DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Acknowledgments
Applicant’s amendment/response filed on March 10, 2021 is acknowledged. Accordingly claims 1-16 and 19-30 remain pending and have been examined.

Response to Arguments
Applicant's arguments filed March 10, 2021 have been fully considered but they are not persuasive.
With respect to independent claim 1, Applicant argues that the claim is not obvious over the cited references for the reason that the proposed combination does not teach or suggest all of the required limitations of claim 1. Specifically that the references either alone or in combination fail to teach or suggest: “… the instance of the local application on the rendering computer providing one or more portions of an output of a remote application instance on the executing computing device…”
In response Examiner respectfully disagrees and submits that the claimed limitation “… the instance of the local application on the rendering computer providing one or more portions of an output of a remote application instance on the executing computing device…” is a non-functional descriptive material that further explain the what happens upon receiving user inputs representing an action of the a user of an instance of a local application which is 
Applicant further argues that a remote isolation server receiving a video stream and validating the video stream before transmitting the video stream to a local browser as described in Amiga is different from “… the instance of the local application on the rendering computer providing one or more portions of an output of a remote application instance on the executing computing device…”as recited in claim 1 because the isolated execution environment is not integrated into the local application.
In response Examiner respectfully disagrees and submits as a preliminary matter that the claimed limitation is a non-functional descriptive material that does not further limit the claimed invention. Examiner further submits that providing the isolated execution environment in a separate box or server for purposes of efficiency does not distinguish the claimed integrated execution environment from the teachings of Amiga and for this reason the rejection should be maintained.
Applicant further argues with respect to claim 1 that the cited references, either alone or in combination, do not teach or suggest:
determining that the user inputs representing the user action includes a trigger event;
responsive to the determined trigger event, evaluating one or more characteristics of one or more fields in the output of the remote application instance to detect one or more candidate sensitive-information fields in the output of the remote application instance on the executing computing device.
In response Examiner respectfully disagrees and submits that Bradley does teach or suggest the claimed limitation: determining that the user inputs representing the user action includes a trigger event;
responsive to the determined trigger event, evaluating one or more characteristics of one or more fields in the output of the remote application instance to detect one or more candidate sensitive-information fields in the output of the remote application instance on the executing computing device.
With respect to “determining that the user inputs representing the user action includes a trigger event” Bradley at paragraph [0027], discloses that “If one or more activities of a client device are determined to be non-compliant, escalating remedial actions are performed by the administrator to bring the client device 120 back into compliance. … In some embodiments, the commands fetched by the client device 120 serve to trigger execution of one or more applications pre-loaded onto the client device 120.” Based on the above, the claim limitation is met and the rejection should be maintained.
With respect to “responsive to the determined trigger event, evaluating one or more characteristics of one or more fields in the output of the remote application instance to detect one or more candidate sensitive-information fields in the output of the remote application instance on the executing computing device” Bradley at paragraph [0010], discloses that “A technical effect of the present disclosure is protection of sensitive data on an enterprise mobile device from unauthorized users by either remotely triggering a complete data wipe on the mobile device or remotely reimaging the mobile device without user interaction through the use of low level machine code.” Based on the above, the claim limitation is met and the rejection should be maintained.
With respect to claims 2-16, 19 and 20, Applicant argues that these claims depend from allowable independent claim 1 and therefore allowable by virtue of their dependency from their respective base claims.
In response Examiner respectfully disagrees and submits that these claims are neither allowable by virtue of their dependency nor for their own individually recited features contained therein.
With respect to independent claim 21, Applicant argues that claim 21 was rejected based on same rationale as independent claim 1 and therefore allowable for the same reasons as in claim 1.
In response Examiner respectfully disagree and incorporate by reference the preceding paragraph with respect to claim 1 as if fully rewritten herein.
With respect to claims 22-30, Applicant argues that these claims depend from allowable independent claim 21 and therefore allowable by virtue of their dependency from their base claim.
In response Examiner respectfully disagrees and submits that these claims are neither allowable by virtue of their dependency from their base claim nor for their own individually recited features contained therein.
In view of the forgoing, it is Examiner’s position that claims 1-16 and 19-30 are not patentable over the references of record and their rejection should be maintained.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-16 and 19-30 is/are rejected under 35 U.S.C. 103 as being unpatentable over Zheng U.S. Patent Application Publication No. 2017/0185799 A1 in view of in view of Amiga et al (hereinafter “Amiga”) U.S. Patent Application Publication No. 2018/0338166 A1. And further in view of Bradley et al (hereinafter “Bradley”) U.S. Patent Application Publication No. 2017/0353497 A1

As per claims 1 and 21, Zheng discloses a non-transitory computer-readable medium that stores instructions that, when executed by one or more processors, cause the one or more processors to perform actions, the actions comprising:
receiving by an executing computer device, user inputs representing an action of a user of an instance of a local application on a rendering computing device, the instance of the local application on the rendering computer providing one or more portions of an output of a remote application instance on the executing computing device that is remotely located, separate, and distinct from the rendering computing device, the local application instance and the remote application instance cooperatively providing an application isolation session;
determining that the user inputs representing the user action includes a trigger event;
responsive to the determined trigger event, evaluating one or more characteristics of one or more fields in the output of the remote application instance to detect one or more candidate sensitive-information fields in the output of the remote application instance on the executing computing device;
evaluating one or more values of the one or more detected candidate sensitive-information fields to determine that the one or more values include candidate sensitive information (see fig. 5, which discloses that “determining, by the DLP system, whether the input string contains potential sensitive data to which a full match is applied by matching the fixed string pattern against one or more stored target strings representative of sensitive data 506);
generating one or more secure versions of the determined candidate sensitive information based on the evaluation (see fig. 5, which discloses that “converting, by the DLP system, the input string into a fixed string pattern based on multiple class definitions including a digit class, a letter class and symbol class” 504) ;
comparing the one or more generated secure versions of the determined candidate sensitive information to one or more stored values to verify that the determined candidate sensitive information includes actual sensitive information (see fig. 5, which discloses that “determining, by the DLP system, whether the input string contains potential sensitive data to which a full match is applied by matching the fixed string pattern against one or more stored target strings representative of sensitive data” 506); and
responsive to the comparison, preventing the verified actual sensitive information from being provided from the local application instance or the remote application instance to another application or computing device (0036, which discloses that “In an exemplary implementation, DLP agent 110-1 can be configured to monitor and prevent transfer of sensitive data via network interface 108”).
What Zheng does not explicitly teach is:
receiving by an executing computer device, user inputs representing an action of a user of an instance of a local application on a rendering computing device, the instance of the local application on the rendering computer providing one or more portions of an output of a remote application instance on an executing computing device that is remotely located, separate, and distinct from the rendering computing device, the local application instance and the remote application instance cooperatively providing an application isolation session;
determining that the user inputs representing the user action includes a trigger event;
responsive to the determined trigger event, evaluating one or more characteristics of one or more fields in the output of the remote application instance to detect one or more candidate sensitive-information fields in the output of the remote application instance on the executing computing device;
Amiga discloses non-transitory computer-readable medium wherein:
receiving by an executing computer device, user inputs representing an action of a user of an instance of a local application on a rendering computing device, the instance of the local application on the rendering computer providing one or more portions of an output of a remote application instance on an executing computing device that is remotely located, separate, and distinct from the rendering computing device, the local application instance and the remote application instance cooperatively providing an application isolation session (0056, which discloses that “In this client-side embodiment of the method 200, a user may spin up (e.g., execute) the browser 114 on their local network device 104 and browse (e.g., by typing in a URL to the address bar of a browser 114 or clicking on a link in an email message) to the webpage 120a that contains the video stream 121a.  As a result of this action, a request may be sent from the local network device 104.”);
determining that the user inputs representing the user action includes a trigger event;
responsive to the determined trigger event, evaluating one or more characteristics of one or more fields in the output of the remote application instance to detect one or more candidate sensitive-information fields in the output of the remote application instance on the executing computing device;
Bradley discloses non-transitory computer-readable medium wherein:
determining that the user inputs representing the user action includes a trigger event (0027, which discloses that “If one or more activities of a client device are determined to be non-compliant, escalating remedial actions are performed by the administrator to bring the client device 120 back into compliance. … In some embodiments, the commands fetched by the client device 120 serve to trigger execution of one or more applications pre-loaded onto the client device 120.”);
responsive to the determined trigger event, evaluating one or more characteristics of one or more fields in the output of the remote application instance to detect one or more candidate sensitive-information fields in the output of the remote application instance on the executing computing device (0010, which discloses that “A technical effect of the present disclosure is protection of sensitive data on an enterprise mobile device from unauthorized users by either remotely triggering a complete data wipe on the mobile device or remotely reimaging the mobile device without user interaction through the use of low level machine code.”)
Accordingly it would have been obvious to one of ordinary skill in the art at time of applicant’s invention to modify the non-transitory computer-readable medium of Zheng and incorporate the non-transitory computer-readable medium comprising: receiving by an executing computer device, user inputs representing an action of a user of an instance of a local application on a rendering computing device, the instance of the local application on the rendering computer providing one or more portions of an output of a remote application instance on an executing computing device that is remotely located, separate, and distinct from the rendering computing device, the local application instance and the remote application instance cooperatively providing an application isolation session; determining that the user inputs representing the user action includes a trigger event; responsive to the determined trigger event, evaluating one or more characteristics of one or more fields in the output of the remote application instance to detect one or more candidate sensitive-information fields in the output of the remote application instance on the executing computing device in view of the teachings of Amiga and Bradley respectively in order to prevent unauthorized user access to sensitive information. 

As per claim 2, Zheng failed to explicitly disclose the non-transitory computer-readable medium, wherein the actions further comprise: before detecting an action of a user of an instance of a local application on a rendering computing device:
detecting one or more key event listeners in script loaded in the local application instance or the remote application instance; and
disabling the one or more detected key event listeners.
Bradley discloses the non-transitory computer-readable medium, wherein the actions further comprise: before detecting an action of a user of an instance of a local application on a rendering computing device:
detecting one or more key event listeners in script loaded in the local application instance or the remote application instance (0010; 0012); and
disabling the one or more detected key event listeners (0010; 0012).
Accordingly it would have been obvious to one of ordinary skill in the art at time of applicant’s invention to modify the non-transitory computer-readable medium of Zheng and incorporate the non-transitory computer-readable medium comprising: wherein the actions further comprise: before detecting an action of a user of an instance of a local application on a rendering computing device: detecting one or more key event listeners in script loaded in the local application instance or the remote application instance; and disabling the one or more detected key event listeners in view of the teachings of Bradley in order to prevent unauthorized user access to sensitive information by enhancing security.

As per claim 3,  Zheng further discloses the non-transitory computer-readable medium of claim 1, wherein the trigger event includes a user action on a web page that is determined to be absent from a whitelist (0036; 0039).

As per claim 4, Zheng further discloses the non-transitory computer-readable medium, wherein the trigger event includes a form submit event (see figs. 3 and 4 including associated text).

As per claim 5, Zheng further discloses the non-transitory computer-readable medium, wherein a total number of the one or more detected candidate sensitive-information fields in the output of the remote application instance is less than a total number of input fields in the output of the remote application instance (Zheng: figs. 3 and 4 and associated text).

As per claim 6, both Zheng and Bradley further discloses the non-transitory computer-readable medium, wherein evaluating the one or more values of the one or more detected candidate sensitive-information fields comprises:
evaluating the one or more values of the one or more detected candidate sensitive-information fields for compliance with one or more enterprise sensitive-information rules (Zheng: see figs. 3 and 4 including associated text; Bradley: 0010; 0012; 0019);
determining that the one or more values of the one or more detected candidate sensitive-information fields comply with the one or more enterprise sensitive-information rules (Zheng: see figs. 3 and 4 including associated text; Bradley: 0010; 0012; 0019); and
determining that the one or more values include candidate sensitive information based on the determination that the one or more values of the one or more detected candidate sensitive-information fields comply with the one or more enterprise sensitive-information rules (Zheng: see figs. 3 and 4 including associated text; Bradley: 0010; 0012; 0019).

As per claim 7, both Zheng and Bradley discloses the non-transitory computer-readable medium of claim 1, wherein comparing the one or more generated secure versions of the determined candidate sensitive information to one or more stored values comprises:
providing the one or more generated secure versions of the determined candidate sensitive information to an enterprise authentication service (Zheng: see figs. 3 and 4 including associates text; Bradley: 0019; 0027); and
obtaining from the enterprise authentication service an indication that the one or more generated secure versions of the determined candidate sensitive information have been verified to include actual sensitive information (Zheng: see figs. 3 and 4 including associates text; Bradley: 0019; 0027).

As per claim 8, Zheng further discloses the non-transitory computer-readable medium of claim 1, wherein comparing the one or more generated secure versions of the determined candidate sensitive information to one or more stored values comprises:
comparing a generated secure version of a first portion of the determined candidate sensitive information to one or more values that are stored on the rendering computing device or the executing computing device to determine that the generated secure version of the first portion of the determined candidate sensitive information includes actual sensitive information (see fig. 5 and associated text; 0028);
providing a generated secure version of a second portion of the determined candidate sensitive information to an authentication manager (see fig. 5 and associated text; 0028); and
obtaining from the authentication manager an indication that the generated secure version of the second portion of the determined candidate sensitive information has been verified to include actual sensitive information (0028; 0036).

As per claim 9, Zheng further discloses the non-transitory computer-readable medium, wherein the actions further comprise:
providing to the user an option to request that a whitelist include a web page that caused the remote application instance to provide the output (0039; 0040);
obtaining user selection of the option to request from the user (0039; 0040); and
responsive to the request being granted, determining that the user action fails to include the trigger event during a subsequent occasion in which the web page causes the remote application instance to provide the output and allowing the verified actual sensitive information to be provided from the local application instance and the remote application instance to a web host of the web page (0039; 0040).

As per claim 10, Zheng further discloses the non-transitory computer-readable medium, wherein the actions further comprise:
notifying the user that the verified actual sensitive information includes one or more enterprise credentials that are prohibited from being employed with non-enterprise accounts, services, or web pages (0036; 0039); and
requiring the user to change credential information associated with the user and a non-enterprise account, service, or web page associated with the trigger event (0010; 0012; 0019).

As per claim 11, Zheng further discloses the non-transitory computer-readable medium, wherein preventing the verified actual sensitive information from being provided from the local application instance or the remote application instance to another application or computing device comprises clearing or modifying one or more portions of the verified actual sensitive information before providing one or more user inputs from the local application instance on the rendering computing device to the remote application instance on the executing computing device (0036; 0039).

As per claim 12, Zheng further discloses the non-transitory computer-readable medium, wherein preventing the verified actual sensitive information from being provided from the local application instance or the remote application instance to another application or computing device comprises clearing or modifying one or more portions of the verified actual sensitive information before providing one or more values for at least one of the one or more fields in the output of the remote application instance that are determined to not include sensitive information from the local application instance on the rendering computing device to the remote application instance on the executing computing device (0030).

As per claim 13  Zheng further discloses the non-transitory computer-readable medium, wherein preventing the verified actual sensitive information from being provided from the local application instance or the remote application instance to another application or computing device comprises clearing or modifying one or more portions of the verified actual sensitive information after providing one or more values for the one or more fields in the output of the remote application instance from the local application instance on the rendering computing device to the remote application instance on the executing computing device and before providing one or more values for at least one of the one or more fields in the output of the remote application instance that are determined to not include sensitive information from the remote application instance on the executing computing device to a third-party web host (see figs. 6A and 6B including associated text; 0030).

As per claim 14, Zheng further discloses the non-transitory computer-readable medium, wherein the local application instance on the rendering computing device is an instance of a web browser, and one or more of the actions are performed by a web application loaded in the web browser instance on the rendering computing device (0036; 0039).

As per claim 15, Zheng further discloses the non-transitory computer-readable medium, wherein the local application instance on the rendering computing device is an instance of an isolator application, and one or more of the actions are performed by the isolator application instance on the rendering computing device (0036; 0039).

As per claim 16, Zheng further discloses the non-transitory computer-readable medium, wherein one or more of the actions are performed by the executing computing device (see fig. 2 and associated text; see claim 1).

As per claim 19, Zheng further discloses the non-transitory computer-readable medium, wherein the actions further comprise providing, from the executing computing device, one or more files to the rendering computing device to cause the local application instance on the rendering 
computing device to provide one or more indications of one or more user inputs to the remote application instance on the executing computing device (0038; 0040).

As per claim 20, Zheng further discloses the non-transitory computer-readable medium, wherein the actions further comprise providing, from the executing computing device, one or more files to the rendering computing device to cause the local application instance on the rendering computing device to perform one or more of the actions (0038; 0040).

As per claim 22, Zheng further discloses the non-transitory computer-readable medium, wherein preventing the verified actual sensitive information from being provided from the local application instance or the remote application instance to another application or computing device comprises executing one or more prevention solutions in a cascading hierarchy (0036; 0040).

As per claim 23, Zheng further discloses the non-transitory computer-readable medium, wherein evaluating information that the user attempts to provide to the remote application instance via the local application instance to determine that the evaluated information includes candidate sensitive information comprises evaluating information that the user attempts to provide to the remote application instance responsive to a determination that the output of the remote application instance is based on a non-whitelisted website (0036; 0040).

As per claim 24, Zheng further discloses the non-transitory computer-readable medium, wherein evaluating information that the user attempts to provide to the remote application instance via the local application instance to determine that the evaluated information includes candidate sensitive information comprises evaluating information that the user attempts to provide to the remote application instance responsive to a determination that the user initiates a form submit event (0036; 0040).

As per claim 25, both Zheng and Bradley further discloses the non-transitory computer-readable medium, wherein evaluating information that the user attempts to provide to the remote application instance via the local application instance to determine that the evaluated information includes candidate sensitive information comprises:
evaluating the information that the user attempts to provide to the remote application instance via the local application instance for compliance with one or more enterprise sensitive-information rules (0040; Bradley: 0010; 0012; 0019);
determining that one or more portions of the evaluated information complies with the one or more enterprise sensitive-information rules (0040; 0053; Bradley: 0010; 0012; 0019); and
determining that the one or more portions of the evaluated information include candidate sensitive information based on the determination that the one or more portions of the evaluated information comply with the one or more enterprise sensitive-information rules (0040; 0053; Bradley: 0010; 0012; 0019).

As per claim 26, Zheng further discloses the non-transitory computer-readable medium, wherein preventing the verified actual sensitive information from being provided from the local application instance or the remote application instance to another application or computing device comprises clearing or modifying one or more portions of the verified actual sensitive information after providing the information that the user attempts to provide from the local application instance to the remote application instance and before providing one or more other portions of the information that the user attempts to provide from the remote application instance to another application or computing device (see figs. 6A and 6B including associated text; 0030; 0040).

As per claim 27, Zheng further discloses the non-transitory computer-readable medium, wherein the local application instance on the rendering computing device is an instance of a web browser, and one or more of the actions are performed by a web application loaded in the web browser instance on the rendering computing device (0036; 0039; 0040).

As per claim 28, Zheng further discloses the non-transitory computer-readable medium, wherein the local application instance on the rendering computing device is an instance of an isolator application, and one or more of the actions are performed by the isolator application instance on the rendering computing device (0036; 0039; 0040).

As per claim 29, Zheng further discloses the non-transitory computer-readable medium, wherein the remote application instance is executing on an executing computing device that is remotely located, separate, and distinct from the rendering computing device, and one or more of the actions are performed by the executing computing device (see fig. 1A including associated text; 0039; 0040).

As per claim 30, Zheng further discloses the non-transitory computer-readable medium, wherein the remote application instance is executing on an executing computing device that is remotely located, separate, and distinct from the rendering computing device, and the actions further comprise providing, from the executing computing device, one or more files to the rendering computing device to cause the local application instance on the rendering computing device to provide one or more indications of one or more user inputs to the remote application instance on the executing computing device (see fig. 1A including associated text; 0036; 0039; 0040).

Conclusion

THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Charles C. Agwumezie whose number is (571) 272-6838. The examiner can normally be reached on Monday – Friday 8:00 am – 5:00 pm.
	If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Calvin Hewitt can be reached on (571) 272 – 6709.
	Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/CHINEDU C AGWUMEZIE/Primary Examiner, Art Unit 3685                                                                                                                                                                                                        /CHINEDU C AGWUMEZIE/May 6, 2021