DETAILED ACTION
This office action is responsive to supplemental amendment filed on July 27, 2022 in this application Whitechapel et al., U.S. Patent Application No. 17/209,675 (Filed March 23, 2021) (“Whitechapel”).  Claims 1 – 20 were pending.  Claims 1, 3 – 11, 13 – 18, and 20 are amended.  Claims 1 – 20 are pending.
Applicants' arguments have been carefully and respectfully considered and found not persuasive.  Accordingly, this action has been made FINAL.

Response to Arguments
	With respect to Applicant’s argument on pgs. 10 - 11 of the Applicant’s Remarks (“Remarks”) stating that Caldarale fails to teach multiple containerized application packages being installed with different global file system location permissions, examiner respectfully disagrees.  See infra § Claim Rejections - 35 USC §103 § Claim 1.  Caldarale teaches the different packages may be created within a sandbox and granted different global file system permissions, such as each of the sessions are only allowed to access its assigned sub-directory that is created under the /home directory, although certain other global directories allow some joint access at various levels of permissions.  Caldarale at ¶¶ 0031 & 0032 (NativeX and GuestOS are virtualized containers that run on the Host OS); id. at ¶ 0056 (creating new application sessions); id. at ¶¶ 0031, 0054, 0066 (virtual file system of the GuestOS are accessed by the NativeX container sessions); id. at ¶¶ 0037 – 0050 (local file system of the Host OS is restricted from access by the NativeX container except for certain designated directories); id. at ¶ 0045 (each session is allowed to access a designated subdirectory in /home, but only its own subdirectory and not that of other Guest OS sessions).  Manifest criteria is used to designate the local files that are excluded and permitted to be accessed by the NativeX container.  Id. at ¶¶ 0003, 0105, 0106.  Therefore, Caldarale teaches multiple containerized application packages being installed with different global file system location permissions.

Claim Rejections - 35 USC § 112, Second Paragraph
In light of applicant’s amendments the rejections made under 35 USC 112 are withdrawn.

Claim Rejections 35 U.S.C. §103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

Claims 1 – 6, 10 – 15, and 17 - 20 are rejected under 35 U.S.C. 103 as being unpatentable over Caldarale et al., United States Patent Application Publication No. 2022/0027485 (Published January 27, 2022, filed July 25, 2020) (“Caldarale”) in view of Ojha, United States Patent Application Publication No. 2020/0065510 (Published February 27, 2020, filed August 27, 2019) (“Ojha”). 


Claims 1, 11, and 18
With respect to claims 1, 11, and 18, Caldarale teaches the invention as claimed including a computer-implemented method for selectively virtualizing software application data, the method comprising:
a first application package for a first containerized software application, the first application package comprising a first application manifest and a first virtualization exclusion for a first location of a global file system of the computing device; receiving, by the computing device, a second application package for a second containerized software application, the second application package comprising a second application manifest and a plurality of virtualization exclusions comprising locations of the global file system of the computing device, wherein the plurality of virtualization exclusions does not include the first location; installing the first containerized software application in a first container comprising a first virtual file system; installing the second containerized software application in a second container comprising a second virtual file system;  {A plurality of NativeX containers are received and created by a local Host OS with a plurality of virtual guest OSs each having NativeX container sessions with access to a virtual filesystem that their container is allowed to access and with each container having access to certain separate designated folders of the local filesystem on the Host OS, such as for example, each session is only allow to access its assigned directory that is created under the /home directory. Caldarale at ¶¶ 0031 & 0032 (NativeX and GuestOS are virtualized containers that run on the Host OS); id. at ¶ 0056 (creating new application sessions); id. at ¶¶ 0031, 0054, 0066 (virtual file system of the GuestOS are accessed by the NativeX container); id. at ¶¶ 0037 – 0050 (local file system of the Host OS is restricted from access by the NativeX container except for certain designated directories); id. at ¶ 0045 (each session is allowed to access a designated subdirectory in /home, but only its own subdirectory and not that of other Guest OS sessions).  Manifest criteria is used to designate the local files that are excluded and permitted to be accessed by the NativeX container.  Id. at ¶¶ 0003, 0105, 0106.}
receiving, by the first containerized software application, an indication to write a first new file at the first location; determining that the first location comprises the first virtualization exclusion for the first containerized software application; {NativeX container may store files to certain designated folders of the local filesystem on the Host OS. Caldarale at ¶¶ 0031, 0054, 0066 (virtual file system of the GuestOS are accessed by the NativeX container); id. at ¶¶ 0037 – 0050 (local file system of the Host OS is restricted from access by the NativeX container except for certain designated directories); id. at ¶ 0045 (each GuestOS is allowed to access a designated subdirectory in /home, but only its own subdirectory and not that of other Guest OS sessions).  Manifest criteria is used to designate the local files that are excluded and permitted to be accessed by the NativeX container.  Id. at ¶¶ 0003, 0105, 0106.}
However, Caldarale doesn’t explicitly teach the limitation:
and writing, based on the determination that the first location comprises the first virtualization exclusion, the first new file to the first location of the global file system.  {Ojha does teach this limitation.  Ojha teaches that using file system permissions for virtualized containers, as taught in Caldarale, may include where the container is allowed to write content objects 352 to local file system locations, such as native storage 308, that are outside of the container and which will persist once the container is deleted.  Ojha at Abstract; id. at fig. 3; id. at ¶¶ 0024, 0055 – 0057, 0071 (requested writes for certain files are allowed to be placed in native storage); id. at ¶ 0047 (local file persists after removal).
Caldarale and Ojha are analogous art because they are from the “same field of endeavor” and are both from the same “problem-solving area.”  Specifically, they are both from the field of virtualization, and both are trying to solve the problem of how to manage file system access to virtualized containers.
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to combine using file system permissions for virtualized containers, as taught in Caldarale, with permitting extra-container local file system writes, as taught in Ojha.  Ojha teaches the use of a file system filter to allow or block the writing of files.  Id. at ¶ 0059.  Therefore, one having ordinary skill in the art would have been motivated to using file system permissions for virtualized containers, as taught in Caldarale, with permitting extra-container local file system writes, as taught in Ojha, for the purpose of using a know technique of file system permissions to implement a system that uses a file filter to control file system access.}

Claims 2, 12, and 19
With respect to claims 2, 12, and 19, Caldarale and Ojha teach the invention as claimed including:
wherein the first location comprises a user-specific location for storing application data in the global file system.  {First location may be a local storage area on the user’s device that is not inside the virtualized container file system.  Ojha at fig. 3; ¶¶ 0055 & 0056 (synchronize content objects 352 into native storage 308).}

Claims 3, 13, and 20
With respect to claims 3, 13, and 20, Caldarale and Ojha teach the invention as claimed including:
 receiving, by the second containerized software application, an indication to write a second new file to the first  location; determining that the first  location is not one of the plurality of virtualization exclusions for the second containerized software application; … receiving, by the second containerized software application, an indication to write a third new file to a second location; determining that the plurality of virtualization exclusions includes the second location; and  {Manifest criteria is used to designate the local files that are excluded and permitted to be accessed by the NativeX container.  Caldarale at ¶¶ 0003, 0105, 0106; id. at ¶ 0045 (each GuestOS is allowed to access a designated subdirectory in /home, but only its own subdirectory and not that of other Guest OS sessions).}
and writing, based on the determination that the second location does not comprise one of the plurality of virtualization exclusions, the second new file to the second location in the virtual file system… writing, based on the determination that the plurality of virtualization exclusions includes the second location, the third new file to the second location in the global file system.  {Second location may be a containerized storage area on the user’s device inside the virtualized container file system.  Ojha at fig. 3; ¶¶ 0055 & 0056 (synchronize secured content objects 152 into Secure Container 112).}

Claims 4 and 14
With respect to claims 4 and 14, Caldarale and Ojha teach the invention as claimed including:
receiving an indication to delete the second containerized software application; deleting the second containerized software application, the second container, and the second new file; and maintaining the third new file at the second location of the global file system.  {Files stored in native storage will persist once the container is deleted, while the secure files will be removed.  Ojha at Abstract; id. at fig. 3; id. at ¶¶ 0024, 0055 – 0057, 0071 (requested writes for certain files are allowed to be placed in native storage); id. at ¶ 0047 (local file persists after removal).}

Claim 5
With respect to claim 5, Caldarale and Ojha teach the invention as claimed including:
receiving an indication from the first containerized software application to update the first new file; and updating the first new file at the first location of the global file system based on the first location comprising the first virtualization exclusion for the first containerized software application.  {Changes may be made to the files including by being synchronized with a remote copy of the file.  Ojha at ¶¶ 0005, 0039, 0072.}

Claims 6 and 15
With respect to claims 6 and 15, Caldarale and Ojha teach the invention as claimed including:
receiving, from a third application, a request to access files written by the second containerized software application; providing the third application with access to the third new file based on the third new file being written to the global file system; and denying the third application access to the second new file based on the second new file being written to the second virtual file system.  {Files stored in the secure containerized storage area may be restricted from being accessed by outside applications, such as by copying, while unsecured files in the native storage may be accessed.  Ojha at ¶¶ 0040 & 0047 (blocking applications from requesting writes of the secured files); id. at ¶ 0052; Caldarale at ¶ 0045 (access to some global files may be allowed, such as to /tmp).}

Claims 10, 17, and 20
With respect to claims 10, 17, and 20, Caldarale and Ojha teach the invention as claimed including:
receiving an indication to delete the first containerized software application; determining that the first virtualization exclusion for the first location of the global file system is a write file only virtualization exclusion; and Response to Office Action of March 24, 2022deleting, based on the determination that the first virtualization exclusion for the first location of the global file system is the write file only virtualization exclusion, the first new file at the first location of the global file system.  {Once the container is deleted the secure files will be removed.  Ojha at Abstract; id. at fig. 3; id. at ¶¶ 0024, 0055 – 0057, 0071; id. at ¶ 0047.}





Claims 7 and 8 are rejected under 35 U.S.C. 103 as being unpatentable over Caldarale in view of Ojha and Nord et al., United States Patent Application Publication No. 2009/0106780 (Published April 23, 2009, filed October 20, 2007) (“Nord”). 
Claim 7
With respect to claim 7, Caldarale and Ojha teach the invention as claimed, however, Caldarale and Ojha doesn’t explicitly teach the limitation:
wherein the first application package further comprises a second virtualization exclusion for a location of a global registry of the computing device.  {Nord does teach this limitation.  Nord teaches that using file system permissions for virtualized containers, as taught in Caldarale and Ojha, may include where the permissions are for the container to access registry entries of user scope which may be accessed by the virtual container based on the permissions for the individual registry locations and whether those registry locations are local (global) or virtual.  Nord at ¶¶ 0238 - 0240.
Caldarale, Ojha, and Nord are analogous art because they are from the “same field of endeavor” and are both from the same “problem-solving area.”  Specifically, they are both from the field of virtualization, and both are trying to solve the problem of how to manage file system access from virtualized containers.
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to combine using file system permissions for virtualized containers, as taught in Caldarale and Ojha, with using permissions for registry entries, as taught in Nord.  Ojha teaches the use of a file system filter to allow or block the writing of files.  Id. at ¶ 0059.  Therefore, one having ordinary skill in the art would have been motivated to using file system permissions for virtualized containers, as taught in Caldarale and Ojha, with using permissions for registry entries, as taught in Nord, for the purpose of using a known technique of file system permissions with a file system component such as a registry to control access to the registry.

Claim 8
With respect to claim 8, Caldarale and Ojha teach the invention as claimed, however, Caldarale and Ojha doesn’t explicitly teach the limitation:
wherein the second virtualization exclusion for the location of the global registry of the computing device comprises a user-specific location for storing registry data.   {Nord does teach this limitation.  Nord teaches that using file system permissions for virtualized containers, as taught in Caldarale and Ojha, may include where the permissions are for the container to access registry entries of user scope which may be accessed by the virtual container based on the permissions for the individual registry locations and whether those registry locations are local (global) or virtual.  Nord at ¶¶ 0238 - 0240.
Caldarale, Ojha, and Nord are analogous art because they are from the “same field of endeavor” and are both from the same “problem-solving area.”  Specifically, they are both from the field of virtualization, and both are trying to solve the problem of how to manage file system access from virtualized containers.
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to combine using file system permissions for virtualized containers, as taught in Caldarale and Ojha, with using permissions for registry entries, as taught in Nord.  Ojha teaches the use of a file system filter to allow or block the writing of files.  Id. at ¶ 0059.  Therefore, one having ordinary skill in the art would have been motivated to using file system permissions for virtualized containers, as taught in Caldarale and Ojha, with using permissions for registry entries, as taught in Nord, for the purpose of using a known technique of file system permissions with a file system component such as a registry to control access to the registry.


Claims 9 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Caldarale in view of Ojha and Schultz et al., United States Patent Application Publication No. 2019/0180003 (Published June 13, 2019, filed June 21, 2018) (“Schultz”). 
Claims 9 and 16
With respect to claims 9 and 16, Caldarale and Ojha teach the invention as claimed, however, Caldarale and Ojha doesn’t explicitly teach the limitation:
receiving virtualization exclusion data from a plurality of containerized software applications comprising the first containerized software application; analyzing the virtualization exclusion data; determining, based on the analysis of the virtualization exclusion data, a virtualization exclusion data value for the first  location in the global file system; determining that the virtualization exclusion data value exceeds a threshold value; and automatically converting the first  location to a virtualization exclusion location for the second containerized software application.  {Schultz does teach this limitation.  Schultz teaches that using file system permissions for virtualized containers, as taught in Caldarale and Ojha, may include where the permissions are adjusted based on analyzing collected data from other applications, external as external entities, to determine if the file system locations meet a certain trust threshold and can be accessed by the container.  Schultz at ¶¶ 0047, 0066 – 0068 (trust level of file system location determines access); id. at ¶¶ 0145, 0163, 0168 (threshold is used to determine if trust level is acceptable).
Caldarale, Ojha, and Schultz are analogous art because they are from the “same field of endeavor” and are both from the same “problem-solving area.”  Specifically, they are both from the field of virtualization, and both are trying to solve the problem of how to manage file system access from virtualized containers.
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to combine using file system permissions for virtualized containers, as taught in Caldarale and Ojha, with using permission trust thresholds, as taught in Schultz.  Ojha teaches the use of a file system filter to allow or block the writing of files.  Id. at ¶ 0059.  Therefore, one having ordinary skill in the art would have been motivated to using file system permissions for virtualized containers, as taught in Caldarale and Ojha, with using permission trust thresholds, as taught in Nord, for the purpose of using a known trust threshold technique to define file system permissions.


Conclusion
THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to THEODORE E HEBERT whose telephone number is (571)270-1409.  The examiner can normally be reached on Monday to Friday 9:00 a.m. to 6:00 p.m..
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lewis Bullock can be reached on 571-272-3759.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

//T.H./										September 30, 2022
Examiner, Art Unit 2199

/LEWIS A BULLOCK  JR/Supervisory Patent Examiner, Art Unit 2199