DETAILED ACTION
This Office Action is in response to the Amendment filed on 10/11/2021.
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the instant Amendment, filed on 10/11/2021, claims 1, 8, and 15 have been amended. 
Claims 1-20 have been examined and are pending in this application. Claims 1, 8, and 15 are independent.
Response to Arguments/Remarks
As to the objections to claim 1, the objections are withdrawn, as the claim has been amended.
Claims 1-8 are considered allowable over prior art, based on the reasons for allowability stated in the Non Final Office Action mailed out on 07/12/2021. However, the application as whole is not allowed since the claims 8-20 remained rejected under prior-art rejections.
As to the independent claims 8 and 15, applicant submits that the instant amendments to claims 8 and 15 incorporate similar features to those in claim 1 that has been indicated as allowable. Therefore, the combination of Peterson and Stott does not render this feature of claim 8 obvious. Thus, claim 8 is believed allowable over the combination of Peterson and Stott. Claim 15 includes features substantially similar to claim 8, and are therefore, believed allowable as well, at least, for substantially the same reasons. Claims 9-14, and 16-20 are 
The Examiner disagree with Applicant. While the independent claims 8 and 15 have been amended to include additional features, claims 8 and 15 does not incorporate similar features to those in claim 1 that has been indicated as allowable.
Claim 8 is missing the following limitations that is incorporated in claim 1:
 (a) renaming the at least the first component; 
(b) wherein the scanning, the determining, the removing, and the adding are performed by a first computing device at compile time.
Claim 15 is missing the following limitations that is incorporated in claim 1:
 (a) renaming the at least the first component; 
(b) where the effects of traditional public access is nullified by adding a stub in place of the one or more of more public access features
(c) wherein the scanning, the determining, the removing, and the adding are performed by a first computing device at compile time.
Applicants’ arguments in the instant Amendment, filed on 10/11/2021, with respect to the prior-art rejections to claims 8-20, have been considered but are moot because the arguments do not apply to any of the references being used in the current rejection, where a 
Claim Rejections - 35 USC § 103
 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 8-20 are rejected under 35 U.S.C. 103 as being unpatentable over Peterson (“Peterson,” US 2015/0007259, published on 01/01/2015), in view of Scott et al (“Scott,” US 7,774,620, patented on 08/10/2020), and further in view of Freund (“Freund,” US 2004/0199763, published on 10/07/2024).

As to claim 8, Peterson teaches a system for building a secure computing device application, the system comprising: a computing device having a processor; and a computer readable storage medium having program instructions embodied therewith, the program instructions executable by the processor to cause the system (Peterson: pars 0008-0010, 0027, a system and method for customizing application security, by applying security rules on selected portion of code, resulting fine-tuning of security features of the application) to: 
scan one or more communication interfaces of a first application (Peterson: pars 0010, 0042, target code may be parsed in a certain manner and linked against the app security program; object code provides an interface to the mobile device operating system); and
add, to the first application, a first module to control access to data to or from the first component via one or more security rules (Peterson: pars 0010-0011, 0042, 0054, 0075, dynamic library [module] is injected into the app; class files for the app security program are generated based on the one or more policies (rules). Java class files are replaced with the class files generated based on the policies. Runtime policy compiler inputs the policy parameter. Source code is compiled to object code and is then linked to SDK libraries).
Peterson does not explicitly teach determine, in response to the scanning, that at least a first component of the first application is subject to public access from any application; and

However, in an analogous art, Scott teaches determine, in response to the scanning, that at least a first component of the first application is subject to public access from any application (Stott: col. 5, lines 16-31, col 10, lines 50-54, canning its constituent parts to find links, data sources, web services, and other pieces of code that can indicate a potential compromise to security; find universal resource locators (URLs) indicating that the application attempts to communicate with remote locations [i.e. public accessible component]); and
remove one or more public access features associated with the first component, wherein the first component is no longer subject to public access from any application (Stott: col. 10, lines 39-65, a mechanism where process performs prohibiting [i.e. preventing] an application performing operations those are identified as potentially damaging. potentially damaging operations found in the application are neutralized, so that no data source outside the application boundaries can be contacted. Application access rights are removed based on the rule).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Scott with the method/system of Peterson for the benefit of providing a user with a means for scanning the component of application that is openly accessible by any application and system/subsystem, and restricting the access control to the application for enhancing security during runtime stage (Stott: col. 5, lines 16-31; col 10, lines 39-65).

However, in an analogous art, Scott teaches public access from any other application (Freund: 0023-0025; Fig 5, 6, detection of an attempt of a second application [i.e. by other application] to access a first application); and where the effects of traditional public access is nullified by adding a stub in place of the one or more of more public access features (Freund: 0023-002, 0067; Fig 5, 6, rule/policy is applied to detect and control of access of the first application by a second application so that second application cannot access the first application by default or directly [i.e. nullified traditional access]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Freund with the method/system of Peterson and Scott for the benefit of providing a restricting the access of an secure or sensitive application from another application directly in traditional manner control to the application for enhancing security during runtime stage (Freund: 0023-002, 0067).
As to claim 9, the combination of Peterson, Scott, and Freund teaches the system of claim 8, 
Peterson further teaches wherein the first application is executed on a mobile device and the first application receives a first invocation message from a second application executing on the mobile device, the first invocation message requesting to read a first set of data from the first component (Peterson: pa. 70, when the security-related processing is over, the app security program calls the original "write" function in the app code to complete the call), the first module causes the first application to: obtain a first set of details associated with the read (Peterson: pars 0003, 0070, security for apps running on mobile devices. The app code invokes a "write" function);
compare the first set of details with the one or more security rules to determine whether the read may occur; and restrict, based on at least the one or more security rules, the first invocation message by blocking the read of the first set of data from the first component (Peterson: pars 0046, 0070, write" function is eventually called or used by the app security program, but not used initially [i.e. restricted]. The data involved or needed for the function may be processed (e.g., encrypted, scrambled, etc.); all information the app creates is stored in encrypted form).
As to claim 10, the combination of Peterson, Scott, and Freund teaches the system of claim 8, 
Peterson further teaches wherein a first rule of the one or more security rules permits any explicit invocations to be sent from the first application, the first rule not permitting any implicit invocations to be sent from the first application, the explicit invocations identifying a specific recipient application by name, the implicit invocations identifying a particular action to be executed without identifying a particular recipient application by name (Peterson: par. 56; identity-based [name] control of apps or services and highly granular control over app behavior [particular action]; par. 99; the code written by the app developer is tied to a specific customizable action point. It is also useful to note that each action point is associated with a specific policy. As noted, at step 1010 policies are configured. Once all the action points have been selected and tied to their targets, the one or more policies associated with the action points are said to be configured with the action point target code).
As to claim 11, the combination of Peterson, Scott, and Freund teaches the system of claim 8, 
Peterson further teaches wherein a first rule of the one or more security rules permits a first set of data to be read from the first component, the one or more security rules including a second rule to block a second set of data to be read from the first component (Peterson: par 0049, a user is attempting to paste or copy sensitive data from a classified app to a non-classified app, the app control program may change the copy of the data that is being pasted to garbage or essentially make it meaningless).
As to claim 12, the combination of Peterson, Scott, and Freund teaches the system of claim 8, 
Peterson further teaches wherein the one or more security rules includes a first rule that only particular application types are permitted to read from the first component or write to the first component (Peterson: par 0027, preventing device software applications from infecting or otherwise damaging a device. These types of applications, used often on a variety of mobile devices; par. 0045; take into consideration the category of the app, the type and nature of app, the author, the age-appropriateness, and numerous other factors).
As to claim 13, the combination of Peterson, Scott, and Freund teaches the system of claim 8, 
(Peterson: par 0047, the call may be allowed to pass to the operating system as shown in step 506. Here the call is made to the device operating system and the app executes in a normal manner).
As to claim 14, the combination of Peterson, Scott, and Freund teaches the system of claim 8, 
Peterson further teaches wherein the first application includes a plurality of components, the one or more security rules includes a first rule to permit the first component to invoke a second component only after the first component invokes a third component, the plurality of components including: the first component, the second component, and the third component (Peterson: par. 83; policy 904 comprised of computer code, has embedded in its code action points 906a-c. Action points 906a-c are [first] code that, when executed, calls specific app developer code [second], referred to as targets 908a-c. This is code inserted into the wrapped app by the developer to achieve a particular function. When target code 908a-c executes it calls other functions or links to other libraries [third]; there can be multiple action points 906a-c in one or more policies 904 which call multiple targets 908a-c; there can also be more than one policy 904 in a secured app).
As to claim 15, Peterson teaches a computer program product for building a secure computing device application, the computer program product comprising a (Peterson: pars 0008-0010, 0027, a system and method for customizing application security, by applying security rules on selected portion of code, resulting fine-tuning of security features of the application) configured for:
scanning one or more communication interfaces of a first application (Peterson: pars 0010, 0042, target code may be parsed in a certain manner and linked against the app security program; object code provides an interface to the mobile device operating system); and
adding, to the first application, a first module to control access to data to or from the first component via one or more security rules (Peterson: pars 0010-0011, 0042, 0054, 0075, dynamic library [module] is injected into the app; class files for the app security program are generated based on the one or more policies (rules). Java class files are replaced with the class files generated based on the policies. Runtime policy compiler inputs the policy parameter. Source code is compiled to object code and is then linked to SDK libraries).
Peterson does not explicitly teach determining, in response to the scanning, that at least a first component of the first application is subject to public access from any application; and
removing one or more public access features associated with the first component, wherein the first component is no longer subject to public access from any application.
However, in an analogous art, Scott teaches determining, in response to the scanning, that at least a first component of the first application is subject to public access (Stott: col. 5, lines 16-31, col 10, lines 50-54, canning its constituent parts to find links, data sources, web services, and other pieces of code that can indicate a potential compromise to security; find universal resource locators (URLs) indicating that the application attempts to communicate with remote locations [i.e. public accessible component]); and
removing one or more public access features associated with the first component, wherein the first component is no longer subject to public access from any application (Stott: col. 10, lines 39-65, a mechanism where process performs prohibiting [i.e. preventing] an application performing operations those are identified as potentially damaging. potentially damaging operations found in the application are neutralized, so that no data source outside the application boundaries can be contacted. Application access rights are removed based on the rule).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Scott with the method/system of Peterson for the benefit of providing a user with a means for scanning the component of application that is openly accessible by any application and system/subsystem, and restricting the access control to the application for enhancing security during runtime stage (Stott: col. 5, lines 16-31; col 10, lines 39-65).
Peterson or Freund does not explicitly teach public access from any other application. ; and where the effects of traditional public access is nullified by adding a stub in place of the one or more of more public access features. 
(Freund: 0023-0025, 0067; Fig 5, 6, detection of an attempt of a second application [i.e. by other application] to access a first application. Rule/policy is applied to detect and control of access of the first application by a second application so that second application cannot access the first application by default or directly).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Freund with the method/system of Peterson and Scott for the benefit of providing a restricting the access of an secure or sensitive application from another application directly in traditional manner control to the application for enhancing security during runtime stage (Freund: 0023-002, 0067).
As to claim 16, the claim limitations are similar to the limitation of claim 9, and rejected for the same reason set forth for claim 9.
As to claim 17, the combination of Peterson, Scott, and Freund teaches the computer program product of claim 15, 
Peterson further teaches wherein the first application includes a list of particular applications that are allowed to call the first application only at a particular time of day or night, and wherein a first rule of the one or more security rules is based on the list of particular applications that are allowed to call the first application only at a particular time of day or night (Peterson: pars 0029, 0034, 0049, The app is partially crippled so that the app can only access unclassified data and wherein classified information is nullified based on various policy parameters. Policy of protection certain times of day. Limit the amount of time, e.g., 10 minutes a day or limit which Web sites may be accessed by an app).
As to claim 18, the combination of Peterson, Scott, and Freund teaches the computer program product of claim 15, 
Peterson further teaches wherein the first application includes a second component, the one or more security rules including a first rule that permits a write to the first component, the first rule not permitting a write to the second component (Peterson: par 0049, a user is attempting to paste or copy sensitive data from a classified app to a non-classified app [second], the app control program may change the copy of the data that is being pasted to garbage or essentially make it meaningless).
As to claim 19, the combination of Peterson, Scott, and Freund teaches the computer program product of claim 15, 
Peterson further teaches wherein the one or more security rules includes a first rule that only a first set of data may be read from the first component, the security rules including a second rule that a second set of data may not be read from the first component (Peterson: par 0049, a user is attempting to paste or copy sensitive data from a classified app to a non-classified app, the app control program may change the copy of the data that is being pasted to garbage or essentially make it meaningless).
As to claim 20, the combination of Peterson, Scott, and Freund teaches the computer program product of claim 15, 
(Peterson: par. 56; identity-based [name] control of apps or services and highly granular control over app behavior [particular action]; par. 99; the code written by the app developer is tied to a specific customizable action point. It is also useful to note that each action point is associated with a specific policy. As noted, at step 1010 policies are configured. Once all the action points have been selected and tied to their targets, the one or more policies associated with the action points are said to be configured with the action point target code).
Conclusion

Applicant’s amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). 
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Jahangir Kabir whose telephone number is (571) 270-3355.  The examiner can normally be reached on 9:00- 5:00 Mon-Thu.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571) 270-5002.  The fax number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/JAHANGIR KABIR/             Primary Examiner, Art Unit 2439