DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-3, 6-9, 12-15, 18-21 and 24 rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-14 of U.S. Patent No. 11,100,216. Although the claims at issue are not identical, they are not patentably distinct from each other because claims 1-14 of Patent ’216 contain every element of claims 1-3, 6-9, 12-15, 18-21 and 24 of the instant application and as such anticipate claims 1-3, 6-9, 12-15, 18-21 and 24 of the instant application.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-8, and 13-20 are rejected under 35 U.S.C. 103 as being unpatentable over Hitomi et al. (US 2008/0109876 A1) in view of Campbell et al. (US 9,747,468 B1).
Regarding claims 1 and 13, Hitomi teaches a method of sharing a resource between software containers (Fig. 1: rules based access to protected resources), the method implemented by a host computing device and comprising:
	detecting a request from a first software application in a first software container to access a resource of a second software application operating in a second software container that is different from the (par. [0032]: application requests a resource in another container associated with a DMZ; par. [0025]: DMZ of an application on the second container, e.g. OpenOffice application with Writer files), an operational state of the second software container being controlled by a container engine running on the host computing device (par. [0047]: software application may be paused, restarted, etc.); and
	accepting or rejecting the request based on stored rules (par. [0036]: rules for read/write access used at the DMZ to allow subsequent access by the requestor).
	Hitomi does not disclose accepting or rejecting the request based on whether the first and second software applications are part of a same logical software application. Campbell discloses accepting or rejecting a request, from a first software application to access a resource of a second software application, based on whether the first and second software applications are part of a same logical software application (i.e., request is approved if the first and second software applications are in the same group or folder so that they can communicate with each other to achieve a specific purpose such as to pay a merchant using reward points from a credit card account, to book a flight using points from a particular airline, etc.) (Fig. 2, steps 230-240; col. 5, lines 11-20; col. 3, lines 4-50). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Hitomi’s method to accept or reject the request based on whether the first and second software applications are part of a same logical software application, as taught by Campbell. The motivation for doing so would have been to facilitate sharing of data between applications for conducting different types of transactions.
Regarding claims 2 and 14, Hitomi further discloses that detecting the request comprises intercepting the request before the request is delivered to the second software container (par. [0035]: the request is intercepted by the DMZ); accepting the request comprises instructing the host computing device to deliver the request to the second software container (par. [0035]: when the requestor is allowed access, the request is forwarded from the DMZ to the software container); and rejecting the request comprises instructing the host computing device to reject the request without delivering the request to the second software container (par. [0033]: if it is determined that rule-based access is not granted, then access to the resource is restricted and the application may end).
Regarding claims 3 and 15, Hitomi further discloses determining whether the first and second software applications are part of a same logical software application (i.e., determining if the first and second software applications are in the same group or folder); and accepting the request based on the first and second software applications being part of the same logical software application (Fig. 2, steps 230-240; col. 5, lines 11-20; col. 3, lines 4-50).
Regarding claims 4 and 16, Hitomi further discloses a DMZ separate from the first and second software containers, the DMZ determining whether a rule is checked to ensure that the requestor is allowed access to resource (par. [0027], [0034]-[0035]: a DMZ is a virtual area in which resource requests of resources kept in or associated with a container are honored or refused). Hitomi does not explicitly teach that the DMZ is itself a “container.” However, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to recognize that the “virtual area” described by Hitomi may be considered a software container as it contains instructions that are virtualized separately from the other software containers. Doing so would be the substitution of one known technique with an equivalent known technique yielding the same results.
Regarding claims 5 and 17, Hitomi further discloses that the determining is performed based on one or more of: an application registry (par. [0034]: the DMZ includes a table that correlates the requestor to a resource; instead of a table, a known or convenient structure could be used to manage access rules); and a file in the second software container (par. [0034]: rules associated with resources inside the container or another container).
Regarding claims 6 and 18, Hitomi further discloses determining whether the requested resource is marked as shared for the first software container by an entry in a security registry (par. [0036]: rules for read/write access used at the DMZ to allow subsequent access by the requestor); accepting the request based on the requested resource being marked as shared for the first software container by an entry in the security registry (par. [0035]: when the requestor is allowed access, the request is forwarded from the DMZ to the software container); and rejecting the request based on the requested resource not being marked as shared for the first software container (par. [0033]: if it is determined that rule-based access is not granted, then access to the resource is restricted and the application may end). Campbell discloses determining whether the first and second software applications are part of a same logical software application (Fig. 2, steps 230-240; col. 5, lines 11-20).
Regarding claim 7, the claim language suggests or makes optional a feature but does not require a step(s) to be performed or affect the steps recited in the independent claim. Therefore, the scope of the claim is not limited by the claim language (see MPEP 2111.04).
Regarding claim 19, Hitomi further teaches that an operational state of the second software container is controlled by a container engine running on the host computing device (par. [0047]: software application maybe paused, restarted, etc.). The claim language “an operational state of the first software container is controlled by a container engine running on a computing device that is different from the host computing device” does not limit the host computing device of claim 13 because the container engine is on a different device (see MPEP 2111.04).
Regarding claims 8 and 20, Hitomi further discloses instructing the host computing device to accept an additional request to access a resource in the second software application based on the additional request being received from the second software container (par. [0045]: a request from a process located within the software container may be considered safe and given access).
Claims 9 and 21 are rejected under 35 U.S.C. 103 as being unpatentable over Hitomi in view of Campbell as applied to claims 1 and 13 above, and further in view of Warila et al. (US 2008/0313282). Regarding claims 9 and 21, Hitomi and Campbell do not teach wherein said accepting or rejecting the request is further based on whether the first software container is digitally signed. Warila teaches a certificate with a digital signature of an application is verified by a software container before performing a restricted activity (par. [0477]). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Hitomi and Campbell by incorporating the teachings of Warila because they are directed towards management of software containers. Although Hitomi does not specifically contemplate accepting or rejecting requests based on the container being digitally signed, Warila teaches the known concept of verifying digital signatures of applications to perform restricted activity. Therefore, one of ordinary skill in the art would recognize that the requests of Hitomi may be dependent on a similar digital signature of the first container. Doing so would provide the advantage of verification that the software container has been vetted by a central authority.
Claims 12 and 24 are rejected under 35 U.S.C. 103 as being unpatentable over Hitomi in view of Campbell as applied to claims 1 and 13 above, and further in view of McCorkendale et al. (US 8,977,842). Regarding claims 12 and 24, Hitomi and Campbell do not teach wherein if the requested resource is an encrypted file in the second software container and the request is one to open the file, the method comprises decrypting the encrypted file prior to providing the file to the first software container; and wherein if the requested resource is an encrypted file in the second software container and the request is one to write data to the file, the method comprises receiving the data from the first software container in unencrypted form and encrypting the data prior to saving it in the encrypted file in the second software container. McCorkendale teaches a hypervisor security extension container that uses VM private and public keys to encrypt and decrypt data transmitted between VMs (col. 2, II. 46-54; col. 2, II. 61-64; col. 7, II. 40-55). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Hitomi and Campbell by incorporating the teachings of McCorkendale because they are directed towards management of software sandboxes. Although Hitomi does not specifically contemplate transmission of encrypted data, McCorkendale teaches the known concept of using a middleman like the hypervisor security extension container to perform encryption and decryption operations on behalf of communicating software. Therefore, one of ordinary skill in the art would recognize that the containers of Hitomi may similarly depend on the DMZ to provide encryption and decryption functionality. Doing so would provide the advantage of not requiring the software containers to maintain keys.
Allowable Subject Matter
Claims 10-11 and 22-23 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
The following is a statement of reasons for the indication of allowable subject matter. The prior art of record fail to teach “detecting an outgoing request from the second software container to access a resource of a third software application in a third software container that is different from the first and second software containers and whose operational state is controlled by a container engine running on a second host computing device that is different from the first host computing device; and rejecting the outgoing request at the first host computing device or transmitting the outgoing request to the second host computing device based on whether the second software application and the third software application  are part of a same logical software application” in combination with other limitations of the base claims.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MINH DINH whose telephone number is (571)272-3802. The examiner can normally be reached Mon-Fri: 9 AM - 5:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Nickerson can be reached on 469-295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/MINH DINH/Primary Examiner, Art Unit 2432