Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
This Office Action is in response to the application 17/392,131, filed on 8/2/2021.
Claims 1-20 have been examined and are pending.  Claims 1, 8, and 15 are independent claims.
Information Disclosure Statement
The information disclosure statement (IDS), submitted on 12/06/2021, 02/09/2022, 04/01/2022, and 07/20/2022, is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159.  See MPEP §§ 706.02(l)(1) - 706.02(l)(3) for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.


Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-18 of U.S. Patent No. 10,116,697.  Although the claims at issue are not identical, they are not patentably distinct from each other because all limitations recited in claims 1-20  of the instant application are encompassed by limitations recited in claims 1-18  of U.S. Patent No. 10,116,697 (see table below).  

Instant Application 17/392,131
U.S. Patent No. 10,116,697
Claim 1:  A method, comprising:












receiving, by a managed container on a user device, a geofencing rule for restricting access to content in a managed cache in the managed container based on a geographical location of the user device; 































receiving, by the managed container on the user device, a request from an application running in the managed container to access the content in the managed cache; 


responsive to the request from the application, determining, by the managed container on the user device, whether the user device is located within the geographical location; and 








based on a determination by the managed container that the user device is not located within the geographical location, denying or restricting, by the managed container based on the geofencing rule, access by the application to the content in the managed cache in the managed container on the user device.  

Claim 1:  A method, comprising: 

downloading, by a client device of a server computer, a managed container from a network source, the managed container written in a programming language native to the client device and comprising a managed cache and an application framework with an execution engine that provides a runtime environment for applications associated with backend systems running in an enterprise computing environment; 

receiving, over a network by the managed container embodied on a non-transitory computer memory of the client device, an application retrieved from an application repository by the server computer, the application repository and the server computer residing in the enterprise computing environment outside of a firewall, the application hosted or required by a backend system operating in the enterprise computing environment behind the firewall; 

storing the application in the managed cache of the managed container on the client device, the storing performed by the managed container; 

managing, by the managed container, the application and content stored in the managed container in accordance with one or more rules, the one or more rules including a geolocking or geofencing rule propagated from the backend system through the firewall to the server computer to the managed container on the client device; 

displaying an icon for the application in a user interface of the managed container on the client device; 

providing, by the managed container on the client device, a secure shell or runtime environment for running the application when the icon for the application is selected or invoked from within the user interface of the managed container; 

receiving, by the managed container on the client device, a request for content from the application running in the secure shell or runtime environment provided by the managed container on the client device; 

determining, by the managed container on the client device, whether the client device is located within a specified geographical location that is secure for viewing the content; 

permitting, by the managed container on the client device to the application running in the secure shell or runtime environment provided by the managed container on the client device, access to the content if the client device is located within the specified geographical location that is secure for viewing the content; 

denying or restricting, by the managed container on the client device based at least in part on the geolocking or geofencing rule, access by the application to the content requested by the application if the client device is not located within the specified geographical location that is secure for viewing the content; and automatically deleting the content from the managed cache if the client device is outside of the specified geographical location for a predetermined amount of time and, after the predetermined amount of time has passed, the client device has not made a connection to the server computer or returned to within the specified geographical location.




Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-14 of U.S. Patent No. 11,115,438.  Although the claims at issue are not identical, they are not patentably distinct from each other because all limitations recited in claims 1-20  of the instant application are encompassed by limitations recited in claims 1-14  of U.S. Patent No. 11,115,438 (see table below).  


Instant Application 17/392,118
U.S. Patent No. 11,115,438
Claim 1:  1. A method, comprising: 

receiving, by a managed container on a user device, a geofencing rule for restricting access to content in a managed cache in the managed container based on a geographical location of the user device; 





















receiving, by the managed container on the user device, a request from an application running in the managed container to access the content in the managed cache; 

responsive to the request from the application, determining, by the managed container on the user device, whether the user device is located within the geographical location; and 


based on a determination by the managed container that the user device is not located within the geographical location, denying or restricting, by the managed container based on the geofencing rule, access by the application to the content in the managed cache in the managed container on the user device.  
  

Claim 1:  A method, comprising: 

receiving, by a managed container on a user device from an application gateway server computer operating in an enterprise computing environment, a geofencing rule, an application, and content, wherein the managed container is downloaded from a source on the Internet; 

storing, by the managed container in a managed cache in the managed container, the geofencing rule, the application, and the content, wherein the geofencing rule governs the application and the content in the managed container based on a geographical location of the user device; 

displaying, by the managed container, an icon for the application in a user interface of the managed container; 

receiving, by the managed container through the user interface, an indication that the icon for the application is selected or invoked; 

providing, by the managed container, a secure runtime environment for running the application; 

receiving, by the managed container, a request for content from the application running in the secure runtime environment provided by the managed container; 

determining, by the managed container on the user device, whether the user device is located within the geographical location; and responsive to a determination by the managed container that the user device is not located within the geographical location, 

denying or restricting, by the managed container, access by the application to the content stored in the managed container in accordance with the geofencing rule stored in the managed container on the user device and independently of a local operating system of the user device, wherein the restricting access by the application to the content comprises transforming the content requested by the application into a protected version of the content.




Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention. 
Claims 1-4, 7-11, and 14-18 are rejected under 35 U.S.C. 103 as being unpatentable over Qureshi (US20140007222), filed October 10, 2012, in view of Borzycki (US8613070), filed August 9, 2013. 
Regarding claim 1, Qureshi discloses a method, comprising: 
receiving, by a managed container on a user device (Qureshi, paragraph 0413, 0091, 0109, 0110, and 0413, and FIG. 1A a method, comprising: receiving, by a managed container on a user device managed container encompasses enterprise agent 320 with secure container component 350D);
a geofencing rule for restricting access to content in the managed container based on a geographical location of the user device (Qureshi, in paragraph 0109, 0110, and FIG. 1A, a geofencing rule, an application, and content; in paragraph 0416, 0417, and 0422, wherein the geofencing rule governs the application and the content in the managed container based on a geographical location of the user device where geofencing rule, an application, and content encompasses document access policies, policy that limits access based on geographical position, file system; in paragraph 0307, determining, by the managed container on the user device, whether the user device is located within the geographical location);
receiving, by the managed container on the user device (Qureshi, paragraph 0109, wherein such mobile device management can comprise sending rule packages to the mobile devices 120 (as described below) and/or regulating access to enterprise resources 130; paragraph 0110; FIG. 1A; paragraph 0413, “The enterprise system 110 (which can be partially or entirely within the cloud 156) can transmit documents to the devices 120, which can be stored (e.g., by the enterprise agent 320) within the container 336.”; paragraph 0091, --- managed container encompasses enterprise agent 320 with secure container component 350D);
determining, by the managed container on the user device, whether the user device is located within the geographical location (Qureshi, paragraph 0307, “suppose that the mobile device rule 318 allows for an application 318 to be used only when the mobile device 120 is in a defined geographical zone, and that the application 318 is invoked when this condition is met”); and 
based on a determination by the managed container that the user device is not located within the geographical location (Qureshi, paragraph 0417, “the document access policy can instruct the container 336 or agent 320 to otherwise make them unavailable if the mobile device 120 is taken outside of the defined geographic zone.”);
denying or restricting, by the managed container based on the geofencing rule, access by the application to the content in the managed container on the user device (Qureshi, paragraph 0417, “the document access policy can instruct the container 336 or agent 320 to otherwise make them unavailable if the mobile device 120 is taken outside of the defined geographic zone.”).
Qureshi discloses a geofencing rule for restricting access to content in the managed container based on a geographical location of the user device; a request from an application running in the managed container to access the content;  denying or restricting, by the managed container based on the geofencing rule, access by the application to the content in the managed container on the user device, but does not explicitly disclose a geofencing rule for restricting access to content in a managed cache in the managed container based on a geographical location of the user device;  a request from an application running in the managed container to access the content in the managed cache;  a request from an application running in the managed container to access the content in the managed cache; responsive to the request from the application, denying or restricting, by the managed container based on the geofencing rule, access by the application to the content in the managed cache in the managed container on the user device.  
However, in an analogous art, Borzycki discloses a geofencing rule for restricting access to content in a managed cache in the managed container based on a geographical location of the user device;  a request from an application running in the managed container to access the content in the managed cache;  denying or restricting, by the managed container based on the geofencing rule, access by the application to the content in the managed cache in the managed container on the user device (Borzycki, FIG. 5 shows managed cache 528 in managed container 510; col. 19, line 53, through col. 20, line 25, “The data secured in the secure data container may be accessed by the secure wrapped applications 514, applications executed by a secure application launcher 518, virtualization applications 526 executed by a secure application launcher 518, and the like.”);
a request from an application running in the managed container to access the content in the managed cache (Borzycki, FIG. 5 shows managed cache 528 in managed container 510; col. 19, line 53, through col. 20, line 25, “The data secured in the secure data container may be accessed by the secure wrapped applications 514, applications executed by a secure application launcher 518, virtualization applications 526 executed by a secure application launcher 518, and the like.”);
responsive to the request from the application (Borzycki, col. 19, line 53, through col. 20, line 25, “The data secured in the secure data container may be accessed by the secure wrapped applications 514, applications executed by a secure application launcher 518, virtualization applications 526 executed by a secure application launcher 518, and the like.”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Borzycki with the method/ system/ computer program product comprising a non-transitory computer-readable medium of Qureshi to include a geofencing rule for restricting access to content in a managed cache in the managed container based on a geographical location of the user device;  a request from an application running in the managed container to access the content in the managed cache;  a request from an application running in the managed container to access the content in the managed cache; responsive to the request from the application, denying or restricting, by the managed container based on the geofencing rule, access by the application to the content in the managed cache in the managed container on the user device. 
One would have been motivated to provide users with the benefits of placing temporal and geographic restrictions on document access (Borzycki: col. 57, lines 18-29).
Regarding claim 2, Qureshi and Borzycki disclose the method according to claim 1.  Qureshi and Borzycki discloses further comprising: tracking where the user device is located in a database in the managed cache, the tracking utilizing geocode, Global Positioning System (GPS) coordinates, or a combination thereof (Qureshi, paragraph 0083, transmit GPS coordinates) (Borzycki, col. 19, line 53, through col. 20, line 25, data stored in secure data container 528 may include files, databases, and the like: col. 45, line 60, through col. 46, line 11, data stored in secure data container 528/ managed cache, secure application 530 shown as contained within secure data container 528/managed cache, col. 47, lines 18-33, information transmitted from the application over a network encrypted).  The motivation is the same as that of the claim from which this claim depends.
Regarding claim 3, Qureshi and Borzycki disclose the method according to claim 1.  Qureshi and Borzycki discloses further comprising: storing information about where the user device is located in the managed cache, the information comprising geocode, Global Positioning System (GPS) coordinates, or a combination thereof  (Qureshi, paragraph 0083, transmit GPS coordinates) (Borzycki, col. 19, line 53, through col. 20, line 25, data stored in secure data container 528 may include files, databases, and the like: col. 45, line 60, through col. 46, line 11, data stored in secure data container 528/ managed cache, secure application 530 shown as contained within secure data container 528/managed cache, col. 47, lines 18-33, information transmitted from the application over a network encrypted).  The motivation is the same as that of the claim from which this claim depends.
Regarding claim 4, Qureshi and Borzycki disclose the method according to claim 1.  Qureshi and Borzycki discloses further comprising: providing information about where the user device is located to a server computer for tracking the user device from location to location, the information comprising geocode, Global Positioning System (GPS) coordinates, or a combination thereof (Qureshi, paragraph 0083, transmit GPS coordinates to mobile device management system 126) (Borzycki, col. 19, line 53, through col. 20, line 25, data stored in secure data container 528 may include files, databases, and the like: col. 45, line 60, through col. 46, line 11, data stored in secure data container 528/ managed cache, secure application 530 shown as contained within secure data container 528/managed cache, col. 47, lines 18-33, information transmitted from the application over a network encrypted).  The motivation is the same as that of the claim from which this claim depends.
Regarding claim 7, Qureshi and Borzycki disclose the method according to claim 1.  Qureshi and Borzycki disclose wherein the managed container on the user device comprises a first certificate or token for connecting to a server computer and a second certificate or token for connecting, through the server computer, to a backend system running on a server machine operating in an enterprise computing environment (Qureshi, paragraphs 0129 and 0227, user’s mobile device 120, gateway 128, backend).  (Borzycki, col. 70, line 59, through col. 71, line 12, client device 2805 may be an enterprise client certificate for authentications with proxy device.  The enterprise client certificate may comprise a different certificate.; col. 71, lines 29-43, client certificate to access enterprise resources).  The motivation is the same as that of the claim from which this claim depends.
Regarding claim 8, Qureshi discloses a system, comprising: a processor; a non-transitory computer-readable medium; and instructions stored on the non-transitory computer-readable medium and translatable by the processor for:  (Qureshi, paragraph 0483. processor, memory, computer readable storage medium);
receiving (Qureshi, paragraph 0413, 0091, 0109, 0110, and 0413, and FIG. 1A a method, comprising: receiving, by a managed container on a user device managed container encompasses enterprise agent 320 with secure container component 350D);
a geofencing rule for restricting access to content in a managed cache in a managed container on a user device based on a geographical location of the user device (Qureshi, in paragraph 0109, 0110, and FIG. 1A, a geofencing rule, an application, and content; in paragraph 0416, 0417, and 0422, wherein the geofencing rule governs the application and the content in the managed container based on a geographical location of the user device where geofencing rule, an application, and content encompasses document access policies, policy that limits access based on geographical position, file system; in paragraph 0307, determining, by the managed container on the user device, whether the user device is located within the geographical location);
determining whether the user device is located within the geographical location (Qureshi, paragraph 0307, “suppose that the mobile device rule 318 allows for an application 318 to be used only when the mobile device 120 is in a defined geographical zone, and that the application 318 is invoked when this condition is met”);
based on a determination by the managed container that the user device is not located within the geographical location (Qureshi, paragraph 0417, “the document access policy can instruct the container 336 or agent 320 to otherwise make them unavailable if the mobile device 120 is taken outside of the defined geographic zone.”);
denying or restricting, based on the geofencing rule, access by the application to the content in the managed container on the user device (Qureshi, paragraph 0417, “the document access policy can instruct the container 336 or agent 320 to otherwise make them unavailable if the mobile device 120 is taken outside of the defined geographic zone.”).
Qureshi discloses a geofencing rule for restricting access to content in a managed container on a user device based on a geographical location of the user device; receiving a request from an application running in the managed container to access the content; denying or restricting, based on the geofencing rule, access by the application to the content in the managed container on the user device, but does not explicitly disclose a geofencing rule for restricting access to content in a managed cache in a managed container on a user device based on a geographical location of the user device; receiving a request from an application running in the managed container to access the content in the managed cache; receiving a request from an application running in the managed container to access the content in the managed cache; responsive to the request from the application, denying or restricting, based on the geofencing rule, access by the application to the content in the managed cache in the managed container on the user device.  
However, in an analogous art, Borzycki discloses a geofencing rule for restricting access to content in a managed cache in a managed container on a user device based on a geographical location of the user device (Borzycki, FIG. 5 shows managed cache 528 in managed container 510; col. 19, line 53, through col. 20, line 25, “The data secured in the secure data container may be accessed by the secure wrapped applications 514, applications executed by a secure application launcher 518, virtualization applications 526 executed by a secure application launcher 518, and the like.”); 
receiving a request from an application running in the managed container to access the content in the managed cache (Borzycki, FIG. 5 shows managed cache 528 in managed container 510; col. 19, line 53, through col. 20, line 25, “The data secured in the secure data container may be accessed by the secure wrapped applications 514, applications executed by a secure application launcher 518, virtualization applications 526 executed by a secure application launcher 518, and the like.”); 
receiving a request from an application running in the managed container to access the content in the managed cache (Borzycki, FIG. 5 shows managed cache 528 in managed container 510; col. 19, line 53, through col. 20, line 25, “The data secured in the secure data container may be accessed by the secure wrapped applications 514, applications executed by a secure application launcher 518, virtualization applications 526 executed by a secure application launcher 518, and the like.”); 
responsive to the request from the application, (Borzycki, col. 19, line 53, through col. 20, line 25, “The data secured in the secure data container may be accessed by the secure wrapped applications 514, applications executed by a secure application launcher 518, virtualization applications 526 executed by a secure application launcher 518, and the like.”);
denying or restricting, based on the geofencing rule, access by the application to the content in the managed cache in the managed container on the user device (Borzycki, FIG. 5 shows managed cache 528 in managed container 510; col. 19, line 53, through col. 20, line 25, “The data secured in the secure data container may be accessed by the secure wrapped applications 514, applications executed by a secure application launcher 518, virtualization applications 526 executed by a secure application launcher 518, and the like.”).  
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Borzycki with the method/ system/ computer program product comprising a non-transitory computer-readable medium of Qureshi to include a geofencing rule for restricting access to content in a managed cache in a managed container on a user device based on a geographical location of the user device; receiving a request from an application running in the managed container to access the content in the managed cache; receiving a request from an application running in the managed container to access the content in the managed cache; responsive to the request from the application, denying or restricting, based on the geofencing rule, access by the application to the content in the managed cache in the managed container on the user device. 
One would have been motivated to provide users with the benefits of placing temporal and geographic restrictions on document access (Borzycki: col. 57, lines 18-29).
Regarding claim 9, Qureshi and Borzycki disclose the system of claim 8.  Qureshi and Borzycki disclose wherein the instructions are further translatable by the processor for: tracking where the user device is located in a database in the managed cache, the tracking utilizing geocode, Global Positioning System (GPS) coordinates, or a combination thereof (Qureshi, paragraph 0083, transmit GPS coordinates) (Borzycki, col. 19, line 53, through col. 20, line 25, data stored in secure data container 528 may include files, databases, and the like: col. 45, line 60, through col. 46, line 11, data stored in secure data container 528/ managed cache, secure application 530 shown as contained within secure data container 528/managed cache, col. 47, lines 18-33, information transmitted from the application over a network encrypted).  The motivation is the same as that of the claim from which this claim depends.
Regarding claim 10, Qureshi and Borzycki disclose the system of claim 8.  Qureshi and Borzycki disclose wherein the instructions are further translatable by the processor for: storing information about where the user device is located in the managed cache, the information comprising geocode, Global Positioning System (GPS) coordinates, or a combination thereof (Qureshi, paragraph 0083, transmit GPS coordinates) (Borzycki, col. 19, line 53, through col. 20, line 25, data stored in secure data container 528 may include files, databases, and the like: col. 45, line 60, through col. 46, line 11, data stored in secure data container 528/ managed cache, secure application 530 shown as contained within secure data container 528/managed cache, col. 47, lines 18-33, information transmitted from the application over a network encrypted).  The motivation is the same as that of the claim from which this claim depends.
Regarding claim 11, Qureshi and Borzycki disclose the system of claim 8.  Qureshi and Borzycki disclose wherein the instructions are further translatable by the processor for: providing information about where the user device is located to a server computer for tracking the user device from location to location, the information comprising geocode, Global Positioning System (GPS) coordinates, or a combination thereof (Qureshi, paragraph 0083, transmit GPS coordinates to mobile device management system 126) (Borzycki, col. 19, line 53, through col. 20, line 25, data stored in secure data container 528 may include files, databases, and the like: col. 45, line 60, through col. 46, line 11, data stored in secure data container 528/ managed cache, secure application 530 shown as contained within secure data container 528/managed cache, col. 47, lines 18-33, information transmitted from the application over a network encrypted).  The motivation is the same as that of the claim from which this claim depends.
Regarding claim 14, Qureshi and Borzycki disclose the system of claim 8.  Qureshi and Borzycki disclose wherein the managed container on the user device comprises a first certificate or token for connecting to a server computer and a second certificate or token for connecting, through the server computer, to a backend system running on a server machine operating in an enterprise computing environment (Qureshi, paragraphs 0129 and 0227, user’s mobile device 120, gateway 128, backend).  (Borzycki, col. 70, line 59, through col. 71, line 12, client device 2805 may be an enterprise client certificate for authentications with proxy device.  The enterprise client certificate may comprise a different certificate.; col. 71, lines 29-43, client certificate to access enterprise resources).  The motivation is the same as that of the claim from which this claim depends.
Regarding claim 15, Qureshi discloses a computer program product comprising a non-transitory computer-readable medium storing instructions translatable by a processor for:    (Qureshi, paragraph 0483. processor, memory, computer readable storage medium);
receiving (Qureshi, paragraph 0413, 0091, 0109, 0110, and 0413, and FIG. 1A a method, comprising: receiving, by a managed container on a user device managed container encompasses enterprise agent 320 with secure container component 350D);
a geofencing rule for restricting access to content in a managed cache in a managed container on a user device based on a geographical location of the user device (Qureshi, in paragraph 0109, 0110, and FIG. 1A, a geofencing rule, an application, and content; in paragraph 0416, 0417, and 0422, wherein the geofencing rule governs the application and the content in the managed container based on a geographical location of the user device where geofencing rule, an application, and content encompasses document access policies, policy that limits access based on geographical position, file system; in paragraph 0307, determining, by the managed container on the user device, whether the user device is located within the geographical location);
determining whether the user device is located within the geographical location (Qureshi, paragraph 0307, “suppose that the mobile device rule 318 allows for an application 318 to be used only when the mobile device 120 is in a defined geographical zone, and that the application 318 is invoked when this condition is met”);
based on a determination by the managed container that the user device is not located within the geographical location (Qureshi, paragraph 0417, “the document access policy can instruct the container 336 or agent 320 to otherwise make them unavailable if the mobile device 120 is taken outside of the defined geographic zone.”);
denying or restricting, based on the geofencing rule, access by the application to the content in the managed container on the user device (Qureshi, paragraph 0417, “the document access policy can instruct the container 336 or agent 320 to otherwise make them unavailable if the mobile device 120 is taken outside of the defined geographic zone.”).
Qureshi discloses a geofencing rule for restricting access to content in a managed container on a user device based on a geographical location of the user device; receiving a request from an application running in the managed container to access the content; denying or restricting, based on the geofencing rule, access by the application to the content in the managed container on the user device, but does not explicitly disclose a geofencing rule for restricting access to content in a managed cache in a managed container on a user device based on a geographical location of the user device; receiving a request from an application running in the managed container to access the content in the managed cache; receiving a request from an application running in the managed container to access the content in the managed cache; responsive to the request from the application, denying or restricting, based on the geofencing rule, access by the application to the content in the managed cache in the managed container on the user device.  
However, in an analogous art, Borzycki discloses a geofencing rule for restricting access to content in a managed cache in a managed container on a user device based on a geographical location of the user device (Borzycki, FIG. 5 shows managed cache 528 in managed container 510; col. 19, line 53, through col. 20, line 25, “The data secured in the secure data container may be accessed by the secure wrapped applications 514, applications executed by a secure application launcher 518, virtualization applications 526 executed by a secure application launcher 518, and the like.”); 
receiving a request from an application running in the managed container to access the content in the managed cache (Borzycki, FIG. 5 shows managed cache 528 in managed container 510; col. 19, line 53, through col. 20, line 25, “The data secured in the secure data container may be accessed by the secure wrapped applications 514, applications executed by a secure application launcher 518, virtualization applications 526 executed by a secure application launcher 518, and the like.”); 
receiving a request from an application running in the managed container to access the content in the managed cache (Borzycki, FIG. 5 shows managed cache 528 in managed container 510; col. 19, line 53, through col. 20, line 25, “The data secured in the secure data container may be accessed by the secure wrapped applications 514, applications executed by a secure application launcher 518, virtualization applications 526 executed by a secure application launcher 518, and the like.”); 
responsive to the request from the application, (Borzycki, col. 19, line 53, through col. 20, line 25, “The data secured in the secure data container may be accessed by the secure wrapped applications 514, applications executed by a secure application launcher 518, virtualization applications 526 executed by a secure application launcher 518, and the like.”);
denying or restricting, based on the geofencing rule, access by the application to the content in the managed cache in the managed container on the user device (Borzycki, FIG. 5 shows managed cache 528 in managed container 510; col. 19, line 53, through col. 20, line 25, “The data secured in the secure data container may be accessed by the secure wrapped applications 514, applications executed by a secure application launcher 518, virtualization applications 526 executed by a secure application launcher 518, and the like.”).  
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Borzycki with the method/ system/ computer program product comprising a non-transitory computer-readable medium of Qureshi to include a geofencing rule for restricting access to content in a managed cache in a managed container on a user device based on a geographical location of the user device; receiving a request from an application running in the managed container to access the content in the managed cache; receiving a request from an application running in the managed container to access the content in the managed cache; responsive to the request from the application, denying or restricting, based on the geofencing rule, access by the application to the content in the managed cache in the managed container on the user device. 
One would have been motivated to provide users with the benefits of placing temporal and geographic restrictions on document access (Borzycki: col. 57, lines 18-29).
Regarding claim 16, Qureshi and Borzycki disclose the computer program product of claim 15.  Qureshi and Borzycki disclose wherein the instructions are further translatable by the processor for: tracking where the user device is located in a database in the managed cache, the tracking utilizing geocode, Global Positioning System (GPS) coordinates, or a combination thereof (Qureshi, paragraph 0083, transmit GPS coordinates) (Borzycki, col. 19, line 53, through col. 20, line 25, data stored in secure data container 528 may include files, databases, and the like: col. 45, line 60, through col. 46, line 11, data stored in secure data container 528/ managed cache, secure application 530 shown as contained within secure data container 528/managed cache, col. 47, lines 18-33, information transmitted from the application over a network encrypted).  The motivation is the same as that of the claim from which this claim depends.
Regarding claim 17, Qureshi and Borzycki disclose the computer program product of claim 15.  Qureshi and Borzycki disclose wherein the instructions are further translatable by the processor for: storing information about where the user device is located in the managed cache, the information comprising geocode, Global Positioning System (GPS) coordinates, or a combination thereof (Qureshi, paragraph 0083, transmit GPS coordinates) (Borzycki, col. 19, line 53, through col. 20, line 25, data stored in secure data container 528 may include files, databases, and the like: col. 45, line 60, through col. 46, line 11, data stored in secure data container 528/ managed cache, secure application 530 shown as contained within secure data container 528/managed cache, col. 47, lines 18-33, information transmitted from the application over a network encrypted).  The motivation is the same as that of the claim from which this claim depends.
Regarding claim 18, Qureshi and Borzycki disclose the computer program product of claim 15.  Qureshi and Borzycki disclose wherein the instructions are further translatable by the processor for: providing information about where the user device is located to a server computer for tracking the user device from location to location, the information comprising geocode, Global Positioning System (GPS) coordinates, or a combination thereof (Qureshi, paragraph 0083, transmit GPS coordinates to mobile device management system 126) (Borzycki, col. 19, line 53, through col. 20, line 25, data stored in secure data container 528 may include files, databases, and the like: col. 45, line 60, through col. 46, line 11, data stored in secure data container 528/ managed cache, secure application 530 shown as contained within secure data container 528/managed cache, col. 47, lines 18-33, information transmitted from the application over a network encrypted).  The motivation is the same as that of the claim from which this claim depends.
Claims 5, 12, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Qureshi (US20140007222), filed October 10, 2012, in view of Borzycki (US8613070), filed August 9, 2013, and further in view of Piscopo (US20120057573), filed September 7, 2010. 
Regarding claim 5, Qureshi and Borzycki disclose the method according to claim 1.  
Qureshi discloses providing information about where the user device is located to the server computer, the information comprising geocode, Global Positioning System (GPS) coordinates, or a combination thereof (Qureshi, paragraph 0083, transmit GPS coordinates).
Qureshi and Borzycki do not explicitly disclose further comprising: each time the user device connects to a server computer, providing information about where the user device is located to the server computer, the information comprising geocode, Global Positioning System (GPS) coordinates, or a combination thereof.  
However, in an analogous art, Piscopo discloses further comprising: each time the user device connects to a server computer, providing information about where the user device is located to the server computer, the information comprising geocode, Global Positioning System (GPS) coordinates, or a combination thereof (Piscopo, paragraph 0024, location of user’s mobile device upon receipt of each call at a mobile switching center).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Piscopo with the method/ system/ computer program product comprising a non-transitory computer-readable medium of Qureshi and Borzycki to include further comprising: each time the user device connects to a server computer, providing information about where the user device is located to the server computer, the information comprising geocode, Global Positioning System (GPS) coordinates, or a combination thereof. 
One would have been motivated to provide users with the benefits of accommodating for roaming due to the change of designated mobile switching center (Piscopo: paragraph 0024).
Regarding claim 12, Qureshi and Borzycki disclose the system of claim 8.  
Qureshi discloses providing information about where the user device is located to the server computer, the information comprising geocode, Global Positioning System (GPS) coordinates, or a combination thereof (Qureshi, paragraph 0083, transmit GPS coordinates).
Qureshi and Borzycki do not explicitly disclose wherein the instructions are further translatable by the processor for: each time the user device connects to a server computer, providing information about where the user device is located to the server computer.  
However, in an analogous art, Piscopo discloses wherein the instructions are further translatable by the processor for: each time the user device connects to a server computer, providing information about where the user device is located to the server computer (Piscopo, paragraph 0024, location of user’s mobile device upon receipt of each call at a mobile switching center).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Piscopo with the method/ system/ computer program product comprising a non-transitory computer-readable medium of Qureshi and Borzycki to include wherein the instructions are further translatable by the processor for: each time the user device connects to a server computer, providing information about where the user device is located to the server computer. 
One would have been motivated to provide users with the benefits of accommodating for roaming due to the change of designated mobile switching center (Piscopo: paragraph 0024).
Regarding claim 19, Qureshi and Borzycki disclose the computer program product of claim 15.  
Qureshi discloses providing information about where the user device is located to the server computer, the information comprising geocode, Global Positioning System (GPS) coordinates, or a combination thereof (Qureshi, paragraph 0083, transmit GPS coordinates).
Qureshi and Borzycki do not explicitly disclose wherein the instructions are further translatable by the processor for: each time the user device connects to a server computer, providing information about where the user device is located to the server computer, the information comprising geocode, Global Positioning System (GPS) coordinates, or a combination thereof
However, in an analogous art, Piscopo discloses wherein the instructions are further translatable by the processor for: each time the user device connects to a server computer, providing information about where the user device is located to the server computer, the information comprising geocode, Global Positioning System (GPS) coordinates, or a combination thereof (Piscopo, paragraph 0024, location of user’s mobile device upon receipt of each call at a mobile switching center).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Piscopo with the method/ system/ computer program product comprising a non-transitory computer-readable medium of Qureshi and Borzycki to include wherein the instructions are further translatable by the processor for: each time the user device connects to a server computer, providing information about where the user device is located to the server computer, the information comprising geocode, Global Positioning System (GPS) coordinates, or a combination thereof. 
One would have been motivated to provide users with the benefits of accommodating for roaming due to the change of designated mobile switching center (Piscopo: paragraph 0024).
Claims 6, 13, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Qureshi (US20140007222), filed October 10, 2012, in view of Borzycki (US8613070), filed August 9, 2013, and Piscopo (US20120057573), filed September 7, 2010, and further in view of Li (CN102202052), published September 28, 2011. 
Regarding claim 6, Qureshi, Borzycki, and Piscopo disclose the method according to claim 5.
Qureshi discloses report the geocode, the GPS coordinates, or the combination thereof to the server computer (Qureshi, paragraph 0083, transmit GPS coordinates).
Qureshi, Borzycki, and Piscopo do not explicitly disclose wherein the managed container on the user device is registered with the server computer and required to report the geocode, the GPS coordinates, or the combination thereof to the server computer.  
However, in an analogous art, Li discloses wherein the managed container on the user device is registered with the server computer and required to report the geocode, the GPS coordinates, or the combination thereof to the server computer  (Li, paragraph 0023, virtual machine module registers to application server; paragraph 0027, virtual machine, mobile device; paragraph 0028, application server, registration and virtual machine to application server).

Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Li with the method/ system/ computer program product comprising a non-transitory computer-readable medium of Qureshi, Borzycki, and Piscopo to include wherein the managed container on the user device is registered with the server computer and required to report the geocode, the GPS coordinates, or the combination thereof to the server computer. 
One would have been motivated to provide users with the benefits of using virtual machines to access a confidential system (Li: paragraph 0023).
Regarding claim 13, Qureshi, Borzycki, and Piscopo disclose the system of claim 12.
Qureshi discloses report the geocode, the GPS coordinates, or the combination thereof to the server computer (Qureshi, paragraph 0083, transmit GPS coordinates).
Qureshi, Borzycki, and Piscopo do not explicitly disclose wherein the managed container on the user device is registered with the server computer and required to report the geocode, the GPS coordinates, or the combination thereof to the server computer.  
However, in an analogous art, Li discloses wherein the managed container on the user device is registered with the server computer and required to report the geocode, the GPS coordinates, or the combination thereof to the server computer (Li, paragraph 0023, virtual machine module registers to application server; paragraph 0027, virtual machine, mobile device; paragraph 0028, application server, registration and virtual machine to application server).

Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Li with the method/ system/ computer program product comprising a non-transitory computer-readable medium of Qureshi, Borzycki, and Piscopo to include wherein the managed container on the user device is registered with the server computer and required to report the geocode, the GPS coordinates, or the combination thereof to the server computer. 
One would have been motivated to provide users with the benefits of using virtual machines to access a confidential system (Li: paragraph 0023).
Regarding claim 20, Qureshi, Borzycki, and Piscopo disclose the computer program product of claim 19.
Qureshi discloses report the geocode, the GPS coordinates, or the combination thereof to the server computer (Qureshi, paragraph 0083, transmit GPS coordinates).
Qureshi, Borzycki, and Piscopo do not explicitly disclose wherein the managed container on the user device is registered with the server computer and required to report the geocode, the GPS coordinates, or the combination thereof to the server computer.
However, in an analogous art, Li discloses wherein the managed container on the user device is registered with the server computer and required to report the geocode, the GPS coordinates, or the combination thereof to the server computer (Li, paragraph 0023, virtual machine module registers to application server; paragraph 0027, virtual machine, mobile device; paragraph 0028, application server, registration and virtual machine to application server).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Li with the method/ system/ computer program product comprising a non-transitory computer-readable medium of Qureshi, Borzycki, and Piscopo to include wherein the managed container on the user device is registered with the server computer and required to report the geocode, the GPS coordinates, or the combination thereof to the server computer. 
One would have been motivated to provide users with the benefits of using virtual machines to access a confidential system (Li: paragraph 0023).


Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to WALTER J MALINOWSKI whose telephone number is (571)272-5368. The examiner can normally be reached 8-6:30 MTWH.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, LUU PHAM can be reached on 5712705002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/W.J.M/Examiner, Art Unit 2439                                                                                                                                                                                                        


/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439