DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Response to Amendments
This communication is in response to the amendments filed on 8 August 2022:
	Claims 1, 9 and 13 are amended.
	Claims 1-20 are pending.
	

Response to Arguments
In response to Applicant’s remarks filed on 8 August 2022:
a.	Applicant’s arguments that the cited references fail to teach or suggest the claim features of “in response to receiving the execute function invocation request, determining a working directory associated with the second application, wherein the working directory is a directory of a file system used by processes of the second application inherited by the first application; and responsive to identifying one or more extended attribute values associated with the working directory, determining, in view of the one or more extended attribute values, a permission to the first application to use the working directory inherited from the second application to run the executable file of the first application” has been fully considered but is deemed partially not-persuasive and partially moot. For the limitation of “in response to receiving the execute function invocation request, determining a working directory associated with the second application”, Applicant’s attention is directed to Degirmenci, Paragraph [0059], see “…the Client Application 132 translates the user command received in block 210 into a request to be send to the Sandbox Manager 134 over the communication link 138…in embodiments in which the Client Application 132 is a web browser in which the plug-in 136 is loaded, in block 210, the web browser receives the user command and in block 220, the plug-in 136 translates the user command into a request including a command and optionally, one or more parameters (e.g., the session identifier associated with the virtualized application file 140). The user command may be an instruction to download the virtualized application 140, an instruction to execute the virtualized application file 140, and the like…”, where “session identifier” is being read as determining a working directory associated with the second application. Applicant’s attention is further directed to Degirmenci, Paragraph [0170], see “…the parameters of the “exec” command includes the session identifier (identifying the virtualized application file transferred) and optional command-line arguments. The session identifier is used to identify the Client Request Object storing the path to the transferred virtualized application file stored on the cache 139 of the filesystem 126A…The path is then used to execute the transferred virtualization application file”, where “path” is being read as comprising a working directory. For the other limitations, the arguments are rendered moot in view of the new grounds of rejection presented in this Office Action. 
b.	Applicant’s arguments that the cited references do not teach or suggest all the features of claim 13, as amended, which recites “determine a directory from a parameter of the chdir function invocation request, wherein the directory is inherited by the application…” and “determine, in view of the one or more extended attribute values, a permission to the application to use the directory inherited by the application as a working directory” has been fully considered but is deemed moot in view of the new grounds of rejection presented in this Office Action. 



Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1, 3 and 6-9 are rejected under 35 U.S.C. 103 as being unpatentable over Degirmenci et al. (U.S. PGPub. 2017/0220400), hereinafter Degirmenci, in view of Qiu (U.S. PGPub. 2019/0005260). 

	Regarding claim 1, Degirmenci teaches A method, comprising:
	receiving, by a processing device, an execute function invocation request from a second application to run an executable file of a first application (Degirmenci, Paragraph [0061], see “…the Sandbox Manager 134 receives requests from the Client Application 132 and performs the commands included in the requests…The Sandbox Manager 134 also manages execution of the virtual application 110 on the client computing device 9…The Sandbox Manager 134 includes a communications server 300 (e.g., a TCP server), one or more predefined Client Request object types 305, a Client Request Manager 310, a Downloader 315, an Executer 320, and a UI manager 322…”, where “Sandbox Manager 134” is comprised within the client computing device, where the exec function invocation request is received from a second application (Client Application 132) to run a first application (virtual application));
	in response to receiving the execute function invocation request, determining a working directory associated with the second application (Degirmenci, Paragraph [0059], see “…the Client Application 132 translates the user command received in block 210 into a request to be send to the Sandbox Manager 134 over the communication link 138…in embodiments in which the Client Application 132 is a web browser in which the plug-in 136 is loaded, in block 210, the web browser receives the user command and in block 220, the plug-in 136 translates the user command into a request including a command and optionally, one or more parameters (e.g., the session identifier associated with the virtualized application file 140). The user command may be an instruction to download the virtualized application 140, an instruction to execute the virtualized application file 140, and the like…”, where “session identifier” is being read as determining a working directory associated with the second application) (Degirmenci, Paragraph [0170], see “…the parameters of the “exec” command includes the session identifier (identifying the virtualized application file transferred) and optional command-line arguments. The session identifier is used to identify the Client Request Object storing the path to the transferred virtualized application file stored on the cache 139 of the filesystem 126A…The path is then used to execute the transferred virtualization application file”, where “path” is being read as comprising a working directory), 
	
	
	Degirmenci does not teach the following limitation(s) as taught by Qiu: wherein the working directory is a directory of a file system used by processes of the second application inherited by the first application (Qiu, Paragraph [0058], see “…upon receipt of a request from a first application to access data of a second application, determining whether the first application is in a domain that has access authorization to the data of the second application…”) (Qiu, Paragraph [0106], see “In the event that the access operation is performed, a determination has been made that the first application is in a domain that has access authorization to the data of the second application, and the first application is therefore permitted to perform the access operation. For example, the first application can read data files located in a directory corresponding to the second application”, where “the first application can read data files located in a directory corresponding to the second application” is analogous to the working directory being a directory of a file system used by processes of the second application inherited by the first application); and
	responsive to identifying one or more extended attribute values associated with the working directory (Qiu, Paragraph [0093], see “In operation 120, based on domain attributes of the first application and the second application and preset intradomain and interdomain data access rules, a determination can be made as to whether the first application is in the domain that has access authorization to the data of the second application”, where “based on domain attributes of the first application and the second application…” is analogous to identifying one or more extended attribute values associated with the working directory, where “domain” is analogous to being associated with the working directory for each application),
	determining, in view of the one or more extended attribute values, a permission to the first application to use the working directory inherited from the second application to run the executable file of the first application (Qiu, Paragraph [0003], see “…The various applications typically store data related to the running of each application in directories of the file system, and the applications access the data as needed during operation…”) (Qiu, Paragraph [0093], see “In operation 120, based on domain attributes of the first application and the second application and preset intradomain and interdomain data access rules, a determination can be made as to whether the first application is in the domain that has access authorization to the data of the second application”, where “based on domain attributes of the first application and the second application…a determination can be made as to whether the first application is in the domain that has access authorization to the data of the second application” is analogous to determining, in view of the one or more extended attribute values, a permission to the first application to use the working directory inherited from the second application to run the executable file of the first application, where “access authorization to the data of the second application” is analogous to the data comprising an executable file for the first application to access and operate). 
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques for hosting a first application in a second application, disclosed of Degirmenci, by implementing techniques for isolating application data access, comprising of responsive to identifying one or more extended attribute values associated with the working directory, determining a permission to the first application to use the working directory inherited from the second application to run the executable file of the first application, disclosed of Qiu. 
One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for utilizing extended file attributes for working directory, comprising determining one or more extended attribute values and determining whether to allow or deny permission to particular software and/or data resources based on the extended attribute values. This allows for better security management by determining one or more extended attribute values of the requester before granting access to their request. Qiu is deemed as analogous art due to the art disclosing the utilization of attribute values (i.e., permissions/privileges) before granting certain access (Qiu, Paragraph [0093]).  

	Regarding claim 3, Degirmenci as modified by Qiu teaches The method of claim 1, further comprising, responsive to denying the first application to use the working directory, notifying a user of the denial (Degirmenci, FIGURE 6, see “355 RECEIVE REQUEST”, “360 PARSE REQUEST”, “365 VALID?”, “366 SEND ERROR”, where responsive to denying the first application to use the working directory based on parsing the request and determining if its valid, an error message is sent to the client notifying the user of the denial). 

	Regarding claim 6, Degirmenci does not teach the following limitation(s) as taught by Qiu: The method of claim 1, wherein one of the one or more extended attribute values indicates that the first application has a permission to use the working directory (Qiu, Paragraph [0093], see “…based on domain attributes of the first application and the second application and preset intradomain and interdomain data access rules, a determination can be made as to whether the first application is in the domain that has access authorization to the data of the second application…”, where “based on domain attributes…a determination can be made as to whether the first application is in the domain that has access authorization to the data of the second application” is analogous to the one or more attribute values indicating that the first application has permission to use the working directory of the second application) (Qiu, Paragraph [0106], see “…a determination has been made that the first application is in a domain that has access authorization to the data of the second application, and the first application is therefore permitted to perform the access operation. For example, the first application can read data files located in a directory corresponding to the second application”). 
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques for hosting a first application in a second application, disclosed of Degirmenci, by implementing techniques for isolating application data access, comprising of the one or more attribute values indicating that the first application has a permission to use the working directory of the second application, disclosed of Qiu.    
One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for utilizing extended file attributes for working directory, comprising utilizing the extended attribute values to determine whether or not the application/user has permission to utilize the resources. This allows for better security management by utilizing extended attribute values to determine respective user/application privileges before granting them access to respective resources. Qiu is deemed as analogous art due to the art disclosing methods of utilizing extended attribute values to determine whether or not the application/user has permission to utilize certain resources (Qiu, Paragraphs [0093] and [0106]).  

	Regarding claim 7, Degirmenci does not teach the following limitation(s) as taught by Qiu: The method of claim 1, wherein one of the one or more extended attribute values indicates that the first application is denied a permission to use the working directory (Qiu, Paragraph [0093], see “…based on domain attributes of the first application and the second application and preset intradomain and interdomain data access rules, a determination can be made as to whether the first application is in the domain that has access authorization to the data of the second application…”, where “based on domain attributes…a determination can be made as to whether the first application is in the domain that has access authorization to the data of the second application” is analogous to the one or more attribute values indicating whether or not the first application has permission to use the working directory of the second application) (Qiu, Paragraph [0108], see “In the event that the access operation is denied, a determination has been made that the first application is not in a domain that has access authorization to the second application, and the first application is denied performance of the data access operation. For example, the first application is not permitted to read data files located in a directory corresponding to the second application”, where “In the event that the access operation is denied” is analogous to based on the attribute values indicating that the first application does not have permission to access the working directory of the second application, and where “the first application is denied performance of the data access operation” is analogous to denying a permission to use the working directory of the second application).  
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques for hosting a first application in a second application, disclosed of Degirmenci, by implementing techniques for isolating application data access, comprising utilizing the extended attribute values to determine whether or not the application/user has permission to utilize the resources, disclosed of Qiu.    
One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for utilizing extended file attributes for working directory, comprising utilizing the extended attribute values to determine whether or not the application/user has permission to utilize the resources. This allows for better security management by utilizing extended attribute values to determine respective user/application privileges before granting them access to respective resources. Qiu is deemed as analogous art due to the art disclosing methods of utilizing extended attribute values to determine whether or not the application/user has permission to utilize certain resources (Qiu, Paragraph [0108]).  

	Regarding claim 8, Degirmenci does not teach the following limitation(s) as taught by Qiu: The method of claim 1, wherein the one or more extended attribute values include a security context that indicates a user, role, or a type (Qiu, Paragraph [0024], see “assigning a unique application identifier respectively to each application, each preset domain respectively to a unique group, and a unique group identifier respectively to each group”, where “unique application identifier” is analogous to one or more extended attribute values, which indicates a user/role) (Qiu, Claim 7, see “…the application identifier is a user ID (UID); the group identifier is a group ID (GID)…”) 
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques for hosting a first application in a second application, disclosed of Degirmenci, by implementing techniques for isolating application data access, comprising the extended attribute values including a security context that indicates a user and/or role, disclosed of Qiu. 
One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for utilizing extended file attributes for working directory, comprising the extended attribute values including a security context that indicates a user and/or role. This allows for better security management by assigning different roles to users based on their privileges/permissions. Qiu is deemed as analogous art due to the art disclosing utilizing extended attribute values (i.e., permissions/privileges) that indicate a user and/or role (Qiu, Claim 7).  

Regarding claim 9, Degirmenci teaches A system, comprising:
a memory (Degirmenci, Paragraph [0028], see “FIG. 2 illustrates a system memory 22A of the client computing device 9…”); and
a processing device, coupled to the memory, the processing device to (Degirmenci, Paragraph [0028], see “FIG. 2 illustrates a system memory 22A of the client computing device 9 storing a conventional operating system 35A…”):
	receive a request to run an executable file of an application (Degirmenci, Paragraph [0059], see “…the Client Application 132 translates the user command received in block 210 into a request to be sent to the Sandbox Manager 134 over the communication link 138…The user command may be an instruction to…execute the virtualized application file 140…”);
	
	
	
Degirmenci does not teach the following limitation(s) as taught by Qiu: in response to receiving the request, determine an extended attribute value associated with the application (Qiu, FIG. 1, see “110”, “120”, where “110” shows a request received from first application to access data of the second application and “120” shows the step of determining attribute values associated with the application in order to determine whether or not the first application has permission to access the directory of the second dapplication) (Qiu, Paragraph [0093], see “In operation 120, based on domain attributes of the first application and the second application and preset intradomain and interdomain data access rules, a determination can be made as to whether the first application is in the domain that has access authorization to the data of the second application”, where “based on domain attributes of the first application and the second application…” is analogous to identifying one or more extended attribute values associated with the working directory, where “domain” is analogous to being associated with the working directory for each application);
	determine a working directory specified by the extended attribute value, wherein the working directory is a directory of a file system inherited by the application (Qiu, Paragraph [0058], see “…upon receipt of a request from a first application to access data of a second application, determining whether the first application is in a domain that has access authorization to the data of the second application…”) (Qiu, Paragraph [0093], see “In operation 120, based on domain attributes of the first application and the second application and preset intradomain and interdomain data access rules, a determination can be made as to whether the first application is in the domain that has access authorization to the data of the second application”, where “based on domain attributes of the first application and the second application…a determination can be made as to whether the first application is in the domain that has access authorization to the data of the second application” is analogous to determining, in view of the one or more extended attribute values, a working directory associated with the second application) (Qiu, Paragraph [0106], see “In the event that the access operation is performed, a determination has been made that the first application is in a domain that has access authorization to the data of the second application, and the first application is therefore permitted to perform the access operation. For example, the first application can read data files located in a directory corresponding to the second application”, where “the first application can read data files located in a directory corresponding to the second application” is analogous to the working directory being a directory of a file system used by processes of the second application inherited by the first application); and
	associate the working directory inherited by the application with a process running the application (Qiu, Paragraph [0106], see “In the event that the access operation is performed, a determination has been made that the first application is in a domain that has access authorization to the data of the second application, and the first application is therefore permitted to perform the access operation. For example, the first application can read data files located in a directory corresponding to the second application”, where “the first application can read data files located in a directory corresponding to the second application” is analogous associating the working directory inherited by the application with a process running the application). 
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques for hosting a first application in a second application, disclosed of Degirmenci, by implementing techniques for isolating application data access, comprising determining one or more extended attribute values and determining whether to allow or deny permission to particular software and/or data resources based on the extended attribute values, disclosed of Qiu.   
One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for utilizing extended file attributes for working directory, comprising determining one or more extended attribute values and determining whether to allow or deny permission to particular software and/or data resources based on the extended attribute values. This allows for better security management by determining one or more extended attribute values of the requester before granting access to their request. Qiu is deemed as analogous art due to the art disclosing the utilization of attribute values (i.e., permissions/privileges) before granting certain access (Qiu, Paragraphs [0093] and [0106]). 

 
Claim 2 is rejected under 35 U.S.C. 103 as being unpatentable over Degirmenci, in view of Qiu, in further view of Alpern et al. (U.S. PGPub. 2009/0178035), hereinafter Alpern.

	Regarding claim 2, Degirmenci as modified by Qiu do not teach the following limitation(s) as taught by Alpern: The method of claim 1, further comprising: responsive to allowing the first application to use the working directory to run the executable file, inheriting the working directory by a process running the executable file (Alpern, Paragraph [0648], see “…it analyzes the command line, and current working directory supplied by or inherited from its invoker and decides which (if any) executable to invoke and with what command line, environment and CWD”).
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques for hosting a first application in a second application, disclosed of Degirmenci and techniques disclosed of Qiu, by implementing techniques for simplifying the deployment and serviceability of commercial software environments, comprising inheriting the working directory by a process running the executable file, disclosed of Alpern.   
One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for utilizing extended file attributes for working directory, comprising inheriting the working directory by a process running the executable file. This allows for the application requesting to execute a different application to acquire the needed resources to properly execute the requested application. Alpern is deemed as analogous art due to the art disclosing methods for inheriting a working directory from its invoker (Alpern, Paragraph [0648]). 


Claims 4-5 and 12 are rejected under 35 U.S.C. 103 as being unpatentable over Degirmenci, in view of Qiu, in further view of HAJMASAN et al. (U.S. PGPub. 2019/0034634), hereinafter Hajmasan.

	Regarding claim 4, Degirmenci as modified by Qiu do not teach the following limitation(s) as taught by Hajmasan: The method of claim 1, wherein the exec function invocation request is a system call request for a service from a kernel of an operating system (Hajmasan, Paragraph [0040], see “In a typical flow of execution, the user-mode API function called by entity 60a may request service from the operating system’s kernel…such operations are carried out by using a system call, such as SYSCALL and SYSENTER on x86 platforms”, where “user-mode API function” is analogous to the exec function invocation request which is ultimately a system call request for a service from a kernel of an operating system). 
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques for hosting a first application in a second application, disclosed of Degirmenci and techniques disclosed of Qiu, by implementing techniques for tracking malicious behavior across multiple software entities, comprising an invocation request being a system call request for a service from a kernel of an operating system, disclosed of Hajmasan.    
One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for utilizing extended file attributes for working directory, comprising an invocation request being a system call request for a service from a kernel of an operating system. This allows for the user to be provided with an interface between the processor and operating system to allow user-level processes to request services of the operating system. System calls are typically made when a process in user mode requires access to a resource. Hajmasan is deemed as analogous art due to the methods invoking a system call request for a service from a kernel of an OS (Hajmasan, Paragraph [0040]). 

	Regarding claim 5, Degirmenci as modified by Qiu teach The method of claim 1(Degirmenci, Paragraph [0061], see “…the Sandbox Manager 134 receives requests from the Client Application 132 and performs the commands included in the requests…The Sandbox Manager 134 also manages execution of the virtual application 110 on the client computing device 9”, where “client computing device 9” is being read as a user space).
	Degirmenci as modified by Qiu do not teach the following limitation(s) as taught by Hajmasan: wherein determining one or more extended attribute values associated with the working directory comprises determining the one or more extended attribute values in a kernel space (Hajmasan, Paragraph [0039], see “…security application 36 may hook into certain functions of the KERNEL32.DLL and/or NTDLL.DLL libraries, to instruct the respective functions to redirect execution to a component of application 36”) (Hajmasan, Paragraph [0040], see “…the user-mode API function called by entity 60a may request service from the operating system’s kernel…such operations are carried out by issuing a system call…such system calls are intercepted by event interceptor 28b…such interception comprises, for instance, modifying a system call handler routine by changing a value stored in a model-specific register (MSR) of processor 12, which effectively redirects execution of the respective handler routine to interceptor 28b or directly to a component of application 36”, where “application 36” is analogous to security application) (Hajmasan, Paragraph [0044], see “Some embodiments of security application 36 may determine which category each entity belongs to according to certain features of the respective entity, such as a path, a filename, a set of resources, an OS registry entry, a digital signature, and a memory location of the respective entity…security application may perform an audit of client system 10 and/or of OS 30 to locate a set of resources associated to group creator entities such as OS services, browsers, and file managers, and later use such information to determine whether an executing entity belongs to one category or another. Security application 36 may further identify an entity and establish its category by comparing a set of hashes of the respective entity to a database of hashes of known entities”, where “category each entity belongs” is analogous to determining one or more extended attribute values, which are performed in a kernel space).
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques for hosting a first application in a second application, disclosed of Degirmenci and techniques disclosed of Qiu, by implementing techniques for tracking malicious behavior across multiple software entities, comprising wherein determining one or more extended attribute values associated with a particular resource comprises determining the one or more extended attribute values in a kernel space, disclosed of Hajmasan.     
One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for utilizing extended file attributes for working directory, comprising wherein determining one or more extended attribute values associated with a particular resource comprises determining the one or more extended attribute values in a kernel space. This allows for better security management by utilizing the kernel space to determine one or more extended attribute values when the system calls for it before the kernel provides the necessary resources between the applications and hardware. Hajmasan is deemed as analogous art due to the art disclosing methods of determining extended attribute values in a kernel environment (Hajmasan, Paragraph [0044]). 

Regarding claim 12, Degirmenci as modified by Qiu teaches The system of claim 9, (Degirmenci, Paragraph [0061], see “…the Sandbox Manager 134 receives requests from the Client Application 132 and performs the commands included in the requests…The Sandbox Manager 134 also manages execution of the virtual application 110 on the client computing device 9”, where “client computing device 9” is being read as a user space).
Degirmenci as modified by Qiu do not teach the following limitation(s) as taught by Hajmasan: wherein determining an extended attribute value associated with an executable file of the application comprises determining the extended attribute value in a kernel space after a system call is invoked (Hajmasan, Paragraph [0039], see “…security application 36 may hook into certain functions of the KERNEL32.DLL and/or NTDLL.DLL libraries, to instruct the respective functions to redirect execution to a component of application 36”) (Hajmasan, Paragraph [0040], see “…the user-mode API function called by entity 60a may request service from the operating system’s kernel…such operations are carried out by issuing a system call…such system calls are intercepted by event interceptor 28b…such interception comprises, for instance, modifying a system call handler routine by changing a value stored in a model-specific register (MSR) of processor 12, which effectively redirects execution of the respective handler routine to interceptor 28b or directly to a component of application 36”, where “application 36” is analogous to security application) (Hajmasan, Paragraph [0044], see “Some embodiments of security application 36 may determine which category each entity belongs to according to certain features of the respective entity, such as a path, a filename, a set of resources, an OS registry entry, a digital signature, and a memory location of the respective entity…security application may perform an audit of client system 10 and/or of OS 30 to locate a set of resources associated to group creator entities such as OS services, browsers, and file managers, and later use such information to determine whether an executing entity belongs to one category or another. Security application 36 may further identify an entity and establish its category by comparing a set of hashes of the respective entity to a database of hashes of known entities”, where “category each entity belongs” is analogous to determining one or more extended attribute values, which are performed in a kernel space).
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques for hosting a first application in a second application, disclosed of Degirmenci and techniques disclosed of Qiu, by implementing techniques for tracking malicious behavior across multiple software entities, comprising wherein determining one or more extended attribute values associated with a particular resource comprises determining the one or more extended attribute values in a kernel space, disclosed of Hajmasan.     
One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for utilizing extended file attributes for working directory, comprising wherein determining one or more extended attribute values associated with a particular resource comprises determining the one or more extended attribute values in a kernel space. This allows for better security management by utilizing the kernel space to determine one or more extended attribute values when the system calls for it before the kernel provides the necessary resources between the applications and hardware. Hajmasan is deemed as analogous art due to the art disclosing methods of determining extended attribute values in a kernel environment (Hajmasan, Paragraph [0044]). 


Claim 10 is rejected under 35 U.S.C. 103 as being unpatentable over Degirmenci, in view of Qiu, in further view of Afek et al. (U.S. Patent 8,595,799), hereinafter Afek.

Regarding claim 10, Degirmenci as modified by Qiu do not teach the following limitation(s) as taught by Afek: The system of claim 9, wherein associating the working directory with the process running the application further comprises:
determining another extended attribute value associated with the working directory (Afek, Column 4, Lines 12 – 16, see “…assigning an attribute to user-role assignment can include assigning a location attribute. Assigning an attribute to a user-role assignment can include assigning a purpose attribute. And, assigning an attribute to a user-role assignment can include assigning a condition attribute. These are examples, not to the exclusion of other attribute examples”, where the method involves determining different (another) extended attribute values associated with the application/user/resources (i.e., working directory);
determining, in view of the another extended attribute value, whether to allow the application to use the working directory (Afek, Column 3, Lines 16 – 19, see “…where one or more network users are granted certain defined access rights, permissions and/or privileges to particular hardware, software, firmware, and/or data resources…”, where based on the users permissions and/or privileges (i.e., one or more extended attribute values), the user is granted certain defined access rights (i.e., allow or deny) to particular software and/or data resources (i.e., working directory)); and
responsive to determining that the application is allowed to use the working directory, running the application (Afek, Column 3, Lines 51 – 57, see “…a defined role can include a database (DB) expert role, a Unix expert role, an administrator (admin) role, viewer role, etc…program instructions can be executed to assign a permission to a role…a permission may include at least one of an “edit and view” access right or may include a “view only” access right”, where “edit and view” is analogous to the extended attribute value indicating that the application/user has permission to use the resource (i.e., working directory)).
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques for hosting a first application in a second application, disclosed of Degirmenci, and techniques disclosed of Qiu, by implementing techniques for access authorization, comprising of utilizing another extended attribute value associated with the resource and utilizing the another attribute to determine whether or not the user/client/application has necessary permissions, disclosed of Afek.   
One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for utilizing extended file attributes for working directory, comprising determining one or more extended attribute values and determining whether to allow or deny permission to particular software and/or data resources based on the extended attribute values. This allows for better security management by determining another extended attribute values of the requester before granting access to their request. Afek is deemed as analogous art due to the art disclosing the utilization of multiple attribute values (i.e., location, purpose, condition attributes) before granting certain access (Afek, Column 3, Lines 16 – 19). 


Claim 11 is rejected under 35 U.S.C. 103 as being unpatentable over Degirmenci, in view of Qiu, in further view of Hajmasan, in further view of Manjunath et al. (U.S. PGPub. 2017/0169069), hereinafter Manjunath.

	Regarding claim 11, Degirmenci as modified by Qiu do not teach the following limitation(s) as taught by Hajmasan: The system of claim 9, wherein the extended attribute value includes a directory path for the working directory (Hajmasan, Paragraph [0044], see “Some embodiments of security application 36 may determine which category each entity belongs to according to certain features of the respective entity, such as a path, a filename, a set of resources, an OS registry entry, a digital signature, and a memory location of the respective entity…security application may perform an audit of client system 10 and/or of OS 30 to locate a set of resources associated to group creator entities such as OS services, browsers, and file managers, and later use such information to determine whether an executing entity belongs to one category or another. Security application 36 may further identify an entity and establish its category by comparing a set of hashes of the respective entity to a database of hashes of known entities”, where “category” is analogous to comprising the extended attribute values and where “may determine which category each entity belongs to according to certain features of the respective entity, such as a path, a filename, a set of resources…a memory location” is analogous to the extended attribute values including a directory path for the working directory). 
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques for hosting a first application in a second application, disclosed of Degirmenci and techniques disclosed of Qiu, by implementing techniques for tracking malicious behavior across multiple software entities, comprising the extended attribute value including a directory path for the working directory, disclosed of Hajmasan.      
One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for utilizing extended file attributes for working directory, comprising the extended attribute value including a directory path for the working directory. This allows for better security management and organization by associating each extended attribute value with a directory path for the working directory. Hajmasan is deemed as analogous art due to the art disclosing techniques that utilize extended attribute values which include information regarding a directory path for a specific resource (Hajmasan, Paragraph [0044]). 
Degirmenci as modified by Qiu and further modified by Hajmasan do not teach the following limitation(s) as taught by Manjunath: wherein the extended attribute value is associated with an index node of the executable file of the application (Manjunath, Paragraph [0052], see “…The processing device can examine the extended attributes of the on-disk inode…to determine whether an extended attribute contains a value for an object version for the object”, where “inode” is analogous to an index node of an executable file of an application).
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques for hosting a first application in a second application, disclosed of Degirmenci, techniques disclosed of Qiu, and techniques disclosed of Hajmasan, by implementing techniques for data integrity checking in a distributed filesystem, comprising wherein the extended attribute values are associated with an index node of an executable file of an application, disclosed of Manjunath.       
One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for utilizing extended file attributes for working directory, comprising wherein the extended attribute values are associated with an index node of an executable file of an application. This allows for better security management for Unix-style file systems, where each inode stores the attributes of the object’s data. Manjunath is deemed as analogous art due to the art disclosing techniques of extended attributes values being associated with index nodes for a particular object (Manjunath, Paragraph [0052]). 


Claims 13, 16 and 18-20 are rejected under 35 U.S.C. 103 as being unpatentable over Pike et al. (U.S. Patent 5,623,666), hereinafter Pike, in view of Qiu. 

	Regarding claim 13, Pike teaches A non-transitory machine-readable storage medium including instructions that, when executed by a processing device, cause the processing device to (Pike, Column 2, Lines 12 – 16, see “…While current distributed systems typically consist of a set of work stations which are connected via a local area network to each other and to a file server, i.e., a file storage device with a processor which is specialized to perform file operations…”):
	receive, by a processing device, an chdir function invocation request from an application (Pike, Column 14, Lines 51 – 57, see “File locator functions 113 which locate files instead of rearranging the name space take a path name as an argument and return a file descriptor…The file locator functions 113 include “chdir”, which makes the directory file specified by the pathname into the process 102’s working directory...”) (Pike, Column 14, Lines 66 – 67 and Column 15, Lines 1 – 8, see “…file system 109 translates the file access calls 105 and the file locator calls 107 made by a processor 102 into service file operation requests. Each service file operation request requests a service 123 to perform an operation on a file in one of its file trees 125…requests 119 and 121 for some services 123 take the form of function calls…”);
	in response to receiving the chdir function invocation request, determine a directory from a parameter of the chdir function invocation request (Pike, Column 19, Lines 37 – 39, see “…file locator functions such as “bind”, “mount”, “chdir”, or “open” take a path name as an argument and return the file descriptor 417 for the file”, where “file descriptor 417” is analogous to comprising resources to help point or determine a directory from a parameter (argument) of the chdir function request), 
	
	
	Pike does not teach the following limitation(s) as taught by Qiu: wherein the directory is inherited by the application (Qiu, Paragraph [0048], see “…the authorization determination unit is configured to determine whether the first application satisfies one of the following data access conditions: the first application belongs to the same domain as the second application, or the domain to which the first application belongs is a child domain of the domain to which the second application belongs…”, where “child domain” is analogous to inheriting the directory by a parent application) (Qiu, Paragraph [0058], see “…upon receipt of a request from a first application to access data of a second application, determining whether the first application is in a domain that has access authorization to the data of the second application…”) (Qiu, Paragraph [0106], see “In the event that the access operation is performed, a determination has been made that the first application is in a domain that has access authorization to the data of the second application, and the first application is therefore permitted to perform the access operation. For example, the first application can read data files located in a directory corresponding to the second application”, where “the first application can read data files located in a directory corresponding to the second application” is analogous to the working directory being a directory of a file system used by processes of the second application inherited by the first application);
	determine one or more extended attribute values associated with the directory (Qiu, Paragraph [0093], see “In operation 120, based on domain attributes of the first application and the second application and preset intradomain and interdomain data access rules, a determination can be made as to whether the first application is in the domain that has access authorization to the data of the second application”, where “based on domain attributes of the first application and the second application…” is analogous to identifying one or more extended attribute values associated with the working directory, where “domain” is analogous to being associated with the working directory for each application); and
	determine, in view of the one or more extended attribute values, a permission to the application to use the directory inherited by the application as a working directory (Qiu, Paragraph [0003], see “…The various applications typically store data related to the running of each application in directories of the file system, and the applications access the data as needed during operation…”) (Qiu, Paragraph [0093], see “In operation 120, based on domain attributes of the first application and the second application and preset intradomain and interdomain data access rules, a determination can be made as to whether the first application is in the domain that has access authorization to the data of the second application”, where “based on domain attributes of the first application and the second application…a determination can be made as to whether the first application is in the domain that has access authorization to the data of the second application” is analogous to determining, in view of the one or more extended attribute values, a permission to the first application to use the working directory inherited from the second application to run the executable file of the first application, where “access authorization to the data of the second application” is analogous to the data comprising an executable file for the first application to access and operate). 
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques for hosting a first application in a second application, disclosed of Degirmenci, by implementing techniques for isolating application data access, comprising of responsive to identifying one or more extended attribute values associated with the working directory, determining a permission to the first application to use the working directory inherited from the second application to run the executable file of the first application, disclosed of Qiu. 
One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for utilizing extended file attributes for working directory, comprising determining one or more extended attribute values and determining whether to allow or deny permission to particular software and/or data resources based on the extended attribute values. This allows for better security management by determining one or more extended attribute values of the requester before granting access to their request. Qiu is deemed as analogous art due to the art disclosing the utilization of attribute values (i.e., permissions/privileges) before granting certain access (Qiu, Paragraph [0093]).  

Regarding claim 16, Pike as modified by Qiu teaches The non-transitory machine-readable storage medium of claim 13, wherein the chdir function invocation request is a system call request for a service from a kernel of an operating system (Pike, Column 14, Lines 51 – 57, see “File locator functions 113 which locate files instead of rearranging the name space take a path name as an argument and return a file descriptor…The file locator functions 113 include “chdir”, which makes the directory file specified by the pathname into the process 102’s working directory...”, where a chdir function is being read as a system call and where a system call is the programmatic way in which a computer program requests a service from the kernel of an OS) (Pike, Column 14, Lines 66 – 67 and Column 15, Lines 1 – 8, see “…file system 109 translates the file access calls 105 and the file locator calls 107 made by a processor 102 into service file operation requests. Each service file operation request requests a service 123 to perform an operation on a file in one of its file trees 125…requests 119 and 121 for some services 123 take the form of function calls…”)

	Regarding claim 18, Pike does not teach the following limitation(s) as taught by Qiu: The non-transitory machine-readable storage medium of claim 13, wherein one of the one or more extended attribute values indicates that the application has a permission to use the directory as the working directory (Qiu, Paragraph [0093], see “…based on domain attributes of the first application and the second application and preset intradomain and interdomain data access rules, a determination can be made as to whether the first application is in the domain that has access authorization to the data of the second application…”, where “based on domain attributes…a determination can be made as to whether the first application is in the domain that has access authorization to the data of the second application” is analogous to the one or more attribute values indicating that the first application has permission to use the working directory of the second application) (Qiu, Paragraph [0106], see “…a determination has been made that the first application is in a domain that has access authorization to the data of the second application, and the first application is therefore permitted to perform the access operation. For example, the first application can read data files located in a directory corresponding to the second application”). 
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques for hosting a first application in a second application, disclosed of Degirmenci, by implementing techniques for isolating application data access, comprising of the one or more attribute values indicating that the first application has a permission to use the working directory of the second application, disclosed of Qiu.    
One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for utilizing extended file attributes for working directory, comprising utilizing the extended attribute values to determine whether or not the application/user has permission to utilize the resources. This allows for better security management by utilizing extended attribute values to determine respective user/application privileges before granting them access to respective resources. Qiu is deemed as analogous art due to the art disclosing methods of utilizing extended attribute values to determine whether or not the application/user has permission to utilize certain resources (Qiu, Paragraphs [0093] and [0106]).  

	Regarding claim 19, Pike does not teach the following limitation(s) as taught by Qiu: The non-transitory machine-readable storage medium of claim 13, wherein one of the one or more extended attribute values indicates that the application is denied a permission to use the directory as the working directory (Qiu, Paragraph [0093], see “…based on domain attributes of the first application and the second application and preset intradomain and interdomain data access rules, a determination can be made as to whether the first application is in the domain that has access authorization to the data of the second application…”, where “based on domain attributes…a determination can be made as to whether the first application is in the domain that has access authorization to the data of the second application” is analogous to the one or more attribute values indicating whether or not the first application has permission to use the working directory of the second application) (Qiu, Paragraph [0108], see “In the event that the access operation is denied, a determination has been made that the first application is not in a domain that has access authorization to the second application, and the first application is denied performance of the data access operation. For example, the first application is not permitted to read data files located in a directory corresponding to the second application”, where “In the event that the access operation is denied” is analogous to based on the attribute values indicating that the first application does not have permission to access the working directory of the second application, and where “the first application is denied performance of the data access operation” is analogous to denying a permission to use the working directory of the second application).  
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques for hosting a first application in a second application, disclosed of Degirmenci, by implementing techniques for isolating application data access, comprising utilizing the extended attribute values to determine whether or not the application/user has permission to utilize the resources, disclosed of Qiu.    
One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for utilizing extended file attributes for working directory, comprising utilizing the extended attribute values to determine whether or not the application/user has permission to utilize the resources. This allows for better security management by utilizing extended attribute values to determine respective user/application privileges before granting them access to respective resources. Qiu is deemed as analogous art due to the art disclosing methods of utilizing extended attribute values to determine whether or not the application/user has permission to utilize certain resources (Qiu, Paragraph [0108]).  

	Regarding claim 20, Pike does not teach the following limitation(s) as taught by Qiu: The non-transitory machine-readable storage medium of claim 13, wherein the one or more extended attribute values include a security context that indicates a user, a role, or a type (Qiu, Paragraph [0024], see “assigning a unique application identifier respectively to each application, each preset domain respectively to a unique group, and a unique group identifier respectively to each group”, where “unique application identifier” is analogous to one or more extended attribute values, which indicates a user/role) (Qiu, Claim 7, see “…the application identifier is a user ID (UID); the group identifier is a group ID (GID)…”) 
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques for hosting a first application in a second application, disclosed of Degirmenci, by implementing techniques for isolating application data access, comprising the extended attribute values including a security context that indicates a user and/or role, disclosed of Qiu. 
One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for utilizing extended file attributes for working directory, comprising the extended attribute values including a security context that indicates a user and/or role. This allows for better security management by assigning different roles to users based on their privileges/permissions. Qiu is deemed as analogous art due to the art disclosing utilizing extended attribute values (i.e., permissions/privileges) that indicate a user and/or role (Qiu, Claim 7).  


Claim 14 is rejected under 35 U.S.C. 103 as being unpatentable over Pike, in view of Qiu, in further view of Alpern.

	Regarding claim 14, Pike as modified by Qiu do not teach the following limitation(s) as taught by Alpern: The non-transitory machine-readable storage medium of claim 13, including instructions that, when executed by a processing device, cause the processing device to further: responsive to allowing the application to use the directory as a working directory, setting the working directory of a process running the application to be the directory (Alpern, Paragraph [0648], see “…it analyzes the command line, and current working directory supplied by or inherited from its invoker and decides which (if any) executable to invoke and with what command line, environment and CWD”).
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques disclosed of Pike and techniques disclosed of Qiu, by implementing techniques for simplifying the deployment and serviceability of commercial software environments, comprising inheriting the working directory by a process running the executable file, disclosed of Alpern.   
One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for utilizing extended file attributes for working directory, comprising inheriting the working directory by a process running the executable file. This allows for the application requesting to execute a different application to acquire the needed resources to properly execute the requested application. Alpern is deemed as analogous art due to the art disclosing methods for inheriting a working directory from its invoker (Alpern, Paragraph [0648]). 


Claim 15 is rejected under 35 U.S.C. 103 as being unpatentable over Pike, in view of Qiu, in further view of Degirmenci. 

	Regarding claim 15, Pike as modified by Qiu do not teach the following limitation(s) as taught by Degirmenci: The non-transitory machine-readable storage medium of claim 13, including instructions that, when executed by a processing device, cause the processing device to further: responsive to denying the application to use the directory as a working directory, notifying a user of the denial (Degirmenci, FIGURE 6, see “355 RECEIVE REQUEST”, “360 PARSE REQUEST”, “365 VALID?”, “366 SEND ERROR”, where responsive to denying the first application to use the working directory based on parsing the request and determining if its valid, an error message is sent to the client notifying the user of the denial).
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques disclosed of Pike and techniques disclosed of Qiu, by implementing techniques for hosting a first application in a second application, comprising of responsive to denying the application to use the directory as a working directory, notifying a user of the denial, disclosed of Degirmenci. 
One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for utilizing extended file attributes for working directory, comprising of responsive to denying the application to use the directory as a working directory, notifying a user of the denial. This allows for a more user-friendly interface by sending a notification to the user, notifying a user of a denial based on the determination. Degirmenci is deemed as analogous art due to the art disclosing techniques for notifying a user of a denial (Degirmenci, FIGURE 6). 


Claim 17 is rejected under 35 U.S.C. 103 as being unpatentable over Pike, in view of Qiu, in further view of Degirmenci, in further view of Hajmasan.

	Regarding claim 17, Pike as modified by Qiu do not teach the following limitation(s) as taught by Degirmenci: wherein the application is executed in a user space (Degirmenci, Paragraph [0061], see “…the Sandbox Manager 134 receives requests from the Client Application 132 and performs the commands included in the requests…The Sandbox Manager 134 also manages execution of the virtual application 110 on the client computing device 9”, where “client computing device 9” is being read as a user space).
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques disclosed of Pike and techniques disclosed of Qiu, by implementing techniques for hosting a first application in a second application, comprising of the application being executed in a user space, disclosed of Degirmenci.  
One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for utilizing extended file attributes for working directory, comprising of the application being executed in a user space. This allows for better security management by utilizing the user space to execute the application due to the user space having access only to a limited part of memory. Degirmenci is deemed as analogous art due to the art disclosing methods of executed an application in a user space (Degirmenci, Paragraph [0061]). 
	Pike as modified by Qiu and further modified by Degirmenci do not teach the following limitation(s) as taught by Hajmasan: The non-transitory machine-readable storage medium of claim 13, wherein determining one or more extended attribute values associated with the directory comprises determining one or more extended attribute values in a kernel space (Hajmasan, Paragraph [0039], see “…security application 36 may hook into certain functions of the KERNEL32.DLL and/or NTDLL.DLL libraries, to instruct the respective functions to redirect execution to a component of application 36”) (Hajmasan, Paragraph [0040], see “…the user-mode API function called by entity 60a may request service from the operating system’s kernel…such operations are carried out by issuing a system call…such system calls are intercepted by event interceptor 28b…such interception comprises, for instance, modifying a system call handler routine by changing a value stored in a model-specific register (MSR) of processor 12, which effectively redirects execution of the respective handler routine to interceptor 28b or directly to a component of application 36”, where “application 36” is analogous to security application) (Hajmasan, Paragraph [0044], see “Some embodiments of security application 36 may determine which category each entity belongs to according to certain features of the respective entity, such as a path, a filename, a set of resources, an OS registry entry, a digital signature, and a memory location of the respective entity…security application may perform an audit of client system 10 and/or of OS 30 to locate a set of resources associated to group creator entities such as OS services, browsers, and file managers, and later use such information to determine whether an executing entity belongs to one category or another. Security application 36 may further identify an entity and establish its category by comparing a set of hashes of the respective entity to a database of hashes of known entities”, where “category each entity belongs” is analogous to determining one or more extended attribute values, which are performed in a kernel space).
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques for hosting a first application in a second application, disclosed of Pike, techniques disclosed of Qiu, and techniques disclosed of Degirmenci, by implementing techniques for tracking malicious behavior across multiple software entities, comprising wherein determining one or more extended attribute values associated with a particular resource comprises determining the one or more extended attribute values in a kernel space, disclosed of Hajmasan.     
One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for utilizing extended file attributes for working directory, comprising wherein determining one or more extended attribute values associated with a particular resource comprises determining the one or more extended attribute values in a kernel space. This allows for better security management by utilizing the kernel space to determine one or more extended attribute values when the system calls for it before the kernel provides the necessary resources between the applications and hardware. Hajmasan is deemed as analogous art due to the art disclosing methods of determining extended attribute values in a kernel environment (Hajmasan, Paragraph [0044]). 

	

Conclusion
Applicant’s amendment necessitated the new ground(s) of rejection presented in this Office Action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). 
	A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to RODMAN ALEXANDER MAHMOUDI whose telephone number is (571)272-8747.  The examiner can normally be reached on M-F 11:00am – 7:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Philip Chea can be reached on (571) 272-3951.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/R.A.M./Examiner, Art Unit 2499                                                                                                                                                                                                        /PHILIP J CHEA/Supervisory Patent Examiner, Art Unit 2499