a specific policy. As noted, at step 1010 policies are configured. Once all the action points have been selected and tied to their targets, the one or more policies associated with the action points are said to be configured with the action point target code).
As to claim 11, the combination of Peterson and Scott teaches the system of claim 8, 
Peterson further teaches wherein a first rule of the one or more security rules permits a first set of data to be read from the first component, the one or more security rules including a second rule to block a second set of data to be read from the first component (Peterson: par 0049, a user is attempting to paste or copy sensitive data from a classified app to a non-classified app, the app control program may change the copy of the data that is being pasted to garbage or essentially make it meaningless).
As to claim 12, the combination of Peterson and Scott teaches the system of claim 8, 
Peterson further teaches wherein the one or more security rules includes a first rule that only particular application types are permitted to read from the first component or write to the first component (Peterson: par 0027, preventing device software applications from infecting or otherwise damaging a device. These types of applications, used often on a variety of mobile devices; par. 0045; take into consideration the category of the app, the type and nature of app, the author, the age-appropriateness, and numerous other factors).
As to claim 13, the combination of Peterson and Scott teaches the system of claim 8, 
Peterson further teaches wherein the one or more security rules includes a first rule to permit a second application to write a first set of data to the first component, the one or more security rules including a second rule to block the second application from writing a second set of data to the first component (Peterson: par 0047, the call may be allowed to pass to the operating system as shown in step 506. Here the call is made to the device operating system and the app executes in a normal manner).
As to claim 14, the combination of Peterson and Scott teaches the system of claim 8, 
(Peterson: par. 83; policy 904 comprised of computer code, has embedded in its code action points 906a-c. Action points 906a-c are [first] code that, when executed, calls specific app developer code [second], referred to as targets 908a-c. This is code inserted into the wrapped app by the developer to achieve a particular function. When target code 908a-c executes it calls other functions or links to other libraries [third]; there can be multiple action points 906a-c in one or more policies 904 which call multiple targets 908a-c; there can also be more than one policy 904 in a secured app).
As to claim 15, Peterson teaches a computer program product for building a secure computing device application, the computer program product comprising a computer readable storage medium having program code embodied therewith, the program code comprising computer readable program code (Peterson: pars 0008-0010, 0027, a system and method for customizing application security, by applying security rules on selected portion of code, resulting fine-tuning of security features of the application) configured for:
scanning one or more communication interfaces of a first application (Peterson: pars 0010, 0042, target code may be parsed in a certain manner and linked against the app security program; object code provides an interface to the mobile device operating system); and
(Peterson: pars 0010-0011, 0042, 0054, 0075, dynamic library [module] is injected into the app; class files for the app security program are generated based on the one or more policies (rules). Java class files are replaced with the class files generated based on the policies. Runtime policy compiler inputs the policy parameter. Source code is compiled to object code and is then linked to SDK libraries).
Peterson does not explicitly teach determining, in response to the scanning, that at least a first component of the first application is subject to public access from any application; and
removing one or more public access features associated with the first component, wherein the first component is no longer subject to public access from any application.
However, in an analogous art, Scott teaches determining, in response to the scanning, that at least a first component of the first application is subject to public access from any application (Stott: col. 5, lines 16-31, col 10, lines 50-54, canning its constituent parts to find links, data sources, web services, and other pieces of code that can indicate a potential compromise to security; find universal resource locators (URLs) indicating that the application attempts to communicate with remote locations [i.e. public accessible component]); and
removing one or more public access features associated with the first component, wherein the first component is no longer subject to public access from any application (Stott: col. 10, lines 39-65, a mechanism where process performs prohibiting [i.e. preventing] an application performing operations those are identified as potentially damaging. potentially damaging operations found in the application are neutralized, so that no data source outside the application boundaries can be contacted. Application access rights are removed based on the rule).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Scott with the method/system of Peterson for the benefit of providing a user with a means for scanning the component of application that is openly accessible by any application and system/subsystem, and restricting the access control to the application for enhancing security during runtime stage (Stott: col. 5, lines 16-31; col 10, lines 39-65).
As to claim 16, the claim limitations are similar to the limitation of claim 2, and rejected for the same reason set forth for claim 2.
As to claim 17, the combination of Peterson and Scott teaches the computer program product of claim 15, 
Peterson further teaches wherein the first application includes a list of particular applications that are allowed to call the first application only at a particular time of day or night, and wherein a first rule of the one or more security rules is based on the list of particular applications that are allowed to call the first application only at a particular time of day or night (Peterson: pars 0029, 0034, 0049, The app is partially crippled so that the app can only access unclassified data and wherein classified information is nullified based on various policy parameters. Policy of protection certain times of day. Limit the amount of time, e.g., 10 minutes a day or limit which Web sites may be accessed by an app).
As to claim 18, the combination of Peterson and Scott teaches the computer program product of claim 15, 
Peterson further teaches wherein the first application includes a second component, the one or more security rules including a first rule that permits a write to the first component, the first rule not permitting a write to the second component (Peterson: par 0049, a user is attempting to paste or copy sensitive data from a classified app to a non-classified app [second], the app control program may change the copy of the data that is being pasted to garbage or essentially make it meaningless).
As to claim 19, the combination of Peterson and Scott teaches the computer program product of claim 15, 
Peterson further teaches wherein the one or more security rules includes a first rule that only a first set of data may be read from the first component, the security rules including a second rule that a second set of data may not be read from the first component (Peterson: par 0049, a user is attempting to paste or copy sensitive data from a classified app to a non-classified app, the app control program may change the copy of the data that is being pasted to garbage or essentially make it meaningless).
As to claim 20, the combination of Peterson and Scott teaches the computer program product of claim 15, 
Peterson further teaches wherein a first rule of the one or more security rules permits any explicit invocations to be sent from the first application, the first rule not permitting any implicit invocations to be sent from the first application, the explicit (Peterson: par. 56; identity-based [name] control of apps or services and highly granular control over app behavior [particular action]; par. 99; the code written by the app developer is tied to a specific customizable action point. It is also useful to note that each action point is associated with a specific policy. As noted, at step 1010 policies are configured. Once all the action points have been selected and tied to their targets, the one or more policies associated with the action points are said to be configured with the action point target code).
Conclusion

THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571) 270-5002.  The fax number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/JAHANGIR KABIR/             Primary Examiner, Art Unit 2439