DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Specification
The disclosure is objected to because of the following informalities: 
In Par. [0002], it is recommended that “Linus-based systems” read as “Linux-based systems”. 
Appropriate correction is required.

Claim Objections
Claims 1, 7-8, 14-16, 19 are objected to because of the following informalities:  
Claims 1, 8, 15 recite the phrase “whereby, a user can use the execution environment…”. The words “whereby” and “can” indicate an intended use which generally does not impart a patentable distinction. It is recommended by the Examiner that the phrase read as “wherein, a user uses the execution environment…”. For the purposes of compact prosecution however, this phrase will be treated to have patentable weight. 
Claims 7, 14, 19 recite the phrase “SMB file access”. It is recommended by the Examiner that the phrase be amended to initially define the abbreviation so that it reads “Server Message Block (SMB) file access”.
Claim 15 is objected to under 37 CFR 1.75 as being a substantial duplicate of Claim 3. When two claims in an application are duplicates or else are so close in content that they both cover the same thing, despite a slight difference in wording, it is proper after allowing one claim to object to the other as being a substantial duplicate of the allowed claim. See MPEP § 608.01(m).
Claim 16 is objected to under 37 CFR 1.75 as being a substantial duplicate of Claim 4. 
In Claim 16, the claim recites “The method of claim15”. It is recommended by the Examiner that the phrase read as “The method of claim 15”.
Appropriate correction is required.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-5, 8-12, 15-17 are rejected under 35 U.S.C. 103 as being unpatentable over Roth et al. (U.S. Patent No. 9,442,752 B1) hereinafter referred to as “Roth”, and further in view of Nikara et al. (U.S. Pub. No. 2011/0209128 A1) hereinafter referred to as “Nikara”.
Regarding Claim 1:
	Roth discloses the following limitations:
	A method of (Abstract, A method and system for running an additional execution environment associated with a primary execution environment; Col. 2, lines 11-13, A bubble is a special purpose execution environment, such as a virtual machine instance or execution sandbox, for securely executing code and/or securing data (A method of 
	receiving, by a host operating system, a request from a guest operating system to invoke an execution environment in a secure sandbox on a host operating system (Col. 10, lines 62-65, the instruction to create a bubble on the host computing device may be received (receiving, by a host operating system, a request … to invoke an execution environment in a secure sandbox on a host operating system) from a virtual machine, service, or resource executing on a remote computing device (from a guest operating system); Col. 4, lines 18-26, A bubble may take the form of a virtual machine on the same or different host computer as its parent virtual machine, an enclave in a container, such as a Solaris Zone, Parallels Virtuozzo Container, or LinuX Container, on the same or different physical machine as the parent virtual machine, a container in an enclave on the same or different physical machine as the parent virtual machine, or a virtual machine in an enclave on the same or different physical machine as the parent virtual machine (an execution environment in a secure sandbox)). Roth teaches a host device receiving a request to create a bubble from a guest device. This is received by a host operating system as Roth further teaches the operating system constructing the bubble in the case of it being in the form of a container/enclave (Col. 4, lines 46-49, Enclave functionality may be provided to a system through software, such as under the control of a hypervisor or a kernel of an operating system that allows virtualized user space instances). Likewise, Roth teaches the request to create a bubble coming from a guest operating system in one embodiment (Col. 4, lines 9-15, a guest operating system executing on a virtual machine instance, or a service executing in a virtual machine instance may provide an interface to the bubble. In this manner, a user, client, service or other entity with access to a virtual machine instance on the host computer system may use that interface to, for example, create a bubble).
	and executing the execution environment in the secure sandbox (Col. 12, line 16, a bubble is created). Roth teaches creating a bubble in response to the request. 
	whereby, a user can use the execution environment in the secure sand box from a guest operating system to (Col. 4, lines 12-17, a user, client, service or other entity with access to a virtual machine instance on the host computer system may use that interface to, for example, create a bubble, send instructions to the bubble, generate cryptographic keys for the bubble and/or other operations (whereby, a user can use the execution environment in the secure sand box from a guest operating system); Col. 2, lines 11-13, A bubble is a special purpose execution environment, such as a virtual machine instance or execution sandbox, for securely executing code and/or securing data (use the execution environment in the secure sand box … to … execute the new program on the host operating system)). Roth teaches a user using an interface, which was previously argued to be part of the guest operating system, to execute instructions in the created execution environment. 

	Nikara discloses the following limitation not taught by Roth:
	compile… the new program (Abstract, The method may additionally include compiling the source code based at least in part on the determined information into an executable targeted to the execution platform of the end user apparatus). Nikara teaches compiling code in a separate execution environment. 

	Roth does not teach compiling code within the bubble. Nikara however teaches compiling code in a separate execution environment. Nikara further teaches that off-loading compilation to a separate execution environment reduces the burden for end users (Par. [0004], end user apparatuses are not burdened by the processing requirements of compilation).
	References Roth and Nikara are considered to be analogous art because they relate to code execution across separate execution environments. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the virtual execution environment system of Roth with the code compilation of Nikara in order to gain the benefit of reducing the burden on the user for compiling code. 

Regarding Claim 2:
	The combination of Roth/Nikara discloses Claim 1.
	Nikara further discloses the following limitation:
	further comprising receiving, by a host operating system, a source code file from the guest operating system (Par. [0006], a method is provided, which comprises receiving source code for an application (further comprising receiving, by a host operating system, a source code file from the guest operating system)). Reference Nikara further teaches receiving source code in order to compile the application. In combination with the bubble on the host device receiving instructions from the guest device of Roth, this teaches the host operating system receiving a source code file from the guest operating system. 
	
	The reasons for motivation/combination of references remain the same as in Claim 1.

Regarding Claim 3:
	The combination of Roth/Nikara discloses Claim 2.
	Nikara further discloses the following limitation:
	further comprising compiling by the host operating system the source code file into an executable file in the execution environment in the secure sandbox (Par. [0062], compile received source code into an executable targeted to a particular execution platform of an end user apparatus (further comprising compiling by the host operating system the source code file into an executable file in the execution environment in the secure sandbox)). Reference Nikara further teaches compiling the source code into an executable file. 

	The reasons for motivation/combination of references remain the same as in Claim 1.
	
Regarding Claim 4:
	The combination of Roth/Nikara discloses Claim 3.
	Nikara further discloses the following limitation:
	further comprising returning from the host operating system to the guest operating system the executable file (Par. [0006], The method of this embodiment also comprises causing the executable to be sent to the end user apparatus (further comprising returning from the host operating system to the guest operating system the executable file)). Reference Nikara further teaches sending the executable back to the end user, i.e. the guest operating system of Roth. 

	The reasons for motivation/combination of references remain the same as in Claim 1.

Regarding Claim 5:
	The combination of Roth/Nikara discloses Claim 1.
	Roth further discloses the following limitation:
	wherein receiving includes receiving, by a host operating system, via a secure tunnel a request from a guest operating system to invoke an execution environment in a secure sandbox on a host operating system (Col. 12, lines 66-67, Col. 13, lines 1-3, security is ensured by encrypting the information passed to the mode of communication, and the receiving party, either the bubble or the parent virtual machine may decrypt and read the messages upon receipt by using a private key (wherein receiving includes receiving, by a host operating system, via a secure tunnel a request from a guest operating system to invoke an execution environment in a secure sandbox on a host operating system)). Roth further teaches a secure tunnel in the form of encrypting communication between parties, i.e. the host operating system and the guest operating system.

Regarding Claim 8:
	Roth discloses the following limitations:
	A computer program product for (Abstract, Col. 2, lines 11-13). This limitation was shown to be taught by Roth in the rejection of Claim 1.	a non-transitory computer-readable medium comprising a set of instructions that when executed by a programmable computing device causes the computing device to implement a method for configuring a set of network devices (Col. 28, lines 11-18, Storage media and computer readable media for containing code, or portions of code, can include any appropriate media known or used in the art, including storage media and communication media, such as volatile and non-volatile, removable and non-removable media implemented in any method or technology for storage and/or transmission of information such as computer readable instructions, data structures, program modules or other data). Reference Roth discloses using a non-transitory computer readable medium for execution of instructions of the claimed functions. 
	the method comprising: receiving, by a host operating system, a request from a guest operating system to invoke an execution environment in a secure sandbox on a host operating system (Col. 10, lines 62-65; Col. 4, lines 18-26). This limitation was shown to be taught by Roth in the rejection of Claim 1.
	and executing the execution environment in the secure sandbox (Col. 12, line 16). This limitation was shown to be taught by Roth in the rejection of Claim 1.
	whereby, a user can use the execution environment in the secure sandbox from a guest operating system to (Col. 4, lines 12-17; Col. 2, lines 11-13). This limitation was shown to be taught by Roth in the rejection of Claim 1.

	Nikara discloses the following limitation not taught by Roth:
	compile… the new program (Abstract). This limitation was shown to be taught by Nikara in the rejection of Claim 1.
	
	Roth does not teach compiling code within the bubble. Nikara however teaches compiling code in a separate execution environment. Nikara further teaches that off-loading compilation to a separate execution environment reduces the burden for end users (Par. [0004], end user apparatuses are not burdened by the processing requirements of compilation).
	References Roth and Nikara are considered to be analogous art because they relate to code execution across separate execution environments. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the virtual execution environment system of Roth with the code compilation of Nikara in order to gain the benefit of reducing the burden on the user for compiling code. 

Regarding Claim 9:
	The combination of Roth/Nikara discloses Claim 8.
	Nikara further discloses the following limitation:
	further comprising receiving, by a host operating system, a source code file from the guest operating system (Par. [0006]). This limitation was shown to be taught by Nikara in the rejection of Claim 2.
	
	The reasons for motivation/combination of references remain the same as in Claim 8.

Regarding Claim 10:
	The combination of Roth/Nikara discloses Claim 9.
	Nikara further discloses the following limitation:
	further comprising compiling by the host operating system the source code file into an executable file in the execution environment in the secure sandbox (Par. [0062]). This limitation was shown to be taught by Nikara in the rejection of Claim 3.

	The reasons for motivation/combination of references remain the same as in Claim 8.

Regarding Claim 11:
	The combination of Roth/Nikara discloses Claim 10.
	Nikara further discloses the following limitation:
	further comprising returning from the host operating system to the guest operating system the executable file (Par. [0006]). This limitation was shown to be taught by Nikara in the rejection of Claim 4.

	The reasons for motivation/combination of references remain the same as in Claim 8.

Regarding Claim 12:
	The combination of Roth/Nikara discloses Claim 8.
	Roth further discloses the following limitation:
	wherein receiving includes receiving, by a host operating system, via a secure tunnel a request from a guest operating system to invoke an execution environment in a secure sandbox on a host operating system (Col. 12, lines 66-67, Col. 13, lines 1-3). This limitation was shown to be taught by Roth in the rejection of Claim 5.

Regarding Claim 15:
	Roth discloses the following limitations:
	A method of (Abstract, Col. 2, lines 11-13). This limitation was shown to be taught by Roth in the rejection of Claim 1.
	receiving, by a host operating system, a request from a guest operating system to invoke an execution environment in a secure sandbox on a host operating system (Col. 10, lines 62-65, Col. 4, lines 18-26). This limitation was shown to be taught by Roth in the rejection of Claim 1.
	executing the execution environment in the secure sandbox (Col. 12, line 16). This limitation was shown to be taught by Roth in the rejection of Claim 1.
	(taught below by Nikara)
	(taught below by Nikara)
	whereby, a user can use the execution environment in the secure sand box from a guest operating system to (Col. 4, lines 12-17, Col. 2, lines 11-13). This limitation was shown to be taught by Roth in the rejection of Claim 1.

	Nikara discloses the following limitation not taught by Roth:
	receiving, by a host operating system, a source code file from the guest operating system (Par. [0006]). This limitation was shown to be taught by Nikara in the rejection of Claim 2.
	and compiling by the host operating system the source code file into an executable file in the execution environment in the secure sandbox (Par. [0062]). This limitation was shown to be taught by Nikara in the rejection of Claim 3.
	compile… the new program (Abstract). This limitation was shown to be taught by Nikara in the rejection of Claim 1.

	Roth does not teach compiling code within the bubble. Nikara however teaches compiling code in a separate execution environment. Nikara further teaches that off-loading compilation to a separate execution environment reduces the burden for end users (Par. [0004], end user apparatuses are not burdened by the processing requirements of compilation).
	References Roth and Nikara are considered to be analogous art because they relate to code execution across separate execution environments. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the virtual execution environment system of Roth with the code compilation of Nikara in order to gain the benefit of reducing the burden on the user for compiling code. 

Regarding Claim 16:
	The combination of Roth/Nikara discloses Claim 15.
	Nikara further discloses the following limitation:
	further comprising returning from the host operating system to the guest operating system the executable file (Par. [0006]). This limitation was shown to be taught by Nikara in the rejection of Claim 4.

	The reasons for motivation/combination of references remain the same as in Claim 15.

Regarding Claim 17:
	The combination of Roth/Nikara discloses Claim 16.
	Roth further discloses the following limitation:
	wherein receiving includes receiving, by a host operating system, via a secure tunnel a request from a guest operating system to invoke an execution environment in a secure sandbox on a host operating system (Col. 12, lines 66-67, Col. 13, lines 1-3). This limitation was shown to be taught by Roth in the rejection of Claim 5.

	The reasons for motivation/combination of references remain the same as in Claim 16.

	Claims 6-7, 13-14, 18-19 are rejected under 35 U.S.C. 103 as being unpatentable over Roth/Nikara, and further in view of Deshmukh et al. (U.S. Pub. No. 2018/0159729 A1) hereinafter referred to as “Deshmukh”. 
Regarding Claim 6:
	The combination of Roth/Nikara discloses Claim 5.
	Roth further discloses the following limitation:
	wherein the secure tunnel is an encrypted communication path between the guest operating system and the host operating system (Col. 12, lines 66-67, Col. 13, lines 1-3, security is ensured by encrypting the information passed to the mode of communication, and the receiving party, either the bubble or the parent virtual machine may decrypt and read the messages upon receipt by using a private key (wherein the secure tunnel is an encrypted communication path between the guest operating system and the host operating system)). As argued previously, the secure tunnel of Roth is an encrypted communication channel. 
	(taught by Deshmukh below)

	Deshmukh discloses the following limitation not taught by Roth/Nikara:
	and includes loop back networking (Par. [0042], such local communication may be substantially faster than communication via the network 140. The local communication may be performed by, e.g., writing to and reading from shared memory accessible by the user VM 101a and the FSVM 170a, sending and receiving data via a local “loopback” network interface, local stream communication, or the like (and includes loop back networking)). Deshmukh teaches using loopback networking in the management of multiple virtual machines. 

	The combination of Roth/Nikara does not teach loopback networking. Deshmukh however teaches using loopback networking in the management of multiple virtual machines. Deshmukh further teaches that using such networking is more efficient in the case of local communication (Par. [0042], such local communication may be substantially faster than communication via the network).
	The combination of Roth/Nikara and Deshmukh are considered to be analogous art because they relate to operating across separate execution environments. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the virtual execution environment system of Roth/Nikara with the loopback networking of Deshmukh in order to gain the benefit of faster communication for local connections. 

Regarding Claim 7:
	The combination of Roth/Nikara/Deshmukh discloses Claim 6.
	Deshmukh further discloses the following limitation:
	wherein the secure tunnel includes SMB file access through the guest operating system (Par. [0040], The network protocol used for communication between user VMs 101 and 102, FSVMs 170a-c, and CVMs 110a-c via the network 140 may be Internet Small Computer Systems Interface (iSCSI), Server Message Block (SMB), Network File System (NFS), pNFS (Parallel NFS), or another appropriate protocol). Reference Deshmukh teaches using a Server Message Block protocol for communicating files between virtual machines. 

	The combination of Roth/Nikara teaches all features of the claimed invention except using the Server Message Block protocol. Deshmukh teaches using the Server Message Block protocol for network communication. Thus, all features of the claimed invention were known in the prior art. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to substitute the communication protocol of Roth/Nikara with the Server Message Block protocol of Deshmukh in order to gain the predictable result of the applicant’s claimed invention. 

Regarding Claim 13:
	The combination of Roth/Nikara discloses Claim 12.
	Roth further discloses the following limitation:
	wherein the secure tunnel is an encrypted communication path between the guest operating system and the host operating system (Col. 12, lines 66-67, Col. 13, lines 1-3). This limitation was shown to be taught by Roth in the rejection of Claim 6.
	(taught by Deshmukh below)

	Deshmukh discloses the following limitation not taught by Roth/Nikara:
	and includes loop back networking (Par. [0042]). This limitation was shown to be taught by Deshmukh in the rejection of Claim 6.

	The combination of Roth/Nikara does not teach loopback networking. Deshmukh however teaches using loopback networking in the management of multiple virtual machines. Deshmukh further teaches that using such networking is more efficient in the case of local communication (Par. [0042], such local communication may be substantially faster than communication via the network).
	The combination of Roth/Nikara and Deshmukh are considered to be analogous art because they relate to operating across separate execution environments. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the virtual execution environment system of Roth/Nikara with the loopback networking of Deshmukh in order to gain the benefit of faster communication for local connections. 

Regarding Claim 14:
	The combination of Roth/Nikara/Deshmukh discloses Claim 13.
	Deshmukh further discloses the following limitation:
	wherein the secure tunnel includes SMB file access through the guest operating system (Par. [0040]). This limitation was shown to be taught by Deshmukh in the rejection of Claim 7.

	The combination of Roth/Nikara teaches all features of the claimed invention except using the Server Message Block protocol. Deshmukh teaches using the Server Message Block protocol for network communication. Thus, all features of the claimed invention were known in the prior art. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to substitute the communication protocol of Roth/Nikara with the Server Message Block protocol of Deshmukh in order to gain the predictable result of the applicant’s claimed invention. 

Regarding Claim 18:
	The combination of Roth/Nikara discloses Claim 17.
	Roth further discloses the following limitation:
	wherein the secure tunnel is an encrypted communication path between the guest operating system and the host operating system (Col. 12, lines 66-67, Col. 13, lines 1-3). This limitation was shown to be taught by Roth in the rejection of Claim 6.
	(taught by Deshmukh below)

	Deshmukh discloses the following limitation not taught by Roth/Nikara:
	and includes loop back networking (Par. [0042]). This limitation was shown to be taught by Deshmukh in the rejection of Claim 6.

	The combination of Roth/Nikara does not teach loopback networking. Deshmukh however teaches using loopback networking in the management of multiple virtual machines. Deshmukh further teaches that using such networking is more efficient in the case of local communication (Par. [0042], such local communication may be substantially faster than communication via the network).
	The combination of Roth/Nikara and Deshmukh are considered to be analogous art because they relate to operating across separate execution environments. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the virtual execution environment system of Roth/Nikara with the loopback networking of Deshmukh in order to gain the benefit of faster communication for local connections. 

Regarding Claim 19:
	The combination of Roth/Nikara/Deshmukh discloses Claim 18.
	Deshmukh further discloses the following limitation:
	wherein the secure tunnel includes SMB file access through the guest operating system (Par. [0040]). This limitation was shown to be taught by Deshmukh in the rejection of Claim 7.

	The combination of Roth/Nikara teaches all features of the claimed invention except using the Server Message Block protocol. Deshmukh teaches using the Server Message Block protocol for network communication. Thus, all features of the claimed invention were known in the prior art. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to substitute the communication protocol of Roth/Nikara with the Server Message Block protocol of Deshmukh in order to gain the predictable result of the applicant’s claimed invention. 

Related Art
	The following prior art made of record and cited on PTO-892, but not relied upon, is considered pertinent to applicant’s disclosure: 
Beretta et al. (U.S. Pub. No. 2010/0313079 A1) – Includes methods related to a compiler server for servicing compilation requests

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ETHAN V VO whose telephone number is (571)272-2505. The examiner can normally be reached M-F 8am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571)272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/E.V.V./Examiner, Art Unit 2431                                                                                                                                                                                                        /LYNN D FEILD/Supervisory Patent Examiner, Art Unit 2431