DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1, 2, 4-14 and 21 have been examined. 

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 06/07/2022 has been entered.

Response to Amendment
Claims 1 and 21 have been amended. 
Applicant’s arguments with respect to claims 1 and 21 regarding the new limitations: “wherein the first applications run on the first operating system”, have changed the scope of the claims. Therefore, applicant’s arguments have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Applicant’s arguments with respect to claim 14 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.
Claims 1, 2, 4, 5, 14 and 21 are rejected under 35 U.S.C. 103 as being unpatentable over prior art of record US 20020174369 to Miyazaki et al (hereinafter Miyazaki) and US 20130298138 to Avadhanam et al (hereinafter Avadhanam).
As per claims 1 and 21, Miyazaki teaches:
A computing device having a memory and a processor configured with: 
a first operating system and a second operating system wherein the first operating system is configured to support a plurality of first applications and to provide access to encrypted data for the second operating system (Miyazaki: Fig. 1, [0038]: A computer 1001 has: a CPU 1003 for executing each OS and each program (also called a processing unit) of the computer; a memory A1005 managed by a host OS 1017; and a memory B1007 managed by a guest OS 1019 (first operating system). Fig. 9 and [0143]: a file (enciphered file 9001) in the hard disc A 1013 managed by the host OS 1017 is an enciphered file and that an enciphering program 9003, a deciphering program 9005 (plurality of first applications) and a cipher key 9007 all managed by the guest OS 1019 are additionally provided. [0145] When a file is read, the access control similar to the first embodiment is performed and if the access is legal, the file (enciphered file) stored in the hard disc A 1013 on the host OS 1017 side is deciphered by the deciphering program 9005 and then passed to the application program 1021 on the host OS 1017 side. [0150]-[0159]), 
wherein the first applications run on the first operating system (Miyazaki: [0143]: an enciphering program 9003, a deciphering program 9005 (plurality of first applications) and a cipher key 9007 all managed by the guest OS 1019) 
Miyazaki does not teach: the first operating system is configured to: monitor data operations performed by the plurality of first applications, wherein the data operations comprise the movement of data between the plurality of first applications; and to trigger a security action in the event that one or more of the plurality of first applications perform an unallowable movement of data between the plurality of first applications. However, Avadhanam teaches: 
the first operating system is configured to: monitor data operations performed by the plurality of first applications, wherein the data operations comprise the movement of data between the plurality of first applications  (Avadhanam: [0016] In one embodiment, a user may create a first privacy group having a first privacy setting. The first privacy setting may comprise restricting the flow of a first information type from any applications 120 associated with the first privacy group. A second privacy group having a second privacy setting may restrict the flow of all information from the applications 120. [0017]: The user may also place each application 120 into a privacy group. [0018]-[0019]: the background service 130 may comprise an abstraction layer on the operating system 110 that communicates with the operating system features 120 via one or more APIs 114. [0023]: a user may be adapted to set an application-wide rule that any application 124 comprising financial information is not allowed to share that information with any other application 124. [0031]: In requesting information associated with the applications 324 or data 334, the request may be initiated via an interface associated with the application 324. The request may be processed by the background service 130 which implements the privacy group settings as established through the user interface 326. The background service 130 then determines whether the data may be sent to the requested application 324. Also, [0032]); and 
to trigger a security action in the event that one or more of the plurality of first applications perform an unallowable movement of data between the plurality of first applications (Avadhanam: [0023]: a user may be adapted to set an application-wide rule that any application 124 comprising financial information is not allowed to share that information with any other application 124. [0032]: if the privacy setting associated with the data/application prevents the data from being sent, a notice is provided to the user that the information cannot be provided. Also, [0008]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Avadhanam in the invention of Miyazaki to include the above limitations. The motivation to do so would be to enable a user to limit the types of data shared to and from computing device applications (Avadhanam: [0036]).

As per claim 2, Miyazaki in view of Avadhanam teaches:
The computing device of claim 1 further comprising a scheduler and wherein the second operating system is configured to support a plurality of second applications and wherein the scheduler is configured for running the plurality of first applications simultaneously with the plurality of second applications (Miyazaki: [0039] The host OS 1017 and a general application program which operates under the management of the host OS. The host OS 1017 is provided with an I/O administrator 1027, a file system driver 1031 and a device driver 1033 as well as in this embodiment a file access hook program 1029 for hooking an access to a file 1045 in the hard disc A1013. [0045] In this embodiment, a file access by the application program 1021 running on the host OS 1017 is hooked by the file access hook program 1029. [0046] Upon reception of a file access issued from the application program 1021, the I/O administrator 1027 issues a file access instruction to the file system driver 1031. This instruction is received by the file access hook program 1029 in behalf of the file system driver 1031. Before the file access instruction is passed to the file system driver 1031, the instruction is passed to the access control program 1035 by using an inter-OS communication program 1051 in multi-OS control programs 1049. [0047] The access control program 1035 judges from the user list 1041 and file list 1043 whether or not the file access is legal, and returns a judgement result. If the file access is illegal, the file access hook program 1029 makes the file access be denied, whereas if the file access is legal, the file access hook program passes the requested file access instruction to the file system driver 1031).

As per claim 4, Miyazaki in view of Avadhanam teaches:
The computing device of claim 1 wherein monitoring the data operations comprises comparing data operations performed by the first applications to a list of data operations stored in the memory (Avadhanam: [0019]: As described below, which features 112 are enabled and which information types may be sent to/from the various applications 124 may be stored in a table 118 whose data is controlled by the background service 130, as set by a user of the privacy application 122. [0020] In one embodiment, the background service 130 may store data related to the applications 120 in one or more memory locations 140. A privacy setting as set by the user in the privacy application 122 may also be associated with the other applications 124 in the table 118. The privacy setting may be associated by the background service 130 to allow and restrict various types of data with the application 124 and to enable, disable operating system features 112 for the application 124. [0032]: At 455 if the background service 130 determines that the privacy setting allows the data to be transferred to/from the application 324, the data 334 is transferred or, if the privacy setting associated with the data/application prevents the data from being sent, a notice is provided to the user that the information cannot be provided).

As per claim 5, Miyazaki in view of Avadhanam teaches:
The computing device of claim 1 wherein the first operating system is configured to stop any data operation that is proscribed (Avadhanam: [0032]: if the privacy setting associated with the data/application prevents the data from being sent, a notice is provided to the user that the information cannot be provided).

As per claim 14, Miyazaki teaches:
A method of operating a computing device, wherein the computing device comprises a processor running a first operating system and a second operating system, wherein the first operating system is configured to support a plurality of first applications, wherein the first applications are configured to perform data operations, the data operations being requested by the second operating system (Miyazaki: Fig. 1, [0038]: A computer 1001 has: a CPU 1003 for executing each OS and each program (also called a processing unit) of the computer; a memory A1005 managed by a host OS 1017; and a memory B1007 managed by a guest OS 1019 (first operating system). Fig. 9 and [0143]: a file (enciphered file 9001) in the hard disc A 1013 managed by the host OS 1017 is an enciphered file and that an enciphering program 9003, a deciphering program 9005 (plurality of first applications) and a cipher key 9007 all managed by the guest OS 1019 are additionally provided. [0145] When a file is read, the access control similar to the first embodiment is performed and if the access is legal, the file (enciphered file) stored in the hard disc A 1013 on the host OS 1017 side is deciphered by the deciphering program 9005 and then passed to the application program 1021 on the host OS 1017 side. [0150]-[0159]), wherein the first operating system: 
runs a plurality of first applications (Miyazaki: [0143]: an enciphering program 9003, a deciphering program 9005 (plurality of first applications) and a cipher key 9007 all managed by the guest OS 1019); 
receives decryption requests requesting decrypted data from the second operating system; decrypts encrypted data (Miyazaki: [0145] When a file is read, the access control similar to the first embodiment is performed and if the access is legal, the file (enciphered file) stored in the hard disc A 1013 on the host OS 1017 side is deciphered by the deciphering program 9005 and then passed to the application program 1021 on the host OS 1017 side. [0150]-[0159]: Step 10007: The device driver reads the enciphered file from the hard disc and sends it to the file access hook program. Step 10008: The file access hook program sends the enciphered file to the deciphering program by using the inter-OS communication program); 
sends the requested decrypted data to the second operating system (Miyazaki: [0145]: the file (enciphered file) stored in the hard disc A 1013 on the host OS 1017 side is deciphered by the deciphering program 9005 and then passed to the application program 1021 on the host OS 1017 side);
Miyazaki does not teach: whilst concurrently monitoring the data operations performed by the first applications, wherein the data operations comprise the movement of data between the plurality of first applications; and in the event that the movement of data between the plurality of first applications is designated as allowable allowing the data operations to be performed, and in the event that it is not designated allowable blocking the performance of the movement of data between the plurality of first applications. However, Avadhanam teaches: 
whilst concurrently monitoring the data operations performed by the first applications, wherein the data operations comprise the movement of data between the plurality of first applications (Avadhanam: [0016] In one embodiment, a user may create a first privacy group having a first privacy setting. The first privacy setting may comprise restricting the flow of a first information type from any applications 120 associated with the first privacy group. A second privacy group having a second privacy setting may restrict the flow of all information from the applications 120. [0017]: The user may also place each application 120 into a privacy group. [0018]-[0019]: the background service 130 may comprise an abstraction layer on the operating system 110 that communicates with the operating system features 120 via one or more APIs 114. [0023]: a user may be adapted to set an application-wide rule that any application 124 comprising financial information is not allowed to share that information with any other application 124. [0031]: In requesting information associated with the applications 324 or data 334, the request may be initiated via an interface associated with the application 324. The request may be processed by the background service 130 which implements the privacy group settings as established through the user interface 326. The background service 130 then determines whether the data may be sent to the requested application 324. Also, [0032]); and 
in the event that the movement of data between the plurality of first applications is designated as allowable allowing the data operations to be performed, and in the event that it is not designated allowable blocking the performance of the movement of data between the plurality of first applications (Avadhanam: [0023]: a user may be adapted to set an application-wide rule that any application 124 comprising financial information is not allowed to share that information with any other application 124. [0032]: At 455 if the background service 130 determines that the privacy setting allows the data to be transferred to/from the application 324, the data 334 is transferred or, if the privacy setting associated with the data/application prevents the data from being sent, a notice is provided to the user that the information cannot be provided).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Avadhanam in the invention of Miyazaki to include the above limitations. The motivation to do so would be to enable a user to limit the types of data shared to and from computing device applications (Avadhanam: [0036]).

Claims 6-10 are rejected under 35 U.S.C. 103 as being unpatentable over Miyazaki in view of Avadhanam as applied to claim 1 above, and further in view of prior art of record US 7313690 to Miller et al (hereinafter Miller).
As per claim 6, Miyazaki in view of Avadhanam does not teach the limitations of claim 6. However, Miller teaches:
further comprising a wide area communication interface configured to receive a message from a remote device (Miller: column 7, lines 39-41: FIG. 3 shows one example of a general purpose computing device in the form of a computer 130 which may be a client 106. Column 9, lines 15-28: The computer 130 may operate in a networked environment using logical connections to one or more remote computers, such as a remote computer 194. The logical connections depicted in FIG. 3 include a local area network (LAN) 196 and a wide area network (WAN) 198, but may also include other networks. LAN 136 and/or WAN 138 can be a wired network, a wireless network, a combination thereof, and so on. Column 4, lines 61-65: In particular, referring to FIG. 1, a system and method of transferring via a network 100 boot files 102 from a server 104 to a client computer 106 having a pre-OS environment is illustrated).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Miller in the invention of Miyazaki in view of Avadhanam to include the above limitations. The motivation to do so would be to provide a more secure and robust way to boot clients and deploy the OS.

As per claim 7, Miyazaki in view of Avadhanam and Miller teaches:
The computing device of claim 6 wherein the first operating system is configured to trigger a security action in the event that the remote device is designated as unallowable (Miller: column 5, lines 39-42: At 212, the client 106 authenticates the server 104 by the received server certificate of authenticity 118. If the server 104 is not authentic (e.g., if the server certificate is invalid, expired or revoked), the process ends).
The examiner provides the same rationale to combine Miyazaki in view of Avadhanam and Miller as in claim 6 above.

As per claim 8, Miyazaki in view of Avadhanam and Miller teaches:
The computing device of claim 7 wherein the security action is to discard the message received from the remote device (Miller: column 5, lines 53-67 and column 6, lines 1-3: As indicated by arrow 122 in FIG. 1, the server 104 responds by adding a signature to the boot files 102 and transfers at 216 the signed boot files from the authenticated server to the authenticated client in response to the requesting by the authenticated client. Next, at 218 the authenticated client authenticates the transferred, signed boot files by confirming that the boot files have a signature corresponding to the client certificate and/or the server certificate. If the boot files are not authenticated (e.g., if the boot files are incorrectly signed, invalid, expired or revoked), the process ends. Discarding incorrectly signed, invalid, expired or revoked data was well known to one of ordinary skill in the art before the filing date of the claimed invention).
The examiner provides the same rationale to combine Miyazaki in view of Avadhanam and Miller as in claim 6 above.

As per claim 9, Miyazaki in view of Avadhanam and Miller teaches:
The computing device of claim 6 comprising an alteration controller configured to reject alteration of the first operating system unless the alteration is based on the message (Miller: column 5, lines 3-5 and 53-67 and column 6, lines 1-3: Transferred boot files 108 on the client 106 can be executed by the client to create, recreate, modify, expand or enhance an operating system 110 for the client. Next, at 218 the authenticated client authenticates the transferred, signed boot files by confirming that the boot files have a signature corresponding to the client certificate and/or the server certificate. If the boot files are not authenticated (e.g., if the boot files are incorrectly signed, invalid, expired or revoked), the process ends. At 220, the authenticated boot files are executed by the client to create the operating system 110).
The examiner provides the same rationale to combine Miyazaki in view of Avadhanam and Miller as in claim 6 above.

As per claim 10, Miyazaki in view of Avadhanam and Miller teaches:
The computing device of claim 9 wherein the alteration of the first operating system is rejected unless and the remote device that sent the message is designated as allowable (Miller: column 5, lines 39-50: At 212, the client 106 authenticates the server 104 by the received server certificate of authenticity 118. If the server 104 is not authentic (e.g., if the server certificate is invalid, expired or revoked), the process ends. The client 106 may authenticate the server's certificate 118 in one of several ways. For example, the server's certificate 118 may correspond to the client's certificate 112. On the other hand, the server certificate 118 may match a pre-existing list of authentic servers which the client 106 maintains or has access so that the server 104 is authentic to the client 106).
The examiner provides the same rationale to combine Miyazaki in view of Avadhanam and Miller as in claim 6 above.

Claim 11 is rejected under 35 U.S.C. 103 as being unpatentable over Miyazaki in view of Avadhanam as applied to claim 1 above, and further in view of prior art of record US 20090247122 to Fitzgerald et al (hereinafter Fitzgerald).
As per claim 11, Miyazaki in view of Avadhanam does not teach the limitations of claim 11. However, Fitzgerald teaches:
further comprising a location determiner configured so that the device determines its current location and configured to trigger a security action in the event that the location is designated as unallowable (Fitzgerald: [0071] A security compromise event may be determined based on the location of the mobile device. For example, referring now to FIG. 4, determining a security compromise event (120) may include obtaining a physical location of the mobile device (410), analyzing the physical location of the mobile device to determine that the device is located in an unauthorized area (420), and comparing the physical location of the mobile device to a previously stored location list (430). [0072]: A global positioning system may include, for instance, a receiver that detects signals transmitted by transmission sources with known transmission timing and/or known location, and through analyzing the received time-encoded signals at the mobile device. [0080] In the exemplary process depicted in FIG. 1, a determination is made as to whether the function of the device should be altered in response to the security compromise event (130), and the functionality of the mobile device altered accordingly (140). Referring to FIG. 6, altering the functionality of the mobile device (140) may include providing a notification to the current user (610), inhibiting the functionality of the mobile device (620), providing a notification to an authorized user and/or security authority (630), altering the manner in which communications to and from the mobile device are handled (640), protecting data in the mobile device (650), etc.).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Fitzgerald in the invention of Miyazaki in view of Avadhanam to include the above limitations. The motivation to do so would be to mitigate the harm arising from the compromised status of the device, gather evidence to apprehend and convict a thief, as well as to encourage/incentivize the return of the device to the proper owner (Fitzgerald: [0080]).

Claims 12 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Miyazaki in view of Avadhanam as applied to claim 1 above, and further in view of prior art of record US 20060010314 to Xu (hereinafter Xu).
As per claim 12, Miyazaki in view of Avadhanam does not explicitly teach the limitations of claim 12. However, Xu teaches:
wherein at least one of the plurality of first applications is configured to control the start-up process of the computing device (Xu: [0034] Once the guest OS image has been packaged or wrapped into special native application, there is a need for special boot loader that understand the guest OS inside the special application. The boot loader must be started from the original host OS of the mobile device. Upon running, it will access the special application, retrieve or unpack the guest OS image from the special application, load the guest OS image into memory, and then start the guest OS).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Xu in the invention of Miyazaki in view of Avadhanam to include the above limitations. The motivation to do so would be to run a guest OS from a host OS that does not require flashing and can preserver the data of the original OS (Xu: [0028]).

As per claim 13, Miyazaki in view of Avadhanam and Xu teaches:
The computing device of claim 12 wherein the start-up process is one of: a boot sequence; loading of the second operating system; loading of the plurality of second applications; allowing the plurality of second applications access to hardware of the computing device; powering the hardware of the computing device (Xu: [0034] Once the guest OS image has been packaged or wrapped into special native application, there is a need for special boot loader that understand the guest OS inside the special application. The boot loader must be started from the original host OS of the mobile device. Upon running, it will access the special application, retrieve or unpack the guest OS image from the special application, load the guest OS image into memory, and then start the guest OS).
The examiner provides the same rationale to combine Miyazaki in view of Avadhanam and Xu as in claim 12 above. 

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: 
CN103559437A to Liu: In order to solve the above-mentioned technical problems, the present invention proposes a kind of access control method for Android operating system, comprising: Step A, controlling the application's access to private data through the private authority set for the application; Step B: Control the communication request between the first application program and the second application program according to a preset strategy for preventing privilege escalation attacks and collusion attacks.
 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MADHURI R HERZOG whose telephone number is (571)270-3359. The examiner can normally be reached 8:30AM-5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi Arani can be reached on (571)272-3787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

MADHURI R. HERZOG
Primary Examiner
Art Unit 2438



/MADHURI R HERZOG/Primary Examiner, Art Unit 2438