DETAILED ACTION

 Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on  11/29/2021 has been entered.
 
Response to Arguments
Applicant's arguments are moot in view of the allowance herein.


Claim Rejections - 35 USC § 112
The previous 112 rejection(s) are withdrawn in view of applicant's amended claim language.

EXAMINER'S AMENDMENT

An examiner' s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.

Authorization for this examiner' s amendment was given in an interview with Russell Jeide on 12-01-2021

The application has been amended as follows: 


(Currently Amended) A method performed by one or more processors, the method comprising: 
requesting a custom computer program by a user having a user privilege level; 
receiving, in response to the request, the custom computer program including source code comprising a plurality of operations, the source code of the custom computer program being authored and provided by a developer;   
loading the custom computer program into an iframe sandbox to limit which of the plurality of operations that the custom computer program is able to perform; 
executing the custom computer program within the iframe sandbox;
initiating, by the executing custom computer program, a request for performance of an operation of the plurality of operations by the iframe sandbox; 
in response to the iframe sandbox not permitting the requested operation, receiving the requested operation at a secure request forwarder; 
identifying the operation; 
using the identified operation, request a first indication of security privileges and a second indication of security privileges from a security server; 
wherein the first indication of security privileges is specific to the developer and the second indication of security privileges is specific to the custom computer program; and 
wherein the first indication includes a first privilege level specific to the identified operation and the second indication includes a second privilege level specific to the identified operation
receiving the first indication of security privileges and the second indication of security privileges from the security server; and 
in response to determining that the first privilege level indicates that the custom computer program is permitted to perform the identified operation and the second privilege level indicates that the custom computer program is permitted to perform the identified operation, causing the identified operation to be performed;
wherein when the operation is not permitted by the iframe sandbox, the secure request forwarder may cause the unpermitted operation to be performed outside of the iframe sandbox if the first privilege level  and the second privilege level indicate the unpermitted operation should be permitted.



Currently Amended)	A computing system comprising: 

a hardware computer processor; 
a non-transitory computer readable medium having software instructions stored thereon,
the software instructions executable by the hardware computer processor to cause the computing system to perform operations comprising: 
requesting a custom computer program by a user having a user privilege level; 
receiving, in response to the request, the custom computer program including source code comprising a plurality of operations, the source code of the custom computer program being authored and provided by a developer;   
loading the custom computer program into an iframe sandbox to limit which of the plurality of operations that the custom computer program is able to perform; 
executing the custom computer program within the iframe sandbox;
initiating, by the executing custom computer program, a request for performance of an operation of the plurality of operations by the iframe sandbox; 
in response to the iframe sandbox not permitting the requested operation, receiving the requested operation at a secure request forwarder; 
identifying the operation; 
using the identified operation, request a first indication of security privileges and a second indication of security privileges from a security server; 
wherein the first indication of security privileges is specific to the developer and the second indication of security privileges is specific to the custom computer program; and 
wherein the first indication includes a first privilege level specific to the identified operation and the second indication includes a second privilege level specific to the identified operation
receiving the first indication of security privileges and the second indication of security privileges from the security server; and 
in response to determining that the first privilege level indicates that the custom computer program is permitted to perform the identified operation and the second privilege level indicates that the custom computer program is permitted to perform the identified operation, causing the identified operation to be performed;
wherein when the operation is not permitted by the iframe sandbox, the secure request forwarder may cause the unpermitted operation to be performed outside of the iframe sandbox if the first privilege level  and the second privilege level indicate the unpermitted operation should be permitted.
(Currently Amended)	A non-transitory computer readable medium having software instructions stored thereon, the software instructions executable by a hardware computer processor to cause a computing system to perform operations comprising:
requesting a custom computer program by a user having a user privilege level; 
receiving, in response to the request, the custom computer program including source code comprising a plurality of operations, the source code of the custom computer program being authored and provided by a developer;   
loading the custom computer program into an iframe sandbox to limit which of the plurality of operations that the custom computer program is able to perform; 
executing the custom computer program within the iframe sandbox;
initiating, by the executing custom computer program, a request for performance of an operation of the plurality of operations by the iframe sandbox; 
in response to the iframe sandbox not permitting the requested operation, receiving the requested operation at a secure request forwarder; 
identifying the operation; 
using the identified operation, request a first indication of security privileges and a second indication of security privileges from a security server; 
wherein the first indication of security privileges is specific to the developer and the second indication of security privileges is specific to the custom computer program; and 
wherein the first indication includes a first privilege level specific to the identified operation and the second indication includes a second privilege level specific to the identified operation
receiving the first indication of security privileges and the second indication of security privileges from the security server; and 
in response to determining that the first privilege level indicates that the custom computer program is permitted to perform the identified operation and the second privilege level indicates that the custom computer program is permitted to perform the identified operation, causing the identified operation to be performed;
wherein when the operation is not permitted by the iframe sandbox, the secure request forwarder may cause the unpermitted operation to be performed outside of the iframe sandbox if the first privilege level  and the second privilege level indicate the unpermitted operation should be permitted.


Allowable Subject Matter
Claims 1, 3, 5–7, 10–11, and 21-22 are allowed.

The following is an examiner' s statement of reasons for allowance: 
Schackow (US 2008/0189757  ) discloses in [0024] that a request may be denied for an operation running inside a sandbox (Fig 1A 106)

Elvanoglu et al  (US 2003/0135504  ) discloses in [0049], that security privileges may be set for a program running inside an iframe.

Parikh et al  (US 2007/0199051) discloses in [0028], that a program may be blocked from running within an iframe during a zone-elevation attempt.

Tulshibagwale  (US 2016/0134639) discloses in [0034], that a browser may execute code to create a hidden iframe to facilitate communications with a privilege server.

Bhowmick et al (US 10,783,548) discloses in (48) that a browser does not allow code such as JavaScript to run inside an iframe.

Smith et al (US 10,104,052) discloses in C7 line 4 – C8 line  17 that a security token that identifies either a vendor or content to allow a party to remotely expand or collapse an advertising window is inserted into an iframe within a web page along with the content as a way to provide dynamic behavior from a 3rd party via an iframe.

The prior art of record does not explicitly disclose in light of the other features recited in the independent claims, 
initiating, by the executing custom computer program, a request for performance of an operation of the plurality of operations by the iframe sandbox
in response to the iframe sandbox not permitting the requested operation, receiving the requested operation at a secure request forwarder
using the identified operation, request a first indication of security privileges and a second indication of security privileges from a security server
wherein when the operation is not permitted by the iframe sandbox, the secure request forwarder may cause the unpermitted operation to be performed outside of the iframe sandbox if the first privilege level  and the second privilege level indicate the unpermitted operation should be permitted



Conclusion
	
Any inquiry concerning this communication or earlier communications from the examiner should be directed to RICHARD A MCCOY whose telephone number is (313)446-6520.  The examiner can normally be reached on M - F 10 - 6.

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on 571 272 2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/RICHARD A MCCOY/Examiner, Art Unit 2431