DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(d):
(d) REFERENCE IN DEPENDENT FORMS.—Subject to subsection (e), a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.

The following is a quotation of pre-AIA  35 U.S.C. 112, fourth paragraph:
Subject to the following paragraph [i.e., the fifth paragraph of pre-AIA  35 U.S.C. 112], a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.

Claims 13-18 are rejected under 35 U.S.C. 112(d) or pre-AIA  35 U.S.C. 112, 4th paragraph, as being of improper dependent form for failing to further limit the subject matter of the claim upon which it depends, or for failing to include all the limitations of the claim upon which it depends.  Claims 13-18 merely change the embodiment of a claim they depend on without further limiting the claim they depend on.  Applicant may cancel the claim(s), amend the claim(s) to place the claim(s) in proper dependent form, rewrite the claim(s) in independent form, or present a sufficient showing that the dependent claim(s) complies with the statutory requirements.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Barton et al., (US Publication No. 2014/0032733), hereinafter “Barton”, and further in view of Raghuram et al., (US Publication No. 2014/0089658), hereinafter “Raghuram”.

Regarding claims 1, 13-15 and 17-18, Barton discloses
a method of securely processing data in a third-party cloud environment, the method comprising: 

storing the computer executable code in a secure portion of the third-party cloud environment [Barton, paragraphs 72, 76; The physical network resources in a cloud zone 201 or 202 may include one or more network elements 205 comprising hardware and/or software configured to provide a network service to cloud customers; each application may be allowed or restricted from communications with one or more other applications and/or resources, thereby creating a virtual partition] that is controlled by a secure provider [Barton, paragraph 71, figure 2; the management server 210 may respond to the user’s request and may allocate the resources to create the virtual machine]; 
providing, from the secure provider to the third-party cloud environment, protected data and storing the protected data within the secure portion [Barton, paragraph 529; users may… share files across devices]; 
executing, in the secure portion, the computer executable code so as to process the protected data solely within the secure portion of the third-party cloud environment and generate output data [Barton, paragraph 529; the virtual environment may launch a virtualized application to open the shared file]; and 
restricting, via the secure portion, the user from retrieving output data from the secure portion of the third-party cloud environment [Barton, paragraph 531; the mobile device security manager may restrict operations of the managed app; the managed app may restrict or enable the ability of a device to transfer a process or integrate with one or more other devices and or resources].

Barton does not specifically disclose, however Raghuram teaches
providing, from a user to the third-party cloud environment, computer executable code configured to process protected data input into the third-party cloud environment [Raghuram, paragraph 20, securely transmitting virtual machine images in a cloud computing environment; the customer computing device may securely transfer a virtual machine image environment to an object store of the cloud service provider environment].
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to transfer from a user a secure virtual machine to a cloud environment, maintaining security in order to be able to access the virtual machine securely from any device the user may have.

Regarding claim 2, Barton-Raghuram further discloses
wherein the step of restricting comprises preventing the user from retrieving a protected subset of the output data from the secure portion, but enabling the user to access an unprotected subset of the output data [Barton, paragraph 531; the mobile device security manager may restrict operations of the managed app; the managed app may restrict or enable the ability of a device to transfer a process or integrate with one or more other devices and or resources].

Regarding claim 3, Barton-Raghuram further discloses
wherein enabling the user to access the unprotected subset of the output data is performed via a first virtual desktop in the secure portion [Barton, paragraph 531; the mobile device security manager may restrict operations of the managed app; the managed app may restrict or enable the ability of a device to transfer a process or integrate with one or more other devices and or resources; paragraph 60, different system environments including a virtualized environment].

Regarding claim 4, Barton-Raghuram further discloses
wherein the ability to copy files to the clipboard of the first virtual desktop is disabled and/or wherein access to a communication network from the first virtual desktop is disabled [Barton, paragraph 531; the mobile device security manager may restrict operations of the managed app; the managed app may restrict or enable the ability of a device to transfer a process or integrate with one or more other devices and or resources; paragraphs 524-525].

Regarding claim 5, Barton-Raghuram further discloses
providing the user with a private link for accessing the unprotected subset of the output data via the first virtual desktop [Barton, paragraph 531; the mobile device security manager may restrict operations of the managed app; the managed app may restrict or enable the ability of a device to transfer a process or integrate with one or more other devices and or resources; paragraphs 524-525, 532, only specific users or devices may be authorized].

Regarding claim 6, Barton-Raghuram further discloses
wherein the first virtual desktop is hosted by an experimental build account in the secure portion [Barton, paragraphs 69 and 586, development environments].

Regarding claim 7, Barton-Raghuram further discloses
wherein the experimental build account comprises a virtual private cloud, the method further comprising preventing the user from accessing a communication network from the experimental build account by setting the virtual private cloud to private [Barton, paragraphs 69, 566-568 and 586, depending on access (account), restricted communication access; development environments].

Regarding claim 8, Barton-Raghuram further discloses
restricting user access to the experimental build account if the IP of the user is outside a predetermined IP range or if the region of the user is outside a predetermined region, and/or further comprising time restricting user access to the experimental build account [Barton, paragraphs 69, 566-570 and 586, depending on access (account), restricted communication access; development environments; where a determined location may be compared with a location policy].

Regarding claim 9, Barton-Raghuram further discloses
wherein storing the computer executable code in the secure portion comprises storing the computer executable code within an experimental build account of the secure portion, wherein the stored computer executable code is only accessible to the user via a first virtual desktop [Barton, paragraphs 69, 566-570 and 586, depending on access (account), restricted communication access; development environments; where a determined location may be compared with a location policy].

Regarding claim 10, Barton-Raghuram further discloses
wherein the step of executing comprises modifying the computer executable code itself within the secure portion, and wherein the step of restricting the user from retrieving the computer executable code from the secure portion comprises preventing the user from obtaining the modified computer executable code [Barton, paragraph 531; the mobile device security manager may restrict operations of the managed app; the managed app may restrict or enable the ability of a device to transfer a process or integrate with one or more other devices and or resources; paragraphs 69, 566-570 and 586, depending on access (account), restricted communication access; development environments].

Regarding claim 11, Barton-Raghuram further discloses
wherein storing the protected data within the secure portion comprises storing within an experimental build account of the secure portion, wherein the stored protected data is only accessible to the secure provider via a second virtual desktop [Barton, paragraph 531; the mobile device security manager may restrict operations of the managed app; the managed app may restrict or enable the ability of a device to transfer a process or integrate with one or more other devices and or resources; paragraphs 69, 566-570 and 586, depending on access (account), restricted communication access; development environments].

Regarding claims 12 and 16, Barton-Raghuram further discloses
a method of securely processing data in a third-party cloud environment, the method comprising: providing, from a secure provider to the third-party cloud environment, protected computer executable code configured to process data input into the third-party cloud environment [Raghuram, paragraph 20, securely transmitting virtual machine images in a cloud computing environment; the customer computing device may securely transfer a virtual machine image environment to an object store of the cloud service provider environment], and 
storing the protected computer executable code in a secure portion of the third-party cloud environment [Barton, paragraphs 72, 76; The physical network resources in a cloud zone 201 or 202 may include one or more network elements 205 comprising hardware and/or software configured to provide a network service to cloud customers; each application may be allowed or restricted from communications with one or more other applications and/or resources, thereby creating a virtual partition] that is controlled by a secure provider [Barton, paragraph 71, figure 2; the management server 210 may respond to the user’s request and may allocate the resources to create the virtual machine]; 
providing, from a user to the third-party cloud environment, data and storing the data within the secure portion [Barton, paragraph 529; users may… share files across devices]; 
executing, in the secure portion, the protected computer executable code so as to process the data solely within the secure portion of the third-party cloud environment and generate output data [Barton, paragraph 529; the virtual environment may launch a virtualized application to open the shared file]; and 
restricting, via the secure portion, the user from retrieving the output data from the secure portion of the third-party cloud environment [Barton, paragraph 531; the mobile device security manager may restrict operations of the managed app; the managed app may restrict or enable the ability of a device to transfer a process or integrate with one or more other devices and or resources].

Regarding claim 19, Barton-Raghuram further discloses
providing the user with a private link for accessing the unprotected subset of the output data via the first virtual desktop [Barton, paragraph 531; the mobile device security manager may restrict operations of the managed app; the managed app may restrict or enable the ability of a device to transfer a process or integrate with one or more other devices and or resources; paragraphs 524-525, 532, only specific users or devices may be authorized].

Regarding claim 20, Barton-Raghuram further discloses
restricting user access to the experimental build account if the IP of the user is outside a predetermined IP range or if the region of the user is outside a predetermined region, and/or further comprising time restricting user access to the experimental build account [Barton, paragraphs 69, 566-570 and 586, depending on access (account), restricted communication access; development environments; where a determined location may be compared with a location policy].

Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to WILLIAM J GOODCHILD whose telephone number is (571)270-1589. The examiner can normally be reached M-F 8am-4:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeff Pwu can be reached on 571-272-6798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/William J. Goodchild/Primary Examiner, Art Unit 2433