DETAILED ACTION

Information Disclosure Statement
The IDSes filed 2/25/2020 and 1/26/2021 has been considered and entered.

Drawings
The drawings filed 1/11/2019 are accepted.

Specification
The specification filed 1/11/2019 is accepted.

Response to Arguments
Applicant's arguments are moot in view of the new grounds of rejection provided herein necessitated by applicants amended claim scope.

With respect to the limitation of  'a developer', applicant has been afforded the broadest reasonable interpretation of the term which includes a browser that dynamically loads and executes code by compilation and/or interpretation thereof.  However, with respect to a narrower interpretation directed to a human author of the code, ARCHER et al US 2013/0318613 teaches that a developer may assign permission to a mobile application see [0030]

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 3 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.

For example claim 3 recites the limitation "the provider" in line 2.  There is insufficient antecedent basis for this limitation in the claim.
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

Claim(s) 1, 4, 6, 7 , 9-17, and 20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Schackow et al ( US 2008/0189757 hereinafter Schackow)

As to claim 1 Schackow discloses a method, performed by one or more processors, method comprising: -4-Application No.: 16/245,671 Filing Date: January 11, 2019 
identifying a request Fig 2 201 receiving a network access request
from a custom computer program Fig 1A 114C
within a sandbox Fig 1A 106
to perform an operation Fig 2 201 requesting Network Access Be Implemented
not permitted within the sandbox, [0024] deny the request

receiving  Fig 1B; layer 103 receives 123 and 124
a first indication of security privileges Fig 1B 124
assigned to a
 [0042] policies can include how to determine access rights 181
in view of [0040] policies can be accessed from within browser 102
of a developer   
Fig 1A 102
in view of  [0025] application 114C is downloaded and executed at runtime requiring a 
form of compilation and/or interpretation of source code
of the custom computer program Fig 1A 114C

and a second indication of security privileges Fig 1B 123
detailing the security privileges 
[0048] 103 can utilize 123 as input to make network access decisions
specified by 
[0046]  URL information for a current page and a requested resource
[0047] 122 includes any information that can be contained in a network access request 
the provider Fig 1A 102
for the custom computer program,  Fig 1A 114C

in response to determining that Fig 3B connection between step 310 and 311
the first indication of security privileges Fig 1B 124
indicates that that the custom computer program Fig 1A 114C
is permitted Fig 3B 309-310
to perform [0050] calls can be performed
the operation Fig 2 201 requesting Network Access Be Implemented
causing the operation to be performed Fig 3B 311-312
Claim 4 is rejected on the basis provided in the rejection of claims 1 above and 16 below.

As to claim 6 Schackow discloses
wherein the custom computer program Fig 1A 114C
comprises code [0032] executable code
executable by a web browser. 
[0035] 114C to be executed at Web Browser 102
in view of  [0036] 114C can be executed within sandbox 106

As to claim 7 Schackow discloses
	wherein the sandbox Fig 1A 106
	is provided by see  Fig 1A
web browser Fig 1A 102 web browser


As to claim 9
 Schackow discloses 
	wherein the sandbox Fig 1A 106
	comprises a computer process [0035-36] application 114C can be executed within sandbox 106


As to claim 10
 Schackow discloses
wherein the sandbox Fig 1A 106
is implemented using mandatory access control Fig 1A 103


As to claim 11
 Schackow discloses
communicating a response comprising at least a portion of the retrieved data to the customer computer program
	Fig 1A 144 Response


Claim 12 is rejected on the basis previously provided in the rejection of claim 1.

As to claim 13
 Schackow discloses
	wherein the computer program Fig 1A 114C
	comprises a custom computer program  [0032]  114C can be any type of executable code

Claim 14 is rejected on the basis previously provided in the rejection of claim 6.

Claim 15 is rejected on the basis previously provided in the rejection of claim 1.


As to claim 16 Schackow discloses a computerized method, performed by a computing system having one or more hardware computer processors and one or more non-transitory computer readable storage device storing software instructions executable by the computing system to perform the computerized method comprising: -4-Application No.: 16/245,671 Filing Date: January 11, 2019 
identifying a request Fig 2 201 receiving a network access request
from a custom computer program Fig 1A 114C
within a sandbox Fig 1A 106
to perform an operation Fig 2 201 requesting Network Access Be Implemented
not permitted within the sandbox, [0024] deny the request

wherein the custom computer program Fig 1A 114C
is run by a first user [0003] user of the Web Browser
of a networked computer system;  Fig 1A

receiving  Fig 1B; layer 103 receives 123 and 124
a first indication of security privileges Fig 1B 124
detailing the security privileges 
 [0042] policies can include how to determine access rights 181
of a provider   Fig 1A 102
of the custom computer program Fig 1A 114C

and a second indication of security privileges Fig 1B 123
detailing the security privileges 
[0048] 103 can utilize 123 as input to make network access decisions
specified by 
[0046]  URL information for a current page and a requested resource
[0047] 122 includes any information that can be contained in a network access request 
the provider Fig 1A 102
for the custom computer program,  Fig 1A 114C

wherein the provider Fig 1A 102
of the custom computer program Fig 1A 114C
is a second user  [0034] 102 can be configured to request web based content from domains
of the networked computer system Fig 1A
having lower security privileges 
[0007] the user may choose to sandbox these type applications (i.e. browser) thus preventing 
communicating with any server other than the originating server
than the first user 
[0003] if the user is authorized, the server provides the content to the browser see also  [0039]
of the networked computer system;  Fig 1A 

and selectively Fig 2 205 whether or not
causing the operation to be performed Fig 3B 311-312
based on whether the first indication of security privileges Fig 1B 124 policies
indicates Fig 3B 308  applying the policies to the network access information
that the provider Fig 1A 102
of the custom computer program Fig 1A 114C
is permitted to perform the operation
		Fig 2 201 requesting Network Access Be Implemented
		in view of Fig 3B 311 has been permitted

and the second indication of security privileges Fig 1B 123 network access information
indicates Fig 3B 308  applying the policies to the network access information
that the custom computer program Fig 1A 114C
is permitted to perform the operation.
Fig 2 201 requesting Network Access Be Implemented
		in view of Fig 3B 311 has been permitted
As to claim 17 Schackow discloses wherein selectively causing the operation to be performed comprises 
causing Fig 3B 311-312 receiving an indication that the access has been permitted
the operation Fig 2 201 requesting Network Access Be Implemented
to be performed  Fig 3B 312 retrieving content
if the first indication Fig 1B 124
indicates Fig 3B 308  applying the policies to the network access information
that the provider Fig 1A 102
is permitted to perform the operation.
Fig 2 201 requesting Network Access Be Implemented
	in view of Fig 3B 311 has been permitted

As to claim 20 Schackow discloses
wherein the custom computer program Fig 1A 114C
comprises code [0032] executable code
executable by a web browser. 
[0035] 114C to be executed at Web Browser 102
in view of  [0036] 114C can be executed within sandbox 106



Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under pre-AIA  35 U.S.C. 103(a) are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

This application currently names joint inventors. In considering patentability of the claims under pre-AIA  35 U.S.C. 103(a), the examiner presumes that the subject matter of the various claims was commonly owned at the time any inventions covered therein were made absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and invention dates of each claim that was not commonly owned at the time a later invention was made in order for the examiner to consider the applicability of pre-AIA  35 U.S.C. 103(c) and potential pre-AIA  35 U.S.C. 102(e), (f) or (g) prior art under pre-AIA  35 U.S.C. 103(a).

Claims 3, 5, 18, and 19 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Schackow in view of HILAIEL ( US 2009/0222925 hereinafter Hilaiel) .


As to claims 3 and 5, Schackow teaches all the subject matter pointed out in the above 102(a)(1) rejection of parent claim 11.

As to claims 18 and 19, Schackow teaches all the subject matter pointed out in the above 102(a)(1) rejection of parent claim 16.

Claim 3 is rejected on the basis provided in the rejection of claim 18 below.
Claim 5 is rejected on the basis provided in the rejection of claim 19 below.

As to claim 18 Schackow discloses further comprising: 
in response to the first indication Fig 1B 124
indicating that the provider is not permitted to perform the operation, [0048] deny a network access request

[[generating an alert based on ]]
the request Fig 2 201 receiving a network access request
from the custom computer program Fig 1A 114C
[[and causing the alert to be at least one of stored or transmitted.]]

	Schackow does not disclose
generating an alert based on the request from the custom computer program and causing the alert to be at least one of stored or transmitted.

	Hilaiel teaches
generating an alert [0007] the browser displays a warning
based on the request [0007] when code attempts to execute
from the custom computer program [0007] the browser
 and causing the alert 
to be   transmitted. [0007] the browser displays a warning to the user

Before the effective filing date, it would have been obvious to a person having ordinary skill in the art to combine the teachings of Schackow and Hilaiel as elements known in the prior art combined to yield predictable results.  For example, Schackow teaches downloading Application 114C and evaluating information 123 generated by execution of Application 114C against policies 124 to determine whether to permit of deny the execution.  Hilaiel teaches a similar scenario wherein a message is provided when the execution is denied to thereby arrive at the claimed invention.



As to claim 19 Schackow discloses further comprising: 
in response to the second indication Fig 1B 123
indicating that the provider is not permitted to perform the operation, [0048] deny a network access request

[[generating an alert based on ]]
the request Fig 2 201 receiving a network access request
from the custom computer program Fig 1A 114C
[[and causing the alert to be at least one of stored or transmitted.]]

	Schackow does not disclose
generating an alert based on the request from the custom computer program and causing the alert to be at least one of stored or transmitted.

	Hilaiel teaches
generating an alert [0007] the browser displays a warning
based on the request [0007] when code attempts to execute
from the custom computer program [0007] the browser
 and causing the alert 
to be   transmitted. [0007] the browser displays a warning to the user

Before the effective filing date, it would have been obvious to a person having ordinary skill in the art to combine the teachings of Schackow and Hilaiel as elements known in the prior art combined to yield predictable results.  For example, Schackow teaches downloading Application 114C and evaluating information 123 generated by execution of Application 114C against policies 124 to determine whether to permit of deny the execution.  Hilaiel teaches a similar scenario wherein a message is provided when the execution is denied to thereby arrive at the claimed invention.

Claim 8, is rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Schackow in view of KATHIARA et al  ( US 2019/0230090 hereinafter Kathiara) .


As to claim 8   Schackow teaches all the subject matter pointed out in the above 102(a)(1) rejection of parent claim 7.


As to claim 8, 
Schackow discloses
a sandbox Fig 1A 106

	Schackow does not disclose
the sandbox is configured by an HTML iframe sandbox attribute.

	Kathiara teaches
the sandbox is configured by an HTML iframe sandbox attribute.
	[0005] iFrames have a sandbox attribute to allow a developer to define restrictions

Before the effective filing date, it would have been obvious to a person having ordinary skill in the art to combine the teachings of Schackow and Kathiara as elements known in the prior art combined to yield predictable results.  For example, Schackow teaches downloading Application 114C and evaluating information 123 generated by execution of Application 114C against policies 124 to determine whether to permit of deny the execution.  Kathiara teaches further details (i.e. a sandbox attribute) with which to implement Schackow' s sandbox 106   to thereby arrive at the claimed invention. 












		
		

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  

A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
	
Any inquiry concerning this communication or earlier communications from the examiner should be directed to RICHARD A MCCOY whose telephone number is (313)446-6520.  The examiner can normally be reached on M - F 10 - 6.

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on 571 272 2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/RICHARD A MCCOY/Examiner, Art Unit 2431