DETAILED ACTION
The following claims are pending in this office action: 1-20
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Drawings
The drawings filed on 05/17/2019 accepted.  
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

Claims 12-14 and 19 are rejected under 35 U.S.C. 112(b), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor regards as the invention.
Claims 12-14 recites the limitation “selected actuations” (claim 12, ln. 2). It is unclear if “selected actuations” is referring to the prior instance of “selected actuations” (claim 1, ln. 7) or if it is a new instance of selected actuations.   If “selected actuations” is referring the earlier instance examiner suggests changing the limitation to “the selected actuations”.  Otherwise, if “selected actuations” is referring to a new instance, examiner suggests changing the prior instance of “selected actuations” (claim 1, ln.7) to “first selected actuations” and this instance (claim 12, ln. 2) to “second selected actuations”, or clarify accordingly.  
Claim 19 recites the limitation “an actuation of the second human input device” (claim 19, ln. 5; claim 19, ln. 9).  It is unclear if these limitations refer to the prior instance of “actuation thereof” (thereof referring to the second human input device, see claim 15, ln. 14).  If “actuation of the second 
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Thompson (US Pub. 2018/0114014) (hereinafter “Thompson”) in view of Kashyap et al. (US Pub. 2017/0076092) (hereinafter “Kashyap”) in view of Largman et al. (US Pub. 2010/0005531) (hereinafter “Largman”).

As per claim 1, Thompson teaches a system comprising: a secure computing element; ([Thompson, Fig. 1; Fig. 2; para. 0028] the private motherboard 202 in a private zone [a secure computing element] is implemented in using a secure processor packaged in a tamper-resistant house that is physically isolated from a second processor that’s part of a public motherboard in a public zone [a public computing element])
the secure computing element comprising memory storing a first system image [and a second system image] ([Thompson, para. 0035] private zone 202 includes private memory 306.  [Para. 0027] a private virtual machine [a first image] is implemented in the private zone isolated from the public zone.  The secure computing element comprising memory storing a second system image is taught by Kashyap below)
a public computing element locally connected to the secure computing element; ([Thompson, para. 0018] a system network 112 [local connection] connects the private zone to the public zone)
a human input device comprising hardware; ([Thompson, Fig. 1A; para. 0026] the system includes hardware input devices 168 such as keyboards, touchscreen or other input devices)
Thompson alone does not clearly teach the secure computing element comprising memory storing a second system image; and the human input device configured such that selected actuations thereof transition the public computing element from running the first system image to running the second system image.
However, Kashyap teaches the secure computing element comprising memory storing a second system image.   ([Kashyap, para. 0108] embodiments provides a secure environment [a secure computing element] to prevent malicious code from any lasting change in a computer system.  [Fig. 3; para. 0068] a number of different UCVMs, for example UCVM 350 [a first system image] and UCVM 352 [a second system image] is described according to an embodiment of the invention.  [Para. 0052] the UCVM is created in the memory of the system) 
It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Thompson with the teachings of Kashyap to include the secure computing element comprising memory storing a second system image.  One of ordinary skill in the art would have been motivated to make this modification because such a technique would provide the benefit of eliminating the risk of executing untrusted code/interpreting untrusted data when two or more corporate entities have different policies towards managing the risk of the untrusted code/data.  (Kashyap, para. 0035)

However, Largman teaches the human input device configured such that selected actuations thereof transition the public computing element from running the first system image to running the second system image. ([Largman, Fig. 2; para. 0089-0090; para. 0284] computing environments 1508-1 to 1508-N are selectively coupleable [selected actuations transitioning] by I/O switch system 1510 to isolate different computing environments, switchable connected with selected computing environments, for example switching computing environment 1508-1 from on to off [from running the first system image] and switching computing environment 1508-2 from off to on [to running the second system image] in manner such that there is only one output computing environment from the plurality of input computing environments.  [Para. 0090] the switch can be a mechanical switch [a human input device].  [Para. 0045] computing environments may be one or more user computing environments that allow the user to complete an activity requiring an external network connection such as receiving email [a public element].  [Fig. 10B; Fig. 10C; para. 0230] for example, IPUCE #1 [first system image] and IPUCE #2 [a second system image] which both are switchable on/off and connected to the internet)
It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Thompson in view of Kashyap with the teachings of Largman to include the human input device configured such that selected actuations thereof transition the public computing element from running the first system image to running the second system image.  One of ordinary skill in the art would have been motivated to make this modification because 1) such human input devices provide a guaranteed level of isolation between the different computing environments, and 2) such methods of switching computing environments allow for minimal hardware use reducing the cost, size and power consumption of the device hardware.  (Largman, para. 0090; para. 0257)

As per claim 2, Thompson in view of Kashyap and Largman teaches claim 1
Thompson also teaches a human output device; and ([Thompson, para. 0025] a common user interface layer 114 for display or other output to a user])
A [switched] data diode element connecting the human input device and the human output device to one of the secure computing element and the public computing element. ([Thompson, Fig. 2; para. 0026] one-way data links [a data diode element] 168 connects the human input devices to the public and private computing elements.  [Fig. 1A; Para. 0025] one-way data links provide outputs from the private and public processes.  The data diode element being a switched element is taught by Largman below)
Thompson alone, and Thompson in view of Kashyap does not clearly teach a switched element selectively connecting the human input device and the human output device to one of the secure computing element and the public computing element.
However, Largman teaches a switched element selectively connecting the human input device and the human output device to one of the secure computing element and the public computing element.  ([Largman, Fig. 2; para. 0089-0090] computing environments 1508-1 to 1508-N are selectively coupleable [switched element selectively connecting] by I/O switch system 1510 to peripherals 1514-1 to 1514-N; peripherals include human input devices such as keyboards, and human output devices such as LCD displays.  [Para. 0090] the switch can be a mechanical switch [a human input device]. [Para. 0045] computing environments may be one or more user computing environments that allow the user to complete an activity requiring an external network connection such as receiving email.  [Para. 0047] Embodiments also include computing environments that are isolated [secure computing environment]) 


As per claim 3, Thompson in view of Kashyap and Largman teaches claim 1.  
Thompson also teaches one or more data diodes connecting the secure computing element to the public computing element. ([Thompson, para. 0036] the private zone is connected to the public zone by means of a unidirectional UI link from the private side to the public side [a data diode])

As per claim 4, Thompson in view of Kashyap and Largman teaches claim 1.  
Thompson also teaches wherein the first system image comprises operating system files, application files, and one or more user files created by a human user of the system.  ([Thompson, para. 0027] the private VM executes an operating system [operating system files].  [Para. 0030] the private VM includes private applications [application files].  [Para. 0038] the private VM includes user emails and other public and private files [one or more user files created by a human user of the system])

As per claim 5, Thompson in view of Kashyap and Largman teaches claim 4.  
Thompson alone does not clearly teach wherein the second system image comprises a clean install of the operating system files and a clean install of the application files.  
However, Kashyap teaches wherein the second system image comprises a clean install of the operating system files and a clean install of the application files. ([Kashyap, para. 0056-0057] UCVMs including UCVM 352 is cloned from a clean UCVM master template [clean install of the operating system files] that contains a copy of the operating system and a restricted copy of the files system [clean install of the application files)
 clean install using an immutable VM template makes any security bug “time limited” as any compromise will be subsequently discarded as the old VM is wiped/discarded, and new VM instances are made from the clean template.  (Kashyap, para. 0110)

As per claim 6, Thompson in view of Kashyap and Largman teaches claim 5.  
Thompson alone does not clearly teach where the second system image comprises no user files.  
However, Kashyap teaches wherein the second system image comprises no image files.  ([Kashyap, para. 0056] user files are not exposed to UCVMs including UCVM 352.  [Alternatively, para. 0069] if a program were started without any association with a file, then necessary user files would correspond to an empty virtual folder)
It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Thompson with the teachings of Kashyap to include wherein the second image comprises no image file.  One of ordinary skill in the art would have been motivated to make this modification because user files are usually not required for correct operation of an application, advantageously, not importing user files makes it so such files are not impacted by actions on the UCVM without express consent by the user, and would not suffer any adverse effects brought about by a security breach of the UCVM.  (Kashyap, para. 0055-0056)

As per claim 7, Thompson in view of Kashyap and Largman teaches claim 6.  

However, Kashyap teaches wherein the memory of the secure computing element further stores a third system image.  ([Kashyap, para. 0108] embodiments provides a secure environment [a secure computing element] to prevent malicious code from any lasting change in a computer system.  [Fig. 3; para. 0068] a generic stripped down OS image 322 [a third system image] is included in the secure environment.  The computer system includes main memory 906 for storing information including the generic OS image 322)
It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to combine the teachings of Thompson and Kashyap for the same reasons as disclosed above.  

As per claim 8, Thompson in view of Kashyap and Largman teaches claim 7.  
Thompson alone does not clearly teach wherein the third system image is a reference system image suitable for resetting the second system image
However, Kashyap teaches wherein the third system image is a reference system image suitable for resetting the second system image.  ([Kashyap, para. 0068] the generic stripped down OS image 322 [reference system image] is used to provide UCVMs, such as a template UCVM, minimal OS & program files.  [Para. 0053] the UCVM 352 may be recreated very quickly [a reset of the UCVM] by cloning the UCVM from a master template UCVM 352 [see, as an example description of the creation process, para. 0056-0057, or para. 0083, Fig. 5, where a CVM-1 is the UCVM 352 and CVM-0 is the master template UCVM-352])
It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Thompson with the teachings of because it is time consuming to install a new OS or ship an OS image, which is burdensome for those who do not have access OS images, and a an virtual disk based on a OS copy is a very fast operation.  (Kashyap, para. 0103, para. 0106)

As per claim 9, Thompson in view of Kashyap and Largman teaches claim 8.  
Thompson alone, and Thompson in view of Kashyap does not clearly teach wherein the secure processing element uses the secure processing element uses the third system image to return the second system image to the clean install of the operating system.  (However, see Kashyap above where it is described that a template of the second system image created using the third system image returns the second system image to the clean install of the operating system)
However, Largman teaches wherein the secure processing element uses the third system image to return the second system image to the clean install of the operating system.  ([Largman, para. 0066; para. 0124; para. 0136; para. 0358] the controlling computing environment may reformat and/or clean data stores associated with another computing environment [a second system image] after a user has used it by copying data stores of the master template [a third system image]. [Para. 0162-0163] A master template represents an ideal state of a computer system including the operating system.  [Para. 0401] in an embodiment, the control computing environment does not allow copying between user computing environments, and is a secure computer environment/processing element)
It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Thompson in view of Kashyap with the teachings of Largman to include wherein the secure processing element uses the third system image to return the second system image to the clean install of the operating system.  One of ordinary skill in the such an operation makes all known and unknown viruses and Trojan horses impotent prior to a next transaction.  (Largman, para. 0358)

As per claim 10, Thompson in view of Kashyap and Largman teaches claim 9.  
Thompson alone does not clearly teach wherein the memory of the secure computing element further stores a fourth system image.
However, Kashyap teaches wherein the memory of the secure computing element further stores a fourth system image.  ([Kashyap, para. 0108] embodiments provides a secure environment [a secure computing element] to prevent malicious code from any lasting change in a computer system.  [Fig. 3; para. 0068] a number of different UCVMs, for example UCVM 350 [a first system image], UCVM 352 [a second system image], and UCVM 354 [a fourth system image] is described according to an embodiment of the invention where the VMs are different from one another [see Fig. 5; para. 0083: UCVM 350 is a personal VM, UCVM 352 is a first corporate VM, and UCVM 354 is a second corporate VM].  [Para. 0052] the UCVM is created in the memory of the system)
It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to combine the teachings of Thompson and Kashyap for the same reasons as disclosed above.  

As per claim 11, Thompson in view of Kashyap and Largman teaches claim 10.  
Thompson alone does not clearly teach wherein: the fourth system image comprises a clean install of the operating system files and a clean install of the application files; and 
However, Kashyap teaches wherein: the fourth system image comprises a clean install of the operating system files and a clean install of the application files; and ([Kashyap, para. 0056-0057] UCVMs including UCVM 354 is cloned from a clean UCVM master template [clean install of the operating system files] that contains a copy of the operating system and a restricted copy of the files system [clean install of the application files)
the fourth system image comprises no user files.  ([Kashyap, para. 0056] user files are not exposed to UCVMs including UCVM 354.  [Alternatively, para. 0069] if a program were started without any association with a file, then necessary user files would correspond to an empty virtual folder)
It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to combine the teachings of Thompson and Kashyap for the same reasons as disclosed above.  

As per claim 12, Thompson in view of Kashyap and Largman teaches claim 11.  
Thompson alone and Thompson in view of Kashyap does not clearly teach wherein the human input device is configured such that selected actuations thereof transition the public computing element from running the first system image to running the fourth system image.
However, Largman teaches wherein the human input device is configured such that selected actuations thereof transition the public computing element from running the first system image to running the fourth system image.  ([Largman, Fig. 2; para. 0089-0090; para. 0284] computing environments 1508-1 to 1508-M are selectively coupleable [selected actuations transitioning] by I/O switch system 1510 to isolate different computing environments, switchable connected with selected computing environments, for example switching computing environment 1508-1 from on to off [from running the first system image] and switching computing environment 1508-4 from off to on [to running the fourth system image] in manner such that there is only one output from the computing environment from the plurality of inputs.  [Para. 0090] the switch can be a mechanical switch [a human input device].  [Para. 0045] computing environments may be one or more user computing environments that allow the user to complete an activity requiring an external network connection such as receiving email [a public element].  [Fig. 10B; Fig. 10C; para. 0230] for example, IPUCE #1 [first system image] and IPUCE #4 [a fourth system image] which both are switchable on/off and connected to the internet)
It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to combine the teachings of Thompson in view of Kashyap and Largman for the same reasons as disclosed above.  

As per claim 13, Thompson in view of Kashyap and Largman teaches claim 12.  
Thompson alone and Thompson in view of Kashyap does not clearly teach wherein one actuation of the human input device causes the public computing element to run the second system image; and a next actuation of the human input device causes the public computing element to run the fourth system image.
However, Largman teaches wherein one actuation of the human input device causes the public computing element to run the second system image; and   ([Largman, Fig. 2; para. 0089-0090; para. 0284] computing environments 1508-1 to 1508-M are selectively coupleable [selected actuations transitioning] by I/O switch system 1510 to isolate different computing environments, switchable connected with selected computing environments, for example switching computing environment 1508-2 from off to on [run the second system image] in manner such that there is only one output from the computing environment from the plurality of inputs.  [Para. 0090] the switch can be a mechanical switch [a human input device].  [Para. 0182-0183] The activation of the switch is in response to a first of a set of signals 2180 input from a user [one actuation])
a next actuation of the human input device causes the public computing element to run the fourth system image.    ([Largman, Fig. 2; para. 0089-0090; para. 0284] computing environments 1508-1 to 1508-M are selectively coupleable [selected actuations transitioning] by I/O switch system 1510 to isolate different computing environments, switchable connected with selected computing environments, for example switching computing environment 1508-4 from off to on [run the fourth system image] in manner such that there is only one output from the computing environment from the plurality of inputs.  [Para. 0090] the switch can be a mechanical switch [a human input device]. [Para. 0182-0183] the activation of the switch is in response to a second of a set of signals 2180 input from a user [next actuation])
It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to combine the teachings of Thompson in view of Kashyap and Largman for the same reasons as disclosed above. 

As per claim 14, Thompson in view of Kashyap and Largman teaches claim 13.  
Thompson alone and Thompson in view of Kashyap does not clearly teach wherein the secure processing element uses the third system image to return the fourth system image to the clean install of the operating system files and the clean install of the application files after the public computing element transitions from running the fourth system image to running the first system image.
However, Largman teaches wherein the secure processing element uses the third system image to return the fourth system image to the clean install of the operating system files and the clean install of the application files ([Largman, para. 0066; para. 0124; para. 0136; para. 0358] the controlling computing environment may reformat and/or clean data stores associated with another computing environment [a fourth system image] after a user has used it by copying data stores of the master template [a third system image]. [Para. 0162-0163] A master template represents an ideal state of a computer system including the operating system)  after the public computing element transitions from running the fourth system image to running the first system image. ([Para. 0136] such an event occurs after coupling with a user computing environment [after a transition].  [Para. 0089-0090; para. 0284] computing environments 1508-1 to 1508-N are selectively coupleable [selected actuations transitioning] by I/O switch system 1510 to isolate different computing environments, switchable connected with selected computing environments, for example switching computing environment 1508-4 from on to off [from running the fourth system image] and switching computing environment 1508-1 from off to on [to running the first system image] in manner such that there is only one output computing environment from the plurality of input computing environments.
It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to combine the teachings of Thompson in view of Kashyap and Largman for the same reasons as disclosed above. 

As per claim 15, Thompson teaches a system comprising: a computer chassis; ([Thompson, Fig. 2; para. 0034] the system is a personal computer including a computer chassis/housing) 
a secure computing element fixed within the computer chassis; ([Thompson, Fig. 1; Fig. 2; para. 0028] the private motherboard 202 in a private zone [a secure computing element] is implemented in using a secure processor packaged in a tamper-resistant housing that is physically isolated from a second processor that’s part of a public motherboard in a public zone [a public computing element])
the secure computing element comprising memory storing first, [second, third, and fourth system images];  ([Thompson, para. 0035] private zone 202 includes private memory 306.  [Para. 0027] a private virtual machine [a first image] is implemented in the private zone isolated from the public zone.  The secure computing element comprising memory storing a second, third, and fourth system image is taught by Kashyap below)
	a public computing element fixed within the computer chassis; ([Thompson, Fig. 1; Fig. 2; para. 0028] the private motherboard 202 in a private zone [a secure computing element] is implemented in using a secure processor packaged in a tamper-resistant housing that is physically isolated from a second processor that’s part of a public motherboard in a public zone [a public computing element] in the computer)
a first human input device comprising first hardware fixed with respect to the computer chassis; ([Thompson, Fig. 1A; para. 0026] the system includes hardware input devices 168 such as keyboards [a first input device], touchscreen or other input devices in the computer)
a second human input device comprising second hardware fixed with respect to the computer chassis; and ([Thompson, Fig. 1A; para. 0026] the computer includes hardware input devices 168 such as keyboards, touchscreen or other input devices [a second input device])
Thompson alone does not clearly teach the secure computing element comprising memory storing a second, third, and fourth system image; the first human input device configured such that actuation thereof transitions the public computing element from running the first system image to running one of the second and third system images; and the second human input device configured such that actuation thereof transitions the public computing element from running one of the second and third system images to running the first system image.
However, Kashyap teaches the secure computing element comprising memory storing a second, third, and fourth system image.   ([Kashyap, para. 0108] embodiments provides a secure environment [a secure computing element] to prevent malicious code from any lasting change in a computer system.  [Fig. 3; para. 0068] a number of different UCVMs, for example UCVM 350 [a first system image] and UCVM 352 [a second system image], and UCVM 354 [a third system image], and a generic stripped down OS image 322 is described according to an embodiment of the invention.  [Para. 0052] the UCVM is created in the memory of the system.  The computer system includes main memory 906 for storing information including the generic OS image 322 and the UCVMs) 
It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the elements disclosed by Thompson with the teachings of such a technique would provide the benefit of eliminating the risk of executing untrusted code/interpreting untrusted data when two or more corporate entities have different policies towards managing the risk of the untrusted code/data.  (Kashyap, para. 0035)
Thompson in view of Kashyap does not clearly teach the first human input device configured such that actuation thereof transitions the public computing element from running the first system image to running one of the second and third system images; and the second human input device configured such that actuation thereof transitions the public computing element from running one of the second and third system images to running the first system image.
However, Largman teaches the second human input device configured such that actuation thereof transitions the public computing element from running one of the second and third system images to running the first system image.  ([Largman, Fig. 2; para. 0089-0090; para. 0284] computing environments 1508-1 to 1508-M are selectively coupleable [selected actuations transitioning] by I/O switch system 1510 to isolate different computing environments, switchable connected with selected computing environments, for example switching computing environment 1508-1 from on to off [from running the second system image] and switching computing environment 1508-2/1508-3 from off to on [running the third system image and running the second system image] in manner such that there is only one output [running one of the images] from the computing environment from the plurality of inputs.  [Para. 0090] the switch can be a mechanical switch [a first human input device].  [Para. 0045] computing environments may be one or more user computing environments that allow the user to complete an activity requiring an external network connection such as receiving email [a public element])
([Largman, Fig. 2; para. 0089-0090; para. 0284] computing environments 1508-1 to 1508-M are selectively coupleable [selected actuations transitioning] by I/O switch system 1510 to isolate different computing environments, switchable connected with selected computing environments, for example switching computing environment 1508-2/1508-3 from on to off [running the third system image and running the second system image] and switching computing environment 1508-1 from off to on [running the first system image] in manner such that there is only one output [running one of the images] from the computing environment from the plurality of inputs.  [Para. 0090] the switch can be a second/plurality/multiplicity of mechanical switches [a second human input device].  [Para. 0045] computing environments may be one or more user computing environments that allow the user to complete an activity requiring an external network connection such as receiving email [a public element])
It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the elements disclosed by Thompson in view of Kashyap with the teachings of Largman to include the first human input device configured such that actuation thereof transitions the public computing element from running the first system image to running one of the second and third system images; and the second human input device configured such that actuation thereof transitions the public computing element from running one of the second and third system images to running the first system image.  One of ordinary skill in the art would have been motivated to make this modification because 1) such human input devices provide a guaranteed level of isolation between the different computing environments, and 2) such methods of switching computing environments allow for minimal hardware use reducing the cost, size and power consumption of the device hardware.  (Largman, para. 0090; para. 0257)

As per claim 16, the claim language is identical or substantially similar to that of claim 3. Therefore, it is rejected under the same rationale applied to claim 3.

As per claim 17, the claim language is identical or substantially similar to that of claim 4. Therefore, it is rejected under the same rationale applied to claim 4.

As per claim 18, Thompson in view of Kashyap and Largman teaches claim 17.  
Thompson alone does not clearly teach the second and third system images each comprise a clean install of the operating system files and a clean install of the application files; and neither the second system image nor the third system image comprises user files.  
However, Kashyap teaches the second and third system images each comprise a clean install of the operating system files and a clean install of the application files; and ([Kashyap, para. 0056-0057] UCVMs including UCVM 352 and UCVM 354 are cloned from a clean UCVM master template [clean install of the operating system files] that contains a copy of the operating system and a restricted copy of the files system [clean install of the application files)
neither the second system image nor the third system image comprises user files.  ([Kashyap, para. 0056] user files are not exposed to UCVMs including UCVM 352 and 354.  [Alternatively, para. 0069] if a program were started without any association with a file, then necessary user files would correspond to an empty virtual folder)
It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to combine the teachings of Thompson and Kashyap for the same reasons as disclosed above. 


Thompson alone does not clearly teach wherein the fourth system image is a reference system image suitable for resetting the second and third system images;  
However, Kashyap teaches wherein the fourth system image is a reference system image suitable for resetting the second and third system images;  ([Kashyap, para. 0068] the generic stripped down OS image 322 [reference system image] is used to provide UCVMs, such as a template UCVM, minimal OS & program files.  [Para. 0053] the UCVM 352 may be recreated very quickly [a reset of the UCVM] by cloning the UCVM from a master template UCVM 352 [see, as an example description of the creation process, para. 0056-0057, or para. 0083, Fig. 5, where a CVM-1 is the UCVM 352 and CVM-0 is the master template UCVM-352])
It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to combine the teachings of Thompson and Kashyap for the same reasons as disclosed above. 
Thompson in view of Kashyap does not clearly teach the secure processing element uses the fourth system image to return the second system image to a clean install after an actuation of the second human input device transitions the public computing element from running the second system image to running the first system image; and the secure processing element uses the fourth system image to return the third system image to a clean install after an actuation of the second human input device transitions the public computing element from running the third system image to running the first system image.
However, Largman teaches the secure processing element uses the fourth system image to return the second system image to a clean install ([Largman, para. 0066; para. 0124; para. 0136; para. 0358] the controlling computing environment may reformat and/or clean data stores associated with another computing environment [a second system image] after a user has used it by copying data stores of the master template [a fourth system image]. [Para. 0162-0163] A master template represents an ideal state of a computer system including the operating system)  after an actuation of the second human input device transitions the public computing element from running the second system image to running the first system image; and ([Para. 0136] such an event occurs after coupling with a user computing environment [after a transition].  [Para. 0089-0090; para. 0284] computing environments 1508-1 to 1508-N are selectively coupleable [selected actuations transitioning] by I/O switch system 1510 to isolate different computing environments, switchable connected with selected computing environments, for example switching computing environment 1508-2 from on to off [from running the second system image] and switching computing environment 1508-1 from off to on [to running the first system image] in manner such that there is only one output computing environment from the plurality of input computing environments.  [Para. 0045] computing environments may be one or more user computing environments that allow the user to complete an activity requiring an external network connection such as receiving email [a public computing element transitioning]) 
the secure processing element uses the fourth system image to return the third system image to a clean install ([Largman, para. 0066; para. 0124; para. 0136; para. 0358] the controlling computing environment may reformat and/or clean data stores associated with another computing environment [a third system image] after a user has used it by copying data stores of the master template [a fourth system image]. [Para. 0162-0163] A master template represents an ideal state of a computer system including the operating system)  after an actuation of the second human input device transitions the public computing element from running the third system image to running the first system image.  ([Para. 0136] such an event occurs after coupling with a user computing environment [after a transition].  [Para. 0089-0090; para. 0284] computing environments 1508-1 to 1508-N are selectively coupleable [selected actuations transitioning] by I/O switch system 1510 to isolate different computing environments, switchable connected with selected computing environments, for example switching computing environment 1508-3 from on to off [from running the third system image] and switching computing environment 1508-1 from off to on [to running the first system image] in manner such that there is only one output computing environment from the plurality of input computing environments.  [Para. 0045] computing environments may be one or more user computing environments that allow the user to complete an activity requiring an external network connection such as receiving email [a public computing element transitioning]) 
It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to combine the teachings of Thompson in view of Kashyap and Largman for the same reasons as disclosed above. 

As per claim 20, Thompson teaches a method comprising obtaining a computer system comprising a computer chassis.  ([Thompson, Fig. 2; para. 0003; para. 0034] the implementation of the method involves protecting/obtaining a personal computer including a computer chassis/housing)
The method performs the steps of obtaining the computer system of claim 1, has language that is identical or substantially similar to the method of claim 1, and thus is rejected with the same rational applied against claim 1.  
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
De Lima Junior et al. (US Pub. 2019/0140831) discloses a virtual machine structure that involves separating a secure/public processing environment into different virtual machines, such that there are different security levels of which VMs are generated with or without user files/public access.  
Chen et al. (US Pub. 2018/0189089) discloses determining a delta between a first VM image and a file system of a first OS Base image and cleaning the first VM image by applying the delta.  

Walsh et al. (US Pub. 2012/0216285) discloses a sandbox tool that creates an isolated/secure execution environment and a user execution environment where different settings may be applied to VMs within the environments including not allowing network usage, or restricting user file access (i.e. creating a secure VM with no user files).   
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZHE LIU whose telephone number is (571) 272-3634.  The examiner can normally be reached on Monday - Friday: 8:30 AM to 5:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on (571) 272-3862.  The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at (866) 217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call (800) 786-9199 (IN USA OR CANADA) or (571) 272-1000.
/Z.L./Examiner, Art Unit 2493

/Jeremy S Duffield/Primary Examiner, Art Unit 2498