DETAILED ACTION
This Office Action is in response to the communication filed on 06/09/2021.
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
As per instant Amendment, submitted on 06/09/2021, claim 1 has been amended.  
As per instant Amendment, submitted on 06/09/2021, claims 1-20 have been examined and are pending; claims 1, 8 and 15 are independent claims.
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant’s submission filed on 06/09/2021 has been entered.
Claim Objections
Claim 1 is objected to because of the following informalities.
As to the claim 1, the claim recites limitation, in lines 7-8, “removing one or more public access features associated with the first component such that the effects of traditional public access is nullified by adding a stub” in a format with “such that” as an optional language (emphasis added). As a matter of linguistic precision, optional claim elements do not narrow claim limitations since they can be omitted (In re Johnston, 77 USPQ2d 1788 such that” phrase. As an option, claim can be amended to recite, , “removing one or more public access features associated with the first component, where the effects of traditional public access is nullified by adding a stub.”
Appropriate corrections are required.
Response to Arguments
In attempt to accelerate the prosecution process, the Examiner has contacted the Applicant’s representative Mr. Rau, Nathan (Reg. No. 45,466) on 06/16/2021 and 06/21/21, and left voice mail on both days for proposing an examiner amendment to the claims for an allowance. However, the Examiner did not receive any reply by 07/06/2021, and proceeded with the office action.
Applicant’s arguments with respect prior-art rejections to claims 1-7, filed on 06/09/2021, have been considered the prior art rejections are withdrawn based on the amendment to claim 1, and the arguments/remarks presented with the amendment.
Applicants’ arguments in the instant Amendment, filed on 06/09/2021, with respect to the prior-art rejections to claims 8-20, and limitations listed below, have been fully considered but they are not persuasive.
Applicant’s arguments: As to independent claim 8, the Applicant submits that the independent claims 8 and 15 include features substantially similar to claim 1, and are therefore, believed allowable as well, at least, for substantially the same reasons, and the dependent claims 9-14 and 16-20 are believed allowable as well, at least, based on  (Applicant Arguments/Remarks, 06/09/2021, page 9 )
The Examiner disagrees with the Applicants. The Examiner respectfully submits that independent claims 8 and 15 are not similar. These claims do not recite the scope that are included in claim 1 with the amendment submitted on 06/09/2021. Therefore, independent claims 8 and 15 are rejected at least based on the reference applied to the claims and addressed in the office action. The dependent claims 9-14 and 16-20 are rejected at least based on the rationale for their respective base claims, and the reference applied to the claims 9-14 and 16-20.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the 
Claims 8-20 are rejected under 35 U.S.C. 103 as being unpatentable over Peterson (“Peterson,” US 2015/0007259, published on 01/01/2015), in view of Scott et al (“Scott,” US 7,774,620, patented on 08/10/2020).
As to claim 8, Peterson teaches a system for building a secure computing device application, the system comprising: a computing device having a processor; and a computer readable storage medium having program instructions embodied therewith, the program instructions executable by the processor to cause the system (Peterson: pars 0008-0010, 0027, a system and method for customizing application security, by applying security rules on selected portion of code, resulting fine-tuning of security features of the application) to: 
scan one or more communication interfaces of a first application (Peterson: pars 0010, 0042, target code may be parsed in a certain manner and linked against the app security program; object code provides an interface to the mobile device operating system); and
add, to the first application, a first module to control access to data to or from the first component via one or more security rules (Peterson: pars 0010-0011, 0042, 0054, 0075, dynamic library [module] is injected into the app; class files for the app security program are generated based on the one or more policies (rules). Java class files are replaced with the class files generated based on the policies. Runtime policy compiler inputs the policy parameter. Source code is compiled to object code and is then linked to SDK libraries).
Peterson does not explicitly teach determine, in response to the scanning, that at least a first component of the first application is subject to public access from any application; and
remove one or more public access features associated with the first component, wherein the first component is no longer subject to public access from any application.
However, in an analogous art, Scott teaches determine, in response to the scanning, that at least a first component of the first application is subject to public access from any application (Stott: col. 5, lines 16-31, col 10, lines 50-54, canning its constituent parts to find links, data sources, web services, and other pieces of code that can indicate a potential compromise to security; find universal resource locators (URLs) indicating that the application attempts to communicate with remote locations [i.e. public accessible component]); and
remove one or more public access features associated with the first component, wherein the first component is no longer subject to public access from any application (Stott: col. 10, lines 39-65, a mechanism where process performs prohibiting [i.e. preventing] an application performing operations those are identified as potentially damaging. potentially damaging operations found in the application are neutralized, so that no data source outside the application boundaries can be contacted. Application access rights are removed based on the rule).
before the effective filing date of the claimed invention to combine the teachings of Scott with the method/system of Peterson for the benefit of providing a user with a means for scanning the component of application that is openly accessible by any application and system/subsystem, and restricting the access control to the application for enhancing security during runtime stage (Stott: col. 5, lines 16-31; col 10, lines 39-65).
As to claim 9, the combination of Peterson and Scott teaches the system of claim 8, 
Peterson further teaches wherein the first application is executed on a mobile device and the first application receives a first invocation message from a second application executing on the mobile device, the first invocation message requesting to read a first set of data from the first component (Peterson: pa. 70, when the security-related processing is over, the app security program calls the original "write" function in the app code to complete the call), the first module causes the first application to: obtain a first set of details associated with the read (Peterson: pars 0003, 0070, security for apps running on mobile devices. The app code invokes a "write" function);
compare the first set of details with the one or more security rules to determine whether the read may occur; and restrict, based on at least the one or more security rules, the first invocation message by blocking the read of the first set of data from the first component (Peterson: pars 0046, 0070, write" function is eventually called or used by the app security program, but not used initially [i.e. restricted]. The data involved or needed for the function may be processed (e.g., encrypted, scrambled, etc.); all information the app creates is stored in encrypted form).
As to claim 10, the combination of Peterson and Scott teaches the system of claim 8, 
Peterson further teaches wherein a first rule of the one or more security rules permits any explicit invocations to be sent from the first application, the first rule not permitting any implicit invocations to be sent from the first application, the explicit invocations identifying a specific recipient application by name, the implicit invocations identifying a particular action to be executed without identifying a particular recipient application by name (Peterson: par. 56; identity-based [name] control of apps or services and highly granular control over app behavior [particular action]; par. 99; the code written by the app developer is tied to a specific customizable action point. It is also useful to note that each action point is associated with a specific policy. As noted, at step 1010 policies are configured. Once all the action points have been selected and tied to their targets, the one or more policies associated with the action points are said to be configured with the action point target code).
As to claim 11, the combination of Peterson and Scott teaches the system of claim 8, 
Peterson further teaches wherein a first rule of the one or more security rules permits a first set of data to be read from the first component, the one or more security rules including a second rule to block a second set of data to be read from the first component (Peterson: par 0049, a user is attempting to paste or copy sensitive data from a classified app to a non-classified app, the app control program may change the copy of the data that is being pasted to garbage or essentially make it meaningless).
As to claim 12, the combination of Peterson and Scott teaches the system of claim 8, 
Peterson further teaches wherein the one or more security rules includes a first rule that only particular application types are permitted to read from the first component or write to the first component (Peterson: par 0027, preventing device software applications from infecting or otherwise damaging a device. These types of applications, used often on a variety of mobile devices; par. 0045; take into consideration the category of the app, the type and nature of app, the author, the age-appropriateness, and numerous other factors).
As to claim 13, the combination of Peterson and Scott teaches the system of claim 8, 
Peterson further teaches wherein the one or more security rules includes a first rule to permit a second application to write a first set of data to the first component, the one or more security rules including a second rule to block the second application from writing a second set of data to the first component (Peterson: par 0047, the call may be allowed to pass to the operating system as shown in step 506. Here the call is made to the device operating system and the app executes in a normal manner).
As to claim 14, the combination of Peterson and Scott teaches the system of claim 8, 
Peterson further teaches wherein the first application includes a plurality of components, the one or more security rules includes a first rule to permit the first component to invoke a second component only after the first component invokes a third (Peterson: par. 83; policy 904 comprised of computer code, has embedded in its code action points 906a-c. Action points 906a-c are [first] code that, when executed, calls specific app developer code [second], referred to as targets 908a-c. This is code inserted into the wrapped app by the developer to achieve a particular function. When target code 908a-c executes it calls other functions or links to other libraries [third]; there can be multiple action points 906a-c in one or more policies 904 which call multiple targets 908a-c; there can also be more than one policy 904 in a secured app).
As to claim 15, Peterson teaches a computer program product for building a secure computing device application, the computer program product comprising a computer readable storage medium having program code embodied therewith, the program code comprising computer readable program code (Peterson: pars 0008-0010, 0027, a system and method for customizing application security, by applying security rules on selected portion of code, resulting fine-tuning of security features of the application) configured for:
scanning one or more communication interfaces of a first application (Peterson: pars 0010, 0042, target code may be parsed in a certain manner and linked against the app security program; object code provides an interface to the mobile device operating system); and
adding, to the first application, a first module to control access to data to or from the first component via one or more security rules (Peterson: pars 0010-0011, 0042, 0054, 0075, dynamic library [module] is injected into the app; class files for the app security program are generated based on the one or more policies (rules). Java class files are replaced with the class files generated based on the policies. Runtime policy compiler inputs the policy parameter. Source code is compiled to object code and is then linked to SDK libraries).
Peterson does not explicitly teach determining, in response to the scanning, that at least a first component of the first application is subject to public access from any application; and
removing one or more public access features associated with the first component, wherein the first component is no longer subject to public access from any application.
However, in an analogous art, Scott teaches determining, in response to the scanning, that at least a first component of the first application is subject to public access from any application (Stott: col. 5, lines 16-31, col 10, lines 50-54, canning its constituent parts to find links, data sources, web services, and other pieces of code that can indicate a potential compromise to security; find universal resource locators (URLs) indicating that the application attempts to communicate with remote locations [i.e. public accessible component]); and
removing one or more public access features associated with the first component, wherein the first component is no longer subject to public access from any application (Stott: col. 10, lines 39-65, a mechanism where process performs prohibiting [i.e. preventing] an application performing operations those are identified as potentially damaging. potentially damaging operations found in the application are neutralized, so that no data source outside the application boundaries can be contacted. Application access rights are removed based on the rule).
before the effective filing date of the claimed invention to combine the teachings of Scott with the method/system of Peterson for the benefit of providing a user with a means for scanning the component of application that is openly accessible by any application and system/subsystem, and restricting the access control to the application for enhancing security during runtime stage (Stott: col. 5, lines 16-31; col 10, lines 39-65).
As to claim 16, the claim limitations are similar to the limitation of claim 9, and rejected for the same reason set forth for claim 9.
As to claim 17, the combination of Peterson and Scott teaches the computer program product of claim 15, 
Peterson further teaches wherein the first application includes a list of particular applications that are allowed to call the first application only at a particular time of day or night, and wherein a first rule of the one or more security rules is based on the list of particular applications that are allowed to call the first application only at a particular time of day or night (Peterson: pars 0029, 0034, 0049, The app is partially crippled so that the app can only access unclassified data and wherein classified information is nullified based on various policy parameters. Policy of protection certain times of day. Limit the amount of time, e.g., 10 minutes a day or limit which Web sites may be accessed by an app).
As to claim 18, the combination of Peterson and Scott teaches the computer program product of claim 15, 
(Peterson: par 0049, a user is attempting to paste or copy sensitive data from a classified app to a non-classified app [second], the app control program may change the copy of the data that is being pasted to garbage or essentially make it meaningless).
As to claim 19, the combination of Peterson and Scott teaches the computer program product of claim 15, 
Peterson further teaches wherein the one or more security rules includes a first rule that only a first set of data may be read from the first component, the security rules including a second rule that a second set of data may not be read from the first component (Peterson: par 0049, a user is attempting to paste or copy sensitive data from a classified app to a non-classified app, the app control program may change the copy of the data that is being pasted to garbage or essentially make it meaningless).
As to claim 20, the combination of Peterson and Scott teaches the computer program product of claim 15, 
Peterson further teaches wherein a first rule of the one or more security rules permits any explicit invocations to be sent from the first application, the first rule not permitting any implicit invocations to be sent from the first application, the explicit invocations identifying a specific recipient application by name, the implicit invocations identifying a particular action to be executed without identifying a particular recipient application by name (Peterson: par. 56; identity-based [name] control of apps or services and highly granular control over app behavior [particular action]; par. 99; the code written by the app developer is tied to a specific customizable action point. It is also useful to note that each action point is associated with a specific policy. As noted, at step 1010 policies are configured. Once all the action points have been selected and tied to their targets, the one or more policies associated with the action points are said to be configured with the action point target code).
Allowable Subject Matter
Claims 1-8 are considered allowable over prior art, but the application is not allowed since the claims 8-20 remained rejected under prior-art rejections.
The following is an examiner’s statement of reasons for allowable subject matter: 
The present invention is directed to a system and method that applies security rules by scanning one or more communication interfaces of a first application;  determining, that at least a first component of the first application is subject to public access from any other application; renaming the at least first component; removing one or more public access features associated with the first component such that the effects of traditional public access is nullified by adding a stub in place of the one or more public access features, wherein the first component is no longer subject to public access from any other application; and adding, to the first application, a first module to control access to data to or from the first component via one or more security rules, wherein the scanning, the determining, the removing, and the adding are performed by a first computing device at compile time.

The Examiner concludes that besides the arguments/amendment presented by the Applicant, filed on 06/09/2021, for consideration of an allowance, none of Peterson and Scott, nor any other art teaches or suggests, alone or in combination, the particular combination of steps or elements as recited in the amended independent claim 1. For example, none of the cited prior art teaches or suggest the steps of determining, that at least a first component of the first application is subject to public access from any other application; renaming the at least first component; removing one or more public access features associated with the first component such that the effects of traditional public access is nullified by adding a stub in place of the one or more public access features, wherein the first component is no longer subject to public access from any other application; and adding, to the first application, a first module to control access to data to or from the first component via one or more security rules, wherein the scanning, the determining, the removing, and the adding are performed by a first computing device at compile time, as a whole with the remaining limitations.
Therefore, the claim 1 is considered allowable subject matter over the cited prior art.
As to dependent claims 2-7, the claims are dependent from claims 1, and are considered allowable subject matter.
Also, claim 1-7 are objected for allowbility as the claim 1 is objected above for claim clarity and informality.
The application will be allowed if claim 1 is amended overcoming the above cited claim objection, and claim 8 and 15 are amended to include the limitation similar to claim 1 or if claims 8-20 are canceled.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Jahangir Kabir whose telephone number is (571) 270-3355.  The examiner can normally be reached on 9:00- 5:00 Mon-Thu.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/JAHANGIR KABIR/             Primary Examiner, Art Unit 2439