DETAILED ACTION
This Office Action is in response to the application 16/360,165 filed on 3/21/2019.
Claims 1-20 have been examined and are pending.  Claims 1 and 11 are independent claims.
Notice of AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .  This Action is made FINAL.

Response to Arguments
Applicants’ arguments, see Applicant Arguments/Remarks Made in an Amendment, filed 11/16/2021, with respect to the rejections of claims 1-20 have been fully considered but are not persuasive.
Applicant argues as follows:  Claim 1 sets forth a method of managing access to protected file content. Upon receiving a request to open a protected file on a computing device, a first application that is suitable for opening the file is identified. If the first application is determined to be an unsecured application, the first application is locked to prevent unauthorized access of application data of the first application. In a locked state, the first application is made inaccessible to unauthorized users. That is, an unauthorized user is prevented from accessing, or launching, the first application in the locked state.  Mao fails to teach or suggest the feature of “in response to determining that the first application is an unsecured application, locking the first application to prevent unauthorized access of application data of the first application in a locked state” as set forth application itself may still be accessible to users. For example, Mao does not prevent the application from being used to open other non-vulnerable files. Mao does not at any point describe controlling user access of the application itself.  The feature described in Mao of preventing an application from opening a file in cases of potential security risk does not in any way teach or suggest locking an unsecured application that is identified for opening a protected file to prevent unauthorized access of application data of said application.
Examiner respectfully disagrees
The Examiner respectfully suggests that the claims be further amended and details in the specification be incorporated to distinguish the claimed invention over prior art of record.  Should the Applicant desire an interview to further clarify the claim interpretation/rejections, please contact the Examiner at (571) 272 5368 to schedule an interview.

Claim Rejections - 35 USC § 103

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the 
Claims 1 and 11 are rejected under 35 U.S.C. 103 under 35 U.S.C. 103 as being unpatentable over Mao (US10445516), filed December 3, 2015, in view of Gauvin (US8312064), filed May 11, 2015.
Regarding claim 1, Mao discloses a method of managing access to protected file content on a computing device, the method comprising: receiving a request to open a file stored on the computing device (Mao, col. 6, lines 15-20, “Returning to FIG. 3, at step 304, one or more of the systems described herein may receive, at the security application, a request to open a file.  For example, reception module 106 may, as part of computing device 202 in FIG. 2, receive, at security application 208, request 210 to open file 218.”)
determining that the file is a protected file (Mao, col 7, lines 48-57, “Prevention module 112 may prevent other application 212 from opening file 218 in a variety of ways.  In some examples, prevention module 112 may block vulnerable applications, such as other application 212, from opening files.  In other examples, prevention module 112 may quarantine files with security risks, such as file 218, to prevent them from being opened by any application.  Additionally or alternatively, prevention module 112 may prevent only the specific combination of other application 212 opening file 218. “);
identifying a first application that is suitable for opening the file (Mao, col. 6, lines 43-49, “Returning to FIG. 3, at step 306, one or more of the systems described herein may identify at least one other application on the computing device that is capable of opening the file.  For example, identification module 108 may, as part of computing device 202 in FIG. 2, identify other application 212 on computing device 202 that is capable of opening file 218.”);
determining that the first application is an unsecured application; and in response to determining that the first application is an unsecured application, locking the first application to prevent unauthorized access of application data of the first application in a locked state (Mao, col. 7, lines 48-57, “Prevention module 112 may prevent other application 212 from opening file 218 in a variety of ways.  In some examples, prevention module 112 may block vulnerable applications, such as other application 212, from opening files.  In other examples, prevention module 112 may quarantine files with security risks, such as file 218, to prevent them from being opened by any application.  Additionally or alternatively, prevention module 112 may prevent only the specific combination of other application 212 opening file 218.”).
Mao does not explicitly disclose in response to determining that the file is a protected file.
However, in an analogous art, Gauvin discloses in response to determining that the file is a protected file (Gauvin, col. 10, line 65, through col. 11, line 13, “The GPFS file interceptor module 410 is used to monitor all file accesses on the client device.  Upon each file system request, the interceptor module 410 receives the request and determines if the request is for a protected resource or is directed to the unprotected file system.  Access to a file not protected by GPFS is directly routed to the Operating System (OS) for processing.  If the file request is for a protected resource, then a connection to the GPA 105 is created and a request for access to the resource is sent.  This request includes both source and target information.  As above, based on the response from the GPA 105, a token may be returned that is used in the decryption of the resource to allow viewing and, if requested and allowed, modification.  The file interceptor module 410 operates in coordination with the GPA client module 420, the GPFS duplicate detection module 415 and the GPFS lockdown engine 425.”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Gauvin with the method/ computing device of Mao, to include in response to determining that the file is a protected file.
One would have been motivated to provide users with the benefits of controlling access to protected data based on location properties of an application requesting access (Gauvin: col. 1, lines 7-10).

Regarding claim 11, Mao discloses a computing device, comprising: an input interface; memory; a processor coupled with the input interface and the memory, the processor being configured to (Mao, col. 9, line 64, through col. 10, line 4, “I/O controller 520 generally represents any type or form of module capable of coordinating and/or controlling the input and output functions of a computing device.  For example, in certain embodiments I/O controller 520 may control or facilitate transfer of data between one or more elements of computing system 510, such as processor 514, system memory 516, communication interface 522, display adapter 526, input interface 530, and storage interface 534.”);
(Mao, col. 6, lines 15-20, “Returning to FIG. 3, at step 304, one or more of the systems described herein may receive, at the security application, a request to open a file.  For example, reception module 106 may, as part of computing device 202 in FIG. 2, receive, at security application 208, request 210 to open file 218.”);
determine that the file is a protected file (Mao, col 7, lines 48-57, “Prevention module 112 may prevent other application 212 from opening file 218 in a variety of ways.  In some examples, prevention module 112 may block vulnerable applications, such as other application 212, from opening files.  In other examples, prevention module 112 may quarantine files with security risks, such as file 218, to prevent them from being opened by any application.  Additionally or alternatively, prevention module 112 may prevent only the specific combination of other application 212 opening file 218. “);
identify a first application that is suitable for opening the file (Mao, col. 6, lines 43-49, “Returning to FIG. 3, at step 306, one or more of the systems described herein may identify at least one other application on the computing device that is capable of opening the file.  For example, identification module 108 may, as part of computing device 202 in FIG. 2, identify other application 212 on computing device 202 that is capable of opening file 218.”);
determine that the first application is an unsecured application; and in response to determining that the first application is an unsecured application, lock the first application to prevent unauthorized access of application data of the first application in a locked state (Mao, col. 7, lines 48-57, “Prevention module 112 may prevent other application 212 from opening file 218 in a variety of ways.  In some examples, prevention module 112 may block vulnerable applications, such as other application 212, from opening files.  In other examples, prevention module 112 may quarantine files with security risks, such as file 218, to prevent them from being opened by any application.  Additionally or alternatively, prevention module 112 may prevent only the specific combination of other application 212 opening file 218.”).
Mao does not explicitly disclose in response to determining that the file is a protected file.
However, in an analogous art, Gauvin discloses in response to determining that the file is a protected file (Gauvin, col. 10, line 65, through col. 11, line 13, “The GPFS file interceptor module 410 is used to monitor all file accesses on the client device.  Upon each file system request, the interceptor module 410 receives the request and determines if the request is for a protected resource or is directed to the unprotected file system.  Access to a file not protected by GPFS is directly routed to the Operating System (OS) for processing.  If the file request is for a protected resource, then a connection to the GPA 105 is created and a request for access to the resource is sent.  This request includes both source and target information.  As above, based on the response from the GPA 105, a token may be returned that is used in the decryption of the resource to allow viewing and, if requested and allowed, modification.  The file interceptor module 410 operates in coordination with the GPA client module 420, the GPFS duplicate detection module 415 and the GPFS lockdown engine 425.”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Gauvin with the 
One would have been motivated to provide users with the benefits of controlling access to protected data based on location properties of an application requesting access (Gauvin: col. 1, lines 7-10).
Claims 2 and 12 are rejected under 35 U.S.C. 103 under 35 U.S.C. 103 as being unpatentable over Mao (US10445516), filed December 3, 2015, in view of Gauvin (US8312064), filed May 11, 2015, and further in view of Yu (US20200175208), filed November 26, 2019, claiming priority to provisional application 62/773,524, filed November 30, 2018.
Regarding claim 2, Mao and Gauvin disclose the method of claim 1.
Mao and Gauvin do not explicitly disclose further comprising: verifying that a requesting user associated with the request is authorized to access the file; and in response to verifying that the requesting user is authorized to access the file, requesting the first application to open the file prior to the locking.
However, in an analogous art, Yu discloses further comprising: verifying that a requesting user associated with the request is authorized to access the file; and in response to verifying that the requesting user is authorized to access the file, requesting the first application to open the file prior to the locking (Yu, paragraph 0205, “The computer system 100 may operate in a second security phase when the user code is available.  In the second security phase, the computer system 100 can be configured to permit only authorized applications to access protected data.  In the second security phase, the computer system 100 can be configured to prevent unauthorized applications from accessing protected data.  The computer system 100 can prevent unauthorized applications from accessing protected data even while there is an authorized application accessing the protected data.”; Yu provisional, paragraph 0020, “The data can be accessed by an authorized application. In this case, the data security can be focused on preventing unauthorized applications from accessing protected data while there is an authorized application accessing the protected data.”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Yu with the method/ computing device of Mao and Gauvin to include further comprising: verifying that a requesting user associated with the request is authorized to access the file; and in response to verifying that the requesting user is authorized to access the file, requesting the first application to open the file prior to the locking.
One would have been motivated to provide users with the benefits of preventing unauthorized applications from accessing protected data (Yu: paragraph 0205).
Regarding claim 12, Mao and Gauvin disclose the computing device of claim 11.
Mao and Gauvin do not explicitly disclose wherein the processor is further configured to: verify that a requesting user associated with the request is authorized to access the file; and in response to verifying that the requesting user is authorized to access the file, request the first application to open the file prior to the locking.
(Yu, paragraph 0205, “The computer system 100 may operate in a second security phase when the user code is available.  In the second security phase, the computer system 100 can be configured to permit only authorized applications to access protected data.  In the second security phase, the computer system 100 can be configured to prevent unauthorized applications from accessing protected data.  The computer system 100 can prevent unauthorized applications from accessing protected data even while there is an authorized application accessing the protected data.”; Yu provisional, paragraph 0020, “The data can be accessed by an authorized application. In this case, the data security can be focused on preventing unauthorized applications from accessing protected data while there is an authorized application accessing the protected data.”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Yu with the method/ computing device of Mao and Gauvin to include wherein the processor is further configured to: verify that a requesting user associated with the request is authorized to access the file; and in response to verifying that the requesting user is authorized to access the file, request the first application to open the file prior to the locking.
One would have been motivated to provide users with the benefits of preventing unauthorized applications from accessing protected data (Yu: paragraph 0205)
Claims 3 and 13 are rejected under 35 U.S.C. 103 under 35 U.S.C. 103 as being unpatentable over Mao (US10445516), filed December 3, 2015, in view of Gauvin (US8312064), filed May 11, 2015, and further in view of Price (US20040059946), filed September 25, 2002.
Regarding claim 3, Mao and Gauvin disclose the method of claim 1.
Mao and Gauvin do not explicitly disclose wherein determining that the first application is unsecured comprises determining that the application does not require user authentication for access.
However, in an analogous art, Price discloses wherein determining that the first application is unsecured comprises determining that the application does not require user authentication for access. (Price, paragraph 0030, “The ability to control access to individual business rules and to control the data set returned by that business rule for a particular user permits business rule developers to determine exactly what individuals or groups can perform particular actions.  Security in the access model of the present invention is granular and at each level (service, application and business rule) is divided into public and private access domains.  Public services, applications and business rules can be accessed by any user, including unauthenticated users (guests).  Security flow proceeds to the next lower level when the next higher level is a public service or application.  If the level is private (i.e., private service, application or business rule) the user is checked to determine whether or not they are a member of a group having permission to access that application, service or business rule.  The above-described structure provides developers a high degree of flexibility in sharing data and controlling access to data and services.”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Price with the method/ computing device of Mao and Gauvin to include wherein determining that the first application is unsecured comprises determining that the application does not require user authentication for access.
One would have been motivated to provide users with the benefits of a high degree of flexibility in sharing data and controlling access to data and services (Price: paragraph 0030).
Regarding claim 13, Mao and Gauvin disclose the computing device of claim 11.
Mao and Gauvin do not explicitly disclose wherein determining that the first application is unsecured comprises determining that the application does not require user authentication for access.
However, in an analogous art, Price discloses wherein determining that the first application is unsecured comprises determining that the application does not require user authentication for access (Price, paragraph 0030, “The ability to control access to individual business rules and to control the data set returned by that business rule for a particular user permits business rule developers to determine exactly what individuals or groups can perform particular actions.  Security in the access model of the present invention is granular and at each level (service, application and business rule) is divided into public and private access domains.  Public services, applications and business rules can be accessed by any user, including unauthenticated users (guests).  Security flow proceeds to the next lower level when the next higher level is a public service or application.  If the level is private (i.e., private service, application or business rule) the user is checked to determine whether or not they are a member of a group having permission to access that application, service or business rule.  The above-described structure provides developers a high degree of flexibility in sharing data and controlling access to data and services.”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Price with the method/ computing device of Mao and Gauvin to include wherein determining that the first application is unsecured comprises determining that the application does not require user authentication for access.
One would have been motivated to provide users with the benefits of a high degree of flexibility in sharing data and controlling access to data and services (Price: paragraph 0030).
Claims 4, 5, 14, and 15 are rejected under 35 U.S.C. 103 under 35 U.S.C. 103 as being unpatentable
Regarding claim 4, Mao and Gauvin disclose the method of claim 1. 
Mao and Gauvin do not explicitly disclose wherein determining that the file is a protected file comprises determining that the file is managed using a file vault application on the computing device, the file vault application limiting user access to one or more managed files.
However, in an analogous art, Diaz-Tellez discloses wherein determining that the file is a protected file comprises determining that the file is managed using a file vault application on the computing device, the file vault application limiting user access to one or more managed files (Diaz-Tellez, paragraph 0130, “Upon completion of step S250 the process proceeds to an optional step S252 in which a request is made to the user to select which application to use to open the file if more than one application is installed which can open the desired file (this is a normal feature of the Android operating system where more than one application is able to handle a specified "intent" which is the Android mechanism for having different applications perform a desired function, including opening data files).  Once either the user has selected which of multiple applications to use to open the data file (if appropriate) or otherwise upon having determined the appropriate application to use to open the file (if there is only one currently installed on the device) the process proceeds to following step S255 in which the Blocking screen GUI 72 requests user identification and authentication in the same manner as described above with reference to step S55.  Similarly, this is then followed by steps S260, S265, S270 and S275 which proceed analogously to corresponding steps S60, S65, S70 and S75 respectively except that at this stage no application has yet been launched with which to open the file and so there is no need for any application to yet be killed.  Accordingly, at step S265 if the opening of the file has been cancelled a message is provided to the user explaining why the file cannot be opened and then no further action is taken before passing control to step S270 in which the blocking activity 54 and associated GUI 72 are closed before looping the process back to step S240 to await detection of another attempt to open a protected file.”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Diaz-Tellez with the method/ computing device of Mao and Gauvin to include wherein determining that the file is a protected file comprises determining that the file is managed using a file vault application on the computing device, the file vault application limiting user access to one or more managed files.
One would have been motivated to provide users with the benefits of device agnostic policies (Diaz-Tellez).
Regarding claim 5, Mao, Gauvin, and Diaz-Tellez disclose the method of claim 4.  Diaz-Tellez discloses further comprising determining that the file vault application does not support opening the file, wherein identifying the first application comprises selecting an application that is different from the file vault application (Diaz-Tellez, paragraph 0130, “Upon completion of step S250 the process proceeds to an optional step S252 in which a request is made to the user to select which application to use to open the file if more than one application is installed which can open the desired file (this is a normal feature of the Android operating system where more than one application is able to handle a specified "intent" which is the Android mechanism for having different applications perform a desired function, including opening data files).  Once either the user has selected which of multiple applications to use to open the data file (if appropriate) or otherwise upon having determined the appropriate application to use to open the file (if there is only one currently installed on the device) the process proceeds to following step S255 in which the Blocking screen GUI 72 requests user identification and authentication in the same manner as described above with reference to step S55.  Similarly, this is then followed by steps S260, S265, S270 and S275 which proceed analogously to corresponding steps S60, S65, S70 and S75 respectively except that at this stage no application has yet been launched with which to open the file and so there is no need for any application to yet be killed.  Accordingly, at step S265 if the opening of the file has been cancelled a message is provided to the user explaining why the file cannot be opened and then no further action is taken before passing control to step S270 in which the blocking activity 54 and associated GUI 72 are closed before looping the process back to step S240 to await detection of another attempt to open a protected file.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to use articulated reasoning with some rational underpinning to support a legal conclusion of obviousness.  More specifically, use of exemplary rationales that may support a conclusion of obviousness include: "Obvious to try" - choosing from a finite number of identified, predictable solutions, with a reasonable expectation of success; and/ or known work in one field of endeavor may prompt variations of it for use in either the same field or a different one based on design incentives or other market forces if the variations are predictable to one of ordinary skill in the art.
Mao and Gauvin are concerned with selection of applications to open protect files.  Cases where a determining that a file vault application does not support opening a 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Diaz-Tellez with the method/ computing device of Mao and Gauvin to include further comprising determining that the file vault application does not support opening the file, wherein identifying the first application comprises selecting an application that is different from the file vault application.
One would have been motivated to provide users with the benefits of device agnostic policies (Diaz-Tellez).
Regarding claim 14, Mao and Gauvin disclose the computing device of claim 11. 
Mao and Gauvin do not explicitly disclose wherein determining that the file is a protected file comprises determining that the file is managed using a file vault application on the computing device, the file vault application limiting user access to one or more managed files.
However, in an analogous art, Diaz-Tellez discloses wherein determining that the file is a protected file comprises determining that the file is managed using a file vault application on the computing device, the file vault application limiting user access to one or more managed files (Diaz-Tellez, paragraph 0130, “Upon completion of step S250 the process proceeds to an optional step S252 in which a request is made to the user to select which application to use to open the file if more than one application is installed which can open the desired file (this is a normal feature of the Android operating system where more than one application is able to handle a specified "intent" which is the Android mechanism for having different applications perform a desired function, including opening data files).  Once either the user has selected which of multiple applications to use to open the data file (if appropriate) or otherwise upon having determined the appropriate application to use to open the file (if there is only one currently installed on the device) the process proceeds to following step S255 in which the Blocking screen GUI 72 requests user identification and authentication in the same manner as described above with reference to step S55.  Similarly, this is then followed by steps S260, S265, S270 and S275 which proceed analogously to corresponding steps S60, S65, S70 and S75 respectively except that at this stage no application has yet been launched with which to open the file and so there is no need for any application to yet be killed.  Accordingly, at step S265 if the opening of the file has been cancelled a message is provided to the user explaining why the file cannot be opened and then no further action is taken before passing control to step S270 in which the blocking activity 54 and associated GUI 72 are closed before looping the process back to step S240 to await detection of another attempt to open a protected file.”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Diaz-Tellez with the method/ computing device of Mao and Gauvin to include wherein determining that the file is a protected file comprises determining that the file is managed using a file vault application on the computing device, the file vault application limiting user access to one or more managed files.
One would have been motivated to provide users with the benefits of device agnostic policies (Diaz-Tellez)
Regarding claim 15, Mao, Gauvin, and Diaz-Tellez disclose the computing device of claim 14.  Diaz-Tellez discloses further comprising determining that the file vault application does not support opening the file, wherein identifying the first application comprises selecting an application that is different from the file vault application (Diaz-Tellez, paragraph 0130, “Upon completion of step S250 the process proceeds to an optional step S252 in which a request is made to the user to select which application to use to open the file if more than one application is installed which can open the desired file (this is a normal feature of the Android operating system where more than one application is able to handle a specified "intent" which is the Android mechanism for having different applications perform a desired function, including opening data files).  Once either the user has selected which of multiple applications to use to open the data file (if appropriate) or otherwise upon having determined the appropriate application to use to open the file (if there is only one currently installed on the device) the process proceeds to following step S255 in which the Blocking screen GUI 72 requests user identification and authentication in the same manner as described above with reference to step S55.  Similarly, this is then followed by steps S260, S265, S270 and S275 which proceed analogously to corresponding steps S60, S65, S70 and S75 respectively except that at this stage no application has yet been launched with which to open the file and so there is no need for any application to yet be killed.  Accordingly, at step S265 if the opening of the file has been cancelled a message is provided to the user explaining why the file cannot be opened and then no further action is taken before passing control to step S270 in which the blocking activity 54 and associated GUI 72 are closed before looping the process back to step S240 to await detection of another attempt to open a protected file.”).

Mao and Gauvin are concerned with selection of applications to open protect files.  Cases where a determining that a file vault application does not support opening a protected file and identifying a different application are predictable to one of ordinary skill in the art.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Diaz-Tellez with the method/ computing device of Mao and Gauvin to include further comprising determining that the file vault application does not support opening the file, wherein identifying the first application comprises selecting an application that is different from the file vault application.
One would have been motivated to provide users with the benefits of device agnostic policies (Diaz-Tellez).


Claims 6 and 16 are rejected under 35 U.S.C. 103 under 35 U.S.C. 103 as being unpatentable over Mao (US10445516), filed December 3, 2015, in view of Gauvin 
Regarding claim 6, Mao and Gauvin disclose the method of claim 1.
Mao and Gauvin do not explicitly disclose wherein identifying the first application comprises determining that the first application supports opening files having a file format associated with the file.
However, in an analogous art, Leemet discloses wherein identifying the first application comprises determining that the first application supports opening files having a file format associated with the file (Leemet, paragraph 0059, “Each application may have a number of file formats associated therewith.  For example, Microsoft Word can open .doc, .docx, .txt, .rtf and a number of other file formats.  These formats may be considered examples of the first format.  It is understood that the first format would depend on the data file, the application type and the file formats that are compatible with the particular application.”; paragraph 0065, “In some cases, the comparison looks at header or meta-data 140 of the associated file to determine the content of the data that is associated with the security rules.  In other cases, the container 10/12/40 that is associated with the file indicates the content associated with the security rules.  Assuming the request is allowed, the file is retrieved in the second format.  As can be seen, the first file 64 is called "File1.doc.second" where the ".doc" portion denotes the original format of the document (or the application compatibility) and the ".second" denotes that the file is in a restricted, secure or encrypted format such that the data 142 cannot be read, viewed or written without re-formatting into original format.  Thus, when the file is retrieved 56, the security program 38 re-formats the data to the first format (.doc in this example) so that the application (Microsoft word in this case) can open, view, read and/or write the file.”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Leemet with the method/ computing device of Mao and Gauvin to include wherein identifying the first application comprises determining that the first application supports opening files having a file format associated with the file.
One would have been motivated to provide users with the benefits of controlling access to data based on the sensitivity and content of the data (Leemet: paragraph 0001).
Regarding claim 16, Mao and Gauvin disclose the computing device of claim 11.
Mao and Gauvin do not explicitly disclose wherein identifying the first application comprises determining that the first application supports opening files having a file format associated with the file.
However, in an analogous art, Leemet discloses wherein identifying the first application comprises determining that the first application supports opening files having a file format associated with the file (Leemet, paragraph 0059, “Each application may have a number of file formats associated therewith.  For example, Microsoft Word can open .doc, .docx, .txt, .rtf and a number of other file formats.  These formats may be considered examples of the first format.  It is understood that the first format would depend on the data file, the application type and the file formats that are compatible with the particular application.”; paragraph 0065, “In some cases, the comparison looks at header or meta-data 140 of the associated file to determine the content of the data that is associated with the security rules.  In other cases, the container 10/12/40 that is associated with the file indicates the content associated with the security rules.  Assuming the request is allowed, the file is retrieved in the second format.  As can be seen, the first file 64 is called "File1.doc.second" where the ".doc" portion denotes the original format of the document (or the application compatibility) and the ".second" denotes that the file is in a restricted, secure or encrypted format such that the data 142 cannot be read, viewed or written without re-formatting into original format.  Thus, when the file is retrieved 56, the security program 38 re-formats the data to the first format (.doc in this example) so that the application (Microsoft word in this case) can open, view, read and/or write the file.”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Leemet with the method/ computing device of Mao and Gauvin to include wherein identifying the first application comprises determining that the first application supports opening files having a file format associated with the file.
One would have been motivated to provide users with the benefits of controlling access to data based on the sensitivity and content of the data (Leemet: paragraph 0001).




Claims 7 and 17 are rejected under 35 U.S.C. 103 under 35 U.S.C. 103 as being unpatentable over Mao (US10445516), filed December 3, 2015, in view of Gauvin (US8312064), filed May 11, 2015, and further in view of Thomas (US20110246753), filed March 31, 2010.
Regarding claim 7, Mao and Gauvin disclose the method of claim 1. 

However, in an analogous art, Thomas discloses wherein locking the first application comprises configuring access control settings for the first application such that user authentication is required to access the first application (Thomas, paragraph 0064, “In embodiments of the present invention, a framework for an extensible, file-based security system may be used to determine an appropriate application, application environment, and/or access or security control measure based at least in part on a file's reputation.  A file's reputation may be recorded and stored, at least in part, in metadata.  Metadata may define access and security parameters, or some other parameter, of a file.  The access, security or other parameters recorded in the metadata may conform to and/or implement a corporate policy.  The metadata may be stored in association with the file, appended to the file, linked to the file in a database or plurality of databases (including a remote database or plurality of databases), or otherwise encoded to relate to the file in such a manner that the metadata and its related file may be read together or near-simultaneously.  The metadata may be used to control the access and security settings of the file and to require that only an approved method of gaining access to the file, or any of the file's contents, is used, and that the method and use of the file is in accord with the access and security parameter definitions in the metadata which embody the corporate policy.”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Thomas with the method/ computing device of Mao and Gauvin to include wherein locking the first 
One would have been motivated to provide users with the benefits of determining an appropriate application environment (Thomas: paragraph 0064).
Regarding claim 17, Mao and Gauvin disclose the computing device of claim 11. 
Mao and Gauvin do not explicitly disclose wherein locking the first application comprises configuring access control settings for the first application such that user authentication is required to access the first application.
However, in an analogous art, Thomas discloses wherein locking the first application comprises configuring access control settings for the first application such that user authentication is required to access the first application (Thomas, paragraph 0064, “In embodiments of the present invention, a framework for an extensible, file-based security system may be used to determine an appropriate application, application environment, and/or access or security control measure based at least in part on a file's reputation.  A file's reputation may be recorded and stored, at least in part, in metadata.  Metadata may define access and security parameters, or some other parameter, of a file.  The access, security or other parameters recorded in the metadata may conform to and/or implement a corporate policy.  The metadata may be stored in association with the file, appended to the file, linked to the file in a database or plurality of databases (including a remote database or plurality of databases), or otherwise encoded to relate to the file in such a manner that the metadata and its related file may be read together or near-simultaneously.  The metadata may be used to control the access and security settings of the file and to require that only an approved method of gaining access to the file, or any of the file's contents, is used, and that the method and use of the file is in accord with the access and security parameter definitions in the metadata which embody the corporate policy.”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Thomas with the method/ computing device of Mao and Gauvin to include wherein locking the first application comprises configuring access control settings for the first application such that user authentication is required to access the first application.
One would have been motivated to provide users with the benefits of determining an appropriate application environment (Thomas: paragraph 0064).




Claims 8-10 and 18-20 are rejected under 35 U.S.C. 103 under 35 U.S.C. 103 as being unpatentable over Mao (US10445516), filed December 3, 2015, in view of Gauvin (US8312064), filed May 11, 2015, and further in view of Stoev (US20110321153), filed June 25, 2010.
Regarding claim 8, Mao and Gauvin disclose the method of claim 1.
Mao and Gauvin do not explicitly disclose further comprising: receiving input of user authentication data while the first application is in the locked state; verifying that a user associated with the inputted user authentication data is permitted to access application data associated with the first application; and in response to verifying that the user 
However, in an analogous art, Stoev discloses further comprising: receiving input of user authentication data while the first application is in the locked state; verifying that a user associated with the inputted user authentication data is permitted to access application data associated with the first application; and in response to verifying that the user associated with the inputted user authentication data is permitted to access the application data, granting, to the user, access to the first application in the locked state for opening the file (Stoev, paragraph 0022, “A user may use the same password or other authentication for the electronic device and for the specific application, which results in the same password mechanism being entered twice, first to activate the idle electronic device and second to unlock the locked down application.  By the same password for different processes, it is meant that the password is a specific arrangement of selected characters that is common to the different processes as a password separately for the respective processes.  Applications that are locked down by the security mechanism may typically be those applications that can only be opened in the electronic device by entering an authentication for the application in an appropriate user interface of the electronic device.”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Stoev with the method/ computing device of Mao and Gauvin to include further comprising: receiving input of user authentication data while the first application is in the locked state; verifying 
One would have been motivated to provide users with the benefits of increasing the protection of the personal data to enhance the security of electronic devices for individual users (Stoev: paragraph 0001).
Regarding claim 9, Mao and Gauvin disclose the method of claim 1.
Mao and Gauvin do not explicitly disclose further comprising unlocking the first application to switch the first application from the locked state to an unlocked state in response to determining that a first predefined condition is satisfied, the first application being accessible to any user in the unlocked state.
However, in an analogous art, Stoev discloses further comprising unlocking the first application to switch the first application from the locked state to an unlocked state in response to determining that a first predefined condition is satisfied, the first application being accessible to any user in the unlocked state (Stoev, paragraph 0022, “A user may use the same password or other authentication for the electronic device and for the specific application, which results in the same password mechanism being entered twice, first to activate the idle electronic device and second to unlock the locked down application.  By the same password for different processes, it is meant that the password is a specific arrangement of selected characters that is common to the different processes as a password separately for the respective processes.  Applications that are locked down by the security mechanism may typically be those applications that can only be opened in the electronic device by entering an authentication for the application in an appropriate user interface of the electronic device.”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Stoev with the method/ computing device of Mao and Gauvin to include further comprising unlocking the first application to switch the first application from the locked state to an unlocked state in response to determining that a first predefined condition is satisfied, the first application being accessible to any user in the unlocked state.
One would have been motivated to provide users with the benefits of increasing the protection of the personal data to enhance the security of electronic devices for individual users (Stoev: paragraph 0001).
Regarding claim 10, Mao and Stoev disclose the method of claim 9.  Stoev discloses wherein determining that the first predefined condition is satisfied comprises at least one of: detecting a device reset condition; detecting that a predefined length of time has elapsed since the first application was locked; determining that cached file data for the first application is deleted; or receiving a request from an authorized user to switch the first application to the unlocked state (Stoev, paragraph 0022, “A user may use the same password or other authentication for the electronic device and for the specific application, which results in the same password mechanism being entered twice, first to activate the idle electronic device and second to unlock the locked down application.  By the same password for different processes, it is meant that the password is a specific arrangement of selected characters that is common to the different processes as a password separately for the respective processes.  Applications that are locked down by the security mechanism may typically be those applications that can only be opened in the electronic device by entering an authentication for the application in an appropriate user interface of the electronic device.”).  The rationale is the same as that of the claim from which this claim depends.
Regarding claim 18, Mao and Gauvin disclose the computing device of claim 11.
Mao and Gauvin do not explicitly disclose wherein the processor is further configured to: receive input of user authentication data while the first application is in the locked state; verify that a user associated with the inputted user authentication data is permitted to access application data associated with the first application; and in response to verifying that the user associated with the inputted user authentication data is permitted to access the application data, granting, to the user, access to the first application in the locked state for opening the file.
However, in an analogous art, Stoev discloses wherein the processor is further configured to: receive input of user authentication data while the first application is in the locked state; verify that a user associated with the inputted user authentication data is permitted to access application data associated with the first application; and in response to verifying that the user associated with the inputted user authentication data is permitted to access the application data, granting, to the user, access to the first application in the locked state for opening the file (Stoev, paragraph 0022, “A user may use the same password or other authentication for the electronic device and for the specific application, which results in the same password mechanism being entered twice, first to activate the idle electronic device and second to unlock the locked down application.  By the same password for different processes, it is meant that the password is a specific arrangement of selected characters that is common to the different processes as a password separately for the respective processes.  Applications that are locked down by the security mechanism may typically be those applications that can only be opened in the electronic device by entering an authentication for the application in an appropriate user interface of the electronic device.”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Stoev with the method/ computing device of Mao and Gauvin to include wherein the processor is further configured to: receive input of user authentication data while the first application is in the locked state; verify that a user associated with the inputted user authentication data is permitted to access application data associated with the first application; and in response to verifying that the user associated with the inputted user authentication data is permitted to access the application data, granting, to the user,
access to the first application in the locked state for opening the file.
One would have been motivated to provide users with the benefits of increasing the protection of the personal data to enhance the security of electronic devices for individual users (Stoev: paragraph 0001).
Regarding claim 19, Mao and Gauvin disclose the computing device of claim 11.

However, in an analogous art, Stoev discloses wherein the processor is further configured to unlock the first application to switch the first application from the locked state to an unlocked state in response to determining that a first predefined condition is satisfied, the first application being accessible to any user in the unlocked state (Stoev, paragraph 0022, “A user may use the same password or other authentication for the electronic device and for the specific application, which results in the same password mechanism being entered twice, first to activate the idle electronic device and second to unlock the locked down application.  By the same password for different processes, it is meant that the password is a specific arrangement of selected characters that is common to the different processes as a password separately for the respective processes.  Applications that are locked down by the security mechanism may typically be those applications that can only be opened in the electronic device by entering an authentication for the application in an appropriate user interface of the electronic device.”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Stoev with the method/ computing device of Mao and Gauvin to include wherein the processor is further configured to unlock the first application to switch the first application from the locked state to an unlocked state in response to determining that a first predefined condition is satisfied, the first application being accessible to any user in the unlocked state.
(Stoev: paragraph 0001).
Regarding claim 20, Mao and Stoev disclose the computing device of claim 19.  Stoev discloses wherein determining that the first predefined condition is satisfied comprises at least one of: detecting a device reset condition; detecting that a predefined length of time has elapsed since the first application was locked; determining that cached file data for the first application is deleted; or receiving a request from an authorized user to switch the first application to the unlocked state (Stoev, paragraph 0022, “A user may use the same password or other authentication for the electronic device and for the specific application, which results in the same password mechanism being entered twice, first to activate the idle electronic device and second to unlock the locked down application.  By the same password for different processes, it is meant that the password is a specific arrangement of selected characters that is common to the different processes as a password separately for the respective processes.  Applications that are locked down by the security mechanism may typically be those applications that can only be opened in the electronic device by entering an authentication for the application in an appropriate user interface of the electronic device.”).  The rationale is the same as that of the claim from which this claim depends.

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Chennuru (US9716724) “Alternately, the cloud DLP system 30 may quarantine the non-compliance data on the cloud service provider to prevent unauthorized access. In some embodiments, the cloud DLP system 30 may be configured to apply remediation measures for specific types of policy violations.”
Lyubinin (US20150347209), paragraph 0014, “As described in more detail below, the applications 125, 135 can be locked, closed, and/or logged out, etc. after a period of user-interface inactivity with the applications 125, 135, e.g., to prevent unauthorized access to the information displayed by the applications 125, 135.”

Any inquiry concerning this communication or earlier communications from the examiner should be directed to WALTER J MALINOWSKI whose telephone number is (571)272-5368. The examiner can normally be reached 8-6:30 MTWH.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, LUU PHAM can be reached on 5712705002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.








/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439