SYSTEMS AND METHODS FOR ENHANCING THE SECURITY OF ISOLATED EXECUTION ENVIRONMENTS OF AN AUTHORIZED USER

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . The following is a final office action in response to communications received 12/08/2025. Claims 1, 3, 4, 8, 9, 10, 11, 13, 18-21 have been amended. Claims 7, 17 have been cancelled. Therefore, claims 1-6, 8-16, 18-21 are pending and addressed below. Response to Arguments Applicant’s arguments filed 12/08/2025 have been fully considered but they are moot in view of new grounds of rejections. Allowable Subject Matter Claims 9-10 (claim 10 depends on claim 9), 19-20 (claim 20 depends on claim 19) are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-8, 10-18, 20-21 are rejected under 35 U.S.C. 103 as being unpatentable over Barton et al (EP 3422237) (from Applicant’s IDS) in view of Bukurak et al (Pub. No. US 2014/0007254). As per claim 1, Barton discloses a method for enhancing the security of isolated execution environments of an authorized user (…see par. 5, 521), the method comprising: identifying at least one computer system on which a user is authorized (…mobile device may be identified…enterprises allow users to access the enterprise network via mobile device, such as smartphones…see par. 3, 25); forming an isolated execution environment for an execution of a security application on the at least one identified computer system (…the enterprise agent can be installed onto the mobile device as a condition of the mobile device’s enrollment with the mobile device management system…the enterprise can employ an automated subsystem for installing enterprise agents onto the mobile devices associated with the enterprise…see par. 169); detecting at least two other isolated execution environments using the isolated execution environment for the security application on the at least one identified computer system (…a first application of the set of managed applications to provide data to a second application installed on the mobile device…the enterprise agent collects information about the mobile device’s configuration…the enterprise agent can similarly query the operating system for a list of mobile applications that are currently running…see par. 122, 171…Examiner further notes lack of clarification as to if there is any difference for “at least two other isolated execution environments using the isolated execution environment”). Barton does not explicitly disclose wherein the detecting comprises detecting at least two applications that are running in the at least two other detected isolated execution environments after the security application was launched; and forming a secure integration of the at least two other detected isolated execution environments using integration rules. However Bukurak discloses wherein the detecting comprises detecting at least two applications that are running in the at least two other detected isolated execution environments after the security application was launched (see par. 70-72); and forming a secure integration of the at least two other detected isolated execution environments using integration rules (…a hybrid application is a trusted application that is capable of and permitted to concurrently access files from more than one sandbox…the hybrid application is permitted to access data from a plurality of sandboxes…the hybrid application may access files from a sandbox in which the hybrid application was initiated and may also access files from another sandbox…the ability to access files from a plurality of sandboxes at the same time may be provided to the hybrid application by higher-level system components, such as a sandbox management application or module which manages the sandboxes and administers a set of access rules for the sandboxes…see par. 53-54). Therefore one ordinary skill in the art would have found it obvious before the effective filling date of the claimed invention to use Bukurak in Barton for including the above limitations because one ordinary skill in the art would recognize it would further improve the security of files on electronic devices for different operational contexts…see Bukurak, par. 3, 4. As per claim 11, Barton discloses a system for enhancing the security of isolated execution environments of an authorized user, comprising: at least one memory; and at least one hardware processor coupled with the at least one memory (see fig.1) and configured, individually or in combination, to: identifies at least one computer system on which a user is authorized (…mobile device may be identified…enterprises allow users to access the enterprise network via mobile device, such as smartphones…see par. 3, 25); forms an isolated execution environment for an execution of a security application on the at least one identified computer system (…the enterprise agent can be installed onto the mobile device as a condition of the mobile device’s enrollment with the mobile device management system…the enterprise can employ an automated subsystem for installing enterprise agents onto the mobile devices associated with the enterprise…see par. 169); detects at least two other isolated execution environments using the isolated execution environment for the security application on the at least one identified computer system (…a first application of the set of managed applications to provide data to a second application installed on the mobile device…the enterprise agent collects information about the mobile device’s configuration…the enterprise agent can similarly query the operating system for a list of mobile applications that are currently running…see par. 122, 171…Examiner further notes lack of clarification as to if there is any difference for “at least two other isolated execution environments using the isolated execution environment”). Barton does not explicitly disclose wherein the detecting comprises detecting at least two applications that are running in the at least two other detected isolated execution environments after the security application was launched; and forming a secure integration of the at least two other detected isolated execution environments using integration rules. However Bukurak discloses wherein the detecting comprises detecting at least two applications that are running in the at least two other detected isolated execution environments after the security application was launched (see par. 70-72); and forming a secure integration of the at least two other detected isolated execution environments using integration rules (…a hybrid application is a trusted application that is capable of and permitted to concurrently access files from more than one sandbox…the hybrid application is permitted to access data from a plurality of sandboxes…the hybrid application may access files from a sandbox in which the hybrid application was initiated and may also access files from another sandbox…the ability to access files from a plurality of sandboxes at the same time may be provided to the hybrid application by higher-level system components, such as a sandbox management application or module which manages the sandboxes and administers a set of access rules for the sandboxes…see par. 53-54). Therefore one ordinary skill in the art would have found it obvious before the effective filling date of the claimed invention to use Bukurak in Barton for including the above limitations because one ordinary skill in the art would recognize it would further improve the security of files on electronic devices for different operational contexts…see Bukurak, par. 3, 4. As per claim 21, Barton discloses a non-transitory computer readable medium storing thereon computer executable instructions for enhancing the security of isolated execution environments of an authorized user, including instructions for: identifying at least one computer system on which a user is authorized (…mobile device may be identified…enterprises allow users to access the enterprise network via mobile device, such as smartphones…see par. 3, 25); forming an isolated execution environment of a security application on the at least one identified computer system (…the enterprise agent can be installed onto the mobile device as a condition of the mobile device’s enrollment with the mobile device management system…the enterprise can employ an automated subsystem for installing enterprise agents onto the mobile devices associated with the enterprise…see par. 169); detecting at least two other isolated execution environments using the isolated execution environment of the installed security application on the at least one identified computer system (…a first application of the set of managed applications to provide data to a second application installed on the mobile device…the enterprise agent collects information about the mobile device’s configuration…the enterprise agent can similarly query the operating system for a list of mobile applications that are currently running…see par. 122, 171…Examiner further notes lack of clarification as to if there is any difference for “at least two other isolated execution environments using the isolated execution environment”). Barton does not explicitly disclose wherein the detecting comprises detecting at least two applications that are running in the at least two other detected isolated execution environments after the security application was launched; and forming a secure integration of the at least two other detected isolated execution environments using integration rules. However Bukurak discloses wherein the detecting comprises detecting at least two applications that are running in the at least two other detected isolated execution environments after the security application was launched (see par. 39, 70-72); and forming a secure integration of the at least two other detected isolated execution environments using integration rules (…a hybrid application is a trusted application that is capable of and permitted to concurrently access files from more than one sandbox…the hybrid application is permitted to access data from a plurality of sandboxes…the hybrid application may access files from a sandbox in which the hybrid application was initiated and may also access files from another sandbox…the ability to access files from a plurality of sandboxes at the same time may be provided to the hybrid application by higher-level system components, such as a sandbox management application or module which manages the sandboxes and administers a set of access rules for the sandboxes…see par. 53-54). Therefore one ordinary skill in the art would have found it obvious before the effective filling date of the claimed invention to use Bukurak in Barton for including the above limitations because one ordinary skill in the art would recognize it would further improve the security of files on electronic devices for different operational contexts…see Bukurak, par. 3, 4. As per claims 2, 12, the combination of Barton and Bukurak discloses wherein at least one computer system of the at least one computer system on which the user is authorized comprises a mobile computer system (Barton: see par. 3, 25). As per claims 3, 13, the combination of Barton and Bukurak discloses wherein the identification of the at least one computer system on which the user is authorized is performed by detecting a computer system that receives and transmits calls over a mobile network (Barton: see par. 105-106). As per claims 4, 14, the combination of Barton and Bukurak discloses wherein the forming of the isolated execution environment for the execution of the security application is performed by installing the security application on the at least one identified computer system (Barton: see par. 169). As per claims 5, 15, the combination of Barton and Bukurak discloses wherein when forming the isolated execution environment, the security application is provided with a maximum possible number of permissions and accesses (Barton: see par. 237, 361). As per claims 6, 16, the combination of Barton and Bukurak discloses wherein, after the isolated execution environment is formed, the security application activates the isolated execution environment by running the security application (Barton: see par. 168-169). As per claims 8, 18, the combination of Barton and Bukurak discloses the method further comprises: after the detection of the at least two applications that are running after the security application was launched, identifying parameters of the at least two other detected isolated execution environments that are generated for operation of the at least two applications (Bukurak: see par. 39, 70-72). The motivation for claims 8, 18 is the same motivation as in claims 1, 11 above. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure (see PTO-form 892). The following Patents and Papers are cited to further show the state of the art at the time of Applicant’s invention with respect to improving the security of isolated execution environments of an authorized user. Nadgowda et al (Pub. No. US 2020/0137091); “Cloud-Native Extensibility Provided to Security Analytics”; -Teaches the execution component can apply the instance of the encapsulated security application to a simulated system state of a computing device…see par. 35. Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to GHAZAL B SHEHNI whose telephone number is (571)270-7479. The examiner can normally be reached Mon-Fri 9am-5pm PCT. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Philip Chea can be reached at 5712723951. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /GHAZAL B SHEHNI/Primary Examiner, Art Unit 2499