DETAILED ACTION
	This office action is in response to the communication filed on October 19, 2021. Claims 1-20 and 27-30 are currently pending.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 10/19/21 has been entered.

Response to Arguments
	Applicant's arguments filed on October 19, 2021 have been fully considered but they are not persuasive for the following reasons:

Applicant in Pages 10-11 of the Remarks argues that Borzycki, Mazin, Shlomai, Smith, and Thomas do not teach or even suggest the features "determining that the data file is to be opened in the virtual computing environment based at least in part on the determination of where the first and second applications are located and a policy defining that data files of the corresponding file type are to be opened in the virtual computing environment due to increased security of the virtual computing environment compared to the environment of the computing device", as disclosed in amended independent claim 1.

Examiner respectfully disagrees. The cited prior art alone and/or in combination discloses the argued features.

In response to applicant's arguments against the references individually, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986).

Borzycki in Paragraph 11 discloses intercepting an incoming request to open unverified content, comparing particular information about the unverified content against predetermined criteria, which is a policy, to determine that the content will be launched by a virtual machine in a separate disposable environment, where the unverified content comprises malicious code that will compromise security of the user device when the malicious code is opened, and causing the content to be opened by the virtual machine.
Borzycki in Paragraph 56 discloses one or more virtual machines where one or more of the virtual machines are unsecure compared to one or more secure virtual 
Borzycki in Paragraph 66 discloses allowing mobile device to open potentially malignant content such as email attachment, url in an email, uri to an application in a disposable, quarantined, separate physically different execution environment.
Borzycki Paragraphs 69 and 71 discloses while some applications/files are secured for use on mobile device others are not prepared or appropriate for deployment on the mobile device so election is made to access those applications/files through virtualization.
Borzycki Paragraphs 113 and 114 discloses a user of a computing device attempting to open on the mobile device an attachment using an e-mail application, determining to launch the file in a disposable environment for the user.

Therefore, Borzycki disclosing determining a data file should be opened in a virtual computing environment based on a policy defining that particular types of files that are unsecured files should be opened in a virtual environment to not compromise security of a user device environment, where a secure virtual environment is selected over an unsecured virtual environment among a plurality of virtual environments to open to file using a secured application is "determining that the data file is to be opened in the virtual computing environment based at least in part on a policy defining that data files of the corresponding file type are to be opened in the virtual computing environment due to increased security of the virtual computing environment compared to the environment of the computing device".

Borzycki determining that the data file is to be opened in the virtual computing environment based at least in part on a policy, however, does not explicitly disclose “determining that the data file is to be opened in the virtual computing environment based at least in part on the determination of where the first and second applications are located”, but the Mazin reference discloses the feature.

Mazin in Column 1 lines 39-64 and Column 3 lines 6-26 discloses detecting a request to perform an action on a file in a system environment, file having an associated file extension, system environment includes applications for opening files, in response to the request detecting if an application to open the file is in the system environment, if the file extension is not associated with any of the applications in the system environment then querying virtual environments to find an association between the file extension and an application, identifying at least one virtual environment in which the extension is associated with an application of a plurality of applications, and opening the file in a selected virtual environment.
Mazin in Column 8 lines 9-32 and Figure 5 discloses if the file extension has known associations then moving to default processing to complete the action of opening the file in the system environment, otherwise using virtual environment to complete the action of opening the file

Therefore, Mazin disclosing determining if a type of file can be opened by one of a plurality of applications in a system environment, if it can be opened by one of the applications in the system environment, then default action to open the file in the system environment is taken, if no applications in the system environment can open the file, then applications in virtual environments are searched for finding a virtual environment with an application that can open the file to complete the action is “determining that the data file is to be opened in the virtual computing environment based at least in part on the determination of where the first and second applications are located”.

It would have been obvious to a person of ordinary skill in the art, having the teachings of Borzycki and Mazin, to have combined Borzycki and Mazin. The motivation to combine Borzycki and Mazin would be to minimize changes to expected user experience by handling file extensions and their associations in system environment and virtual environments.

Therefore, Borzycki and Mazin alone and/or in combination discloses the argued features "determining that the data file is to be opened in the virtual computing environment based at least in part on the determination of where the first and second applications are located and a policy defining that data files of the corresponding file type are to be opened in the virtual computing environment due to increased security of the virtual computing environment compared to the environment of the computing device", as disclosed in independent claim 1.


Applicant in Page 12 of the Remarks argues that Borzycki, Mazin, Shlomai, Smith, and Thomas do not teach or even suggest the features "determine that the data file is to be opened in the second computing environment based at least in part on the locations and a policy defining that data files of the corresponding file type are to be opened in the second computing environment due to increased security of the second computing environment compared to the first computing environment", as disclosed in amended independent claim 5.

Examiner respectfully disagrees. The cited prior art alone and/or in combination discloses the argued features.

In response to applicant's arguments against the references individually, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986).

Borzycki in Paragraph 11 discloses intercepting an incoming request to open unverified content, comparing particular information about the unverified content against predetermined criteria, which is a policy, to determine that the content will be launched by a virtual machine in a separate disposable environment, where the unverified content comprises malicious code that will compromise security of the user device when the malicious code is opened, and causing the content to be opened by the virtual machine.
Borzycki in Paragraph 56 discloses one or more virtual machines where one or more of the virtual machines are unsecure compared to one or more secure virtual machines, where unsecured virtual machines are prevented from accessing resources and programs that secure virtual machines are permitted to access.
Borzycki in Paragraph 66 discloses allowing mobile device to open potentially malignant content such as email attachment, url in an email, uri to an application in a disposable, quarantined, separate physically different execution environment.
Borzycki Paragraphs 69 and 71 discloses while some applications/files are secured for use on mobile device others are not prepared or appropriate for deployment on the mobile device so election is made to access those applications/files through virtualization.
Borzycki Paragraphs 113 and 114 discloses a user of a computing device attempting to open on the mobile device an attachment using an e-mail application, determining to launch the file in a disposable environment for the user.

Therefore, Borzycki disclosing determining a data file should be opened in a virtual computing environment based on a policy defining that particular types of files that are unsecured files should be opened in a virtual environment to not compromise security of a user device environment, where a secure virtual environment is selected over an unsecured virtual environment among a plurality of virtual environments to open to file using a secured application is "determine that the data file is to be opened in the second computing environment based at least in part on a policy defining that data files of the corresponding file type are to be opened in the second computing environment due to increased security of the second computing environment compared to the first computing environment".

Borzycki determining that the data file is to be opened in the virtual computing environment based at least in part on a policy, however, does not explicitly disclose “determine that the data file is to be opened in the second computing environment based at least in part on the locations”, but the Mazin reference discloses the feature.

Mazin in Column 1 lines 39-64 and Column 3 lines 6-26 discloses detecting a request to perform an action on a file in a system environment, file having an associated file extension, system environment includes applications for opening files, in response to the request detecting if an application to open the file is in the system environment, if the file extension is not associated with any of the applications in the system environment then querying virtual environments to find an association between the file extension and an application, identifying at least one virtual environment in which the extension is associated with an application of a plurality of applications, and opening the file in a selected virtual environment.
Mazin in Column 8 lines 9-32 and Figure 5 discloses if the file extension has known associations then moving to default processing to complete the action of opening the file in the system environment, otherwise using virtual environment to complete the action of opening the file

Therefore, Mazin disclosing determining if a type of file can be opened by one of a plurality of applications in a system environment, if it can be opened by one of the applications in the system environment, then default action to open the file in the system environment is taken, if no applications in the system environment can open the file, then applications in virtual environments are searched for finding a virtual environment with an application that can open the file to complete the action is “determine that the data file is to be opened in the second computing environment based at least in part on the locations”.

It would have been obvious to a person of ordinary skill in the art, having the teachings of Borzycki and Mazin, to have combined Borzycki and Mazin. The motivation to combine Borzycki and Mazin would be to minimize changes to expected user experience by handling file extensions and their associations in system environment and virtual environments.

Therefore, the cited prior art Borzycki and Mazin alone and/or in combination discloses the argued features "determine that the data file is to be opened in the second computing environment based at least in part on the locations and a policy defining that data files of the corresponding file type are to be opened in the second computing environment due to increased security of the second computing environment compared to the first computing environment", as disclosed in amended independent claim 5.

Applicant in Page 12 of the Remarks argues that Borzycki, Mazin, Shlomai, Smith, and Thomas do not teach or even suggest the features "select a selected single-tenant virtual computing environment from the plurality of single-tenant virtual computing environments based at least in part on a policy defining that data files of the corresponding file type are to be opened in a single-tenant virtual computing environment having greatest security compared to the first computing environment", as disclosed in amended independent claim 13.

Examiner respectfully disagrees. The cited prior art alone and/or in combination discloses the argued features.

Borzycki in Paragraph 11 discloses intercepting an incoming request to open unverified content, comparing particular information about the unverified content against predetermined criteria, which is a policy, to determine that the content will be launched by a virtual machine in a separate disposable environment, where the unverified content comprises malicious code that will compromise security of the user device when the malicious code is opened, and causing the content to be opened by the virtual machine.
Borzycki in Paragraph 56 discloses one or more virtual machines where one or more of the virtual machines are unsecure compared to one or more secure virtual machines, where unsecured virtual machines are prevented from accessing resources and programs that secure virtual machines are permitted to access.
Borzycki in Paragraph 66 discloses allowing mobile device to open potentially malignant content such as email attachment, url in an email, uri to an application in a disposable, quarantined, separate physically different execution environment.
Borzycki Paragraphs 69 and 71 discloses while some applications/files are secured for use on mobile device others are not prepared or appropriate for deployment on the mobile device so election is made to access those applications/files through virtualization.
Borzycki Paragraphs 113 and 114 discloses a user of a computing device attempting to open on the mobile device an attachment using an e-mail application, determining to launch the file in a disposable environment for the user, which is a single-tenant virtual computing environment.

Therefore, Borzycki disclosing determining a data file should be opened in a virtual computing environment based on a policy defining that particular types of files that are unsecured files should be opened in a single-tenant virtual environment to not compromise security of a user device environment, where a secure virtual environment is selected over an unsecured virtual environment among a plurality of virtual environments to open to file using a secured application in the secured virtual environment is "select a selected single-tenant virtual computing environment from the plurality of single-tenant virtual computing environments based at least in part on a policy defining that data files of the corresponding file type are to be opened in a single-tenant virtual computing environment having greatest security compared to the first computing environment".

Therefore, Borzycki discloses the argued features "select a selected single-tenant virtual computing environment from the plurality of single-tenant virtual computing environments based at least in part on a policy defining that data files of the corresponding file type are to be opened in a single-tenant virtual computing environment having greatest security compared to the first computing environment", as disclosed in independent claim 13.

For the above reasons, Examiner states that rejection of the current Office action is proper.

Claim Objections
Claims 1, 3-5, 7, 9, 12, 13, 17, 19, and 27 are objected to because of the following informalities:
 In Claims 1, 3-5, 7, 9, 12, 13, 17, 19, and 27 the phrase “to be” is objected to as it refers to intended use. Appropriate correction is required.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-4, 27, and 30 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claims 1 recites the limitation "the determination of where the first and second applications are located" in lines 5-6.  There is insufficient antecedent basis for this limitation in the claim.
 
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim 1, 4-6, 8-10, 12-18, 20, and 30 is/are rejected under 35 U.S.C. 103 as being unpatentable over Borzycki (US Pub 2015/0089497) in view of Mazin (US Pat 8,387,047).

With respect to claim 1, Borzycki discloses a computer-implemented method comprising:
detecting input into an input device of the computing device indicating a command to open a data file, the data file accessible using at least one application installed on the computing device and the data file having a corresponding file type (Borzycki: Paragraph 12 – receive request to open unverified content; Paragraph 66 – allow mobile device to open potentially malignant content such as email attachment, url in an email, uri to an application in a disposable, quarantined, separate physically different execution environment; Paragraphs 113 and 114 – a user of a computing device attempts to open on the mobile device an attachment using an e-mail application, determine to launch the file in a disposable environment; Figs 1 and 8);...
determining that the data file is to be opened in the virtual computing environment based at least in part on the determination of where the first and second applications are located and a policy defining that data files of the corresponding file type are to be opened in the virtual environment due to increased security of the virtual computing environment compared to the environment of the computing device (Borzycki: Paragraph 11 - intercepting an incoming request to open unverified content, comparing particular information about the unverified content against predetermined criteria, which is a policy, to determine that the content will be launched by a virtual machine in a separate disposable environment, where the unverified content comprises malicious code that will compromise security of the user device when the malicious code is opened, and causing the content to be opened by the virtual machine; Paragraph 56 - one or more virtual machines where one or more of the virtual machines are unsecure compared to one or more secure virtual machines, where unsecured virtual machines are prevented from accessing resources and programs that secure virtual machines are permitted to access; Paragraph 66 - allowing mobile device to open potentially malignant content such as email attachment, url in an email, uri to an application in a disposable, quarantined, separate physically different execution environment; Paragraphs 69 and 71 - while some applications/files are secured for use on mobile device others are not prepared or appropriate for deployment on the mobile device so election is made to access those applications/files through virtualization; Paragraphs 113 and 114 - a user of a computing device attempting to open on the mobile device an attachment using an e-mail application, determining to launch the file in a disposable environment for the user; here Borzycki does not explicitly disclose determining to open a file in the virtual computing environment based on the determination of where the first and second applications are located, but the Mazin reference discloses the feature, as discussed below);
providing the data file to the virtual computing environment for execution in the virtual computing environment (Borzycki: Paragraph 66 – allow mobile device to open potentially malignant content such as email attachment, url in an email, uri to an application in a disposable, quarantined, separate physically different execution environment); and
transmitting, over the network, one or more executable instructions to cause the virtual computing environment to launch at least one of the plurality of applications usable to open the data file within the virtual computing environment (Borzycki: Paragraph 42 – client device displays application output generated by an application remotely executing on a server; Paragraph 66 – allow mobile device to open potentially malignant content such as email attachment, url in an email, uri to an application in a disposable, quarantined, separate physically different execution environment, which is an appropriate application to open malignant content; Paragraphs 113 and 114 – a user of a computing device attempts to open on the mobile device an attachment using an e-mail application, determine to launch the file in a disposable environment; here Borzycki does not explicitly discloses at least one of a plurality of applications, but the Mazin reference discloses the feature, as discussed below).
Borzycki discloses determining an application to open a data file type and opening the data file with an application within a virtual computing environment, however, Borzycki does not explicitly disclose:
determining, based at least in part on the corresponding file type, a first application usable to open the data file and a second application usable to open the data file, the first application installed on the computing device and the second application in a virtual computing environment;
making a determination of where the first and second applications are located, including determining that the first application is located in an environment of the computing device and determining that the second application is located in the virtual computing environment, the virtual computing environment and the environment of the computing device being separated by a network;
determining, based at least in part on the determination of where the first and second applications are located, that the data file is to be opened in the virtual computing environment;
The Mazin reference discloses determining, based at least in part on the corresponding file type, a first application usable to open the data file and a second application usable to open the data file, the first application installed on the computing device and the second application in a virtual computing environment (Mazin: Column 1 lines 39-64 and Column 3 lines 6-26 – detecting a request to perform an action on a file in a system environment, file having an associated file extension, system environment includes applications for opening files, in response to the request detecting if an application to open the file is in the system environment, if the file extension is not associated with any of the applications in the system environment then querying virtual environments to find an association between the file extension and an application, identifying at least one virtual environment in which the extension is associated with an application, and opening the file in a selected virtual environment; Column 8 lines 9-32 and Figure 5 - if the file extension has known associations then moving to default processing to complete the action of opening the file in the system environment, otherwise using virtual environment to complete the action of opening the file);
making a determination of where the first and second applications are located, including determining that the first application is located in an environment of the computing device and determining that the second application is located in the virtual computing environment, the virtual computing environment and the environment of the computing device being separated by a network (Mazin: Column 1 lines 39-64 – detecting a request to perform an action on a file in a system environment, file having an associated file extension, system environment includes applications for opening files, in response to the request detecting if an application to open the file is in the system environment, if the file extension is not associated with any of the applications in the system environment then querying virtual environments to find an association between the file extension and an application, identifying at least one virtual environment in which the extension is associated with an application, and opening the file in a selected virtual environment; Column 3 lines 6-56 and Figure 1 – virtual environments isolated from physical operating system environment by a network; Column 8 lines 9-32 and Figure 5 - if the file extension has known associations then moving to default processing to complete the action of opening the file in the system environment, otherwise using virtual environment to complete the action of opening the file; Figures 2 and 3);
determining, based at least in part on the determination of where the first and second applications are located, that the data file is to be opened in the virtual computing environment (Mazin: Column 1 lines 39-64 – detecting a request to perform an action on a file in a system environment, file having an associated file extension, system environment includes applications for opening files, in response to the request detecting if an application to open the file is in the system environment, if the file extension is not associated with any of the applications in the system environment then querying virtual environments to find an association between the file extension and an application, identifying at least one virtual environment in which the extension is associated with an application, and opening the file in a selected virtual environment; Column 8 lines 9-32 and Figure 5 - if the file extension has known associations then moving to default processing to complete the action of opening the file in the system environment, otherwise using virtual environment to complete the action of opening the file);
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, having the teachings of Borzycki and Mazin, to have combined Borzycki and Mazin. The motivation to combine Borzycki and Mazin would be to minimize changes to expected user experience by handling file extensions and their associations in system environment and virtual environments (Mazin: Column 1, lines 24-54).

With respect to claim 4, Borzycki in view of Mazin discloses the computer-implemented method of claim 1, further comprising, as a result of determining that the data file is to be opened in the virtual computing environment, providing one or more credentials associated with a user of the computing device to enable the computing device to be used to access the virtual computing environment (Borzycki: Paragraphs 30 and 72 – mobile device connects to resources through virtual network connections, single sign-in process allow a user to provide a single set of authentication credentials granting the user access to resources; Paragraph 83 – client agent login dependencies and containment policies restrict how OS services are used or interact with application; Paragraph 85 – client agent facilitates network connections by providing credentials obtained following online authentication; Figure 1).

With respect to claim 5, Borzycki discloses a system, comprising:
one or more processors (Borzycki: Paragraph 30 – processor; Figure 1); and
memory including instructions that, as a result of being executed by the one or more processors (Borzycki: Paragraph 30 – memory; Figure 1), cause the system to:
detect, in a first computing environment, a command to open a data file, the data file having a corresponding file type (Borzycki: Paragraph 12 – receive request to open unverified content; Paragraph 66 – allow mobile device to open potentially malignant content such as email attachment, url in an email, uri to an application in a disposable, quarantined, separate physically different execution environment; Paragraphs 113 and 114 – a user of a computing device attempts to open on the mobile device an attachment using an e-mail application, determine to launch the file in a disposable environment; Figs 1 and 8);...
determine, that the data file is to be opened in the second computing environment based at least in part on the locations and a policy defining that data files of the corresponding file type are to be opened in the second computing environment due to increased security of the second computing environment compared to the first computing environment (Borzycki: Paragraph 11 - intercepting an incoming request to open unverified content, comparing particular information about the unverified content against predetermined criteria, which is a policy, to determine that the content will be launched by a virtual machine in a separate disposable environment, where the unverified content comprises malicious code that will compromise security of the user device when the malicious code is opened, and causing the content to be opened by the virtual machine; Paragraph 56 - one or more virtual machines where one or more of the virtual machines are unsecure compared to one or more secure virtual machines, where unsecured virtual machines are prevented from accessing resources and programs that secure virtual machines are permitted to access; Paragraph 66 - allowing mobile device to open potentially malignant content such as email attachment, url in an email, uri to an application in a disposable, quarantined, separate physically different execution environment; Paragraphs 69 and 71 - while some applications/files are secured for use on mobile device others are not prepared or appropriate for deployment on the mobile device so election is made to access those applications/files through virtualization; Paragraphs 113 and 114 - a user of a computing device attempting to open on the mobile device an attachment using an e-mail application, determining to launch the file in a disposable environment for the user; here Borzycki does not explicitly disclose determining to open a file in second computing environment based on locations, but the Mazin reference discloses the feature, as discussed below);
transmit, over the network, information to the second computing environment that causes the data file to be opened within the second computing environment using at least one of the plurality of appropriate applications (Borzycki: Paragraph 42 – client device displays application output generated by an application remotely executing on a server; Paragraph 66 – allow mobile device to open potentially malignant content such as email attachment, url in an email, uri to an application in a disposable, quarantined, separate physically different execution environment, which is an appropriate application to open malignant content; Paragraphs 113 and 114 – a user of a computing device attempts to open on the mobile device an attachment using an e-mail application, determine to launch the file in a disposable environment; here Borzycki does not explicitly disclose at least one of the plurality of applications, but the Mazin reference discloses the feature, as discussed below).
Borzycki discloses determining an application to open a data file type and opening the data file with an application within a virtual computing environment, however, Borzycki does not explicitly disclose:
determine, based at least in part on the corresponding file type, a plurality of appropriate applications usable to open the data file;
determine locations of the plurality of appropriate applications, the locations including the first computing environment and a second computing environment, the first computing environment and the second computing environment being separated by a network;
determine that the data file is to be opened in the second computing environment based at least in part on the locations;
The Mazin reference discloses determining, based at least in part on the corresponding file type, a plurality of  appropriate applications usable to open the data file (Mazin: Column 1 lines 39-64 – detecting a request to perform an action on a file in a system environment, file having an associated file extension, system environment includes applications for opening files, in response to the request detecting if an application to open the file is in the system environment, if the file extension is not associated with any of the applications in the system environment then querying virtual environments to find an association between the file extension and an application, identifying at least one virtual environment in which the extension is associated with an application, and opening the file in a selected virtual environment; Column 8 lines 9-32 and Figure 5 - if the file extension has known associations then moving to default processing to complete the action of opening the file in the system environment, otherwise using virtual environment to complete the action of opening the file);
determining locations of the plurality of appropriate applications, the locations including the first computing environment and a second computing environment, the first computing environment and the second computing environment being separated by a network (Mazin: Column 1 lines 39-64 – detecting a request to perform an action on a file in a system environment, file having an associated file extension, system environment includes applications for opening files, in response to the request detecting if an application to open the file is in the system environment, if the file extension is not associated with any of the applications in the system environment then querying virtual environments to find an association between the file extension and an application, identifying at least one virtual environment in which the extension is associated with an application, and opening the file in a selected virtual environment; Column 3 lines 6-56 and Figure 1 – virtual environments isolated from physical operating system environment by a network; Column 8 lines 9-32 and Figure 5 - if the file extension has known associations then moving to default processing to complete the action of opening the file in the system environment, otherwise using virtual environment to complete the action of opening the file; Figures 2 and 3);
determine that the data file is to be opened in the second computing environment based at least in part on the locations (Mazin: Column 1 lines 39-64 – detecting a request to perform an action on a file in a system environment, file having an associated file extension, system environment includes applications for opening files, in response to the request detecting if an application to open the file is in the system environment, if the file extension is not associated with any of the applications in the system environment then querying virtual environments to find an association between the file extension and an application, identifying at least one virtual environment in which the extension is associated with an application, and opening the file in a selected virtual environment; Column 8 lines 9-32 and Figure 5 - if the file extension has known associations then moving to default processing to complete the action of opening the file in the system environment, otherwise using virtual environment to complete the action of opening the file);
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, having the teachings of Borzycki and Mazin, to have combined Borzycki and Mazin. The motivation to combine Borzycki and Mazin would be to minimize changes to expected user experience by handling file extensions and their associations in system environment and virtual environments (Mazin: Column 1, lines 24-54).

With respect to claim 6, Borzycki in view of Mazin discloses the system of claim 5, wherein the data file is accessible using at least one application usable within the first computing environment (Borzycki: Paragraphs 113 and 114 – a user of a computing device attempts to open on the mobile device an attachment using an e-mail application, determine to launch the file in a disposable environment; Figures 1 and 8).

With respect to claim 8, Borzycki in view of Mazin discloses the system of claim 5, wherein the second computing environment is a single-tenant virtual computing environment accessible through a network interface of the first computing environment (Borzycki: Paragraph 5 – virtual machines allow a user virtualized remote access to resources such as applications and data even when the resources are on the physical machine used by the user; Paragraphs 113 and 114 – a user of a computing device attempts to open on the mobile device an attachment using an e-mail application, determine to launch the file in a disposable environment for the user, which is a single-tenant virtual computing environment).

With respect to claim 9, Borzycki in view of Mazin discloses the system of claim 5, wherein the instructions, when executed by the one or more processors (Borzycki: Paragraph 30; Figure 1), further cause the system to:
detect, in the first computing environment, a second command to open a second data file (Borzycki: Paragraph 66 – allow mobile device to open potentially malignant content such as email attachment, url in an email, uri to an application in a disposable, quarantined, separate physically different execution environment; Paragraphs 113 and 114 – a user of a computing device attempts to open on the mobile device an attachment using an e-mail application, determine whether to launch the file in a disposable environment or in operating system environment; Figures 1 and 8);
determine, based at least in part on a policy associated with the second data file, that the second data file is to be opened using a corresponding application within the first computing environment (Borzycki: Paragraph 11 – intercept an incoming request to open content, compare particular information about the content against predetermined criteria, which is a policy, to determine that the content will be launched by a virtual machine in a separate disposable environment, cause the content to be opened by the virtual machine; Paragraph 66 – allow mobile device to open potentially malignant content such as email attachment, url in an email, uri to an application in a disposable, quarantined, separate physically different execution environment); and
launch the corresponding application to enable use of the second data file (Borzycki: Paragraph 5 – virtual machines allow a user virtualized remote access to resources such as applications and data even when the resources are on the physical machine used by the user; Paragraphs 8 and 9  – user device determining that unverified content is designated to be opened in a disposable environment; Paragraph 12 – receive request to open unverified content; Paragraph 66 – allow mobile device to open potentially malignant content such as email attachment, url in an email, uri to an application in a disposable, quarantined, separate physically different execution environment; Paragraphs 113 and 114 – a user of a computing device attempts to open on the mobile device an attachment using an e-mail application, determine whether to launch the file in a disposable environment or in operating system environment; Figures 1 and 8).

With respect to claim 10, Borzycki in view of Mazin discloses the system of claim 5, wherein the first computing environment is a single-tenant virtual computing environment streamed to the system over the network (Borzycki: Paragraph 12 – receive request to open unverified content, instruct to provision a temporary virtual machine in a disposable environment to open the unverified content, disposable environment physically separate from user device, connect with virtual machine in a disposable environment through a network interface, open unverified content at the temporary virtual machine and send output back to user device).

With respect to claim 12, Borzycki in view of Mazin discloses the system of claim 5, wherein the instructions, when executed by the one or more processors, further cause the system to, as a result of determining that the data file is to be opened in the second computing environment, provide one or more credentials associated with a user computing device of the first computing environment to enable the user computing device to access the second computing environment (Borzycki: Paragraphs 30 and 72 – mobile device connects to resources through virtual network connections, single sign-in process allow a user to provide a single set of authentication credentials granting the user access to resources; Paragraph 83 – client agent login dependencies and containment policies restrict how OS services are used or interact with application; Paragraph 85 – client agent facilitates network connections by providing credentials obtained following online authentication; Figure 1).

With respect to claim 13, Borzycki discloses a non-transitory computer-readable storage medium having stored thereon executable instructions that, as a result of being executed by one or more processors of a computer system, cause the computer system
to (Borzycki: Paragraph 30; Figure 1) at least:
in response to detecting, within a first computing environment of the computer system, a command to open a data file having a corresponding file type (Borzycki: Paragraph 12 – receive request to open unverified content; Paragraph 66 – allow mobile device to open potentially malignant content such as email attachment, url in an email, uri to an application in a disposable, quarantined, separate physically different execution environment; Paragraphs 113 and 114 – a user of a computing device attempts to open on the mobile device an attachment using an e-mail application, determine to launch the file in a disposable environment; Figs 1 and 8);
determine, from a plurality of environments that includes the first computing environment and a plurality of single-tenant virtual computing environments accessible to the computer system, locations of the plurality of applications, the first computing environment and the plurality of single-tenant virtual computing environments being separated by one or more networks (Borzycki: Paragraph 56 - one or more virtual machines where one or more of the virtual machines are unsecure compared to one or more secure virtual machines, where unsecured virtual machines are prevented from accessing resources and programs that secure virtual machines are permitted to access; Paragraph 66 - allowing mobile device to open potentially malignant content such as email attachment, url in an email, uri to an application in a disposable, quarantined, separate physically different execution environment; Paragraphs 69 and 71 - while some applications/files are secured for use on mobile device others are not prepared or appropriate for deployment on the mobile device so election is made to access those applications/files through virtualization; Paragraphs 113 and 114 – a user of a computing device attempts to open on the mobile device an attachment using an e-mail application, determine to launch the file in a disposable environment for the user, which is a single-tenant virtual computing environment; Paragraph 115 – user device configured with the application resolver to intercept requests to open files meeting particular criterion and determine to launch the file in a disposable environment; here Borzycki discloses determining between a plurality of environments including a first computing environment and the plurality of single-tenant virtual computing environments, but does not explicitly disclose determining locations of plurality of applications and the first computing environment and the plurality of single-tenant virtual computing environments being separated by one or more networks, however, the Mazin reference discloses the features, as discussed below);
select a selected single-tenant virtual computing environment from the plurality of single-tenant virtual computing environments based at least in part on a policy defining that data files of the corresponding file type are to be opened in a single tenant virtual computing environment having greatest security compared to the first computing environment (Borzycki: Paragraph 11 - intercepting an incoming request to open unverified content, comparing particular information about the unverified content against predetermined criteria, which is a policy, to determine that the content will be launched by a virtual machine in a separate disposable environment, where the unverified content comprises malicious code that will compromise security of the user device when the malicious code is opened, and causing the content to be opened by the virtual machine; Paragraph 56 - one or more virtual machines where one or more of the virtual machines are unsecure compared to one or more secure virtual machines, where unsecured virtual machines are prevented from accessing resources and programs that secure virtual machines are permitted to access; Paragraph 66 - allowing mobile device to open potentially malignant content such as email attachment, url in an email, uri to an application in a disposable, quarantined, separate physically different execution environment; Paragraphs 69 and 71 - while some applications/files are secured for use on mobile device others are not prepared or appropriate for deployment on the mobile device so election is made to access those applications/files through virtualization; Paragraphs 113 and 114 – a user of a computing device attempts to open on the mobile device an attachment using an e-mail application, determine to launch the file in a disposable environment for the user, which is a single-tenant virtual computing environment; Paragraph 115 – user device configured with the application resolver to intercept requests to open files meeting particular criterion and determine to launch the file in a disposable environment);
transmit, over a network of the one or more networks, one or more executable instructions to cause the virtual computing environment to launch an application usable to open the data file within the virtual computing environment (Borzycki: Paragraph 42 – client device displays application output generated by an application remotely executing on a server; Paragraph 66 – allow mobile device to open potentially malignant content such as email attachment, url in an email, uri to an application in a disposable, quarantined, separate physically different execution environment, which is an appropriate application to open malignant content; Paragraphs 113 and 114 – a user of a computing device attempts to open on the mobile device an attachment using an e-mail application, determine to launch the file in a disposable environment).
Borzycki discloses determining an application to open a data file type and opening the data file with an application within a virtual computing environment, however, Borzycki does not explicitly disclose:
determine, based at least in part on the corresponding file type, a plurality of applications usable to open the data file;
determine locations of the plurality of applications, the first computing environment and the plurality of single-tenant virtual computing environments being separated by one or more networks;
The Mazin reference discloses determining, based at least in part on the corresponding file type, a plurality of applications usable to open the data file (Mazin: Column 1 lines 39-64 – detecting a request to perform an action on a file in a system environment, file having an associated file extension, system environment includes applications for opening files, in response to the request detecting if an application to open the file is in the system environment, if the file extension is not associated with any of the applications in the system environment then querying virtual environments to find an association between the file extension and an application, identifying at least one virtual environment in which the extension is associated with an application, and opening the file in a selected virtual environment; Column 8 lines 9-32 and Figure 5 - if the file extension has known associations then moving to default processing to complete the action of opening the file in the system environment, otherwise using virtual environment to complete the action of opening the file);
determining locations of the plurality of applications, a first computing environment and a plurality of single-tenant virtual computing environments being separated by one or more networks (Mazin: Column 1 lines 39-64 – detecting a request to perform an action on a file in a system environment, file having an associated file extension, system environment includes applications for opening files, in response to the request detecting if an application to open the file is in the system environment, if the file extension is not associated with any of the applications in the system environment then querying virtual environments to find an association between the file extension and an application, identifying at least one virtual environment in which the extension is associated with an application, and opening the file in a selected virtual environment; Column 3 lines 6-56 and Figure 1 – virtual environments isolated from physical operating system environment by a network; Column 8 lines 9-32 and Figure 5 - if the file extension has known associations then moving to default processing to complete the action of opening the file in the system environment, otherwise using virtual environment to complete the action of opening the file; Figures 2 and 3);
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, having the teachings of Borzycki and Mazin, to have combined Borzycki and Mazin. The motivation to combine Borzycki and Mazin would be to minimize changes to expected user experience by handling file extensions and their associations in system environment and virtual environments (Mazin: Column 1, lines 24-54).

With respect to claim 14, Borzycki in view of Mazin discloses the non-transitory computer-readable storage medium of claim 13, wherein the plurality of single-tenant virtual computing environments includes the first computing environment (Borzycki: Paragraph 5 – virtual machines allow a user virtualized remote access to resources such as applications and data even when the resources are on the physical machine used by the user; Paragraphs 113 and 114 – a user of a computing device attempts to open on the mobile device an attachment using an e-mail application, determine to launch the file in a disposable environment for the user, which is a single-tenant virtual computing environment).

With respect to claim 15, Borzycki in view of Mazin discloses the non-transitory computer-readable storage medium of claim 13, wherein the executable instructions further comprise instructions that, as a result of being executed by the one or more processors, cause the computer system to provide one or more credentials associated with a user computing device of the first computing environment to enable the user computing device to access the single-tenant virtual computing environment (Borzycki: Paragraphs 30 and 72 – mobile device connects to resources through virtual network connections, single sign-in process allow a user to provide a single set of authentication credentials granting the user access to resources; Paragraph 85 – client agent facilitates network connections by providing credentials obtained following online authentication; Figure 1).

With respect to claim 16, Borzycki in view of Mazin discloses the non-transitory computer-readable storage medium of claim 13, wherein the first computing environment includes a first operating system that is distinct from a second operating system of the single-tenant virtual computing environment (Borzycki: Paragraph 5 – virtual machines allow a user virtualized remote access to resources such as applications and data even when the resources are on the physical machine used by the user; Paragraph 66 – allow mobile device to open potentially malignant content such as email attachment, url in an email, uri to an application in a disposable, quarantined, separate physically different execution environment; Paragraph 83 – OS services are used or interact with application; Paragraphs 113 and 114 – a user of a computing device attempts to open on the mobile device an attachment using an e-mail application, determine whether to launch the file in a disposable environment or in operating system environment; Figures 1 and 8).

With respect to claim 17, Borzycki in view of Mazin discloses the non-transitory computer-readable storage medium of claim 13, wherein the executable instructions further include instructions that, as a result of being executed by the one or more processors, cause the computer system to, as a result of selecting the single-tenant virtual computing environment from the plurality of single-tenant virtual computing environments, transmit information that causes the single-tenant virtual computing environment to be provisioned (Borzycki: Paragraph 5 – virtual machines allow a user virtualized remote access to resources such as applications and data even when the resources are on the physical machine used by the user; Paragraphs 113 and 114 – a user of a computing device attempts to open on the mobile device an attachment using an e-mail application, determine to launch the file in a disposable environment for the user, which is a single-tenant virtual computing environment).

With respect to claim 18, Borzycki in view of Mazin discloses the non-transitory computer-readable storage medium of claim 13, wherein the policy associated with the corresponding file type specifies an ordering of the single-tenant virtual computing environments based at least in part on one or more security aspects of each single-tenant virtual environment of the plurality of single-tenant virtual computing environments (Borzycki: Paragraphs 5 and 108 – virtual machine client agent applications allow a user virtualized remote access to applications and data; Paragraph 11 – intercept an incoming request to open content, compare particular information about the content against predetermined criteria, which is a policy, to determine that the content will be launched by a virtual machine in a separate disposable environment, cause the content to be opened by the virtual machine; Paragraph 56 – virtual view based on permissions and/or application of a policy engine to one or more virtual machine identifiers; Paragraph 66 – allow mobile device running an operating system to open potentially malignant content in a disposable, quarantined, separate physically different execution environment; Paragraph 68 – policy files defining security parameters, resource restrictions, and/or access controls; Paragraph 108 – rules engine determining what actions to carry out for a particular event; Paragraph 115 – user device configured with the application resolver to intercept requests to open files meeting particular criterion and determine to launch the file in a disposable environment; Figure 8).

With respect to claim 20, Borzycki in view of Mazin discloses the non-transitory computer-readable storage medium of claim 13, wherein the data file is accessible using at least one application usable within the first computing environment (Borzycki: Paragraph 66 – allow mobile device to open potentially malignant content such as email attachment, url in an email, uri to an application in a disposable, quarantined, separate physically different execution environment).

With respect to claim 30, Borzycki in view of Mazin discloses the computer-implemented method of claim 1, wherein the providing the data file to the virtual environment for execution in the virtual computing environment includes providing the data file from a stored location on the computing device to the virtual computing environment for execution in the virtual computing environment (Borzycki: Paragraphs 8, 69 , 75, and 114 – files stored on the mobile device uploaded to disposable virtual environment comprising virtual machines to be opened).


Claims 2 and 11 is/are rejected under 35 U.S.C. 103 as being unpatentable over Borzycki (US Pub 2015/0089497) in view of Mazin (US Pat 8,387,047) and in further view of Shlomai (US Pub 2009/0254927).

With respect to claim 2, Borzycki in view of Mazin discloses the computer-implemented method of claim 1 (Borzycki: Paragraph 30; Figure 1), further comprising:
receiving from the virtual computing environment a modified data file created as a result of the data file being opened using an appropriate application within the virtual computing environment (Borzycki: Paragraph 11 – intercept an incoming request to open content, compare particular information about the content against predetermined criteria, which is a policy, to determine that the content will be launched by a virtual machine in a separate disposable environment, cause the content to be opened by the virtual machine; Paragraph 66 – allow mobile device to open potentially malignant content such as email attachment, url in an email, uri to an application in a disposable, quarantined, separate physically different execution environment; here Borzycki and Mazin do not explicitly disclose receiving from the virtual computing environment a modified data file created as a result of the data file being opened and synchronizing the data file and the modified data file, but the Shlomai reference discloses the features, as discussed below).
However, Borzycki and Mazin do not explicitly disclose:
receiving from the virtual computing environment a modified data file created as a result of the data file being opened using an application within the virtual computing environment; and
synchronizing the data file and the modified data file.
The Shlomai reference discloses receiving from the virtual computing environment a modified data file created as a result of the data file being opened using an application within the virtual computing environment (Shlomai: Paragraph 29 – load files from server and execute using an application in virtual environment; Paragraph 30 - during execution virtual application changes to user data are streamed to file server to be saved, can perform bi-directional streaming, user data files can be synchronized between a client pc and file server, applications are downloaded to the pc based on logged username and user data files are synchronized with the file server); and
synchronizing the data file and the modified data file (Shlomai: Paragraph 30 - during execution virtual application changes to user data are streamed to file server to be saved, can perform bi-directional streaming, user data files can be synchronized between a client pc and file server, applications are downloaded to the pc based on logged username and user data files are synchronized with the file server).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, having the teachings of Borzycki, Mazin, and Shlomai, to have combined Borzycki, Mazin, and Shlomai. The motivation to combine Borzycki, Mazin, and Shlomai would be to deploying applications without incorporating the application directly into the host computer’s operating system by deploying and executing virtual applications (Shlomai: Paragraphs 2 and 12).

With respect to claim 11, Borzycki in view of Mazin discloses the system of claim 5, wherein the instructions, when executed by the one or more processors, further cause the system to:
receive, from the virtual computing environment a modified data file created as a result of the data file being opened using an appropriate application within the virtual computing environment (Borzycki: Paragraph 11 – intercept an incoming request to open content, compare particular information about the content against predetermined criteria, which is a policy, to determine that the content will be launched by a virtual machine in a separate disposable environment, cause the content to be opened by the virtual machine; Paragraph 66 – allow mobile device to open potentially malignant content such as email attachment, url in an email, uri to an application in a disposable, quarantined, separate physically different execution environment; here Borzycki and Mazin do not explicitly disclose receiving from the virtual computing environment a modified data file created as a result of the data file being opened and synchronizing the data file and the modified data file, but the Shlomai reference discloses the features, as discussed below). however, Borzycki and Mazin do not explicitly disclose:
receive, from the second computing environment, a modified data file, the modified data file created as a result of the data file being opened using the...application within the second computing environment; and
synchronize the data file and the modified data file within the first computing environment.
The Shlomai reference discloses receiving, from the server, a modified data file, the modified data file created as a result of the data file being opened using the application within the virtual computing environment (Shlomai: Paragraph 29 – load files from server and execute using an application in virtual environment; Paragraph 30 - during execution virtual application changes to user data are streamed to file server to be saved, can perform bi-directional streaming, user data files can be synchronized between a client pc and file server, applications are downloaded to the pc based on logged username and user data files are synchronized with the file server); and
synchronizing the data file and the modified data file (Shlomai: Paragraph 30 - during execution virtual application changes to user data are streamed to file server to be saved, can perform bi-directional streaming, user data files can be synchronized between a client pc and file server, applications are downloaded to the pc based on logged username and user data files are synchronized with the file server).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, having the teachings of Borzycki, Mazin, and Shlomai, to have combined Borzycki, Mazin, and Shlomai. The motivation to combine Borzycki, Mazin, and Shlomai would be to deploying applications without incorporating the application directly into the host computer’s operating system by deploying and executing virtual applications (Shlomai: Paragraphs 2 and 12).
Claim 27-29 is/are rejected under 35 U.S.C. 103 as being unpatentable over Borzycki (US Pub 2015/0089497) in view of Mazin (US Pat 8,387,047) in view of Smith (US Pub 2013/0138608) and in further view of Thomas (US Pub 2011/0246753).

With respect to claim 27, Borzycki in view of Mazin discloses the computer-implemented method of claim 1, wherein:
making the determination where the applications are located further comprises determining, using an operating system installed on the computing device, that a location determination application is a default application associated with the corresponding file type, wherein association of file types with default applications are managed by the operating system (Borzycki: Paragraphs 113 and 114 - a user of a computing device attempting to open on the mobile device an attachment using an e-mail application, determining to launch the file in a disposable environment for the user; Mazin: Column 1 lines 39-64 and Column 3 lines 6-26 - detecting a request to perform an action on a file in a system environment, file having an associated file extension, system environment includes applications for opening files, in response to the request detecting if an application to open the file is in the system environment, if the file extension is not associated with any of the applications in the system environment then querying virtual environments to find an association between the file extension and an application, identifying at least one virtual environment in which the extension is associated with an application of a plurality of applications, and opening the file in a selected virtual environment; Column 8 lines 9-32 and Figure 5 - if the file extension has known associations then moving to default processing to complete the action of opening the file in the system environment, otherwise using virtual environment to complete the action of opening the file; here Borzycki and Mazin do not explicitly disclose determining, using an operating system installed on the computing device, that a location determination application is a default application associated with the corresponding file type, wherein association of file types with default applications are managed by the operating system, but the Smith and Thomas references disclose the features, as discussed below); and
determining that the data file is to be opened by the virtual computing environment is a result of processing the command to open the data file using the location determination application (Borzycki: Paragraphs 113 and 114 - a user of a computing device attempting to open on the mobile device an attachment using an e-mail application, determining to launch the file in a disposable environment for the user; Mazin: Column 1 lines 39-64 and Column 3 lines 6-26 - detecting a request to perform an action on a file in a system environment, file having an associated file extension, system environment includes applications for opening files, in response to the request detecting if an application to open the file is in the system environment, if the file extension is not associated with any of the applications in the system environment then querying virtual environments to find an association between the file extension and an application, identifying at least one virtual environment in which the extension is associated with an application of a plurality of applications, and opening the file in a selected virtual environment; Column 8 lines 9-32 and Figure 5 - if the file extension has known associations then moving to default processing to complete the action of opening the file in the system environment, otherwise using virtual environment to complete the action of opening the file; Figures 1-2).
Borzycki discloses determining an application to open a data type and Mazin discloses operating system installed on a computing device, however, Borzycki and Mazin do not explicitly disclose:
determining, using an operating system installed on the computing device, that a location determination application is a default application associated with the corresponding file type, wherein associations of file types with default applications are managed by the operating system;
The Smith reference discloses determining, using an operating system installed on a computing device, that an application is a default application associated with the corresponding file type, wherein associations of file types with default applications are managed by the operating system (Smith: Paragraphs 25, 51, and 105 – device running on an operating system, identifying a local application suitable for accessing a file by querying or monitoring the operating system of the device to identify one or more suitable applications such as default application or preferred application for the file type of the requested file, communicating with the operating system by monitoring the OS through API, registry, or other methods to detect a suitable application, operating system and applications installed on the device)
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, having the teachings of Borzycki, Mazin, and Smith, to have combined Borzycki, Mazin, and Smith. The motivation to combine Borzycki, Mazin, and Smith would be to identify a suitable application for accessing a file without prompting a user by communicating with an operating system to identify the default application for the file type of the requested file (Smith: Paragraph 51).
Borzycki and Mazin discloses determining an application to open a data type and Smith discloses determining using an operating system a default application associated with a corresponding file type, however, Borzycki, Mazin, and Smith do not explicitly disclose:
determining that a location determination application is a default application; and
determining that the data file is to be opened by the virtual computing environment is a result of processing the command to open the data file using the location determination application.
The Thomas reference discloses determining that a location determination application is a default application, and determining that the data file is to be opened by the virtual computing environment is a result of processing the command to open the data file using the location determination application (Thomas: Paragraphs 2, 8, and 9 – an application controller software program used to select a software application to launch a file, to select an appropriate environment or virtual environment in which to launch the software application, and/or to select access/control security measures, in response to selection of a file, the application controller is used to select a software application to open the selected file, the application controller identifies and analyzes reputation information such as metadata associated with files, reputation information associated with files are metadata relating to file format, originating location, prior locations and/or other information which is used to open the file, here the application controller processes a selection command to open a file by determining location information from reputation information tied to data files to select an appropriate software and environment to launch the software to open the file, which is processing a command to open a data file using a location determination application which selects an application and an environment to launch the data file based on the file format or type, since the application controller software program is used to select software application/environment to launch a selected file among multiple file formats or types, it operates as a default software program or application for a set of file formats or types).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, having the teachings of Borzycki, Mazin, Smith, and Thomas, to have combined Borzycki, Mazin, Smith, and Thomas. The motivation to combine Borzycki, Mazin, Smith, and Thomas would be to improve file security by determining appropriate application, application environment, and/or access or security control measure based on using an application controller program (Thomas: Paragraphs 1 and 2).

With respect to claim 28, Borzycki in view of Mazin discloses the system of claim 5, wherein:
the instructions that cause the system to determine the plurality of appropriate applications usable to open the data file include instructions that further cause the system to determine, using an operating system installed in the first computing environment, that a default application associated with the corresponding file type is a location determination application, wherein associations of file types with default applications are managed by the operating system (Borzycki: Paragraphs 113 and 114 - a user of a computing device attempting to open on the mobile device an attachment using an e-mail application, determining to launch the file in a disposable environment for the user; Mazin: Column 1 lines 39-64 and Column 3 lines 6-26 - detecting a request to perform an action on a file in a system environment, file having an associated file extension, system environment includes applications for opening files, in response to the request detecting if an application to open the file is in the system environment, if the file extension is not associated with any of the applications in the system environment then querying virtual environments to find an association between the file extension and an application, identifying at least one virtual environment in which the extension is associated with an application of a plurality of applications, and opening the file in a selected virtual environment; Column 8 lines 9-32 and Figure 5 - if the file extension has known associations then moving to default processing to complete the action of opening the file in the system environment, otherwise using virtual environment to complete the action of opening the file; here Borzycki and Mazin do not explicitly disclose determine, using an operating system installed in the first computing environment, that a default application associated with the corresponding file type is a location determination application, wherein associations of file types with default applications are managed by the operating system, but the Smith and Thomas references disclose the features, as discussed below); and
the instructions that cause the system to determine the location of the appropriate application further cause the system to determine the location as a result of processing the command to open the data file using the location determination application (Borzycki: Paragraphs 113 and 114 - a user of a computing device attempting to open on the mobile device an attachment using an e-mail application, determining to launch the file in a disposable environment for the user; Mazin: Column 1 lines 39-64 and Column 3 lines 6-26 - detecting a request to perform an action on a file in a system environment, file having an associated file extension, system environment includes applications for opening files, in response to the request detecting if an application to open the file is in the system environment, if the file extension is not associated with any of the applications in the system environment then querying virtual environments to find an association between the file extension and an application, identifying at least one virtual environment in which the extension is associated with an application of a plurality of applications, and opening the file in a selected virtual environment; Column 8 lines 9-32 and Figure 5 - if the file extension has known associations then moving to default processing to complete the action of opening the file in the system environment, otherwise using virtual environment to complete the action of opening the file; Figures 1-2).
Borzycki discloses determining an application to open a data type and Mazin discloses operating system installed on a computing device, however, Borzycki and Mazin do not explicitly disclose:
determine, using an operating system installed in the first computing environment, that a default application associated with the corresponding file type is a location determination application, wherein associations of file types with default applications are managed by the operating system;
The Smith reference discloses determining, using an operating system installed on a computing device, that an application is a default application associated with the corresponding file type, wherein associations of file types with default applications are managed by the operating system (Smith: Paragraphs 25, 51, and 105 – device running on an operating system, identifying a local application suitable for accessing a file by querying or monitoring the operating system of the device to identify one or more suitable applications such as default application or preferred application for the file type of the requested file, communicating with the operating system by monitoring the OS through API, registry, or other methods to detect a suitable application, operating system and applications installed on the device)
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, having the teachings of Borzycki, Mazin, and Smith, to have combined Borzycki, Mazin, and Smith. The motivation to combine Borzycki, Mazin, and Smith would be to identify a suitable application for accessing a file without prompting a user by communicating with an operating system to identify the default application for the file type of the requested file (Smith: Paragraph 51).
Borzycki and Mazin discloses determining an application to open a data type and Smith discloses determining using an operating system a default application associated with a corresponding file type, however, Borzycki, Mazin, and Smith do not explicitly disclose:
determining that a default application is a location determination application; and
determine the location as a result of processing the command to open the data file using the location determination application.
The Thomas reference discloses determining that a default application is a location determination application and determining the location as a result of processing the command to open the data file using the location determination application (Thomas: Paragraphs 2, 8, and 9 – an application controller software program used to select a software application to launch a file, to select an appropriate environment or virtual environment in which to launch the software application, and/or to select access/control security measures, in response to selection of a file, the application controller is used to select a software application to open the selected file, the application controller identifies and analyzes reputation information such as metadata associated with files, reputation information associated with files are metadata relating to file format, originating location, prior locations and/or other information which is used to open the file, here the application controller processes a selection command to open a file by determining location information from reputation information tied to data files to select an appropriate software and environment to launch the software to open the file, which is processing a command to open a data file using a location determination application which selects an application and an environment to launch the data file based on the file format or type, since the application controller software program is used to select software application/environment to launch a selected file among multiple file formats or types, it operates as a default software program or application for a set of file formats or types).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, having the teachings of Borzycki, Mazin, Smith, and Thomas, to have combined Borzycki, Mazin, Smith, and Thomas. The motivation to combine Borzycki, Mazin, Smith, and Thomas would be to improve file security by determining appropriate application, application environment, and/or access or security control measure based on using an application controller program (Thomas: Paragraphs 1 and 2).

With respect to claim 29, Borzycki in view of Mazin discloses the non-transitory computer-readable storage medium of claim 13, wherein:
the executable instructions that cause the computer system to determine the plurality of applications usable to open a file further include instructions that further cause the computer system to determine, using an operating system installed in the first computing environment, that a default application associated with the corresponding file type is a location determination application, wherein associations of file types with default applications are managed by the operating system (Borzycki: Paragraphs 113 and 114 - a user of a computing device attempting to open on the mobile device an attachment using an e-mail application, determining to launch the file in a disposable environment for the user; Mazin: Column 1 lines 39-64 and Column 3 lines 6-26 - detecting a request to perform an action on a file in a system environment, file having an associated file extension, system environment includes applications for opening files, in response to the request detecting if an application to open the file is in the system environment, if the file extension is not associated with any of the applications in the system environment then querying virtual environments to find an association between the file extension and an application, identifying at least one virtual environment in which the extension is associated with an application of a plurality of applications, and opening the file in a selected virtual environment; Column 8 lines 9-32 and Figure 5 - if the file extension has known associations then moving to default processing to complete the action of opening the file in the system environment, otherwise using virtual environment to complete the action of opening the file; here Borzycki and Mazin do not explicitly disclose determine, using an operating system installed in the first computing environment, that a default application associated with the corresponding file type is a location determination application, wherein associations of file types with default applications are managed by the operating system, but the Smith and Thomas references disclose the features, as discussed below); and
the executable instructions that cause the computer system to determine the location of the application further include executable instructions that further cause the computer system to determine the location as a result of causing the location determination application to process the command to open the data file (Borzycki: Paragraphs 113 and 114 - a user of a computing device attempting to open on the mobile device an attachment using an e-mail application, determining to launch the file in a disposable environment for the user; Mazin: Column 1 lines 39-64 and Column 3 lines 6-26 - detecting a request to perform an action on a file in a system environment, file having an associated file extension, system environment includes applications for opening files, in response to the request detecting if an application to open the file is in the system environment, if the file extension is not associated with any of the applications in the system environment then querying virtual environments to find an association between the file extension and an application, identifying at least one virtual environment in which the extension is associated with an application of a plurality of applications, and opening the file in a selected virtual environment; Column 8 lines 9-32 and Figure 5 - if the file extension has known associations then moving to default processing to complete the action of opening the file in the system environment, otherwise using virtual environment to complete the action of opening the file; Figs 1-2).
Borzycki discloses determining an application to open a data type and Mazin discloses operating system installed on a computing device, however, Borzycki and Mazin do not explicitly disclose:
determine, using an operating system installed in the first computing environment, that a default application associated with the corresponding file type is a location determination application, wherein associations of file types with default applications are managed by the operating system;
The Smith reference discloses determining, using an operating system installed on a computing device, that an application is a default application associated with the corresponding file type, wherein associations of file types with default applications are managed by the operating system (Smith: Paragraphs 25, 51, and 105 – device running on an operating system, identifying a local application suitable for accessing a file by querying or monitoring the operating system of the device to identify one or more suitable applications such as default application or preferred application for the file type of the requested file, communicating with the operating system by monitoring the OS through API, registry, or other methods to detect a suitable application, operating system and applications installed on the device)
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, having the teachings of Borzycki, Mazin, and Smith, to have combined Borzycki, Mazin, and Smith. The motivation to combine Borzycki, Mazin, and Smith would be to identify a suitable application for accessing a file without prompting a user by communicating with an operating system to identify the default application for the file type of the requested file (Smith: Paragraph 51).
Borzycki and Mazin discloses determining an application to open a data type and Smith discloses determining using an operating system a default application associated with a corresponding file type, however, Borzycki, Mazin, and Smith do not explicitly disclose:
determining that a default application is a location determination application; and
determine the location as a result of processing the command to open the data file using the location determination application.
The Thomas reference discloses determining that a default application is a location determination application and determining the location as a result of processing the command to open the data file using the location determination application (Thomas: Paragraphs 2, 8, and 9 – an application controller software program used to select a software application to launch a file, to select an appropriate environment or virtual environment in which to launch the software application, and/or to select access/control security measures, in response to selection of a file, the application controller is used to select a software application to open the selected file, the application controller identifies and analyzes reputation information such as metadata associated with files, reputation information associated with files are metadata relating to file format, originating location, prior locations and/or other information which is used to open the file, here the application controller processes a selection command to open a file by determining location information from reputation information tied to data files to select an appropriate software and environment to launch the software to open the file, which is processing a command to open a data file using a location determination application which selects an application and an environment to launch the data file based on the file format or type, since the application controller software program is used to select software application/environment to launch a selected file among multiple file formats or types, it operates as a default software program or application for a set of file formats or types).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, having the teachings of Borzycki, Mazin, Smith, and Thomas, to have combined Borzycki, Mazin, Smith, and Thomas. The motivation to combine Borzycki, Mazin, Smith, and Thomas would be to improve file security by determining appropriate application, application environment, and/or access or security control measure based on using an application controller program (Thomas: Paragraphs 1 and 2).

Claims 3, 7, and 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Borzycki (US Pub 2015/0089497) in view of Mazin (US Pat 8,387,047) in view of Smith (US Pub 2013/0138608) in view of Thomas (US Pub 2011/0246753) and in further view of Shen (US Pub 2014/0109084).

With respect to claim 3, Borzycki in view of Mazin in view of Smith and in further view of Thomas discloses the computer-implemented method of claim 27, further comprising reading a policy encoded in a registry file of the operating system of the computing device, the registry file specifying that data files that are in the set of data file types are to be associated with the location determination application (Thomas: Paragraphs 1 and 9 – an application controller software program used to select a software application to launch a file, to select an appropriate environment or virtual environment in which to launch the software application, and/or to select access/control security measures; here Borzycki, Mazin, Smith, and Thomas do not explicitly disclose encoded in a registry file, but the Shen reference discloses the feature, as discussed below).
However, Borzycki, Mazin, Smith, and Thomas do not explicitly disclose:
wherein the policy is encoded in a registry file, the registry file specifying that data files that are in a set of data file types are to be associated with the application.
The Shen reference discloses a policy being encoded in a registry file, the  registry file specifying that data files that are in the set of data file types are to be associated with a software (Shen: Paragraph 3 – association between software and types of files that the software can open written into a registry of an operating system, in response to instructions to open a file, the operating system searches for software associated with the file type in the system registry and opens the file using the software).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, having the teachings of Borzycki, Mazin, Smith, Thomas, and Sean, to have combined Borzycki, Mazin, Smith, Thomas, and Sean. The motivation to combine Borzycki, Mazin, Smith, Thomas, and Sean would be to determine how to open data files of a particular file type by accessing reference information in a registry file of an operating system.

With respect to claim 7, Borzycki in view of Mazin in view of Smith and in further view of Thomas discloses the system of claim 28, wherein the policy is encoded in a registry file associated with the corresponding file type or the data file, and the registry file specifying that data files that are in a set of data file types are to be associated with the location determination application (Borzycki: Paragraphs 5 and 108 – virtual machine client agent applications allow a user virtualized remote access to applications and data; Paragraphs 8 and 9  – application resolver in a user device determining that unverified content is designated to be opened in a disposable environment, launching client agent configured to communicate using a remote presentation protocol; Paragraph 31 – segregate transactions based on geographic location; Paragraph 56 – virtual view based on permissions and/or application of a policy engine to one or more virtual machine identifiers; Paragraph 66 – allow mobile device running an operating system to open potentially malignant content in a disposable, quarantined, separate physically different execution environment; Paragraph 68 – policy files defining security parameters, resource restrictions, and/or access controls; Paragraph 104 – configuration supported that allows users to be serviced from one of several different locations; Paragraph 108 – rules engine determining what actions to carry out for a particular event; Paragraphs 113 and 114 – a user of a computing device attempts to open on the mobile device an attachment using an e-mail application, determine to launch the file in a disposable environment; Paragraph 115 – user device configured with the application resolver to intercept requests to open files meeting particular criterion and determine to launch the file in a disposable environment; Figure 8; Thomas: Paragraphs 1 and 9 – an application controller software program used to select a software application to launch a file, to select an appropriate environment or virtual environment in which to launch the software application, and/or to select access/control security measures; here Borzycki, Mazin, Smith, and Thomas do not explicitly disclose policy encoded in a registry file, but the Shen reference discloses the feature, as discussed below).
However, Borzycki, Mazin, Smith, and Thomas do not explicitly disclose:
policy is encoded in a registry file, the registry file specifying that data files that are in the set of data file types are to be associated with the application.
The Shen reference discloses a policy being encoded in a registry file, the registry file specifying that data files that are in the set of data file types are to be associated with an application (Shen: Paragraph 3 – association between software and types of files that the software can open written into a registry of an operating system, in response to instructions to open a file, the operating system searches for software associated with the file type in the system registry and opens the file using the software).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, having the teachings of Borzycki, Mazin, Smith, Thomas, and Sean, to have combined Borzycki, Mazin, Smith, Thomas, and Sean. The motivation to combine Borzycki, Mazin, Smith, Thomas, and Sean would be to determine how to open data files of a particular file type by accessing reference information in a registry file of an operating system.

With respect to claim 19, Borzycki in view of Mazin in view of Smith and in further view of Thomas discloses the non-transitory computer-readable storage medium of claim 29, wherein a policy being encoded in a registry file of the operating system of the first computing environment, the registry file specifying that data files that are in a set of data file types are to be associated with the location determination application (Borzycki: Paragraphs 5 and 108 – virtual machine client agent applications allow a user virtualized remote access to applications and data; Paragraphs 8 and 9  – application resolver in a user device determining that unverified content is designated to be opened in a disposable environment, launching client agent configured to communicate using a remote presentation protocol; Paragraph 31 – segregate transactions based on geographic location; Paragraph 56 – virtual view based on permissions and/or application of a policy engine to one or more virtual machine identifiers; Paragraph 66 – allow mobile device running an operating system to open potentially malignant content in a disposable, quarantined, separate physically different execution environment; Paragraph 68 – policy files defining security parameters, resource restrictions, and/or access controls; Paragraph 104 – configuration supported that allows users to be serviced from one of several different locations; Paragraph 108 – rules engine determining what actions to carry out for a particular event; Paragraphs 113 and 114 – a user of a computing device attempts to open on the mobile device an attachment using an e-mail application, determine to launch the file in a disposable environment; Paragraph 115 – user device configured with the application resolver to intercept requests to open files meeting particular criterion and determine to launch the file in a disposable environment; Figure 8; Thomas: Paragraphs 1 and 9 – an application controller software program used to select a software application to launch a file, to select an appropriate environment or virtual environment in which to launch the software application, and/or to select access/control security measures; here Borzycki, Mazin, Smith, and Thomas do not explicitly disclose encoded in a registry file, but the Shen reference discloses the feature, as discussed below).
However, Borzycki, Mazin, Smith, and Thomas do not explicitly disclose:
policy is encoded in a registry file, the registry file specifying that data files that are in the set of data file types are to be associated with the application.
The Shen reference discloses a policy being encoded in a registry file, the registry file specifying that data files that are in the set of data file types are to be associated with an application (Shen: Paragraph 3 – association between software and types of files that the software can open written into a registry of an operating system, in response to instructions to open a file, the operating system searches for software associated with the file type in the system registry and opens the file using the software).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, having the teachings of Borzycki, Mazin, Smith, Thomas, and Sean, to have combined Borzycki, Mazin, Smith, Thomas, and Sean. The motivation to combine Borzycki, Mazin, Smith, Thomas, and Sean would be to determine how to open data files of a particular file type by accessing reference information in a registry file of an operating system.










Contact Information
 	Any inquiry concerning this communication or earlier communications from the examiner should be directed to REZWANUL MAHMOOD whose telephone number is (571)272-5625. The examiner can normally be reached M-F 8:30-4:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashish Thomas can be reached on 571-272-0631. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/R.M/Examiner, Art Unit 2164                                                                                                                                                                                                        December 17, 2021

/ASHISH THOMAS/Supervisory Patent Examiner, Art Unit 2164