DETAILED ACTION

Notice of AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

The present office action is responsive to communications received on 8/27/2019. Claims 1-20 are pending.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 19-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter. The claims do not fall within at least one of the four categories of patent eligible subject matter because claim 19 recites “A system for content leakage prevention, the system comprising: a storage medium having stored thereon a sequence of instructions; and one or more processors that execute the sequence of instructions to cause the one or more processors to perform a set of acts …”, which is considered signal per se or software per se (specification paragraph 83 “Such instructions can be contained in or can be read into a storage location or memory from any computer readable/usable storage medium 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Malhotra (US 20160321291 A1) in view of Madisetti (US 9935772 B1).

Regarding claim 1, Malhotra teaches a method for content leakage prevention, the method comprising: 
maintaining a secure content object at a content management system, the secure content object being accessible by at least one user; and ([0004] use a cloud-based content storage platform to efficiently and securely facilitate content access to various individual users and/or collaborative groups of users. In such cases, a user can access a large volume of objects stored in the cloud-based platform from a user device.)
responding to a request to download a virtual file system. ([0038-0039] FIG. 1A1 presents a logical system view 1A100 of a virtual file system for cloud-based shared content. For example, an instance of Microsoft Word can access files and/or folders through the virtual file system. In some cases, the primary storage for such objects might be implemented across a network 109 by a cloud-based storage system 110.) Here Malhotra summaries that “Download requests initiate downloads of instances of a virtual file system module to two or more user devices associated with two or more users.” in Abstract.

Malhotra teaches request to download a virtual file system, but does not explicitly teach store a local instance of the secure content object in a secure container of a local computing environment, the local computing environment being associated with the at least one user, identify a data movement operation request associated with the local instance of the secure content object, and deny the data movement operation request when a target storage location associated with the data movement operation request is other than a location in the secure container. This aspect of the claim is identified as a difference.
However, Madisetti in an analogous art explicitly teaches
store a local instance of the secure content object in a secure container of a local computing environment, the local computing environment being associated with the at least one user, ([Col. 8, 
identify a data movement operation request associated with the local instance of the secure content object, and ([Col. 7, Line 29-30] copying of objects 212 outside the containers 104 to the local storage 216.)
deny the data movement operation request when a target storage location associated with the data movement operation request is other than a location in the secure container. ([Col. 7, Line 28-30] Use of secure containers 104 having isolated storage 210 prevents unauthorized copying of objects 212 outside the containers 104 to the local storage 216.)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the “Virtual file system” concept of Malhotra, and the “local secure container” approach of Madisetti. One of ordinary skill in the art would have been motivated to perform such a modification to provide an effective line of defense against leaking of digital objects by determining and enforcing access rules and allowed operations (Madisetti [Col. 7, Line 25-30]).

Regarding claim 2, Malhotra in view of Madisetti teaches all the features with respect to claim 1, as outlined above. The combination further teaches wherein the data movement operation request is allowed when the target storage location corresponds to the secure container. ([Malhotra 0083, 0089] consider a request that pertains to (a) a write to update the contents of a file and (b) a rename of the file. In the earlier mentioned write and rename operations, a request can be received to rename a local view metadata 412.)

Regarding claim 3, Malhotra in view of Madisetti teaches all the features with respect to claim 1, as outlined above. The combination further teaches wherein the secure container has a mount point in a local file system of the local computing environment. ([Malhotra 0042, 0049] as shown in FIG. 1A1, the objects and/or items accessible by a given user at the local client 188 might be presented as a virtual disk mounted at the local client 188. A user is able to mount multiple virtual file systems at the same time.)

Regarding claim 4, Malhotra in view of Madisetti teaches all the features with respect to claim 1, as outlined above. The combination further teaches wherein the data movement operation comprises one or more of, file copy operations, file rename operations, or a write operation. ([Malhotra 0083] consider a request that pertains to (a) a write to update the contents of a file and (b) a rename of the file. In this case, the request can be sent to the local data manager 2042 to process the various actions comprising the request.)

Regarding claim 5, Malhotra in view of Madisetti teaches all the features with respect to claim 1, as outlined above. The combination further teaches wherein the secure container is associated with a virtual file system of the local computing environment. ([Malhotra 0062] FIG. 2, the virtual file system 1861 can comprise a file system interface 2021, a local data manager 2041, a cloud executor 206, a file system executor 208, a remote data manager 210, and a local storage 2121.) Here the virtual file system 1861 is associated with local storage 2121, which can be the local secure container/isolated storage of 

Regarding claim 6, Malhotra in view of Madisetti teaches all the features with respect to claim 1, as outlined above. The combination further teaches wherein the data movement operation request is caused by user interactions with a local operating system at the local computing environment. ([Malhotra 0083] FIG. 4A, consider a certain request issued by the application 1041 to access a file managed by the virtual file system module 486. In such a case, the request can be issued to an instance (e.g., MacFS, WinFS, etc.) of the file system interface 2022 specific to the local operating system. More specifically, consider a request that pertains to (a) a write to update the contents of a file and (b) a rename of the file.)

Regarding claim 7, Malhotra in view of Madisetti teaches all the features with respect to claim 6, as outlined above. The combination further teaches wherein interacting with the local operating system comprises interacting with a filter manager at the local operating system. ([Malhotra 0039] FIG. 1A1, the logical system view 1A100 comprises a local client 188 such as a user device  that can have an operating system 182 that includes a file system viewer 184. As shown, the file system viewer 184 might render a visual representation of the certain objects such as directories (e.g., folder A, folder B, etc.) and/or files (e.g., file C, file D, etc.) accessible at the local client 188.)

Regarding claim 8, Malhotra in view of Madisetti teaches all the features with respect to claim 6, as outlined above. The combination further teaches wherein the local operating system is one of, MICROSOFT WINDOWS, a LINUX operating system, an IOS operating system or an ANDROID operating system. ([Madisetti Col. 10, Line 8-12] Container-based embodiment 302: In this approach, the secure Linux Container) that may execute on top of a container engine installed in the host OS on the local machine 102.)

Regarding claim 9, Malhotra in view of Madisetti teaches all the features with respect to claim 1, as outlined above. The combination further teaches wherein the secure container is a database stored in local storage at the local computing environment. ([Madisetti Col. 5, Line 65 - Col. 6, Line 1] A meta-data database 124 within the host 100 may maintain information about the master digital objects 120 and their controlled instantiations of digital objects 212.) Here Madisetti discloses information about digital objects 212 being stored in a database residing in cloud. Similarly, secure container/isolated storage of the secure container, which stores digital objects 212 and resides in local machine, can be implemented in the format of a database as well. Indeed, it would be obvious to apply “Rearrangement of Parts” if it is desired; See MPEP 2144.04(VI)(C).

Regarding claim 10, Malhotra in view of Madisetti teaches all the features with respect to claim 1, as outlined above. The combination further teaches wherein the local instance of the secure content object is downloaded from the content management system. ([Madisetti Col. 8, Line 61-67] FIG. 5, New objects 212 may be created within the secure container 104 only through the host 100. For example, at Step 1 (610) a user may create a digital object 120 (referred to as a master digital object) from the host 100. At Step 2 (620), the host 100 may create and distribute to the secure container 104 a controlled digital object 212.)

Regarding claim 11, Malhotra in view of Madisetti teaches all the features with respect to claim 1, as outlined above. The combination further teaches wherein one or more changes to the local instance of the secure content object are synchronized with the secure content object maintained at the content management system. ([Madisetti Col. 9, Line 15-17] FIG. 5, modifications made to the digital object 212 on the secure container 104 may be synchronized with the host 100 (Step 5 (650)).)

Regarding claim 12, Malhotra in view of Madisetti teaches all the features with respect to claim 1, as outlined above. The combination further teaches wherein the data movement operation request is blocked when the target storage location corresponds to a USB drive, or an application programming interface entry point that refers to a location other than the secure container. ([Madisetti Col. 11, Line 34-38] Prevent copying of digital objects to USB drive: A secure container's 104 file system 210 may be isolated from local machine's 102 file system 216. Digital objects 212 may not be copied/moved from the secure container 104 to the local machine 102.)

Regarding claims 13-15 and 17-20, the scope of the claims are similar to that of claims 1-3 and 5-6, respectively. Accordingly, the claims are rejected using a similar rationale.

Regarding claim 16, Malhotra in view of Madisetti teaches all the features with respect to claim 15, as outlined above. The combination further teaches wherein the mount point is referenced in a local file system browser. ([Malhotra 0042, 0039] as shown in FIG. 1A1, the objects and/or items accessible by a given user at the local client 188 might be presented as a virtual disk mounted at the local client 188. As shown, the logical system view 1A100 comprises a local client 188 such as a user device that can have an operating system 182 that includes a file system viewer 184. As shown, the file system viewer 184 might render a visual representation of the certain objects such as directories (e.g., folder A, folder B, etc.) and/or files (e.g., file C, file D, etc.) accessible at the local client 188.)

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
US 20200220928 A1, "Managing shared content directory structure metadata", by Karande, teaches that users of cloud-based collaboration systems can view the folders, hierarchies of directories of folders using a virtual file system that runs on a client device. A virtual file system running on a client device presents a view of the hierarchies of directories and folders and content items. Such a virtual file system can present a representation (e.g., a graphical view, in a graphical user interface) of the directories, folders and content items, even though the actual data comprising content items might be stored at the cloud-based collaboration system.
US 20200026536 A1, "Systems and methods for user interface detection", by Li, teaches that the secure container can be configured to prevent documents or data included within documents or the secure container from being used by unauthorized applications or components of the client device or other devices. For instance, a client device application having authorization to access documents from the secure container can be programmed to prevent a user from copying a document's data and pasting it into another file or application interface, or locally saving the document or document data as a new file outside of the secure container. Similarly, the secure container can include a document viewer and/or editor that do not permit such copy/paste and local save operations. Moreover, the access manager can be configured to prevent such copy/paste and local save operations. Further, the secure container and applications programmed and authorized to access documents from the secure container can be 
US 20150100890 A1, "User interface management method and system", by Kosmiskas, teaches not to allow to copy any app(s) and its data from the inside of secure container and put such data into the outside of secure container (for example, into any other types of persona), because all these enterprise data is securely guarded by secure container's policies from IT management.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to HAN YANG whose telephone number is (408)918-7638.  The examiner can normally be reached on Monday to Friday, 9:00-5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on 571-272-3862.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer 

/H.Y./Examiner, Art Unit 2493


/CARL G COLIN/Supervisory Patent Examiner, Art Unit 2493