DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 
Response to Amendment
Applicant’s amendment filed 09 June 2021 amends claims 34-36, 41, 42, and 51-53. Applicant’s amendment has been fully considered and entered.
Response to Arguments
Applicant argues, “Without conceding the propriety of these rejections, the applicant has filed the requested terminal disclaimer herewith to obviate these grounds of rejection and advance prosecution of the remaining issues.” In response, to date no terminal disclaimer has been received. Therefore, the double patenting rejections will be maintained.
Applicant argues, “However, Heron and Dixon, alone or in any proper combination, have not been shown to have described or made obvious ‘permitting a user to configure the test mode to escalate the software application from the test mode to an insecure mode by providing the software application with access to additional resources of the endpoint with the application controller’ as recited in the independent claims 34 and 51, or a processor configured to ‘permit a user to configure the test mode to escalate the software application from the test mode to 
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 34, 36-51, 53 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 10,515,211, in view of Dalcher, U.S. Publication No. 2011/0145926. Although the claims at issue are not identical, they are not patentably distinct from each other because the claims of the ‘211 patent include all the limitations of the instant application except that the claimed escalation is configured by a user.
Dalcher discloses a monitoring component that dynamically evaluates whether the execution environment of an application should be changed ([0023]-[0026] & [0085] & [0087]: moved from sandbox environment to standard execution environment) such that a user such as an administrator can control the security policy utilized by the dynamic evaluation procedure ([0090]), which meets the limitation of permitting a user to configure the test mode to escalate the software application from the test mode to an insecure mode by providing the software application with access to additional resources of the endpoint with the application controller. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the claimed escalation of the ‘211 patent to have been configured by a user such as an administrator because Dalcher discloses that administrator configuration is one of a finite number of possible implementations of the configuration that could have been implemented by one of ordinary skill in the art with a reasonable expectation of success.
Instant Application
US Patent No. 10,515,211
in response to a selection of a file, retrieving, with the application controller at least one access and security parameter for the file; (Claim 34)
in response to a selection of a file, 
retrieving a reputation of the file stored in metadata for the file, wherein 
the reputation includes at least one access and security parameter for the file and wherein the reputation is remotely stored in a database independent of the application controller and accessible by the application controller; (Claim 1)
selecting a software application in an application environment on the endpoint to open the file based on a security configuration according to the access or security control measure and a corresponding determination of whether the file is a secure file having a good reputation or an insecure file having a poor or unknown reputation; (Claim 34)
in response to the access and security parameter, selecting a software application with the application controller from a number of software applications on the endpoint for opening the file based on the reputation of the file and a security configuration of the number of software applications, wherein the number of software applications include at least one insecure application for opening the file in an application environment when the file has a good reputation and at least one secure application for opening the file in the application environment when the file has a poor or unknown reputation, and, as compared to opening the file in the application environment with the at least one insecure application, the at least one secure application opens the file in the application environment with more limited access to resources of the 
application environment; (Claim 1)
launching the selected software application to open the file and access the file in accordance with the security configuration; (Claim 34)
launching the selected software application to open the file and access the file in accordance with the security configuration for the selected software application; (Claim 1)
controlling a use of the file by the selected software application with the application controller in a test mode to require that the use of the file is in accord with the at least one access and security parameter for the file; (Claim 34)
managing use of the file by the software application with the application controller… granting the selected software application access 
to additional resources of the application environment upon determination that the file is safe and imposing more restrictions on access to resources of the application environment by the selected software application upon determining 
that the file contains a threat. (Claim 1)
and permitting [a user] to configure the test mode to escalate the software application from the test mode to an insecure mode by providing the software application with access to additional resources of the endpoint with the application controller. (Claim 34)
and escalating the selected software application to an insecure application by granting the selected software application access to additional resources of the application environment upon determination that 
the file is safe and imposing more restrictions on access to resources of the application environment by the selected software application upon determining that the file contains a threat. (Claim 1)


Claims 35, 52 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 10,515,211, in view of Dalcher, U.S. Publication No. 2011/0145926, and further in view of Dixon, U.S. Publication No. 2008/0109473. Referring to claims 35, 52, the claims of the ‘473 patent do not specify that the metadata includes security definitions for the file. Dixon discloses metadata labels in content that specify a reputation of the content ([0041] & [0333]) and access procedures ([0345]), which meets the limitation of wherein the security definitions for the file are in the metadata for the file. It would have been obvious to one of ordinary skill in the art at the time the invention was made for the metadata of the ‘473 patent to have included the metadata label described in Dixon in order to provide an indication that the files are good, bad, or need analyzed as discussed by Dixon ([0041] & [0170]).
Claims 34-53 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-28 of U.S. Patent No. 9,390,263, in view of Dalcher, U.S. Publication No. 2011/0145926. Although the claims at issue are not identical, they are not patentably distinct from each other because the claims of the ‘263 patent include all the limitations of the instant application except for the claimed escalation.
Dalcher discloses a monitoring component that dynamically evaluates whether the execution environment of an application should be changed ([0023]-[0026] & [0085] & [0087]: moved from sandbox environment to standard execution environment) such that a user such as an administrator can control the security policy utilized by the dynamic evaluation procedure ([0090]), which meets the limitation of permitting a user to configure the test mode to escalate the software application from the test mode to an insecure mode by providing the software application with access to additional resources of the endpoint with the application controller. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the claimed escalation of the ‘263 patent to have to have included the ability to dynamically change the execution environments in order to provide flexible enforcement that does not limit an application’s functional abilities while shielding the host system from potential harm as discussed in Dalcher ([0019]).
Instant Application
US Patent No. 9,390,263
in response to a selection of a file, retrieving, with the application controller at least one access and security parameter for the file; (Claim 34)
in response to a selection of a file, 
retrieving a reputation of the file stored in metadata for the file, wherein the reputation includes at least one access and security parameter for the file and wherein the reputation is remotely stored in a database independent of the 
application controller and accessible by the application controller…; (Claim 1)
selecting a software application in an application environment on the endpoint to open the file based on a security configuration according to the access or security control measure and a corresponding determination of whether the file is a secure file having a good reputation or an insecure file having a poor or unknown reputation; (Claim 34)
in response to the access and security 
parameter, selecting a software application from at least two software 
applications in an application environment on the endpoint to open the file based on a security configuration of each of the at least two software applications and a corresponding determination of whether the file is a secure encrypted file or an insecure unencrypted file…; (Claim 1)
launching the selected software application to open the file and access the file in accordance with the security configuration; (Claim 34)
launching the selected software 
application to open the file and access the file in accordance with the security configuration for the selected software application. (Claim 1)
controlling a use of the file by the selected software application with the application controller in a test mode to require that the use of the file is in accord with the at least one access and security parameter for the file. (Claim 34)
wherein the application controller determines at least one access or security control measure for the 
selected software application.. (Claim 28)
and permitting [a user] to configure the test mode to escalate the software application from the test mode to an insecure mode by providing the software application with access to additional resources of the endpoint with the application controller. (Claim 34)
Dalcher ([0023]-[0026] & [0085] & [0087])



Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under pre-AIA  35 U.S.C. 103(a) are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 34, 36-41, 51, 53 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Heron, U.S. Publication No. 2013/0247129, in view of Dalcher, U.S. Publication No. 2011/0145926. Referring to claims 34, 51, 53, Heron discloses a reputation system wherein the reputation of a file is determined when the file is downloaded or accessed ([0039]-[0040] & [0042]), which meets the limitation of in response to a selection of a file, retrieving, with the application controller at least one access and security parameter for the file. Based on the reputation, the file can be opened without further intervention ([0041]: reputation has good rating and application opening the file would be considered a first/insecure application accessing the file) or the file can be subjected to additional scanning ([0043]: reputation has bad rating and application scanning the file would be considered a second/secure application accessing the file), which meets the limitation of selecting a software application in an application environment on the endpoint to open the file based on a security configuration according to the access or security control measure and a corresponding determination of whether the file is a secure file having a good reputation or an insecure file having a poor or unknown reputation, selecting a software application with the application controller from a number of software applications on the endpoint for opening the file based on a security configuration according to the at least one access and security parameter, wherein the number of software applications include at least one insecure application for opening the file when the file has a good reputation and at least one secure application for opening the file when the file has a poor or unknown reputation, launching the selected software application to open the file and access the file in accordance with the security configuration. Heron discloses that the reputation system is implemented using ROM (Figure 2, 216) and RAM (Figure 2, 214), which meets the limitation of a memory storing computer executable instructions that, when executed, provide an application controller for managing applications executing on the endpoint. The reputation system additionally includes a CPU (Figure 2, 210), which meets the limitation of a processor.
Heron does not specify that the additional scanning performed, when the file is determined to have a bad reputation, includes execution of the file. However, Heron does disclose a scanning procedure that executes files in an isolated environment ([0030]-[0031]), which meets the limitation of launching the selected software application to open the file and access the file in accordance with the security configuration for the selected software application, controlling a use of the file by the selected software application with the application controller in a test mode to require that the use of the file is in accord with the at least one access security parameter for the file. Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention was made for the additionally scanning performed in Heron, when the file is determined to have a bad reputation, to have included the execution of the file in an isolated environment in order to enable the user to positively identify undesirable characteristics in the file as suggested by Heron ([0029]-[0030]).
	Heron does not disclose changing the execution environment of the file. Dalcher discloses a monitoring component that dynamically evaluates whether the execution environment of an application should be changed ([0023]-[0026] & [0085] & [0087]: moved from sandbox environment to standard execution environment) such that a user such as an administrator can control the security policy utilized by the dynamic evaluation procedure ([0090]), which meets the limitation of permitting a user to configure the test mode to escalate the software application from the test mode to an insecure mode by providing the software application with access to additional resources of the endpoint with the application controller. It would have been obvious to one of ordinary skill in the art at the time the invention was made to have provided the ability to dynamically change the execution environments in Heron in order to provide flexible enforcement that does not limit an application’s functional abilities while shielding the host system from potential harm as discussed in Dalcher ([0019]).
Referring to claims 36-40, Heron discloses that the additional scanning can include emulation ([0030]-[0031] & Claim 25: emulation controls all aspects of the emulated code while preventing the emulated code from accessing any system functionality such as network/file/process/memory access), which meets the limitation of wherein controlling a use of the file by the selected software application includes managing communications relating to the software application, wherein communications relating to the selected software application include a network access communication/file access communication/process access communication/memory access communication.
Referring to claim 41, Heron discloses that the files may be text files, word processing files, spreadsheet files, picture files, executable files, or script files ([0020]: each file type described above has a corresponding file format. Therefore, reputation of the file would “relate” to the file format), which meets the limitation of wherein the at least one access and security parameter relates to a file format of the file.
Claims 35, 52 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Heron, U.S. Publication No. 2013/0247129, in view of Dalcher, U.S. Publication No. 2011/0145926, and further in view of Dixon, U.S. Publication No. 2008/0109473. Referring to claims 35, 52, Heron does not disclose that the reputation information is stored in the file metadata. Dixon discloses metadata labels in content that specify a reputation of the content ([0041] & [0333]) and access procedures ([0345]), which meets the limitation of wherein the at least one access and security parameter for the file is retrieved from a metadata for the file. It would have been obvious to one of ordinary skill in the art at the time the invention was made for the files of Heron to have included the metadata label described in Dixon in order to provide an indication that the files are good, bad, or need analyzed as discussed by Dixon ([0041] & [0170]).
Claims 42-47, 50 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Heron, U.S. Publication No. 2013/0247129, in view of Dalcher, U.S. Publication No. 2011/0145926, and further in view of Oberheide, U.S. Publication No. 2009/0044024. Referring to claims 42, 47, Heron, as modified in view of Dalcher above, does not disclose that the file headers include the network source of the files or host context metadata. Oberheide discloses that file headers include metadata such as the network source of the file ([0029]), host context metadata that includes operating system version or associated applications and libraries ([0030]), which meets the limitation of the at least one access and security parameter relates to an originating location of the file, the origination location is a third software application. It would have been obvious to one of ordinary skill in the art at the time the invention was made for the file headers of Heron to have included the metadata described in Oberheide in order to properly identify new or unanalyzed files as discussed in Oberheide ([0026]).
Referring to claim 43, Oberheide does not specify that the source information is a URL. However, the Examiner takes OFFICIAL NOTICE that the use of URLs to identify network sources was well known in the art at the time of the invention. Therefore, it would have been obvious to one of ordinary skill in the art at the time of the invention was made for the network source information of Oberheide to have included a URL because URLs were well known at the time of the invention for identifying network sources and could have been implemented by one of ordinary skill in the art with a reasonable expectation of success.
Referring to claims 44-46, Heron discloses that the files can be communicated over a wide area network or a local area network ([0018]-[0019]), which meets the limitation of the originating location is an intranet, the originating location is a server address, the originating location is an IP address.
Heron, as modified by Dixon above, does not disclose that the file headers include the network source of the files or host context metadata. Oberheide discloses that file headers include metadata such the network source of the file ([0029]), host context metadata that includes operating system version or associated applications and libraries ([0030]), which meets the limitation of reputation information in the metadata includes data relating to an originating location of the file. It would have been obvious to one of ordinary skill in the art at the time the invention was made for the file headers of Heron to have included the metadata described in Oberheide in order to properly identify new or unanalyzed files as discussed in Oberheide ([0026]).
Referring to claim 50, Heron discloses that the additional scanning can include emulation ([0030]-[0031] & Claim 25). Heron, as modified in view of Dixon above, does not disclose that a report is generated based on the additional scanning. Oberheide discloses that a report is generated in response to scanning performed on a file ([0044]), which meets the limitation of a new file created by the selected software application is further associated with the reputation of the file. It would have been obvious to one of ordinary skill in the art at the time the invention was made to have generated a report in response to the additional scanning of Heron in order to aid in the determination of the file as malicious/unwanted as discussed in Oberheide ([0044]).
Claims 48, 49 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Heron, U.S. Publication No. 2013/0247129, in view of Dalcher, U.S. Publication No. 2011/0145926, in view of Oberheide, U.S. Publication No. 2009/0044024, and further in view of Trumper, U.S. Publication No. 2006/0282887. Referring to claims 48, 49, Oberheide discloses that file headers include metadata such as host context metadata that includes operating system version. Oberheide does not specify that the operating system versions can be considered secure/insecure. Trumper discloses operating system versions being considered secure/insecure ([0011] & [0015]), which meets the limitation of wherein the third software application is a secure/insecure application. It would have been obvious to one of ordinary skill in the art at the time the invention was made for the operating system versions of Oberheide to have been associated with a secure/insecure designation because certain operating system versions have corresponding vulnerabilities and may not be considered to be trusted as suggested by Trumper ([0011]).
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BENJAMIN E LANIER whose telephone number is (571)272-3805.  The examiner can normally be reached on M-Th: 6:20-4:50.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on 5712724063.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/BENJAMIN E LANIER/Primary Examiner, Art Unit 2437