Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
	This action is in response to the communication filed on 4/4/2022.
 Claims 1-20 are examined and rejected. 

Information Disclosure Statement
The Information Disclosure Statement (IDS) submitted on 4/15/2022 are in compliance with the provisions of 37 CFR 1.97. Accordingly, the IDS statement has been considered by the Examiner.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s) as explained below. See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on non-statutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159.  See MPEP §§ 706.02(l)(1) - 706.02(l)(3) for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.

Double Patent Analysis of Instant application 17,713,113 and US Patent 11,295,007. 
Claims 1-20 of instant application are rejected on the ground of non-statutory double patenting as being unpatentable over claims 1-20 of U.S. Patent 11,295,007. Although the conflicting claims are not identical, they are not patentably distinct from each other because the subject matter claimed in the instant application is covered by the U.S. Patent 11,295,007.
This is a non-statutory double patenting rejection. The assignee of the application and the patent is the same.
Exemplary claim 1 with the substantive differences between the conflicting claim 1 identified in bold / underlined is outlined below in the following comparison table.

Claim Comparison Table   
Instant Application
17,713,113
US Patent 
11,295,007
1. A method for managing application behavior using one or more processors that execute instructions to perform actions, comprising: 
providing a first request to an extension server for an extension shell for a hosting application, wherein the extension shell is associated with a first security policy that restricts an extension body corresponding to the extension shell from navigating away from the hosting application or the extension server; 
providing a second request to the extension server to embed the extension body in the extension shell, wherein the extension body is associated with a second security policy that restricts network access of the extension body; and 
employing one or more of the first security policy or the second security policy to restrict access by one or more of the extension shell or the extension body to the hosting application or the extension server.

1. A method for managing application behavior using one or more processors that execute instructions to perform actions, comprising: 
        providing a first request to an extension server, wherein the first request includes information that identifies an extension of a hosting application; 
       employing information included in a first response to instantiate an extension shell that corresponds to the extension and embed it in the hosting application, wherein the extension shell is associated with a first security policy included in the first response, and wherein the first security policy is employed to restrict an extension body corresponding to the extension shell from navigating away from the hosting application or the extension server; 
         enabling the extension body to access one or more prescribed application resources, wherein the one or more prescribed application resources include one or more application programming interfaces (APIs) that enable controlled access to one or more application resources; 
         providing a second request to the extension server based on information included in the extension shell, wherein the second request includes an identifier associated with the extension body that corresponds to the extension shell; 
        employing additional information included in a second response to instantiate the extension body and embed it in the extension shell, wherein the extension body is associated with a second security policy that is included in the second response, wherein the second security policy is employed to restrict network access of the extension body; and 
        employing one or more of the first security policy or the second security policy to enable one or more of the extension shell or the extension body to just access the hosting application or just access the extension server.







Claim 1 and independent claim(s) of the instant application is broader in all respects than conflicting claim 1 and independent claim(s) of Patent No. U.S. Patent 11,295,007.  It is clear that all the elements of independent claims of the instant application are to be found in the patent of independent claims. The difference between the instant application claims and claims of patent claims lies in the fact that the patented claim includes more elements and is thus more specific. 
For example, in the instant application claim 1 recites “ first and second request with extension shell with updated of security policy along with other steps” similarly in the patent claim 1 the ‘all steps of instant application claim 1 along with ‘enabling the extension body to access one or more prescribed application resources, wherein the one or more prescribed application resources include one or more application programming interfaces (APIs) that enable controlled access to one or more application resources and other steps’. Thus, claim 1 and independent claim(s) of instant application are broader.
The pending claims of the instant application are generic to the species of patent
‘007. Thus, the generic invention is ‘anticipated’ by the species of the patented invention and the instant application claims are generic to the species of invention covered by the patent claim. Therefore, they are not patentably distinct from each other.
A later patent claim is not patentably distinct from an earlier patent claim if the later claim is obvious over, or anticipated by, the earlier claim. In re Longi, 759 F.2d at 896, 225 USPQ at 651 (affirming a holding of obviousness-type double patenting because the claims at issue were obvious over claims in prior art patents); In re Berg, 140 F.3d at 1437, 46 USPQ2d at 1233 (Fed. Cir. 1998) (affirming a holding of obviousness-type double patenting where a patent application claim to a genus is anticipated by a patent claim to a species within that genus)." ELI LILLY AND COMPANY v BARR LABORATORIES, INC., United States Court of Appeals for the Federal Circuit, ON PETITION FOR REHEARING EN BANC (DECIDED: May 30, 2001).
This is non-statutory obvious type double patenting rejection.  

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable by U.S. Publication 2020/0175152 to Xu et al. (hereinafter known as “Xu”) and in view of U.S. Patent 10,732,952 to Yu et al. (hereinafter known as “Yu”).

As per claim 1 Xu teaches a method for managing application behavior using one or more processors that execute instructions to perform actions, comprising: 
providing a first request to an extension server, wherein the first request includes information that identifies an extension of a hosting application (Xu para 173, 176, 177, 178 teaches application sandboxing to detect malicious code or malware. Para 177 teaches extension analysis such as .apk or copy.apk for malware analysis, where examiner interprets multiple extensions and request for multiple format of files of hosting application Fig 13 where host application is stored application);
employing information included in a first response to instantiate an extension shell that corresponds to the extension and embed it in the hosting application (Xu para 109 teaches shell command executions for malware code, where hooked API’s for shell command execution with extension checks for hooking cryptographic operation which is similar to ‘instantiate an extension’ of claimed limitation), wherein the extension shell is associated with a first security policy included in the first response (Xu para 37, 48 teaches policy rules for application analyzed for associated data in shell); 
providing a second request to the extension server based on information included in the extension shell, wherein the second request includes an identifier associated with an extension body that corresponds to the extension shell (Xu para 62 teaches multiple file identifiers such as applications, signatures, hashes, libraries where signature / hash are interpreted as identifier of extension body. Examiner notes that file name / shell name with extension and hash or signature of the complete file information is similar to identifier associated with extension body (interpreted as file extension) by examiner); 
employing additional information included in a second response to instantiate the extension body and embed it in the extension shell, wherein the extension body is associated with a second security policy that is included in the second response (Xu para 111, 132 teaches shell policy analysis which covers claimed limitation); and 
employing one or more of the first security policy or the second security policy to enable one or more of the or the extension body to just access the hosting application or just access the extension server (Xu para 173, 176, 177, 178 teaches application sandboxing to detect malicious code or malware. Para 177 teaches extension analysis such as .apk or copy.apk for malware analysis). 
Xu does not teach however Yu teaches extension shell security policy (Yu Fig 2 col 9 lines 20 – 45 teaches multiple type of shells with widgets and extensions such as desktop shell, mobile shell, sandbox shell, web shell sandbox API and Fig 3 – col 14 lines 50 – 67 teaches secure shell service integration which covers the claimed limitation). 
Xu teaches execution of application in application-level sandbox with shell extensions, request for application launch and other steps as described / mapped above (Xu abstract and para 173-178). Xu does not teach however Yu teaches secure shell policy (Yu Fig 2 and 3). 
Xu and Yu are analogous art because they both are from area of application level security. At the time of invention it would have been obvious to one of ordinary skill in the art, having the teachings of Xu-Yu before him or her, application in application-level sandbox with shell extensions as per Xu’s teachings with Yu’s teaching of secure shell policies. 
The suggestion/motivation for doing so would have been to customize secure shell widget configuration(s) across different platforms (Yu col 1 lines 5 – 11). 

As per claim 2 combination of Xu – Yu teaches, the method of claim 1, further comprising: 
employing information included in a first response to instantiate the extension shell that corresponds to the extension and embed it in the hosting application (Xu Fig 4 element 402 para 156-158 and Fig 13 para 175-177).
As per claim 3 combination of Xu – Yu teaches, the method of claim 1, further comprising: employing additional information included in a second response to instantiate the extension body and embed it in the extension shell (Xu Fig 4 element 406 para 156-158 and Fig 13 para 175-177)..
As per claim 4 combination of Xu – Yu teaches, the method of claim 1, further comprising: in response to violation of one or more of the first security policy or the second security policy, employing the hosting application disable execution of the extension body (Xu Fig 4 para 156-158). 
As per claim 5 combination of Xu – Yu teaches, the method of claim 1, further comprising in response to the extension body attempting to exfiltrate data from the hosting application or the extension server to a third-party location, providing for blocking of execution of the extension body or terminating execution of the extension body(Xu Fig 4 para 156-158). 
As per claim 6 combination of Xu – Yu teaches, the method of claim 1, further comprising: in response to the extension body attempting to load content from other than the hosting application or the extension server, providing for blocking of execution of the extension body or terminating execution of the extension body (Xu para 31, 51-52 and 54).  
As per claim 7 combination of Xu – Yu teaches, the method of claim 1, further comprising: in response to restricting access by the extension shell or the extension body to the hosting application or the extension server, providing one or more reports of restricted access events (Xu para 157).  
Claim 8
Claim 8 is rejected in accordance of claim 1.
Claim 9
Claim 9 is rejected in accordance of claim 2.
Claim 10
Claim 10 is rejected in accordance of claim 3.
Claim 11
Claim 11 is rejected in accordance of claim 4.
Claim 12
Claim 12 is rejected in accordance of claim 5.
Claim 13
Claim 13 is rejected in accordance of claim 6.

Claim 14
Claim 14 is rejected in accordance of claim 7.
Claim 15
Claim 15 is rejected in accordance of claim 1.
Claim 16
Claim 16 is rejected in accordance of claim 2.
Claim 17
Claim 17 is rejected in accordance of claim 3.
Claim 18
Claim 18 is rejected in accordance of claim 4.
Claim 19
Claim 19 is rejected in accordance of claim 5.
Claim 20
Claim 20 is rejected in accordance of claim 6.

Conclusion
	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.

Hemsath et al US Patent 6,851,113
Reardon et al US Patent 6,212,635
Banerjee et al US Patent 11,070,556
Tung et al US Patent 10,809,991
Sawhney et al US Patent 10,592,676
Dykes et al US Patent 10,452,843
Woolward et al US Patent 10,009,317
Chen et al US Patent 2017/0076103
Robertson et al US Publication 2020/0042713

Any inquiry concerning this communication or earlier communications from the examiner should be directed to VIRAL S LAKHIA whose telephone number is (571)270-3363.  The examiner can normally be reached on 8 am - 6 pm.

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on 571-272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/VIRAL S LAKHIA/Examiner, Art Unit 2431