Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
	
Response to Amendment
This communication is in response to the amendment filed on 07/07/2022. The Examiner acknowledges amended claims 1-33. No claims have been cancelled or added. Claims 1-33 are pending and claims 1-33 are rejected.  Claims 1, 13, and 22 is/are independent. 

Response to Arguments
Applicant's arguments filed 07/07/2022 have been fully considered.  Applicant argues (see Remarks, see page 10, 4th paragraph to page 11, 2nd paragraph) that the references cited in the previous rejection fail to disclose the newly amended claim features.  This argument is persuasive. Therefore, the rejections are withdrawn. However, upon further consideration, a new ground of rejection is made in view of Zaveri et al. U.S. Publication 20150302338 (hereinafter “Zaveri”) in view of Jiang et al. U.S. Publication 20160127447 (hereinafter “Jiang”), further in view of Tiger et al. U.S. Publication 20140214921 (hereinafter “Tiger”).
Tiger et al. U.S. Publication 20140214921 (hereinafter “Tiger”) teaches sending the address of a network resource to a mobile device to facilitate the mobile device accessing the resource. 
The combination of the references cited in the current office action including Tiger discloses the claimed invention.
Independent claims 13 and 22 recite limitations analogous to the limitations of claim 1 and are also rejected for similar reasons. Regarding applicant’s arguments with respect to the dependent claims 2-12, 14-21, and 23-33, applicant’s amendments to the independent claims have necessitated a new ground of rejection with respect to the independent claims from which the dependent claims depend, thereby requiring new grounds of rejection for the dependent claims also. 
Accordingly, Applicant's argument is persuasive, the rejection is withdrawn, and new ground(s) of rejection are presented herein.
	

	
	
	
	
	
	
	

Claim Rejections - 35 USC § 103
	
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

	The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
	
	This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

Claims 1, 6, 10, 13, 18, 22, 27, and 31 is/are rejected under 35 U.S.C. 103 as being unpatentable over Zaveri et al. U.S. Publication 20150302338 (hereinafter “Zaveri”) in view of Jiang et al. U.S. Publication 20160127447 (hereinafter “Jiang”), further in view of Tiger et al. U.S. Publication 20140214921 (hereinafter “Tiger”).
As per claim 1, Zaveri discloses 
A method comprising: 
(See Zaveri 
figure 10, e.g., flowchart of figure 10
)

receiving, by a workspace server, a request from a computing device for an application on a virtualization server, the request including a file-path to a data file stored on a storage provider and on which the application is to perform operations; 
(See Zaveri 
[0093] The client 102 may be configured to communicatively connect with the ASP system 104 and be provided with access to an application …… ASP system 104 can …..connect storage services (e.g., provided by third-party cloud-based storage providers) with application services (e.g., provided by application servers [an application on a virtualization server]).
Zaveri [0119] The storage module 206 may be configured to establish and/or maintain access to data on third-party data storage services by an application executing or being controlled by the ASP system 104 on behalf of the user at the client 102 [ a computing device= client 102]. In some embodiments, the storage module 206 may achieve this by receiving, storing, and utilizing access parameters (e.g., third-party access parameters such as protocol information, username, password, encryption key, signature file identifier, navigation address, third-party storage identifier, or the like) provided by the user (at the client 102) in association with a third-party data storage service (e.g., a cloud-based data storage service, such as Dropbox or Google® Docs) which the user wishes to access through the ASP system 104. For example, when the user requests [receiving, by a workspace server] access to data content objects (e.g., files) stored using a third-party data storage service [data file stored on a storage provider], the storage module 206 [in ASP system 104] may establish a connection with the third-party data storage service …., retrieve a listing of the data content objects stored on/using or otherwise made available through the third-party data storage service in association with the access parameters provided, and access the data content objects according to the user's access request. Depending on the embodiment, the user may cause data content objects stored on the third-party data storage service to be accessed by the ASP system 104, for example, when the user requests [receiving request] to review a listing of data content objects (e.g., files) stored on the third-party data storage service or when the user chooses to access data content objects (e.g., open, view, or edit a file) [data file stored on a storage provider and on which the application is to perform operations ]using an application provided by the ASP system 104 [an application on a virtualization server; the virtualization server is actually disclosed by the application server 318 as shown in figure 3](e.g., through the application module 210). 
Zaveri Para. 0095]
 The ASP system 104 may provide the client 102 with a workspace, [ workspace server = ASP system 104] or other type space, through which the client 102 can access different data content objects while being providing contextual information regarding such objects. 
Zaveri [0211]
At step 1002, the client 302 may request [receiving ….request …..for an application on a virtualization server…]the access server 312 for access to a selected file. Where an application compatible the selected file is not already executing, the access server 312 may arrange for an instantiation of an application the compatible with the selected file to be invoked on the application server 318 [virtualization server ]. Once an application compatible with the file is executing on the application server 318 (hereafter, the executing application), at step 1004, the access server 312 may instruct the executing application access (e.g., open [an operation]) the selected file. [ data file stored on a storage provider and on which the application is to perform operations]
Zaveri [0151]
object path field [a file-path to a data file stored on a storage provider]
Zaveri [0152]
The object path may provide a path (or some other identifier) to the data content object relating to the contextual information being stored. An example of the path may include “filename/section #/paragraph #” for a word processing document file
Zaveri [0153]
a unique object identifier can comprise an operation sequence number and an object path, which may facilitate use of the unique object identifier when accessing [receiving, by a workspace server, a request= accessing ]various versions of data content objects through the ASP system 104 [a file-path to a data file stored on a storage provider] (e.g., via the client 102 or via an API).
)

obtaining, by the workspace server, a session handle from the storage provider, the session handle including information which enables access to the storage provider by the computing device from a computing session between the computing device and the virtualization server; 
(See Zaveri Para. [0093]
ASP system 104 can maintain application sessions, gather metadata and other contextual information regarding data content objects accessed through the ASP system 104 [access to the storage provider by the computing device from a computing session], and connect storage services (e.g., provided by third-party cloud-based storage providers) with application services (e.g., provided by application servers). [ a computing session between the computing device and the virtualization server; virtualization server= application server]
Zaveri [0213] the application server 318 may provide the client 302 with access to the executing application. For some embodiments, the access by the client 302 to the executing application on the application server 318 may be facilitated through the access server 312. [ virtualization server= application server 318]
Zaveri [0097]
ASP system 104 may provide the client 102 with remote access to the application ….. that has access to data storage provided by third-party services. 
Zaveri [0119]
The storage module 206 may be configured to establish and/or maintain access to data on third-party data storage services by an application executing or being controlled by the ASP system 104 on behalf of the user at the client 102. …… a third-party data storage service (e.g., a cloud-based data storage service, such as Dropbox or Google® Docs) which the user wishes to access through the ASP system 104. For example, when the user requests access to data content objects (e.g., files) stored using a third-party data storage service, the storage module 206 may establish a connection [session handle from the storage provider = connection ] with the third-party data storage service …, retrieve a listing of the data content objects stored [session handle from the storage provider can also be disclosed by listing of the data content objects stored; note claim 1 does not refer back to the session handle except to recite that the session handle includes information which enables access, thereby allowing session handle to broadly read on any information received from the remote source provider which facilitates access] on/using or otherwise made available through the third-party data storage service in association with the access parameters provided, and access the data content objects according to the user's access request. Depending on the embodiment, the user may cause data content objects stored on the third-party data storage service to be accessed by the ASP system 104, for example, when the user requests to review a listing of data content objects (e.g., files) stored on the third-party data storage service or when the user chooses to access data content objects (e.g., open, view, or edit a file) using an application provided by the ASP system 104 (e.g., through the application module 210). [ a computing session between the computing device and the virtualization server; listing of the data content objects stored on the third-party data storage service 
Zaveri [0112] The client module 202 may also be configured to provide universal and/or agnostic management access to various data content objects that are stored at separate and disparate data storage services but made available through the ASP system 104. Accordingly, in some embodiments, the client module 202 may comprise a management interface adapted to receive user requests for management operations, such as adding (e.g., by creation of a new file or by upload), deleting, moving, and renaming data content objects. For some embodiments, the client module 202 may utilize web-based application programming interfaces (APIs), which may be associated with one or more web applications (e.g., Google® Docs), to access files stored on cloud-based services. For example, in order to list data content objects accessible through the ASP system 104, the client module 202 may utilize web-based APIs for a given cloud-based service (e.g., Dropbox, Box, or Google® Docs) to directly perform management operations (e.g., listing of stored files, adding files, deleting files, or renaming files) with respect to that service. Then, when a data content object listed through the client module 202 is selected for opening through the ASP system 104, the client module 202 may instruct the ASP system 104 to obtain a copy to the selected data content object from it respective storage source (e.g., cloud-based storage source ….. Thereafter, the ASP system 104 may initiate a virtualized application instance having access to the selected data content object, and the output data of the virtualized application instance may be transmitted to the client 102.
[session handle including information which enables access to the storage provider by the computing device from a computing session between the computing device and the virtualization server; the Zaveri listing of data content objects retrieved from the cloud-based storage source can disclose the session handle, and this listing allows the user to access (e.g., by selecting for opening through the ASP system 104) the remote cloud-based storage source via the virtualized application instance]
)

generating, by the workspace server, a connection description including information to establish the computing session and a data session, wherein the computing session is between the computing device and the virtualization server and the data session is between the virtualization server and the storage provider; and
(See Zaveri Para. 
[0103] As the ASP system 104 detects an event associated with a data content object being accessed through the ASP system 104, the ASP system 104 [workspace server ]can present one or more users with a reference [generating, by the workspace server, a connection description; connection description can be disclosed by reference] to a location in the data content object that relates the event. As described herein, a reference once presented to a user at the client 102, can be traversed by the user to the location [information to establish the computing session ] referenced. Such traversal can result in the ASP system 104 providing the client 102 with access to an application that is executing on behalf of the client 102 [computing session = application that is executing on behalf of the client 102  ]and that is accessing the content of the data content object [the data session= accessing the content of the data content object ] at the location referenced. [establish the computing session and a data session, wherein the computing session is between the computing device and the virtualization server and the data session is between the virtualization server and the storage provider]
Zaveri [0157]
The reference module 408 may be configured to provide a reference [generating, by the workspace server, a connection description; connection description can be disclosed by reference; the reference described in Zaveri (e.g., URL reference) is not a file but this is addressed by the additional cited reference discussed below]based on the contextual information, where the reference enables a second user (e.g., at another client) to traverse to a location in the data content object [establish the computing session and a data session; describes a technique for generating a reference and sending the reference ), relating to the event. Once a reference is provided, it may be presented to the second user for review and/or traversal. For some embodiments, the reference may be a universal resource locator, or some other form of link, which when selected for traversal by a user at a client, can result in the ASP system 104 to instruct an application [computing session], being controlled by the ASP system 104 and being executed on behalf of the second user, to access the data content object [data session ]and move to the location associated with the reference. [The link reference examples here are for a 2nd user, but the link reference can also be used by any user that requested an application, as described in para. 103 above. The ability to create all the data connections needed to access and view the content data object by simply clicking on the reference is described with respect to the second user but para. 103 discloses that any user can do this.]
Zaveri [0213]
the application server 318 may provide the client 302 with access to the executing application. For some embodiments, the access by the client 302 to the executing application on the application server 318 may be facilitated through the access server 312. [ computing session is between the computing device and the virtualization server;  virtualization server= application server 318]

Zaveri para. 119 
when the user requests to review a listing of data content objects (e.g., files) stored on the third-party data storage service [the storage provider] or when the user chooses to access data content objects (e.g., open, view, or edit a file) using an application provided by the ASP system 104 (e.g., through the application module 210).
[ a computing session between the computing device and the virtualization server;]
Zaveri [0139]
FIG. 3 ….. the ASP system 310 may be similar in function and implementation to the ASP system 104, 
Zaveri [0140]
FIG. 3, the functionality of the ASP system 310 may be implemented by way of access servers ACS1 to ACSn (represented by access servers [ACSs] 312, 314, and 316
[Zaveri para. 213, 119, 139, and 140 together show data session is between the virtualization server and the storage provider]
see also Zaveri para. 128, 193 “provide a reference”
)

 providing, by the workspace server, the connection description to the computing device such that execution of the connection description enables a user of the computing device to perform operations on the data file using the application provided by the virtualization server.  
(See Zaveri Para. [0012]
In some embodiments, the systems and methods can present the second user [providing, by the workspace server, the connection description ] with the reference in connection with notifying the second user regarding the event. Additionally, in some embodiments, the second user can access the reference once presented. [ execution of the connection description]

Zaveri [0228] The activity stream pane 1610 may be configured to present events (e.g., event) in relation to the file current being accessed through space represented by the interface 1600. As shown, the activity stream pane 1610 is presenting comments in relation to the file. In accordance with some embodiments, where references to data content objects are presented [providing, by the workspace server, the connection description ] in association with events, selecting any of those references [execution of the connection description ] may result in the user traversing to the data content object and accessing the data content object through a space or an application [perform operations on the data file using the application; data file = data content object ]capable of accessing the content of the reference data content object.
Zaveri [0103]
As the ASP system 104 detects an event associated with a data content object being accessed through the ASP system 104, the ASP system 104 can present one or more users with a reference [providing, by the workspace server, the connection description to the computing device] to a location in the data content object that relates the event. As described herein, a reference once presented to a user at the client 102, can be traversed by the user to the location referenced. [ enables a user of the computing device to perform operations on the data file; by clicking on the reference the user can be traversing and viewing, which can disclose perform operations ]Such traversal can result in the ASP system 104 providing the client 102 with access to an application that is executing on behalf of the client 102 and that is accessing the content of the data content object at the location referenced 
[claim 1 can read on a scenario with the Zaveri system in which the user requests access to some data on a third-party storage provider, the connection is established (disclosing obtaining the session handle), the reference is generated and sent to the user, and the user at some time clicks on the reference to view the content referred to by the reference, viewing by using the application executed on a virtual machine instantiated on a application server (in some cases, for example, if the user loses connection and wants to establish the same session)]
Zaveri para. 119 
when the user requests to review a listing of data content objects (e.g., files) stored on the third-party data storage service [the storage provider] or when the user chooses to access data content objects (e.g., open, view, or edit a file [perform operations on the data file using the application provided by the virtualization server]) using an application provided by the ASP system 104 (e.g., through the application module 210). [ a computing session between the computing device and the virtualization server; listing of the data content objects stored on the third-party data storage service 
Zaveri [0213]
the application server 318 may provide the client 302 with access to the executing application. For some embodiments, the access by the client 302 to the executing application on the application server 318 may be facilitated through the access server 312. [ virtualization server= application server 318]
)

	However, Zaveri does not expressly disclose 
receiving, by a workspace server, a request from a computing device for an application on a virtualization server, the request including an application identifier (ID) and a file-path to a data file stored on a storage provider and on which the application is to perform operations; 
generating, by the workspace server, a connection description file 
providing, by the workspace server, the connection description file to the computing device such that execution of the connection description file enables a user of the computing device to perform operations on the data file using the application provided by the virtualization server.  
Jiang discloses  
the request including an application identifier (ID)
(See Jiang Para. [0009]
remote access client may populate the URI with a file identifier (ID) corresponding to the file and an application ID corresponding to the application for opening the file. 
Jiang [0010]
After the URI is created, the user may deliver the URI, or a shortcut containing the URI, to another user over a network (e.g., an intranet or the Internet). The other user may then click on the URI or shortcut to access the file. Accessing the file may include connecting to the VM either directly or via a connection broker (depending on the address in the URI) and using the authentication credentials in the URI, executing the application identified by the application ID in the URI [ the request including an application identifier (ID) ] and opening the file identified by the file ID in the URI.
Jiang [0033]
At step 420, remote access client 110 2 requests a connection to the application, identified by the application ID in the URI, using authentication credentials from the URI (if any). Connecting to the application may include connecting to a VM, either directly or via a connection broker whose address is included in the URI, and launching the application in the VM. Once connection with the VM is established, the application may automatically be launched in one embodiment. 
Jiang [0036]
host machine 210 establishes the connection between client 110 2 and the VM and launches the application identified by the application ID at step 440. 
).

generating a connection description file
Providing a file with URL to user such that execution of the file enables access to applications provided by virtualization server
 (See Jiang Para. [0016]
After URI 140 is created, the user may send URI 140 to another user in any feasible manner, such as by copying and pasting URI 140 into an e-mail message. Alternatively, the user may create a shortcut for URI 140. The shortcut may be implemented as a file containing the URI, [generating a connection description file ]and the user may send this shortcut to the other user as, e.g., an e-mail attachment. 
Jiang [0009]
In response to a file being dragged to a specific area of a remote access client window, the remote access client is configured to determine whether an application is available for opening the file. If an application is available, then the remote access client generates a reference, and in particular a universal resource identifier (URI), for sharing the file. In one embodiment, the remote access client may populate the URI with a file identifier (ID) corresponding to the file and an application ID corresponding to the application for opening the file. The URI may further include the address of a virtual machine (VM) or connection broker to connect to and authentication credentials such as a username and password combination
Jiang [0010]
After the URI is created, the user may deliver the URI, or a shortcut containing the URI, to another user over a network (e.g., an intranet or the Internet). The other user may then click on the URI or shortcut to access the file. Accessing the file may include connecting to the VM either directly or via a connection broker (depending on the address in the URI) and using the authentication credentials in the URI, executing the application identified by the application ID in the URI, and opening the file identified by the file ID in the URI.
[See figure 2, host machine 210 for example of a host machine 210 with virtualization software 211 which discloses a virtualization server that can execute applications in virtual machines]
).

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Zaveri with the technique for receiving a request with the application ID and generating a file with URI that when clicked causes execution of an application in a virtual machine at a remote server, and sending the file to the user of Jiang to include 
receiving, by a workspace server, a request from a computing device for an application on a virtualization server, the request including an application identifier (ID) and a file-path to a data file stored on a storage provider and on which the application is to perform operations; 
generating, by the workspace server, a connection description file including information to establish the computing session and a data session, wherein the computing session is between the computing device and the virtualization server and the data session is between the virtualization server and the storage provider; and
providing, by the workspace server, the connection description file to the computing device such that execution of the connection description file enables a user of the computing device to perform operations on the data file using the application provided by the virtualization server.  
One of ordinary skill in the art would have made this modification to improve the ability of the system to send file data to the user device that, upon execution of the file by the user device, invokes an application at a virtual machine server. The ability to send file data allows the system to package the file data in various ways, such as a standalone executable file or a readable data file. The system of the primary reference (e.g., ASP system 104) can be modified to place the link reference, which may be a URL, in a file, and send the file to the user, so that the user can invoke execution of the file to connect to a location of a content data object, while specifying the desired application with the application identifier. This would create the data connections needed for the user to access and view the content data object using an instantiated application at a virtual machine server. 

	
	However, the combination of Zaveri and Jiang does not expressly disclose 
generating, by the workspace server, a connection description file including information including an address of the virtualization server to establish the computing session and a data session
Tiger discloses sending the address of a network resource to a mobile device to facilitate the mobile device accessing the resource
(See Tiger [0037] Respective thereto, the proxy server 130 sends an IP address 260 of the Internet resource requested by the app 112-1, to the network interface 210. The IP address 260 is forwarded to the app 112-1 as a message 270. Thereafter, the app 112-1 can communicate directly with the Internet resource addressed by the IP address 260.
)
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Zaveri and Jiang with the technique for sending an IP address of a network resource of Tiger to include 
generating, by the workspace server, a connection description file including information including an address of the virtualization server to establish the computing session and a data session, wherein the computing session is between the computing device and the virtualization server and the data session is between the virtualization server and the storage provider;
One of ordinary skill in the art would have made this modification to improve the ability of the system to facilitate access of the virtualization server by the client, by providing the most up-to-date addressing information to the client. The system (e.g., ASP system 104) of the primary reference can be modified to send the address of the virtualization server to the client.



As per claim 6, the rejection of claim 1 is incorporated herein. 
The combination of Zaveri and Jiang disclose wherein the file-path is a path to a remote storage provider.  
(See Zaveri Para. 
[0151]
object path field [a file-path to a data file stored on a storage provider]
[0152]
The object path may provide a path (or some other identifier) to the data content object relating to the contextual information being stored. An example of the path may include “filename/section #/paragraph #” for a word processing document file
[0153]
a unique object identifier can comprise an operation sequence number and an object path, which may facilitate use of the unique object identifier when accessing various versions of data content objects through the ASP system 104 [a file-path to a data file stored on a storage provider] (e.g., via the client 102 or via an API).
[0112] The client module 202 may also be configured to provide universal and/or agnostic management access to various data content objects that are stored at separate and disparate data storage services [a remote storage provider] but made available through the ASP system 104. ……. to access files stored on cloud-based services. For example, in order to list data content objects accessible through the ASP system 104, the client module 202 may utilize web-based APIs for a given cloud-based service (e.g., Dropbox, Box, or Google® Docs) to ……. respective storage source (e.g., cloud-based storage source
)

As per claim 10, the rejection of claim 1 is incorporated herein. 
Zaveri discloses wherein in response to receiving the file-path, a virtual machine is established by the virtualization server, wherein the virtual machine is established with computing hardware and/or software resources to: 
establish the computing session with the computing device; and  Page 44 of 50Atty. Docket No.: CITRIX-005PUS/ID3026(2) 
establish the data session with the storage provider such that the application can enable the user of the computing device to perform the operations on the data file accessible from the storage provider.  
(See Zaveri Para. [0151]
object path field [a file-path to a data file stored on a storage provider]
Zaveri [0152]
The object path may provide a path (or some other identifier) to the data content object relating to the contextual information being stored. An example of the path may include “filename/section #/paragraph #” for a word processing document file
Zaveri [0153]
a unique object identifier can comprise an operation sequence number and an object path, which may facilitate use of the unique object identifier when accessing [receiving, by a workspace server, a request= accessing ]various versions of data content objects through the ASP system 104 [a file-path to a data file stored on a storage provider] (e.g., via the client 102 or via an API).
Zaveri [0112] the client module 202 may instruct the ASP system 104 to obtain a copy to the selected data content object from it respective storage source (e.g., cloud-based storage source ….. Thereafter, the ASP system 104 may initiate a virtualized application instance [virtual machine is established ]having access to the selected data content object [data file accessible from the storage provider.], and the output data of the virtualized application instance may be transmitted to the client 102.
Zaveri Para. [0093]
ASP system 104 can maintain application sessions, gather metadata and other contextual information regarding data content objects accessed through the ASP system 104, and connect storage services (e.g., provided by third-party cloud-based storage providers) with application services (e.g., provided by application servers). [ establish the computing session with the computing device; and  Page 44 of 50Atty. Docket No.: CITRIX-005PUS/ID3026(2) 
establish the data session with the storage provider such that the application can enable the user of the computing device to perform the operations on the data file accessible from the storage provider.  ]
Zaveri [0013] receive a request from the second user to traverse the reference to the location in the data content object relating to the event. In response to the request from the second user, the systems and methods can instruct an application (e.g., application capable of processing a data-content-object) to traverse to the location corresponding to the reference. The application may be a virtualized application instance executing in a virtual computing environment. [virtual machine is established ]
Zaveri [0119]
The storage module 206 may be configured to establish and/or maintain access to data on third-party data storage services by an application executing or being controlled by the ASP system 104 on behalf of the user at the client 102. …… a third-party data storage service (e.g., a cloud-based data storage service, such as Dropbox or Google® Docs) which the user wishes to access through the ASP system 104. For example, when the user requests access to data content objects (e.g., files) stored using a third-party data storage service, the storage module 206 may establish a connection with the third-party data storage service …, retrieve a listing of the data content objects stored on/using or otherwise made available through the third-party data storage service in association with the access parameters provided, and access the data content objects according to the user's access request. Depending on the embodiment, the user may cause data content objects stored on the third-party data storage service to be accessed by the ASP system 104, for example, when the user requests to review a listing of data content objects (e.g., files) stored on the third-party data storage service or when the user chooses to access data content objects (e.g., open, view, or edit a file [perform the operations on the data file accessible]) using an application provided by the ASP system 104 (e.g., through the application module 210). [ establish the computing session with the computing device] 
Jiang [0032] The data-content-object processing application may be a virtualized application instance executing in a virtual computing environment.
Jiang [0046]
According to certain embodiments, a computer program product [computing hardware and/or software resources ]comprising computer instruction codes configured to cause the computer system to perform the operations described herein. Additionally, particular embodiments may be implemented using a digital device as described herein, such a computer system.
Jiang [0243]
FIG. 22 is a block diagram of an exemplary digital device 2200. The digital device 2200 comprises a processor 2202, a memory system 2204, [computing hardware and/or software resources ]a storage system 2206, a communication network interface 2208, an I/O interface 2210, and a display interface 2212 communicatively coupled to a bus 2214. The processor 2202 is configured to execute executable instructions (e.g., programs). In some embodiments, the processor 2202 comprises circuitry  [computing hardware ]or any processor capable of processing the executable instructions.
).

	However, Zaveri does not expressly disclose 
wherein in response to receiving the application ID and the file-path, a virtual machine is established by the virtualization server
Jiang discloses in response to receiving the application ID, a virtual machine is established by the virtualization server
(See Jiang Para. [0009]
remote access client may populate the URI with a file identifier (ID) corresponding to the file and an application ID corresponding to the application for opening the file. 
Jiang [0010]
After the URI is created, the user may deliver the URI, or a shortcut containing the URI, to another user over a network (e.g., an intranet or the Internet). The other user may then click on the URI or shortcut to access the file. Accessing the file may include connecting to the VM either directly or via a connection broker (depending on the address in the URI) and using the authentication credentials in the URI, executing the application identified by the application ID in the URI [ the request including an application identifier (ID) ] and opening the file identified by the file ID in the URI.
Jiang [0033]
At step 420, remote access client 110 2 requests a connection to the application, identified by the application ID in the URI, using authentication credentials from the URI (if any). Connecting to the application may include connecting to a VM, either directly or via a connection broker whose address is included in the URI, and launching the application in the VM. Once connection with the VM is established, the application may automatically be launched in one embodiment. 
Jiang [0036]
host machine 210 establishes the connection between client 110 2 and the VM and launches the application identified by the application ID at step 440. 
).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Zaveri with the technique for receiving a request with the application ID of Jiang of Jiang to include 
wherein in response to receiving the application ID and the file-path, a virtual machine is established by the virtualization server
One of ordinary skill in the art would have made this modification to improve the ability of the system to allow the user to submit the request with an application ID to specify the application that they want to initiate for the session. The system of the primary reference (e.g., ASP system 104) can be modified to allowed the user to specify the application identifier with the request for the application service session.

As per claim 13, the claim(s) is/are directed to a non-transitory computer-readable medium with limitations which correspond to limitations of claim 1, and is/are rejected for the reasons detailed with respect to claim 1.  Claim 13 also recites A non-transitory computer-readable medium comprising computer-executable instructions, which when executed by one or more processors, cause the one or more processors to: 
Zaveri discloses A non-transitory computer-readable medium comprising computer-executable instructions, which when executed by one or more processors, cause the one or more processors to:
(See Zaveri Para. [0293] The above-described functions and components can be comprised of instructions that are stored on a storage medium such as a computer readable medium. The instructions can be retrieved and executed by a processor. Some examples of instructions are software, program code, and firmware. Some examples of storage medium are memory devices, tape, disks, integrated circuits, and servers. The instructions are operational when executed by the processor to direct the processor to operate in accord with some embodiments. Those skilled in the art are familiar with instructions, processor(s), and storage medium.
	)


As per claim 18, the claim(s) is/are directed to a non-transitory computer-readable medium with limitations which correspond to limitations of claim 6, and is/are rejected for the reasons detailed with respect to claim 6. 


As per claim 22, the claim(s) is/are directed to a server which correspond to limitations of claim 1, and is/are rejected for the reasons detailed with respect to claim 1.  Claim 22 also recites A server comprising: a memory; one or more processors coupled to the memory, the one or more processors configured to:
Zaveri discloses A server comprising: a memory; one or more processors coupled to the memory, the one or more processors configured to:
(See Zaveri [figure 2A ASP server 104 disclosing server ]Para. [0293] The above-described functions and components can be comprised of instructions that are stored on a storage medium such as a computer readable medium. The instructions can be retrieved and executed by a processor. Some examples of instructions are software, program code, and firmware. Some examples of storage medium are memory devices, tape, disks, integrated circuits, and servers. The instructions are operational when executed by the processor to direct the processor to operate in accord with some embodiments. Those skilled in the art are familiar with instructions, processor(s), and storage medium.
[0243] FIG. 22 is a block diagram of an exemplary digital device 2200. The digital device 2200 comprises a processor 2202, a memory system 2204, a storage system 2206, a communication network interface 2208, an I/O interface 2210, and a display interface 2212 communicatively coupled to a bus 2214. The processor 2202 is configured to execute executable instructions (e.g., programs). In some embodiments, the processor 2202 comprises circuitry or any processor capable of processing the executable instructions.
	)

As per claim 27, the claim(s) is/are directed to a server with limitations which correspond to limitations of claim 6, and is/are rejected for the reasons detailed with respect to claim 6.  
As per claim 31, the claim(s) is/are directed to a server with limitations which correspond to limitations of claim 10, and is/are rejected for the reasons detailed with respect to claim 10.  

Claims 2, 14, and 23 is/are rejected under 35 U.S.C. 103 as being unpatentable over Zaveri in view of Jiang, in view of Tiger, further in view of Dachiraju et al. U.S. Publication 20120079578 (hereinafter “Dachiraju”).
As per claim 2, the rejection of claim 1 is incorporated herein. 
Zaveri discloses that the ASP system 104 may request services from cloud servers
(See Zaveri Para. [0127] the ASP system 104 may employ application programming interfaces (APIs) (e.g., those provided by Amazon®, GoGrid®, or Rackspace®) that permit the ASP system 104 and its various components to provision (e.g., request the use of), consume, and release services provided by cloud-based services
)
	However, the combination of Zaveri, Jiang, and Tiger does not expressly disclose 
issuing, by the workspace server, a request to an authentication platform for an authorization token for use by the computing device to access the data file accessible from the storage provider, wherein the request includes at least a credential of the user and the file-path to the data file.  
Dachiraju discloses a technique for requesting a token and including a URL with username and password with the request
(See Dachiraju Para. [0077] A DRM token may be requested (block 740) and the DRM token may be received (block 745). For example, DRM component 510 of media player 505 may request a DRM token from application server 210 by sending a request for a DRM token. The request may include information identifying a particular video asset (e.g., a video asset identifier, a vide asset name, a URL associated with the video asset [file-path], etc.) and information identifying a user requesting the DRM token (e.g., username and password [credential of the user]). 
[0069] A request may be received for a DRM token (block 650) and a DRM token may be returned (block 660). For example, user device 110 may determine that the retrieved URL is associated with a DRM file that may need to be decrypted and may, in response, request a DRM token from application server 210. …., provide the generated DRM token to user device 110. The DRM token may enable user device 110 to request a DRM license for the requested video asset. [The token authorizes the token requesting party to perform an operation]
)
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Zaveri, Jiang, and Tiger with the technique for requesting a token and including a URL with username and password with the request of Dachiraju to include 
issuing, by the workspace server, a request to an authentication platform for an authorization token for use by the computing device to access the data file accessible from the storage provider, wherein the request includes at least a credential of the user and the file-path to the data file.  
One of ordinary skill in the art would have made this modification to improve the ability of the system to automatically retrieve the token for the user so that the user does not need to request the token. This allows the user to access the data storage and requires minimal effort on the part of the user to access the data storage. The system (e.g., ASP system 104) of the primary reference can be modified to request a token including a URL with username and password with the request as taught in the Dachiraju reference.
As per claim 14, the claim(s) is/are directed to a non-transitory computer-readable medium with limitations which correspond to limitations of claim 2, and is/are rejected for the reasons detailed with respect to claim 2. 
As per claim 23, the claim(s) is/are directed to a server with limitations which correspond to limitations of claim 2, and is/are rejected for the reasons detailed with respect to claim 2.  

Claims 3-4, 15-16, and 24-25 is/are rejected under 35 U.S.C. 103 as being unpatentable over Zaveri in view of Jiang, in view of Tiger, in view of Dachiraju, further in view of Golding et al. U.S. Publication 20070028068 (hereinafter “Golding”).
As per claim 3, the rejection of claim 2 is incorporated herein. 
Zaveri discloses ASP system sending a request to the third-party storage provider for session handle
	(See Zaveri Para. [0119]
The storage module 206 may be configured to establish and/or maintain access to data on third-party data storage services by an application executing or being controlled by the ASP system 104 on behalf of the user at the client 102….. when the user requests access to data content objects (e.g., files) stored using a third-party data storage service, the storage module 206 may establish a connection [session handle can be disclosed by connection ]with the third-party data storage service ……. user may cause data content objects stored on the third-party data storage service to be accessed by the ASP system 104, for example, when the user requests to review a listing [session handle can be disclosed by listing ]of data content objects (e.g., files) stored on the third-party data storage service or when the user chooses to access data content objects (e.g., open, view, or edit a file) using an application provided by the ASP system 104 (e.g., through the application module 210).
)  
However, the combination of Zaveri, Jiang, Tiger, and Dachiraju does not expressly disclose 
wherein obtaining the session handle includes sending, by the workspace server, a request to the storage provider for the session handle, wherein the request includes the authorization token.  
Golding discloses sending a request for a session connection that includes a token
(See Golding Para. [0019] A virtual resource pool manager of the present system gives the token to an application, client, or a user (generally referenced herein as a client). The token is transmitted with any request made by the client to the storage device. For example, each time the client transmits an IO request to a storage device, the token is transmitted with the IO request. The token represents a right to consume up to some limit of resources on a specific storage device in a computing session (further referenced herein as a session). 
[0021] Each token represents resources on a storage device, one token per storage device. Each token comprises a storage device ID. The token comprises a performance level associated with a session. 
[0032] The application appends the token to each request or command transmitted to a storage device in the context of the session; the token is chosen to match the specific storage device used. 
).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Zaveri, Jiang, Tiger, and Dachiraju with the technique for including a token with the request for a session of Golding to include 
wherein obtaining the session handle includes sending, by the workspace server, a request to the storage provider for the session handle, wherein the request includes the authorization token.  
One of ordinary skill in the art would have made this modification to improve the ability of the system to automatically to provide simplified login process where the token can be acquired from an authorization server or other entity and provide the token to the storage provider for access, such as with a single sign-on authentication.
The system (e.g., ASP system 104) of the primary reference can be modified to obtain a token and provide the token to the storage provider when requesting access.

As per claim 4, the rejection of claim 3 is incorporated herein. 
However, the combination of Zaveri, Jiang, and Tiger does not expressly disclose 
wherein the authorization token provides the computing device access to the data file for a limited time.  
Dachiraju discloses wherein the authorization token provides the computing device access to the data file for a limited time.  
	(See Dachiraju [ claim 4 could be interpreted as gaining access using the token is only possible for a limited time or once access is gained using the token, continued access is only available for limited time ]
Para. [0077] The DRM token may be valid for a particular length of time (e.g., for 60 seconds from the time the DRM token was issued by application server 210
[0095] After receiving the license seed, license server 260 may request authorization from application server 210 to issue a PlayReady license for the video asset (signal 1080). The request may include the DRM token received from user device 110. Application server 210 may determine whether the DRM token is valid by comparing the DRM token received from license server 260 with the DRM token issued to user device 110. If application server 210 determines that the DRM token is valid, application server 210 may authorize license server 260 to issue the PlayReady license (signal 1085).
Para. 69 generate a DRM token valid for a particular length of time (e.g., 60 seconds)
).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Zaveri, Jiang, and Tiger with the technique for selling expiration time for token of Dachiraju to include wherein the authorization token provides the computing device access to the data file for a limited time.  
One of ordinary skill in the art would have made this modification to improve the ability of the system to set an expiration date for the token to prevent malicious 3rd parties from easily intercepting the token and using the token or for the recipient of the token to use the token in an unauthorized manner. The system (e.g., ASP system 104) of the primary reference can be modified to set an expiration time for the token.
As per claim 15, the claim(s) is/are directed to a non-transitory computer-readable medium with limitations which correspond to limitations of claim 3, and is/are rejected for the reasons detailed with respect to claim 3. 
As per claim 16, the claim(s) is/are directed to a non-transitory computer-readable medium with limitations which correspond to limitations of claim 4, and is/are rejected for the reasons detailed with respect to claim 4. 
As per claim 24, the claim(s) is/are directed to a server with limitations which correspond to limitations of claim 3, and is/are rejected for the reasons detailed with respect to claim 3.  
As per claim 25, the claim(s) is/are directed to a server with limitations which correspond to limitations of claim 4, and is/are rejected for the reasons detailed with respect to claim 4.  

Claims 5, 17, and 26 is/are rejected under 35 U.S.C. 103 as being unpatentable over Zaveri in view of Jiang, in view of Tiger, further in view of Li et al. PCT Publication WO2013040917A1 (hereinafter “Li”) (machine translation).
As per claim 5, the rejection of claim 1 is incorporated herein. 
	However, the combination of Zaveri, Jiang, and Tiger does not expressly disclose 
retrieving, by the workspace server, an address for the application on the virtualization server from a broker server in communication with the virtualization server.  
Li discloses retrieving, from a source of application location information, location of an application executed by a virtual machine
(See Li 
page 4, lines 26-31 the virtual desktop gateway in the embodiment of the present invention has multiple functions, such as the functional composition diagram of the virtual desktop gateway shown in FIG. These functions include an access management module and an authentication service module for the virtual desktop client, and a desktop management module and a resource management module; the virtual desktop client connects to the virtual machine through the desktop integration module of the virtual desktop gateway, and the desktop of the virtual desktop gateway The management module is also used to manage virtual machines. The resource management module of the virtual desktop gateway is associated with an external user storage device. 
page 4 -46-48 step S124: After the authentication is passed, the desktop management module requests the resource management module to obtain the virtual machine location [retrieving an address ]of the corresponding desktop/application, and starts the corresponding virtual machine or application, and the desktop integration module on the virtual desktop gateway integrates the obtained virtual desktop
[The virtual desktop gateway includes the resource management module and because the resource management module provides the location of the application on the virtual machine, virtual desktop gateway is a broker.]
).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Zaveri, Jiang, and Tiger with the technique for retrieving, from a source of application location information, location of an application executed by a virtual machine of Li to include 
retrieving, by the workspace server, an address for the application on the virtualization server from a broker server in communication with the virtualization server.  
One of ordinary skill in the art would have made this modification to improve the 
ability of the system to obtain the location information for the application so that the system can utilize the application. The system of the primary reference can be modified to obtain an address or location information regarding the applications from a source of such application. 
As per claim 17, the claim(s) is/are directed to a non-transitory computer-readable medium with limitations which correspond to limitations of claim 5, and is/are rejected for the reasons detailed with respect to claim 5. 
As per claim 26, the claim(s) is/are directed to a server with limitations which correspond to limitations of claim 5, and is/are rejected for the reasons detailed with respect to claim 5.  



Claims 7-8 and 19-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Zaveri in view of Jiang, in view of Tiger, in view of Dachiraju, in view of Golding, further in view of Borzycki et al. U.S. Publication 2015008949 (hereinafter “Borzycki”).
As per claim 7, the rejection of claim 4 is incorporated herein. 
	However, the combination of Zaveri, Jiang, Tiger, Dachiraju and Golding does not expressly disclose 
wherein the data file is presented to the user via an attachment to an electronic mail (e-mail) message from an e-mail client on the computing device.  
Borzycki discloses a technique for presenting a file as an attachment to email
(See Borzycki Para. [0113] FIG. 8…….user of a computing device (e.g., mobile device 740) attempts to open on the mobile device an attachment potentially containing malware. ……. user may receive an e-mail including an e-mail attachment that appears to be a PDF document and wish to open it. 
[0114] Since the device 740 is preconfigured to intercept requests to open (e.g., access for display, access for execution, access for saving to memory, etc.) particular type(s) of files (e.g., PDF files), when the user selects to open the PDF attachment, an application resolver 712 may intercept the request to launch the PDF file. (See step 802). 
).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Zaveri, Jiang, Tiger, Dachiraju and Golding with the technique for presenting a file as an attachment to email  of Borzycki to include 
wherein the data file is presented to the user via an attachment to an electronic mail (e-mail) message from an e-mail client on the computing device.  
One of ordinary skill in the art would have made this modification to improve the ability of the system to present the data file to the user. The system (e.g. ASP system 104)  of the primary reference may be modified to present a data file to the user via an email attachment, as taught in the Borzycki reference.

As per claim 8, the rejection of claim 7 is incorporated herein. 
Zaveri, Jiang, Dachiraju and Golding discloses .
	However, the combination of Zaveri, Jiang, Tiger, Dachiraju and Golding does not expressly disclose 
wherein in response to a selection of the attachment by the user, the e-mail client uploads the data file to the storage provider; and wherein the method further comprises: 
receiving, by the workspace server, the request for the application from the e-mail client and wherein the request includes a request to preview the data file from a user interface (UI) of the e-mail client.  
Borzycki discloses receiving, by the workspace server, the request for the application from the e-mail client and wherein the request includes a request to preview the data file from a user interface (UI) of the e-mail client.  

(See Borzycki Para. [0113] FIG. 8 …… a user of a computing device (e.g., mobile device 740) attempts to open on the mobile device an attachment potentially containing malware [selection of the attachment by the user ]. …… While using an e-mail application, the user may receive an e-mail including an e-mail attachment that appears to be a PDF document and wish to open it. The user's device in this example is preconfigured to, without further user involvement, intercept requests to open particular types of documents, such as PDF attachments. 
[0114] Since the device 740 is preconfigured to intercept requests to open (e.g., access for display, access for execution, access for saving to memory, etc.) particular type(s) of files (e.g., PDF files), when the user selects to open the PDF attachment [selection of the attachment by the user ], an application resolver 712 may intercept the request to launch the PDF file. (See step 802). The application resolver 712 may determine which application and what parameters are needed to launch the particular content file or web link.
[0121] Such content may include the PDF attachment the user desires to open on the user device 740, or other content. The orchestration service 718 may facilitate transfer of the content to the temporary virtual machine 332A by, for example, sending it a link to the PDF file previously uploaded into the cloud file storage 730. As a result, the virtual machine 332A may retrieve/receive the file/content from the cloud file storage 730.
Borzycki [0116]
Assuming the application resolvers 712 [on user device] determines that the file should be launched in a disposable environment, then the application resolver 712 may pass the request to open the file [selection of the attachment by the user ] to an orchestration agent 702 [on user device] that, inter alia, may handle the work of shepherding the content file (e.g., PDF file, .exe executable file, .com command file, .bat batch file, .js Javascript bytecode, object code, or any other content) to the disposable environment (e.g., destination virtual machine in the disposable environment). The orchestration agent 702 may use a file storage interface (e.g., Sharefile interface to upload [this can be considered part of the email client ]the PDF file to a networked data store (e.g., a cloud storage solution, ShareFile 730, or other data store) [in response to a selection of the attachment by the user, the e-mail client uploads the data file to the storage provider ]so that the content may be later retrieved by the destination virtual machine in the disposable environment. (See step 806). 
Borzycki [0124]
With the client agent application 736 connected via a remote presentation protocol to the virtualization server, the temporary virtual machine 332A may launch the PDF content using the appropriate application software. [request for the application]
Borzycki [0123]
The client agent 736 may use the connection information to connect to the temporary virtual machine 332A in the disposable environment. [ receive request…. request includes ……a request to preview the data file] (See step 814). As a result, the user device 740 may be connected via a remote presentation protocol to the temporary virtual machine 332A and may be configured to display (e.g., show images/video and/or output audio via speakers) on the user device's 740 display screen [user interface (UI) of the e-mail client; this can be considered all part of the email client] (and/or on the user device's 740 speakers) the output of the temporary virtual machine 332A. (See step 816).
[0046] Server 206 [workspace server] may be configured as any type of server, as needed, e.g., …. a virtualization server, ….. an application server or as a master application server, 
).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Zaveri, Jiang, Tiger, Dachiraju and Golding with the technique for user device with email client uploading the attachment and a server receiving the request from the email client to view the attachment, and presenting the attachment to a user device via the email client of Borzycki to include 
wherein in response to a selection of the attachment by the user, the e-mail client uploads the data file to the storage provider; and wherein the method further comprises: receiving, by the workspace server, the request for the application from the e-mail client and wherein the request includes a request to preview the data file from a user interface (UI) of the e-mail client.  
One of ordinary skill in the art would have made this modification to improve the ability of the system to transfer the file from the user device to a server and present the contents of the file to the user device. This may help to prevent execution of malicious attachments on the user’s local device. The system of the primary reference can be modified so that the user device  uploads the attachment data to the third-party storage, and the ASP server instantiates the virtual machine on the application server, and sends the presentation of the data file to the user device. 
As per claim 19, the claim(s) is/are directed to a non-transitory computer-readable medium with limitations which correspond to limitations of claim 7, and is/are rejected for the reasons detailed with respect to claim 7.  
As per claim 20, the claim(s) is/are directed to a non-transitory computer-readable medium with limitations which correspond to limitations of claim 8, and is/are rejected for the reasons detailed with respect to claim 8.  

Claims 9, 21, and 30 is/are rejected under 35 U.S.C. 103 as being unpatentable over Zaveri in view of Jiang, in view of Tiger, in view of Li, further in view of Xie et al. U.S. Publication 20120304244 (hereinafter “Xie”).
As per claim 9, the rejection of claim 5 is incorporated herein. 
	However, the combination of Zaveri, Jiang, Tiger, and Li does not expressly disclose 
wherein generating the connection description file includes providing, by the workspace server, the application ID and the session handle to the virtualization server.  
Xie discloses sending an application identifier and session identifier to a virtual machine server
(See Xie Para. [0030] In some embodiments, a malware analysis system further includes sending log information related to the potential malware to the virtual machine. For example, the log information can include session information, application identification information, URL category information, and/or vulnerability alert information. In some embodiments, the virtual machine performs post analysis using the log information to determine if the potential malware is malware.
[See figure 2, virtual machine appliance/server 216]
[0042] As also shown in FIG. 2, a Virtual Machine (VM) appliance/server 216 is provided. For example, VM appliance/server 216 can include VMware.RTM. or XEN.RTM. virtual machine/virtualization software 
[0043] In some embodiments, the VM appliance/server 216 is implemented on or integrated into the security appliance/gateway/server 202. In some embodiments, the VM appliance/server 216 is implemented on or integrated into the security cloud service 210.
[0045] virtual machine (VM) function for detecting malware for which preexisting signatures do not exist is integrated into a security appliance, firewall appliance, network/data appliance and/or executed on host device, such as a security server, network server or gateway
).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Zaveri, Jiang, Tiger, and Li with the technique for sending application identifier and session identifier to the virtual machine of Xie to include 
wherein generating the connection description file includes providing, by the workspace server, the application ID and the session handle to the virtualization server.  
One of ordinary skill in the art would have made this modification to improve the ability of the system to send application and session information to the virtual machine server. The system of the primary reference can be modified so that the ASP server can send the application identifier and session information to the application server, so that the application server can keep track of information on which application is used for a particular remote data storage session. Such information could be useful in keeping track of malicious activity and to determine whether applications need upgrading to prevent malicious activity.
As per claim 21, the claim(s) is/are directed to a non-transitory computer-readable medium with limitations which correspond to limitations of claim 9, and is/are rejected for the reasons detailed with respect to claim 9. 
As per claim 30, the claim(s) is/are directed to a server with limitations which correspond to limitations of claim 9, and is/are rejected for the reasons detailed with respect to claim 9.  

Claims 11 and 32 is/are rejected under 35 U.S.C. 103 as being unpatentable over Zaveri in view of Jiang, in view of Tiger, further in view of Bower Operating Systems Study Guide, http://faculty.salina.k-state.edu/tim/ossg/Device/blocking.html, section 7.3 Blocking and Nonblocking I/O (hereinafter “Bower”).
As per claim 11, the rejection of claim 10 is incorporated herein. 
	However, the combination of Zaveri, Jiang, and Tiger does not expressly disclose 
wherein execution of the application in the computing session is delayed by the virtual machine until the data session is established.  
Bower discloses that with the blocking requests, I/O requests, control does not return to an application until the I/O is complete
(See Bower section 7.3, first paragraph Some control over how the wait for I/O to complete is accommodated is available to the programmer of user applications. Most I/O requests are considered blocking requests, meaning that control does not return to the application until the I/O is complete. The delayed from systems calls such read() and write() can be quite long. Using systems calls that block is sometimes called synchronous programming. In most cases, the wait is not really a problem because the program can not do anything else until the I/O is finished. However, in cases such as network programming with multiple clients or with graphical user interface programming, the program may wish to perform other activity as it continues to wait for more data or input from users.
[In the scenario where the application is attempting to read from the remote storage provider, the application will not have any control and would be waiting, thereby delaying execution of the application, until the read operation is complete which will involve establishing the data session and reading the data]
).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Zaveri, Jiang, and Tiger with the technique for making a blocking I/O request of Bower to include 
wherein execution of the application in the computing session is delayed by the virtual machine until the data session is established.  
One of ordinary skill in the art would have made this modification to improve the ability of the system to make a blocking I/O request to the remote data storage. This would save computing cycles since the application is not actively consuming computing cycles while waiting for a data connection to be established and data to be read. The system of the primary reference can be modified to delay execution of an application executing on the application server while waiting for the data connection to be established and data to be read from a remote storage provider.
As per claim 32, the claim(s) is/are directed to a server with limitations which correspond to limitations of claim 11, and is/are rejected for the reasons detailed with respect to claim 11.  


Claims 12 and 33 is/are rejected under 35 U.S.C. 103 as being unpatentable over Zaveri in view of Jiang, in view of Tiger, further in view of Van Vugt The Definitive Guide to SUSE Linux Enterprise Server 12, page 116, 2014 (hereinafter “Van Vugt”).
As per claim 12, the rejection of claim 10 is incorporated herein. 
	However, the combination of Zaveri, Jiang, and Tiger does not expressly disclose 
wherein the computing session is prevented from termination by the virtual machine until save operations in the data session are complete.  
Van Vugt discloses 
a technique for preventing termination of a process until activity has stopped, including open file activities.  
 (See Van Vugt . Paragraphs 3-4
Three signals are available at all times: SIGHUP (1), SIGKILL (9), and SIGTERM (15). Of these, SIGTERM is the best way to ask a process to stop its activity. If as an administrator you request closure of a program, using the SIGTERM signal, the process in question can still close all open files and stop using its resources.
A more brutal way of terminating a process is by sending it SIGKILL, which doesn’t give any time at all to the process to cease its activity. The process is just cut off, and you risk damaging open files.
[Teaches a technique for preventing termination of a process until activity has stopped, including open file activities. Saving data is an open file activity and terminating a process before it completes save operation would damage open files This technique is exemplified in the SIGTERM signal.).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Zaveri, Jiang, and Tiger with the technique for preventing termination of a process until activity has stopped, including open file activities technique for preventing termination of a process until activity has stopped, including open file activities of Van Vugt to include 
wherein the computing session is prevented from termination by the virtual machine until save operations in the data session are complete.  
One of ordinary skill in the art would have made this modification to improve the ability of the system to avoid corrupting the files being written to the data storage. The system (ASP server) of the primary reference can be modified to prevent termination of an application session until save operations are completed for a corresponding storage.
As per claim 33, the claim(s) is/are directed to a server with limitations which correspond to limitations of claim 12, and is/are rejected for the reasons detailed with respect to claim 12.  

Claims 28-29 is/are rejected under 35 U.S.C. 103 as being unpatentable over Zaveri in view of Jiang, in view of Tiger, further in view of Borzycki.
As per claim 28, the rejection of claim 22 is incorporated herein. 
	However, the combination of Zaveri, Jiang, and Tiger does not expressly disclose 
wherein the data file is presented to the user via an attachment to an electronic mail (e-mail) message from an e-mail client on the computing device.  
Borzycki discloses a technique for presenting a file as an attachment to email
(See Borzycki Para. [0113] FIG. 8…….user of a computing device (e.g., mobile device 740) attempts to open on the mobile device an attachment potentially containing malware. ……. user may receive an e-mail including an e-mail attachment that appears to be a PDF document and wish to open it. The user's device in this example is preconfigured to, without further user involvement, intercept requests to open particular types of documents, such as PDF attachments. For example, on a device running a MICROSOFT WINDOWS operating system, the handler for the PDF document type may be preconfigured to cause requests to open PDF files to be intercepted. In another example, on a device running APPLE's iOS operating system, the corresponding "Open In" handler may be preconfigured to cause requests to open PDF files to be intercepted.
Borzycki [0114] Since the device 740 is preconfigured to intercept requests to open (e.g., access for display, access for execution, access for saving to memory, etc.) particular type(s) of files (e.g., PDF files), when the user selects to open the PDF attachment, an application resolver 712 may intercept the request to launch the PDF file. (See step 802). The application resolver 712 may determine which application and what parameters are needed to launch the particular content file or web link. 
).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Zaveri, Jiang, and Tiger with the technique for presenting a file as an attachment to email of Borzycki to include 
wherein the data file is presented to the user via an attachment to an electronic mail (e-mail) message from an e-mail client on the computing device.  
One of ordinary skill in the art would have made this modification to improve the ability of the system to present the data file to the user. The system (e.g. ASP system 104) of the primary reference may be modified to present a data file to the user via an email attachment, as taught in the Borzycki reference.


As per claim 29, the rejection of claim 28 is incorporated herein. 
	However, the combination of Zaveri, Jiang, and Tiger does not expressly disclose 
wherein in response to a selection of the attachment by the user, the e-mail client uploads the data file to the storage provider; and wherein the method further comprises: 
receiving, by the workspace server, the request for the application from the e-mail client and wherein the request includes a request to preview the data file from a user interface (UI) of the e-mail client.  
Borzycki discloses 
receiving, by the workspace server, the request for the application from the e-mail client and wherein the request includes a request to preview the data file from a user interface (UI) of the e-mail client.  
(See Borzycki Para. [0113] FIG. 8 … a user of a computing device (e.g., mobile device 740) attempts to open on the mobile device an attachment potentially containing malware [selection of the attachment by the user ]. …… While using an e-mail application, the user may receive an e-mail including an e-mail attachment that appears to be a PDF document and wish to open it. The user's device in this example is preconfigured to, without further user involvement, intercept requests to open particular types of documents, such as PDF attachments. 
Borzycki [0114] Since the device 740 is preconfigured to intercept requests to open (e.g., access for display, access for execution, access for saving to memory, etc.) particular type(s) of files (e.g., PDF files), when the user selects to open the PDF attachment [selection of the attachment by the user ], an application resolver 712 may intercept the request to launch the PDF file. (See step 802). The application resolver 712 may determine which application and what parameters are needed to launch the particular content file or web link.
Borzycki [0121] Such content may include the PDF attachment the user desires to open on the user device 740, or other content. The orchestration service 718 may facilitate transfer of the content to the temporary virtual machine 332A by, for example, sending it a link to the PDF file previously uploaded into the cloud file storage 730. As a result, the virtual machine 332A may retrieve/receive the file/content from the cloud file storage 730.
Borzycki [0116]
Assuming the application resolvers 712 [on user device] determines that the file should be launched in a disposable environment, then the application resolver 712 may pass the request to open the file [selection of the attachment by the user ] to an orchestration agent 702 [on user device] that, inter alia, may handle the work of shepherding the content file (e.g., PDF file, .exe executable file, .com command file, .bat batch file, .js Javascript bytecode, object code, or any other content) to the disposable environment (e.g., destination virtual machine in the disposable environment). The orchestration agent 702 may use a file storage interface (e.g., Sharefile interface to upload [this can be considered part of the email client ]the PDF file to a networked data store (e.g., a cloud storage solution, ShareFile 730, or other data store) [in response to a selection of the attachment by the user, the e-mail client uploads the data file to the storage provider ]so that the content may be later retrieved by the destination virtual machine in the disposable environment. (See step 806). 
Borzycki [0124]
With the client agent application 736 connected via a remote presentation protocol to the virtualization server, the temporary virtual machine 332A may launch the PDF content using the appropriate application software. [request for the application]
Borzycki [0123]
The client agent 736 may use the connection information to connect to the temporary virtual machine 332A in the disposable environment. [ receive request…. request includes ……a request to preview the data file] (See step 814). As a result, the user device 740 may be connected via a remote presentation protocol to the temporary virtual machine 332A and may be configured to display (e.g., show images/video and/or output audio via speakers) on the user device's 740 display screen [user interface (UI) of the e-mail client; this can be considered all part of the email client] (and/or on the user device's 740 speakers) the output of the temporary virtual machine 332A. (See step 816).
[0046] Server 206 [workspace server] may be configured as any type of server, as needed, e.g., …. a virtualization server, ….. an application server or as a master application server, 
).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Zaveri, Jiang, and Tiger with the technique for user device with email client uploading the attachment and a server receiving the request from the email client to view the attachment, and presenting the attachment to a user device via the email client of Borzycki to include 
wherein in response to a selection of the attachment by the user, the e-mail client uploads the data file to the storage provider; and wherein the method further comprises: receiving, by the workspace server, the request for the application from the e-mail client and wherein the request includes a request to preview the data file from a user interface (UI) of the e-mail client.  
	One of ordinary skill in the art would have made this modification to improve the ability of the system to transfer the file from the user device to a server and present the contents of the file to the user device. This may help to prevent execution of malicious attachments on the user’s local device. The system of the primary reference can be modified so that the user device  uploads the attachment data to the third-party storage, and the ASP server instantiates the virtual machine on the application server, and sends the presentation of the data file to the user device.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HOWARD H LOUIE whose telephone number is (571)272-0036.  The examiner can normally be reached on Monday-Friday 9 AM-5 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jung W. Kim can be reached on 571-272-3804.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/HOWARD H. LOUIE/Examiner, Art Unit 2494                                                                                                                                                                                                        
/THEODORE C PARSONS/Primary Examiner, Art Unit 2494