DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Claims 1-20 are pending.

Claim Objections
Claims --1, 10, 11, 14, 16, 17, 19, and 20 are objected to because of the following informalities:  
“decrypting the content” in line 11 of claim 1 should read “the decrypting the encrypted content”.  Similar issue also exists in line 12 of claim 10 and line 11 of claim 16.
“the network” in line 7 of claim 11 should read “the IP network”.  Similar issue also exists in line 6 of claim 14.
“computer-usable” in line 1 of claim 16 should read “computer-readable”.
“a method” in line 3 of claim 16 should read “an operation”.
“the method” in line 1 of claim 17, line 1 of claim 19, line 3 of claim 20 should read “the operation”.
Appropriate correction is required.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims l, 4, 5, 10, 13, and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Lim (US 20120036370) in view of Berengoltz (US 20110126293).

Claim 1, Lim discloses A method comprising: 
receiving, by a computing system, one or more application-specific identifiers generated in response to execution of a first document-management application by the computing system; (e.g. ¶26-27, 198: accessing an encrypted document by an application program, where the application program runs on the computing device…a process identifier of the application program that initiated the open file operation)
based on the one or more application-specific identifiers, determining, by the computing system, that the first document-management application is permitted to open a protected document including encrypted content; (e.g. ¶26-27, 198: evaluating at least one policy in the subset of the plurality of policies by the policy enforcer to determine if the accessing an encrypted document by the application program should be allowed…the policy enforcer determines if the application program that initiated the open file operation should be trusted. The policy enforcer identifies the application program using the process identifier provided)
opening, by the computing system, the protected document in the first document-management application; decrypting, by the computing system, the encrypted content included in the protected document. (e.g. ¶26-27, 198: if the accessing an encrypted document by the application program is allowed, 
Although Lim discloses a method and system that protects documents at rest and in motion which involves decrypting an encrypted document to provide unencrypted content to an application program (e.g. abstract, ¶26, 198) and a communication network such as the Internet (¶52), Lim does not appear to explicitly disclose but Berengoltz discloses an access control method and system that protects information stored on computers in an organization from being accessed by external applications or users (¶40):
substantially concurrently with decrypting the content, inserting, by the computing system, an application-specific blocking policy into a network engine to enable the network engine to block the first document-management application from accessing a network. (e.g. fig. 2, ¶27-28, 39-40: embodiments of the invention may be configured to allow, for all application, access to information stored on computer 235, in such case, a decrypted version of information stored on computer 235 may be provided to any application upon request. However, embodiments of the invention may be further configured such that such access is only granted when connection 264 to network 240 is disabled and/or unavailable. According to embodiments of the invention, in the event connection 264 is restored and/or made available, access to information stored on computer 235 may be blocked. Accordingly, according to embodiments of the invention, in the event connection 264 is made unavailable, access to information stored on computer 235 may be granted…access to information on computers 205, 235 and server 230 may be granted when connection 262 is unavailable, namely, embodiments of the invention may decrypt and provide encrypted information stored on these computers. However, embodiments of the invention may be configured such that in the event that connection 262 is made available, access to information stored on computers 205 and 235 and server 230 may be blocked. Such configuration may protect information stored on computers in an organization from being accessed by external applications or users, for example, users or applications associated with computer 220.)
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Berengoltz into the invention of Lim for the purpose of protecting information stored on computers in an organization from being accessed by external applications or users (Berengoltz, ¶40).

Claim 4, Lim-Berengoltz discloses The method of claim 1, wherein the one or more application-specific identifiers comprise: a process name for the first document-management application; and a process identifier (ID) for the first document-management application. (e.g. Lim ¶198)

Claim 5, Lim-Berengoltz discloses The method of claim 1, wherein the network engine is a Transmission Control Protocol/Internet Protocol (TCP/IP) network engine facilitating data communication between the computing system and an IP network-based remote entity, and wherein the network comprises an IP network. (Berengoltz, e.g. ¶27-28, 39-40).  Same motivation as in claim 1 would apply.

Claim 10, Lim discloses A computing system comprising: 
a memory storing program instructions; and a processing unit coupled to the memory and operable to execute the program instructions, which, when executed by the processing unit, cause the computing system to: (e.g. ¶58, 60)
receive one or more application-specific identifiers generated in response to execution of a first document-management application by the computing system, (e.g. ¶26-27, 198: accessing an encrypted document by an application program, where the application program runs on the computing device…a process identifier of the application program that initiated the open file operation)
based on the one or more application-specific identifiers, determine that the first document-management application is permitted to open a protected document including encrypted content, (e.g. ¶26-27, 198: evaluating at least one policy in the subset of the plurality of policies by the policy enforcer to determine if the accessing an encrypted document by the application program should be allowed…the policy enforcer determines if the application program that initiated the open file operation should be trusted. The policy enforcer identifies the application program using the process identifier provided)
open the protected document in the first document-management application, decrypt the encrypted content included in the protected document, (e.g. ¶26-27, 198: if the accessing an encrypted document by the application program is allowed, providing an encryption key for decrypting the encrypted document to produce unencrypted content of the encrypted document and providing the unencrypted content to the application program…the policy enforcer determined the application program can be trusted, and it returns an encryption key to the encryption service. In step 1344, the encryption service opens that document and associates the encryption key with the document)
Although Lim discloses a method and system that protects documents at rest and in motion which involves decrypting an encrypted document to provide unencrypted content to an application program (e.g. abstract, ¶26, 198) and a communication network such as the Internet (¶52), Lim does not appear to explicitly disclose but Berengoltz discloses an access control method and system that protects information stored on computers in an organization from being accessed by external applications or users (¶40):
substantially concurrently with decrypting the content, insert an application-specific blocking policy into a network engine to enable the network engine to block the first document-management application from accessing an Internet Protocol (IP) network. (e.g. fig. 2, ¶27-28, 39-40: embodiments of the invention may be configured to allow, for all application, access to information stored on computer 235, in such case, a decrypted version of information stored on computer 235 may be provided to any application upon request. However, embodiments of the invention may be further configured such that such access is only granted when connection 264 to network 240 is disabled and/or unavailable. According to embodiments of the invention, in the event connection 264 is restored and/or made available, access to information stored on computer 235 may be blocked. Accordingly, according to embodiments of the invention, in the event connection 264 is made unavailable, access to information stored on computer 235 may be granted…access to information on computers 205, 235 and server 230 may be granted when connection 262 is unavailable, namely, embodiments of the invention may decrypt and provide encrypted information stored on these computers. However, embodiments of the invention may be configured such that in the event that connection 262 is made available, access to information stored on computers 205 and 235 and server 230 may be blocked. Such configuration may protect information stored on computers in an organization from being accessed by external applications or users, for example, users or applications associated with computer 220.)
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Berengoltz into the invention of Lim for the purpose of protecting information stored on computers in an organization from being accessed by external applications or users (Berengoltz, ¶40).

Claim 13, this claim is rejected for similar reasons as in claim 4.

Claim 16, this claim is rejected for similar reasons as in claim 1.

Claims 6 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Lim (US 20120036370) in view of Berengoltz (US 20110126293) and further in view of Parez (US 20180152296).

Claim 6, Lim-Berengoltz discloses The method of claim 1, further comprising: de-activating, by the computing system, the application-specific blocking policy in the network engine; and permitting the first document-management application to access the network.  (Berengoltz, e.g. ¶39-40).  Same motivation as in claim 1 would apply.
Lim-Berengoltz  does not appear to explicitly disclose but Parez discloses monitoring, by the computing system, a status of the protected document; determining, by the computing system, that the protected document is closed (e.g. ¶67: the closing condition of the encrypted object is also tracked…when it is monitored that the encrypted object is closed, the temporary file generated by the terminal application system can be deleted. For further improving the security, when it is monitored that the encrypted object is closed, the temporary file generated by the terminal application system can be deleted)
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Parez into the invention of Lim-Berengoltz for the purpose of providing protection for the encrypted object after the opened encrypted object is closed (Parez, ¶67).

Claim 19, this claim is rejected for similar reasons as in claim 6.

Claims 8 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Lim (US 20120036370) in view of Berengoltz (US 20110126293) and further in view of Rim (US 20120222120).

Claim 8, Lim-Berengoltz discloses The method of claim 1, further comprising: instructing, by the computing system, the network engine to discard the application-specific blocking policy. (Berengoltz, e.g. ¶39-40).  Same motivation as in claim 1 would apply.
Lim-Berengoltz does not appear to explicitly disclose but Rim discloses monitoring, by the computing system, an execution status of the first document-management application; determining, by the computing system, that the execution of the first document-management application is terminated (e.g. ¶123: the monitoring part 130 determines whether execution of the application is ended in step 60. When execution of the application is ended, the monitoring part 130 terminates malware detection.)
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Rim into the invention of Lim-Berengoltz for the purpose of terminating malware detection (Rim, ¶123).

Claim 15, this claim is rejected for similar reasons as in claim 8.

Claims 9 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Lim (US 20120036370) in view of Berengoltz (US 20110126293) and further in view of Barile (US 20100306850).

Claim 9, Lim-Berengoltz discloses The method of claim 1, (see above) and does not appear to explicitly disclose but Barile discloses generating, by the computing system, an alert message when the first document-management application is blocked from accessing the network. (e.g. ¶10: blocking access (e.g., network access) to the client application…notifying a system administrator of the client application)
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Barile into the invention of Lim-Berengoltz for the purpose of mitigating risk of data loss (Barile, ¶10).

Claim 20, Lim-Berengoltz discloses The computer program product of claim 16, wherein the network engine is a Transmission Control Protocol/Internet Protocol (TCP/IP) network engine and the network comprises an IP network. (Berengoltz, e.g. ¶27-28, 39-40).  Same motivation as in claim 1 would apply.
Lim-Berengoltz does not appear to explicitly disclose but Barile discloses generating an alert message when the first document-management application is blocked from accessing the IP network.  (e.g. ¶10, 16, 19: blocking access (e.g., network access) to the client application…notifying a system administrator of the client application)
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Barile into the invention of Lim-Berengoltz for the purpose of mitigating risk of data loss (Barile, ¶10).

Allowable Subject Matter
Claims 2-3 and 7 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Claims 11, 12, 14, 17, and 18 would be allowable if rewritten (a) in independent form including all of the limitations of the base claim and any intervening claims and (b) to overcome any of the claim objection set forth above.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: 

US 20130024944 discloses is a confidential information leakage prevention system which controls a network access request sent from an application program via network access service provision unit and a network access request directly sent from an application program, based on a security level assigned to the application program.

US 20040010701 discloses if an access request to access the resource to be protected is subsequently received, then identification information about a request source program which has outputted the access request is acquired. Then, it is determined whether access to the resource to be protected is permitted or not based on whether the identification information about the request source program has been registered in the access permission management table or not. If access to the resource to be protected is permitted, data in the resource to be protected is processed in response to the access request.


Any inquiry concerning this communication or earlier communications from the examiner should be directed to TRONG NGUYEN whose telephone number is (571)270-7312.  The examiner can normally be reached on Monday through Thursday 9:00 AM - 5:00 PM EST.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, GELAGAY SHEWAYE can be reached on (571)272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/TRONG H NGUYEN/Primary Examiner, Art Unit 2436