DETAILED ACTION Applicant cancels claims 10-19, 29-36, and 39-40 by preliminary amendment. Claims 1-9, 20-2 8 , and 37-38 rejected under 35 USC § 103. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-9, 20-28, and 37-38 are rejected under 35 U.S.C. 103 as being unpatentable over Gupta et al., U.S. PG-Publication No. 2020/0028848 A1, in view of Krasin et al., U.S. PG-Publication No. 2015/0278513 A1. Cla im 1 Gupta discloses a method, implemented by a communication system . Gupta discloses methods “of efficiently managing secure access to multiple instances of applications.” Gupta, ¶ 21. The method is implemented with “shared computing platform 101 in an Internet-connected computing environment” (i.e., communication system). Id. at ¶ 28; FIG. 1. Gupta discloses wherein the method comprises: sending, by a first device of the communication system, a first request to a second device of the communication system, wherein the first request identifies a first caller installed in the first device, identifies a callee installed in the second device . An application “is instantiated and made available to be accessed upon request by the requesting user.” Id. at ¶ 31. A reverse proxy authorization service 102 “exposes user application request information (e.g., user credentials, application identifier, etc.).” Id. at ¶ 37. The server “can authenticate user1 (e.g., based on the user credentials 302), and then redirect the request (e.g., based on the application identifier 304)” to a m apping data structure. The mapping data structure facilitate mapping operations including “to identify and securely connect a particular web browser session to the particular containerized application instance that a particular user is authorized to access.” Id. at ¶ 46. Accordingly, the “particular web browser session” is analogous to “a first caller installed in the first device , ” and the application identifier 304 identifies “a callee installed in the second device . ” Gupta discloses running, by the second device in response to the first request, a first instance in a first sandbox, wherein the first instance is of the callee . An application “is instantiated and made available to be accessed upon request by the requesting user.” Id. at ¶ 31. The method establishes “a secure … connection between the authorized instance of browser … and the authenticated instance of [the] application.” Id. at ¶ 38. Based upon the request, an application authorization server 326 issues instructions to a virtualized container service machine 330 “to download and/or install the requested application.” Id. at ¶ 47. Applications are “loaded into and run from a shared node or service within a shard multi-node computing system rather than being loaded onto a user’s personal, unshared device” (i.e., provides the first service for the first caller). Id. at ¶ 5. The containers of Gupta are analogous to the claimed “sandbox.” Applicant defines a sandbox as a “virtual system program that has an independent running environment,” “has an independent RAM and an independent NVM,” and “cannot access other resources in the device.” Spec., ¶ 196. Gupta discloses that “containerized virtualization environments ” (i.e., virtual system program), “comprise groups of processes and/or resources (e.g., memory, CPU, disk, etc.)” (i.e., independent memory), and “are isolated from the host computer and other executable containers” (i.e., cannot access other resources in the device). Gupta, ¶ ¶ 3- 4 , 73. Gupta discloses sending, by a third device of the communication system, a second request to the second device wherein the second request identifies a second caller installed in the third device, identifies the callee, and comprises second indication information of a second service , wherein the first caller, the callee, and the second caller are application or functional components, wherein each of the applications is a first program entity implementing a plurality of functions, and wherein each of the functional components is a second program entity implementing a single function . The first and second caller are particular browser sessions, depicted as browsers 110 1-N in FIG. 1. The computing environment 100 comprises “a plurality instances of applications that a set of users … desire to access from a respective browser.” Further, the “applications can be any application or web service that can carry out or be subjected to … authentication and authorization protocol” (i.e., program entities). Id. at ¶ 29. Applications (i.e., callees) are instances of containerized applications 1061 that can be instantiated from an application repository 104 comprising multiple applications.” Id. at ¶ 33. Gupta discloses running, by the second device in response to the second request, a second instance in a second sandbox, wherein the second instance is of the callee …. and wherein the second sandbox is different from the first sandbox . Gupta discloses that “multiple instances of application ‘B’ might be invoked by the foregoing users.” Id. at ¶ 34. The reverse proxy authorization service facilitates “authorized access to user-specific instances of applications using user-specific user credentials and a single application digital certificate for all instances of the application in the computing environment.” Id. at ¶ 8. Accordingly, the second caller (e.g., browser 110 K ) creates a separate second instance of application B (i.e., second sandbox different from the first) that is specific to the user (i.e., a second service to the second caller). See Id. at FIG. 1 (illustrating that callers User1 and UserK have separate instances of callee application B). Gupta does not expressly disclose wherein the first request comprises first indication information of a first service ; wherein the first instance provides the first service for the first caller ; wherein the second request comprises second indication information of a second service ; wherein the second instance provides the second service to the second caller . Krasin discloses wherein the first request comprises first indication information of a first service ; wherein the first instance provides the first service for the first caller ; wherein the second request comprises second indication information of a second service ; wherein the second instance provides the second service to the second caller . Krasin discloses a system that “can create in-process sandbox environments to host and control execution of a third party application and data.” Krasin, ¶ 5. A process-level manager 212 “can create and manage multiple in-process sandbox environments 302, each sandbox environment 302 hosting a worker 304 created from the application code 204 to complete an assigned work assignment.” Id. at ¶ 41; FIG. 3. The client initiates a work order “by issuing an execution request” including “the file name of the application code 204.” The client “may include arguments to be used when running the application code 204” (arguments → indication information). Id. at ¶ 32. Different arguments cause the sandboxed application to provide a modified service, i.e. a second service. It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify the containerized application hosting system of Gupta to incorporate the sandboxed application hosting system using request arguments as taught by Krasin . One of ordinary skill in the art would be motivated to integrate incorporate the sandboxed application hosting system using request arguments into Gupta , with a reasonable expectation of success, in order to establish policies that “preserve the integrity and security of code, control flow, and data” (i.e., to improve security) . See Krasin, ¶ 68. Claim 2 Gupta discloses initiating, by the first device, a third request to the second device, wherein the third request identifies the caller, identifies the callee, and comprises third indication information of a third service . An application “is instantiated and made available to be accessed upon request by the requesting user.” Gupta, ¶ 31. A reverse proxy authorization service 102 “exposes user application request information (e.g., user credentials, application identifier, etc.).” Id. at ¶ 37. The server “can authenticate user1 (e.g., based on the user credentials 302), and then redirect the request (e.g., based on the application identifier 304)” to a mapping data structure. The mapping data structure facilitate mapping operations including “to identify and securely connect a particular web browser session to the particular containerized application instance that a particular user is authorized to access.” Id. at ¶ 46. Accordingly, the “particular web browser session” is analogous to “a first caller installed in the first device,” and the application identifier 304 identifies “a callee installed in the second device.” Gupta discloses running, by the second device in response to the third request, the first instance in the first sandbox or a third instance in the first sandbox . Gupta discloses that “multiple instances of application ‘B’ might be invoked by the foregoing users.” Id. at ¶ 34. The reverse proxy authorization service facilitates “authorized access to user-specific instances of applications using user-specific user credentials and a single application digital certificate for all instances of the application in the computing environment.” Id. at ¶ 8. Accordingly, the second caller (e.g., browser 110 K ) creates a separate second instance of application B (i.e., second sandbox different from the first) that is specific to the user (i.e., a second service to the second caller). See Id. at FIG. 1 (illustrating that callers User1 and UserK have separate instances of callee application B). Krasin discloses the third request comprises third indication information of a third service ; and wherein the first instance provides the third service for the first caller, and wherein the third instance provides the third service for the first caller . Krasin discloses a system that “can create in-process sandbox environments to host and control execution of a third party application and data.” Krasin, ¶ 5. A process-level manager 212 “can create and manage multiple in-process sandbox environments 302, each sandbox environment 302 hosting a worker 304 created from the application code 204 to complete an assigned work assignment.” Id. at ¶ 41; FIG. 3. The client initiates a work order “by issuing an execution request” including “the file name of the application code 204.” The client “may include arguments to be used when running the application code 204” (arguments → indication information). Id. at ¶ 32. Different arguments cause the sandboxed application to provide a modified service, i.e. a third service. Claim 3 Gupta discloses initiating, by the first device, a third request to the second device, wherein the third request identifies a third caller installed in the first device, identifies the calle e … and wherein the third caller is an application (APP) or a functional component . An application “is instantiated and made available to be accessed upon request by the requesting user.” Gupta, ¶ 31. A reverse proxy authorization service 102 “exposes user application request information (e.g., user credentials, application identifier, etc.).” Id. at ¶ 37. The server “can authenticate user1 (e.g., based on the user credentials 302), and then redirect the request (e.g., based on the application identifier 304)” to a mapping data structure. The mapping data structure facilitate mapping operations including “to identify and securely connect a particular web browser session to the particular containerized application instance that a particular user is authorized to access.” Id. at ¶ 46. Accordingly, the “particular web browser session” is analogous to “a first caller installed in the first device,” and the application identifier 304 identifies “a callee installed in the second device.” Gupta discloses running, by the second device in response to the third request, the first instance in the first sandbox or a third instance in the first sandbox . Gupta discloses that “multiple instances of application ‘B’ might be invoked by the foregoing users.” Id. at ¶ 34. The reverse proxy authorization service facilitates “authorized access to user-specific instances of applications using user-specific user credentials and a single application digital certificate for all instances of the application in the computing environment.” Id. at ¶ 8. Accordingly, the second caller (e.g., browser 110 K ) creates a separate second instance of application B (i.e., second sandbox different from the first) that is specific to the user (i.e., a second service to the second caller). See Id. at FIG. 1 (illustrating that callers User1 and UserK have separate instances of callee application B). Krasin discloses the third request comprises third indication information of a third service , wherein the first instance provides the third service for the first caller ; and wherein the third instance provides the third service for the third caller . Krasin discloses a system that “can create in-process sandbox environments to host and control execution of a third party application and data.” Krasin, ¶ 5. A process-level manager 212 “can create and manage multiple in-process sandbox environments 302, each sandbox environment 302 hosting a worker 304 created from the application code 204 to complete an assigned work assignment.” Id. at ¶ 41; FIG. 3. The client initiates a work order “by issuing an execution request” including “the file name of the application code 204.” The client “may include arguments to be used when running the application code 204” (arguments → indication information). Id. at ¶ 32. Different arguments cause the sandboxed application to provide a modified service, i.e. a third service. Claim 4 Gupta discloses initiating, by a fourth device of the communication system, a third request to the second device, wherein the third request identifies the first caller or a third caller installed in the fourth device, identifies the callee … wherein the third caller is installed in the fourth device, and wherein the first caller is further installed in the fourth device . An application “is instantiated and made available to be accessed upon request by the requesting user.” Gupta, ¶ 31. A reverse proxy authorization service 102 “exposes user application request information (e.g., user credentials, application identifier, etc.).” Id. at ¶ 37. The server “can authenticate user1 (e.g., based on the user credentials 302), and then redirect the request (e.g., based on the application identifier 304)” to a mapping data structure. The mapping data structure facilitate mapping operations including “to identify and securely connect a particular web browser session to the particular containerized application instance that a particular user is authorized to access.” Id. at ¶ 46. Accordingly, the “particular web browser session” is analogous to “a first caller installed in the first device,” and the application identifier 304 identifies “a callee installed in the second device.” Gupta discloses running, by the second device in response to the third request, the first instance in the first sandbox or a third instance in the first sandbox . Gupta discloses that “multiple instances of application ‘B’ might be invoked by the foregoing users.” Id. at ¶ 34. The reverse proxy authorization service facilitates “authorized access to user-specific instances of applications using user-specific user credentials and a single application digital certificate for all instances of the application in the computing environment.” Id. at ¶ 8. Accordingly, the second caller (e.g., browser 110 K ) creates a separate second instance of application B (i.e., second sandbox different from the first) that is specific to the user (i.e., a second service to the second caller). See Id. at FIG. 1 (illustrating that callers User1 and UserK have separate instances of callee application B). Krasin discloses the third request comprises third indication information of a third service or fourth indication of a fourth service ; and wherein the first instance provides the third service for the first caller of the fourth device, and wherein the third instance provides the fourth service for the third caller . Krasin discloses a system that “can create in-process sandbox environments to host and control execution of a third party application and data.” Krasin, ¶ 5. A process-level manager 212 “can create and manage multiple in-process sandbox environments 302, each sandbox environment 302 hosting a worker 304 created from the application code 204 to complete an assigned work assignment.” Id. at ¶ 41; FIG. 3. The client initiates a work order “by issuing an execution request” including “the file name of the application code 204.” The client “may include arguments to be used when running the application code 204” (arguments → indication information). Id. at ¶ 32. Different arguments cause the sandboxed application to provide a modified service, i.e. a fourth service. Claim 5 Gupta discloses wherein the first caller and the second caller are the same . If two different users use the same browser 110 to make calls to an application, then the claimed first and second caller are the same (i.e., the browser 110). See Gupta, ¶ 38 (user credentials used to establish “a secure … connection between the authorized instance of browser 110 and the authenticated instance of application”); ¶ 50 (establish authorized connection “from the instances of containerized applications”). Claim 6 Krasin discloses wherein the first device and the third device are the same . If a user of a device uses a device to make two different calls to an application, then the claimed first and third device are the same (i.e., the same client device). See Krasin ¶ 32 (“client may include arguments to be used when running the application code”); ¶ 98 (“user device 514 … can access the application website 502 and the hosted application 508”). Claim 7 Gupta discloses detecting, by the second device before running the first instance, whether the first sandbox exists, and creating, by the second device, the first sandbox when the first sandbox does not exist ; and detecting, by the second device before running the second instance, whether the second sandbox exists, and creating, by the second device, the second sandbox when the second sandbox does not exist . Gupta discloses that “[w]hen an application request pertains to an application that is registered but has not instance authorized for access by the requester, application authorization server 326 can issue instructions to the virtualized container service machine 330 to instantiate the requested application.” Gupta, ¶ 47. Claim 8 Gupta d iscloses creating by the second device, the first instance; and creating, by the second device, the second instance . The applications “comprise containerized images that are instituted at installation” ( instantiation → creating an instance). Gupta discloses that “multiple instances of a particularized containerized application can be present in computing environment 100,” wherein multiple interface “might be invoked by the foregoing users,” thereby creating “multiple user-specific instances of applications.” Gupta, ¶¶ 3 3 -35. Claim 9 Gupta discloses storing, by the second device, a first calling relationship in the second device after creating the first instance, wherein the first calling relationship comprises first information about the first caller, second information about the first instance, and a first identifiers of the first calling relationship ; and storing, by the second device, a second calling relationships in the second device after creating the second instance, wherein the second calling relationship comprises third information about the second caller, fourth information about the second instance, and a second identifier of the second calling relationship . Gupta discloses a set of application digital certificated 108, wherein “a single application digital certificate is generated for each particular containerized application.” Gupta, ¶ 36. The method stores a mapping data structure 114 to “organize and/or store … instance attributes and/or other data.” Data can come “from the application digital certificates 108.” Figure 4 illustrates an embodiment, wherein rows “comprise instance-specific information 404 corresponding to the instance of containerized applications.” Each table row comprises a column “ipAddress” (i.e., information about the caller), “appID” (i.e., information about the instance), and public key “pubKey” (i.e., identifiers of the calling relationship). Id. at ¶¶ 54-55. The mapping data structure is used “to identify and securely connect to a particular containerized application instance that a particular user is authorized to access.” The public key is “used to establish secure access to the web server of the authorized instance” (i.e., identifier of calling relationship). Id. at ¶ 56. Claims 20-2 8 Claims 20-2 8 are rejected utilizing the aforementioned rationale for Claims 1-9 ; the claims are directed to the same method; Claims 1-9 are drawn to the method performed by the first device (e.g., client sending request); Claims 20-2 8 are drawn to the method performed by the second device (e.g., server receiving request). The cited prior art teaches both. Claims 37-38 Claims 37-38 are rejected utilizing the aforementioned rationale for Claims 20-21 ; the claims are directed to a system performing the method. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See Ghanaie-Sichanie et al., U.S. PG-Publication No. 2010/0274910 A1 (abstract describing two-way isolation of the distributed resources of an application). Any inquiry concerning this communication or earlier communications from the examiner should be directed to FILLIN "Examiner name" \* MERGEFORMAT FRANK D MILLS whose telephone number is FILLIN "Phone number" \* MERGEFORMAT (571)270-3194 . The examiner can normally be reached FILLIN "Work Schedule?" \* MERGEFORMAT M-F 10-6 ET . Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, FILLIN "SPE Name?" \* MERGEFORMAT KEVIN YOUNG can be reached at FILLIN "SPE Phone?" \* MERGEFORMAT (571)270-3180 . The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /FRANK D MILLS/ Primary Examiner, Art Unit 2194 March 23, 2026