SYSTEM AND METHOD FOR GEOFENCING

Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . DETAILED ACTION This Office Action is in response to the amendment filed 3/2/2026 for application 18/789,590. Claims 1-20 have been examined and are pending. Claims 1, 8, and 15 have been amended. Claims 1, 8, and 15 are independent claims. This Office Action is FINAL. Response to Arguments Applicants’ arguments in the instant Amendment, filed on 3/2/2026, with respect to limitations listed below, have been fully considered but they are not persuasive. Applicant argues as follows: The Double Patenting Rejection Applicant is including with this reply, a timely filed terminal disclaimer in compliance with 37 C.F.R. § 1.321(c). U.S. Patent Nos. 10,116,697, 11,115,438, 12,069,097 and the current Application are commonly owned. Accordingly, withdrawal of this rejection is respectfully requested. The filing of the terminal disclaimer is not an acknowledgement of the propriety of the rejection. Examiner respectfully notes that no terminal disclaimer has been filed or approved. Accordingly, the double patenting rejections are maintained. Applicant argues as follows: Rejections under 35 U.S.C. 4103 The Supreme Court in KSR Intl Co. v. Teleflex Inc., 550 U.S. 398, 415-421, 82 USPQ2d 1385, 1395-97 (2007) identified a number of rationales to support a conclusion of obviousness. Specifically, the rationale to support a conclusion that the claim would have been obvious is that all the claimed elements were known in the prior art, that one skilled in the art could have combined the elements as claimed by known methods with no change in their respective functions, and that the combination yielded nothing more than predictable results to one of ordinary skill in the art. KSR, 550 U.S. at 416, 82 USPQ2d at 1395; Sakraida v. AG Pro, Inc., 425 U.S. 273, 282, 189 USPQ 449, 453 (1976); Anderson's-Black Rock, Inc. v. Pavement Salvage Co., 396 U.S. 57, 62-63, 163 USPQ 673, 675 (1969); Great At/. & P. Tea Co. v. Supermarket Equip. Corp., 340 U.S. 147, 152, 87 USPQ 303, 306 (1950). "[I]t can be important to identify a reason that would have prompted a person of ordinary skill in the relevant field to combine the elements in the way the claimed new invention does." KSR, 550 U.S. at 418, 82 USPQ2d at 1396. If any of these findings cannot be made, then this rationale cannot be used to support a conclusion that the claim would have been obvious to one of ordinary skill in the art. In this case, Applicant respectfully submits that not all the claimed elements were known in the prior art, that, even if the claimed elements were known, one of ordinary skill in the art could not have combined the elements as claimed by known methods with no change in their respective functions, and that one of ordinary skill in the art could not have predicted what result the alleged combination might produce. Examiner respectfully disagrees. In response to applicant’s argument that there is no teaching, suggestion, or motivation to combine the references, the examiner recognizes that obviousness may be established by combining or modifying the teachings of the prior art to produce the claimed invention where there is some teaching, suggestion, or motivation to do so found either in the references themselves or in the knowledge generally available to one of ordinary skill in the art. See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988), In re Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992), and KSR International Co. v. Teleflex, Inc., 550 U.S. 398, 82 USPQ2d 1385 (2007). In this case, One would have been motivated to provide users with the benefits of placing temporal and geographic restrictions on document access (Borzycki: col. 57, lines 18-29). One would have been motivated to provide users with the benefits of a secure execution environment capable of operating across multiple computing platforms in an operating system agnostic manner (James: paragraph 0011). One would have been motivated to provide users with the benefits of portability of a software container that behaves like an independently separate physical computer (Lin: paragraph 0021). Applicant argues as follows: For example, the primary reference, Qureshi, describes an access manager (340) that governs access to a file system (338), which is part of a secure document container 336, by applications 318 and other components of a mobile device 120. See Qureshi, paragraph [0416]. These applications 318, however, are not stored in the file system 338 or within the secure document container 336. Instead, these applications 318 are installed on the mobile device 120 and run within a browser 332. See Qureshi, paragraph [0436], FIG. 3. According to Qureshi, enterprise control over these user-installed applications 318 is achieved by configuring the browser 332 to activate or deactivate certain functionalities under defined conditions such as a location condition, i.e., the location of the mobile device 120. See Qureshi, paragraph [0438]. Further, according to Qureshi, an enterprise can require its users 115 to install the browser 332 onto their mobile devices 120, and can prohibit the use of other web browsers. See Qureshi, paragraph [0440]. The required browser 332 can be configured to direct at least some of the mobile device traffic through application tunnels to an enterprise-controlled tunneling mediator, such as the mediator 224. Id. Thus, using the technology described by Qureshi, the enterprise can control the applications 318 running on the mobile device 120 by using the browser 332 implementing the enterprise's BYOD policies. See Qureshi, paragraph [0435]. Contrastingly, in the claimed invention, an application is in a managed cache in a managed container. The managed container controls the application (and the application's access to content in the managed cache in the managed container) in the managed cache in accordance with a geofencing rule received from an application gateway server computer. This control does not require configuring a browser to implement an enterprise's BYOD policies or forcing the application to use a secure virtual machine like what is described by paragraphs [0058], [0469] of Qureshi. Borzycki does not remedy the deficiencies of Qureshi submitted above. Thus, motivation to combine Qureshi and Borzycki notwithstanding, the alleged combination of Qureshi and Borzycki does not disclose each and every element of the invention as claimed. Accordingly, at least the finding of "all the claimed elements were known in the prior art" cannot be made. Since at least the finding of "all the claimed elements were known in the prior art" cannot be made against claim 1, the Office Action's rationale cannot be used to support a conclusion that claim 1 would have been obvious to one of ordinary skill in the art. In view of the foregoing, Applicant respectfully submits that claim 1 is patentable over the art of record under 35 U.S.C. § 103. Examiner respectfully disagrees. Claim 1 was and is properly rejected by the combination of Qureshi, Borzycki, Lin, and James. Regarding claim 1, Qureshi discloses, paragraphs 0083, 0413, 0091,0109, 0110, Fig. 1, a method, comprising: providing, by a user device to an application gateway server computer, information about a geographical location of the user device, the information comprising geocode, Global Positioning System coordinates, or a combination thereof by disclosing mobile device 120, by making a data connection, transmit GPS coordinates from mobile device 120; a method, comprising: receiving, by a managed container on a user device managed container encompasses enterprise agent 320 with secure container component 350D; FIG. 1A shows an application gateway server computer encompassing mobile device management system 126 and secure mobile gateway 128 with the enterprise computing environment 100; paragraphs 0413, 0091,0109, 0110, Fig. 1, receiving, by a managed container on the user device from the application gateway server computer, by disclosing a method, comprising: receiving, by a managed container on a user device managed container encompasses enterprise agent 320 with secure container component 350D; FIG. 1A shows an application gateway server computer encompassing mobile device management system 126 and secure mobile gateway 128 with the enterprise computing environment 100; paragraphs 0109, 0110, 0416, 0416, 0422, 0307, the geofencing rule for restricting access to content in the managed container based on the geographical location of the user device by disclosing a geofencing rule, an application, and content; wherein the geofencing rule governs the application and the content in the managed container based on a geographical location of the user device where geofencing rule, an application, and content encompasses document access policies, policy that limits access based on geographical position, file system; determining, by the managed container on the user device, whether the user device is located within the geographical location; paragraphs 0109, 0413, FIG. 1A, paragraph 0110, 0091, receiving, by the managed container on the user device by disclosing wherein such mobile device management can comprise sending rule packages to the mobile devices 120 (as described below) and/or regulating access to enterprise resources 130; “The enterprise system 110 (which can be partially or entirely within the cloud 156 can transmit documents to the devices 120, which can be stored (e.g., by the enterprise agent 320) within the container 336.”; --- managed container encompasses enterprise agent 320 with secure container component 350D; component 350D may create a secure container to store documents and other information so secure container may be considered a managed cache, enterprise agent 320, considered by examiner as part of a managed container, can stored documents within secure document container 336, considered by examiner as a managed cache; paragraph 0307, determining, by the managed container on the user device, whether the user device is located within the geographical location by disclosing “suppose that the mobile device rule 318 allows for an application 318 to be used only when the mobile device 120 is in a defined geographical zone, and that the application 318 is invoked when this condition is met”; and paragraph 0417, based on a determination by the managed container that the user device is not located within the geographical location by disclosing “the document access policy can instruct the container 336 or agent 320 to otherwise make them unavailable if the mobile device 120 is taken outside of the defined geographic zone.”; paragraph 0417, denying or restricting, by the managed container based on the geofencing rule, access by the application to the content in the managed container on the user device by disclosing “the document access policy can instruct the container 336 or agent 320 to otherwise make them unavailable if the mobile device 120 is taken outside of the defined geographic zone.”. Qureshi discloses a geofencing rule for restricting access to content in the managed container based on a geographical location of the user device; a request from an application running in the managed container to access the content; denying or restricting, by the managed container based on the geofencing rule, access by the application to the content in the managed container on the user device, but does not explicitly disclose a geofencing rule for restricting access to content in a managed cache in the managed container based on a geographical location of the user device; a request from an application running in the managed container to access the content in the managed cache; a request from an application running in the managed container to access the content in the managed cache; responsive to the request from the application, denying or restricting, by the managed container based on the geofencing rule, access by the application to the content in the managed cache in the managed container on the user device. Borzycki discloses, FIG. 5, col. 19, line 53, through col. 20, line 25, a geofencing rule for restricting access to content in a managed cache in the managed container based on a geographical location of the user device; a request from an application running in the managed container to access the content in the managed cache; denying or restricting, by the managed container based on the geofencing rule, access by the application to the content in the managed cache in the managed container on the user device by disclosing FIG. 5 shows managed cache 528 in managed container 510; “The data secured in the secure data container may be accessed by the secure wrapped applications 514, applications executed by a secure application launcher 518, virtualization applications 526 executed by a secure application launcher 518, and the like.” , FIG. 5, col. 19, line 53, through col. 20, line 25,; a request from an application running in the managed container to access the content in the managed cache by disclosing FIG. 5 shows managed cache 528 in managed container 510; “The data secured in the secure data container may be accessed by the secure wrapped applications 514, applications executed by a secure application launcher 518, virtualization applications 526 executed by a secure application launcher 518, and the like.” , FIG. 5, col. 19, line 53, through col. 20, line 25, responsive to the request from the application by disclosing “The data secured in the secure data container may be accessed by the secure wrapped applications 514, applications executed by a secure application launcher 518, virtualization applications 526 executed by a secure application launcher 518, and the like.”. Qureshi and Borzycki disclose restricting access, application, data, content, managed container, managed cache but do not explicitly disclose wherein the managed container controls, in accordance with the qeofencinq rule regardless of whether the user device is or is not connected to the application gateway server computer: the application in the managed cache in the managed container; and the content in the managed cache in the managed container. James discloses, paragraph 0053, wherein the managed container controls, in accordance with the qeofencinq rule regardless of whether the user device is or is not connected to the application gateway server computer: the application in the managed cache in the managed container; and the content in the managed cache in the managed container by disclosing local cache can allow local applications to execute when a connection is lost to the remote application server, synchronization with remote application server may occur after connection is re-established. Lin discloses, paragraph 0021, independently of any local operating system of the client device by disclosing virtual machine is an isolated container that users is own operating system and own application programs, container behaves like an independently separate computer. Applicant argues as follows: Claims 2-4, 9-11, 16, and 17 were rejected under 35 U.S.C. § 103 as being unpatentable over Qureshi in view of Borzycki, and further in view of U.S. Patent Application Publication No. 2011/0314534 ("James"), U.S. Patent Application Publication No. 2012/0044538 ("Lin"), and U.S. Patent Application Publication No. 2011/0191822 ("Pinsky"). See Office Action, pages 27-32. James, Lin, and Pinsky do not remedy the deficiencies of the combined teachings of Qureshi and Borzycki submitted above. Thus, motivation to combine Qureshi and Borzycki with James, Lin, and Pinsky notwithstanding, the alleged combination of Qureshi, Borzycki, James, Lin, and Pinsky does not disclose each and every element of the invention as claimed.. Examiner respectfully disagrees. Claim 2 was and is properly rejected by the combination of Qureshi, Borzycki, Lin, James, and Pinsky. Regarding claim 1, Qureshi, Borzycki, James, and Lin do not explicitly disclose downloading the managed container from a source on the Internet or from a network site on a private network. Pinsky discloses, paragraphs 0070 and 0018, downloading the managed container from a source on the Internet or from a network site on a private network by disclosing “The system and methods described herein also provide for construction of virtualized medical application containers, and mechanisms to store and download these containers”; and “the server 104 (or one or more other servers) can support a website to provide an image of the client application 112 for download to or installation on the client computer 102”. Applicant argues as follows: The Claims 5-7, 12-14, and 18-20 were rejected under 35 U.S.C. § 103 as being unpatentable over Qureshi in view of Borzycki, James, and Lin. See Office Action, pages 33-38. James and Lin do not remedy the deficiencies of the combined teachings of Qureshi and Borzycki submitted above. Thus, motivation to combine Qureshi and Borzycki with James and Lin notwithstanding, the alleged combination of Qureshi, Borzycki, James, and Lin does not disclose each and every element of the invention as claimed. Although Applicant respectfully disagrees with the rejections, Applicant has amended the claims as a good faith effort to expedite the prosecution and without conceding to the Examiner's positions. Applicant respectfully submits that the art of record also does not teach or suggest the features recited in the amended claims. In view of the foregoing and for other apparent reasons, claims 1-20 are patentable over the art of record under 35 U.S.C. § 103. Accordingly, withdrawal of the 35 U.S.C. § 103 rejections is respectfully requested. Examiner respectfully disagrees. Claim 5 was and is properly rejected by the combination of Qureshi, Borzycki, Lin, James, and Conant. Regarding claim 5, Qureshi, Borzycki, James, and Lin do not explicitly disclose wherein restricting access by the application to the content in the managed cache in the managed container on the user device comprises: providing a read-only version of the content to the application; or providing a watermarked version of the content to the application. Conant discloses, paragraph 0032, wherein restricting access by the application to the content in the managed cache in the managed container on the user device comprises: providing a read-only version of the content to the application; or providing a watermarked version of the content to the application by disclosing read only version, watermark can be placed on read-only file. The Examiner respectfully suggests that the claim be further amended and details in the specification be incorporated to distinguish the claimed invention over prior art of record. Should the Applicant desire an interview to further clarify the claim interpretation/rejections, please contact the Examiner at (571) 270 5002 to schedule an interview. Double Patenting The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969). A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP §§ 706.02(l)(1) - 706.02(l)(3) for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp. Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-18 of U.S. Patent No. 10,116,697. Although the claims at issue are not identical, they are not patentably distinct from each other because all limitations recited in claims 1-20 of the instant application are encompassed by limitations recited in claims 1-18 of U.S. Patent No. 10,116,697 (see table below). Instant Application 18/789,590 March 2, 2026 U.S. Patent No. 10,116,697 Claim 1. A method, comprising: providing, by a user device to an application gateway server computer, information about a geographical location of the user device, the information comprising geocode, Global Positioning System coordinates, or a combination thereof: receiving, by a managed container on the user device from the application gateway server computer, a geofencing rule for restricting access to content in a managed cache in the managed container based on the geographical location of the user device; receiving, by the managed container on the user device, a request from an application running in the managed container to access the content in the managed cache; responsive to the request from the application, determining, by the managed container on the user device, whether the user device is located within the geographical location; and based on a determination by the managed container that the user device is not located within the geographical location, denying or restricting, by the managed container based on the geofencing rule, access by the application to the content in the managed cache in the managed container on the user device, wherein the managed container controls, in accordance with the geofencing rule regardless of whether the user device is or is not connected to the application gateway server computer and independently of any local operating system of the user device: the application in the managed cache in the managed container; and the content in the managed cache in the managed container. Claim 1: A method, comprising: downloading, by a client device of a server computer, a managed container from a network source, the managed container written in a programming language native to the client device and comprising a managed cache and an application framework with an execution engine that provides a runtime environment for applications associated with backend systems running in an enterprise computing environment; receiving, over a network by the managed container embodied on a non-transitory computer memory of the client device, an application retrieved from an application repository by the server computer, the application repository and the server computer residing in the enterprise computing environment outside of a firewall, the application hosted or required by a backend system operating in the enterprise computing environment behind the firewall; storing the application in the managed cache of the managed container on the client device, the storing performed by the managed container; managing, by the managed container, the application and content stored in the managed container in accordance with one or more rules, the one or more rules including a geolocking or geofencing rule propagated from the backend system through the firewall to the server computer to the managed container on the client device; displaying an icon for the application in a user interface of the managed container on the client device; providing, by the managed container on the client device, a secure shell or runtime environment for running the application when the icon for the application is selected or invoked from within the user interface of the managed container; receiving, by the managed container on the client device, a request for content from the application running in the secure shell or runtime environment provided by the managed container on the client device; determining, by the managed container on the client device, whether the client device is located within a specified geographical location that is secure for viewing the content; permitting, by the managed container on the client device to the application running in the secure shell or runtime environment provided by the managed container on the client device, access to the content if the client device is located within the specified geographical location that is secure for viewing the content; denying or restricting, by the managed container on the client device based at least in part on the geolocking or geofencing rule, access by the application to the content requested by the application if the client device is not located within the specified geographical location that is secure for viewing the content; and automatically deleting the content from the managed cache if the client device is outside of the specified geographical location for a predetermined amount of time and, after the predetermined amount of time has passed, the client device has not made a connection to the server computer or returned to within the specified geographical location. Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-14 of U.S. Patent No. 11,115,438. Although the claims at issue are not identical, they are not patentably distinct from each other because all limitations recited in claims 1-20 of the instant application are encompassed by limitations recited in claims 1-14 of U.S. Patent No. 11,115,438 (see table below). Instant Application 18/789,590 March 2, 2026 U.S. Patent No. 11,115,438 A method, comprising: providing, by a user device to an application gateway server computer, information about a geographical location of the user device, the information comprising geocode, Global Positioning System coordinates, or a combination thereof: receiving, by a managed container on the user device from the application gateway server computer, a geofencing rule for restricting access to content in a managed cache in the managed container based on the geographical location of the user device; receiving, by the managed container on the user device, a request from an application running in the managed container to access the content in the managed cache; responsive to the request from the application, determining, by the managed container on the user device, whether the user device is located within the geographical location; and based on a determination by the managed container that the user device is not located within the geographical location, denying or restricting, by the managed container based on the geofencing rule, access by the application to the content in the managed cache in the managed container on the user device, wherein the managed container controls, in accordance with the geofencing rule regardless of whether the user device is or is not connected to the application gateway server computer and independently of any local operating system of the user device: the application in the managed cache in the managed container; and the content in the managed cache in the managed container. Claim 1: A method, comprising: receiving, by a managed container on a user device from an application gateway server computer operating in an enterprise computing environment, a geofencing rule, an application, and content, wherein the managed container is downloaded from a source on the Internet; storing, by the managed container in a managed cache in the managed container, the geofencing rule, the application, and the content, wherein the geofencing rule governs the application and the content in the managed container based on a geographical location of the user device; displaying, by the managed container, an icon for the application in a user interface of the managed container; receiving, by the managed container through the user interface, an indication that the icon for the application is selected or invoked; providing, by the managed container, a secure runtime environment for running the application; receiving, by the managed container, a request for content from the application running in the secure runtime environment provided by the managed container; determining, by the managed container on the user device, whether the user device is located within the geographical location; and responsive to a determination by the managed container that the user device is not located within the geographical location, denying or restricting, by the managed container, access by the application to the content stored in the managed container in accordance with the geofencing rule stored in the managed container on the user device and independently of a local operating system of the user device, wherein the restricting access by the application to the content comprises transforming the content requested by the application into a protected version of the content. Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-14 of U.S. Patent No. 12,069,097. Although the claims at issue are not identical, they are not patentably distinct from each other because all limitations recited in claims 1-20 of the instant application are encompassed by limitations recited in claims 1-14 of U.S. Patent No. 12,069,097 (see table below). Instant Application 18/789,590 March 2, 2026 U.S. Patent No. 12,069,097 Claim 1. A method, comprising: providing, by a user device to an application gateway server computer, information about a geographical location of the user device, the information comprising geocode, Global Positioning System coordinates, or a combination thereof: receiving, by a managed container on the user device from the application gateway server computer, a geofencing rule for restricting access to content in a managed cache in the managed container based on the geographical location of the user device; receiving, by the managed container on the user device, a request from an application running in the managed container to access the content in the managed cache; responsive to the request from the application, determining, by the managed container on the user device, whether the user device is located within the geographical location; and based on a determination by the managed container that the user device is not located within the geographical location, denying or restricting, by the managed container based on the geofencing rule, access by the application to the content in the managed cache in the managed container on the user device, wherein the managed container controls, in accordance with the geofencing rule regardless of whether the user device is or is not connected to the application gateway server computer and independently of any local operating system of the user device: the application in the managed cache in the managed container; and the content in the managed cache in the managed container. 1. A method, comprising: receiving, by a managed container on a user device from an application gateway server computer, a geofencing rule for restricting access to content in a managed cache in the managed container based on a geographical location of the user device, wherein the managed container on the user device is registered with the application gateway server computer and wherein the managed container on the user device is required to report geocode, Global Positioning System (GPS) coordinates, or a combination thereof to the application gateway server computer; receiving, by the managed container on the user device, a request from an application running in the managed container to access the content in the managed cache; responsive to the request from the application, determining, by the managed container on the user device, whether the user device is located within the geographical location; and based on a determination by the managed container that the user device is not located within the geographical location, denying or restricting, by the managed container based on the geofencing rule, access by the application to the content in the managed cache in the managed container on the user device, wherein the managed container controls, in accordance with the geofencing rule regardless of whether the user device is or is not connected to the application gateway server computer and independently of any local operating system of the user device: the application in the managed cache in the managed container; and the content in the managed cache in the managed container, wherein, each time the user device connects to the application gateway server computer, information about where the user device is located at the time of connection is provided to the application gateway server computer, the information comprising the geocode, the GPS coordinates, or the combination thereof. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention. Claims 1, 8, and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Qureshi (US20140007222), filed October 10, 2012, in view of Borzycki (US8613070), filed August 9, 2013, James (US20110314534), filed April 14, 2011, and Lin (US20120044538), filed May 6, 2009. Regarding claim 1, Qureshi discloses a method, comprising: providing, by a user device to an application gateway server computer, information about a geographical location of the user device, the information comprising geocode, Global Positioning System coordinates, or a combination thereof:(Qureshi, paragraph 0083, mobile device 120, by making a data connection, transmit GPS coordinates from mobile device 120; paragraph 0413, 0091, 0109, 0110, and 0413, and FIG. 1A a method, comprising: receiving, by a managed container on a user device managed container encompasses enterprise agent 320 with secure container component 350D; FIG. 1A shows an application gateway server computer encompassing mobile device management system 126 and secure mobile gateway 128 with the enterprise computing environment 100); receiving, by a managed container on the user device from the application gateway server computer, (Qureshi, paragraph 0413, 0091, 0109, 0110, and 0413, and FIG. 1A a method, comprising: receiving, by a managed container on a user device managed container encompasses enterprise agent 320 with secure container component 350D; FIG. 1A shows an application gateway server computer encompassing mobile device management system 126 and secure mobile gateway 128 with the enterprise computing environment 100); the geofencing rule for restricting access to content in the managed container based on the geographical location of the user device (Qureshi, in paragraph 0109, 0110, and FIG. 1A, a geofencing rule, an application, and content; in paragraph 0416, 0417, and 0422, wherein the geofencing rule governs the application and the content in the managed container based on a geographical location of the user device where geofencing rule, an application, and content encompasses document access policies, policy that limits access based on geographical position, file system; in paragraph 0307, determining, by the managed container on the user device, whether the user device is located within the geographical location); receiving, by the managed container on the user device (Qureshi, paragraph 0109, wherein such mobile device management can comprise sending rule packages to the mobile devices 120 (as described below) and/or regulating access to enterprise resources 130; paragraph 0110; FIG. 1A; paragraph 0413, “The enterprise system 110 (which can be partially or entirely within the cloud 156) can transmit documents to the devices 120, which can be stored (e.g., by the enterprise agent 320) within the container 336.”; paragraph 0091, --- managed container encompasses enterprise agent 320 with secure container component 350D; component 350D may create a secure container to store documents and other information so secure container may be considered a managed cache; paragraph 0413, enterprise agent 320, considered by examiner as part of a managed container, can stored documents within secure document container 336, considered by examiner as a managed cache); determining, by the managed container on the user device, whether the user device is located within the geographical location (Qureshi, paragraph 0307, “suppose that the mobile device rule 318 allows for an application 318 to be used only when the mobile device 120 is in a defined geographical zone, and that the application 318 is invoked when this condition is met”); and based on a determination by the managed container that the user device is not located within the geographical location (Qureshi, paragraph 0417, “the document access policy can instruct the container 336 or agent 320 to otherwise make them unavailable if the mobile device 120 is taken outside of the defined geographic zone.”); denying or restricting, by the managed container based on the geofencing rule, access by the application to the content in the managed container on the user device (Qureshi, paragraph 0417, “the document access policy can instruct the container 336 or agent 320 to otherwise make them unavailable if the mobile device 120 is taken outside of the defined geographic zone.”). Qureshi discloses a geofencing rule for restricting access to content in the managed container based on a geographical location of the user device; a request from an application running in the managed container to access the content; denying or restricting, by the managed container based on the geofencing rule, access by the application to the content in the managed container on the user device, but does not explicitly disclose a geofencing rule for restricting access to content in a managed cache in the managed container based on a geographical location of the user device; a request from an application running in the managed container to access the content in the managed cache; a request from an application running in the managed container to access the content in the managed cache; responsive to the request from the application, denying or restricting, by the managed container based on the geofencing rule, access by the application to the content in the managed cache in the managed container on the user device. However, in an analogous art, Borzycki discloses a geofencing rule for restricting access to content in a managed cache in the managed container based on a geographical location of the user device; a request from an application running in the managed container to access the content in the managed cache; denying or restricting, by the managed container based on the geofencing rule, access by the application to the content in the managed cache in the managed container on the user device (Borzycki, FIG. 5 shows managed cache 528 in managed container 510; col. 19, line 53, through col. 20, line 25, “The data secured in the secure data container may be accessed by the secure wrapped applications 514, applications executed by a secure application launcher 518, virtualization applications 526 executed by a secure application launcher 518, and the like.”); a request from an application running in the managed container to access the content in the managed cache (Borzycki, FIG. 5 shows managed cache 528 in managed container 510; col. 19, line 53, through col. 20, line 25, “The data secured in the secure data container may be accessed by the secure wrapped applications 514, applications executed by a secure application launcher 518, virtualization applications 526 executed by a secure application launcher 518, and the like.”); responsive to the request from the application (Borzycki, col. 19, line 53, through col. 20, line 25, “The data secured in the secure data container may be accessed by the secure wrapped applications 514, applications executed by a secure application launcher 518, virtualization applications 526 executed by a secure application launcher 518, and the like.”). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Borzycki with the method/ system/ computer program product comprising a non-transitory computer-readable medium of Qureshi to include a geofencing rule for restricting access to content in a managed cache in the managed container based on a geographical location of the user device; a request from an application running in the managed container to access the content in the managed cache; a request from an application running in the managed container to access the content in the managed cache; responsive to the request from the application, denying or restricting, by the managed container based on the geofencing rule, access by the application to the content in the managed cache in the managed container on the user device. One would have been motivated to provide users with the benefits of placing temporal and geographic restrictions on document access (Borzycki: col. 57, lines 18-29). Qureshi and Borzycki disclose restricting access, application, data, content, managed container, managed cache but do not explicitly disclose wherein the managed container controls, in accordance with the qeofencinq rule regardless of whether the user device is or is not connected to the application gateway server computer: the application in the managed cache in the managed container; and the content in the managed cache in the managed container. However, in an analogous art, James discloses wherein the managed container controls, in accordance with the qeofencinq rule regardless of whether the user device is or is not connected to the application gateway server computer: the application in the managed cache in the managed container; and the content in the managed cache in the managed container (James, paragraph 0053, local cache can allow local applications to execute when a connection is lost to the remote application server, synchronization with remote application server may occur after connection is re-established). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of James with the method/ system/ computer program product comprising a non-transitory computer-readable medium of Qureshi and Borzycki to include wherein the managed container controls, in accordance with the qeofencinq rule regardless of whether the user device is or is not connected to the application gateway server computer: the application in the managed cache in the managed container; and the content in the managed cache in the managed container. One would have been motivated to provide users with the benefits of a secure execution environment capable of operating across multiple computing platforms in an operating system agnostic manner (James: paragraph 0011). Qureshi, Borzycki, and James do not explicitly disclose independently of any local operating system of the client device. However, in an analogous art, Lin discloses independently of any local operating system of the client device (Lin, paragraph 0021, virtual machine is an isolated container that users is own operating system and own application programs, container behaves like an independently separate computer). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Lin with the method/ application gateway server computer system of Barton 691 and Nakajima to include independently of any local operating system of the client device. One would have been motivated to provide users with the benefits of portability of a software container that behaves like an independently separate physical computer (Lin: paragraph 0021). Regarding claim 8, Qureshi discloses system, comprising: a processor; a non-transitory computer-readable medium; and instructions stored on the non-transitory computer-readable medium and translatable by the processor for(Qureshi, paragraph 0483, processor, memory, storage, computer-readable storage medium): providing, to an application gateway server computer, information about a geographical location of a user device, the information comprising geocode, Global Positioning System coordinates, or a combination thereof (Qureshi, paragraph 0083, mobile device 120, by making a data connection, transmit GPS coordinates from mobile device 120; paragraph 0413, 0091, 0109, 0110, and 0413, and FIG. 1A a method, comprising: receiving, by a managed container on a user device managed container encompasses enterprise agent 320 with secure container component 350D; FIG. 1A shows an application gateway server computer encompassing mobile device management system 126 and secure mobile gateway 128 with the enterprise computing environment 100); implementing a managed container on a user device in which the managed container (Qureshi, paragraph 0483, processor, memory, storage, computer-readable storage medium); receives a geofencing rule for (Qureshi, paragraph 0413, 0091, 0109, 0110, and 0413, and FIG. 1A a method, comprising: receiving, by a managed container on a user device managed container encompasses enterprise agent 320 with secure container component 350D; FIG. 1A shows an application gateway server computer encompassing mobile device management system 126 and secure mobile gateway 128 with the enterprise computing environment 100); restricting access to content in the managed container based on a geographical location of the user device (Qureshi, in paragraph 0109, 0110, and FIG. 1A, a geofencing rule, an application, and content; in paragraph 0416, 0417, and 0422, wherein the geofencing rule governs the application and the content in the managed container based on a geographical location of the user device where geofencing rule, an application, and content encompasses document access policies, policy that limits access based on geographical position, file system; in paragraph 0307, determining, by the managed container on the user device, whether the user device is located within the geographical location); receives, from the application gateway server computer, a request (Qureshi, paragraph 0109, wherein such mobile device management can comprise sending rule packages to the mobile devices 120 (as described below) and/or regulating access to enterprise resources 130; paragraph 0110; FIG. 1A; paragraph 0413, “The enterprise system 110 (which can be partially or entirely within the cloud 156) can transmit documents to the devices 120, which can be stored (e.g., by the enterprise agent 320) within the container 336.”; paragraph 0091, --- managed container encompasses enterprise agent 320 with secure container component 350D; component 350D may create a secure container to store documents and other information so secure container may be considered a managed cache; paragraph 0413, enterprise agent 320, considered by examiner as part of a managed container, can stored documents within secure document container 336, considered by examiner as a managed cache) determines whether the user device is located within the geographical location (Qureshi, paragraph 0307, “suppose that the mobile device rule 318 allows for an application 318 to be used only when the mobile device 120 is in a defined geographical zone, and that the application 318 is invoked when this condition is met”);; and based on a determination by the managed container that the user device is not located within the geographical location (Qureshi, paragraph 0417, “the document access policy can instruct the container 336 or agent 320 to otherwise make them unavailable if the mobile device 120 is taken outside of the defined geographic zone.”), denies or restricts access by the application to the content in the managed cache in the managed container on the user device (Qureshi, paragraph 0417, “the document access policy can instruct the container 336 or agent 320 to otherwise make them unavailable if the mobile device 120 is taken outside of the defined geographic zone.”). Qureshi discloses a geofencing rule for restricting access to content in the managed container based on a geographical location of the user device; a request from an application running in the managed container to access the content; denies or restricts access by the application to the content in the managed container on the user device, but does not explicitly disclose a geofencing rule for restricting access to content in a managed cache in the managed container based on a geographical location of the user device; a request from an application running in the managed container to access the content in the managed cache; responsive to the request from the application, denies or restricts access by the application to the content in the managed cache in the managed container on the user device. However, in an analogous art, Borzycki discloses a geofencing rule for restricting access to content in a managed cache in the managed container based on a geographical location of the user device (Borzycki, FIG. 5 shows managed cache 528 in managed container 510; col. 19, line 53, through col. 20, line 25, “The data secured in the secure data container may be accessed by the secure wrapped applications 514, applications executed by a secure application launcher 518, virtualization applications 526 executed by a secure application launcher 518, and the like.”); a request from an application running in the managed container to access the content in the managed cache (Borzycki, FIG. 5 shows managed cache 528 in managed container 510; col. 19, line 53, through col. 20, line 25, “The data secured in the secure data container may be accessed by the secure wrapped applications 514, applications executed by a secure application launcher 518, virtualization applications 526 executed by a secure application launcher 518, and the like.”); responsive to the request from the application, denies or restricts access by the application to the content in the managed cache in the managed container on the user device (Borzycki, col. 19, line 53, through col. 20, line 25, “The data secured in the secure data container may be accessed by the secure wrapped applications 514, applications executed by a secure application launcher 518, virtualization applications 526 executed by a secure application launcher 518, and the like.”). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Borzycki with the method/ system/ computer program product comprising a non-transitory computer-readable medium of Qureshi to include a geofencing rule for restricting access to content in a managed cache in the managed container based on a geographical location of the user device; a request from an application running in the managed container to access the content in the managed cache; responsive to the request from the application, denies or restricts access by the application to the content in the managed cache in the managed container on the user device. One would have been motivated to provide users with the benefits of placing temporal and geographic restrictions on document access (Borzycki: col. 57, lines 18-29). Qureshi and Borzycki disclose restricting access, application, data, content, managed container, managed cache but do not explicitly disclose wherein the managed container controls, in accordance with the geofencing rule regardless of whether the user device is or is not connected to the application gateway server computer: the application in the managed cache in the managed container; and the content in the managed cache in the managed container. However, in an analogous art, James discloses wherein the managed container controls, in accordance with the geofencing rule regardless of whether the user device is or is not connected to the application gateway server computer; and the application in the managed cache in the managed container; and the content in the managed cache in the managed container (James, paragraph 0053, local cache can allow local applications to execute when a connection is lost to the remote application server, synchronization with remote application server may occur after connection is re-established). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of James with the method/ system/ computer program product comprising a non-transitory computer-readable medium of Qureshi and Borzycki to include wherein the managed container controls, in accordance with the geofencing rule regardless of whether the user device is or is not connected to the application gateway server computer: the application in the managed cache in the managed container; and the content in the managed cache in the managed container. One would have been motivated to provide users with the benefits of a secure execution environment capable of operating across multiple computing platforms in an operating system agnostic manner (James: paragraph 0011). Qureshi, Borzycki, and James do not explicitly disclose independently of any local operating system of the client device. However, in an analogous art, Lin discloses independently of any local operating system of the client device (Lin, paragraph 0021, virtual machine is an isolated container that users is own operating system and own application programs, container behaves like an independently separate computer). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Lin with the method/ application gateway server computer system of Barton 691 and Nakajima to include independently of any local operating system of the client device. One would have been motivated to provide users with the benefits of portability of a software container that behaves like an independently separate physical computer (Lin: paragraph 0021). Regarding claim 15, Qureshi discloses a computer program product comprising a non-transitory computer-readable medium storing instructions translatable by a processor for (Qureshi, paragraph 0483, processor, memory, storage, computer-readable storage medium) providing, to an application gateway server computer, information about a geographical location of a user device, the information comprising geocode, Global Positioning System coordinates, or a combination thereof (Qureshi, paragraph 0083, mobile device 120, by making a data connection, transmit GPS coordinates from mobile device 120; paragraph 0413, 0091, 0109, 0110, and 0413, and FIG. 1A a method, comprising: receiving, by a managed container on a user device managed container encompasses enterprise agent 320 with secure container component 350D; FIG. 1A shows an application gateway server computer encompassing mobile device management system 126 and secure mobile gateway 128 with the enterprise computing environment 100); implementing a managed container on a user device in which the managed container: (Qureshi, paragraph 0483, processor, memory, storage, computer-readable storage medium) receives, from the application gateway server computer, a geofencing rule for (Qureshi, paragraph 0413, 0091, 0109, 0110, and 0413, and FIG. 1A a method, comprising: receiving, by a managed container on a user device managed container encompasses enterprise agent 320 with secure container component 350D; FIG. 1A shows an application gateway server computer encompassing mobile device management system 126 and secure mobile gateway 128 with the enterprise computing environment 100); restricting access to content in the managed container based on a geographical location of the user device (Qureshi, in paragraph 0109, 0110, and FIG. 1A, a geofencing rule, an application, and content; in paragraph 0416, 0417, and 0422, wherein the geofencing rule governs the application and the content in the managed container based on a geographical location of the user device where geofencing rule, an application, and content encompasses document access policies, policy that limits access based on geographical position, file system; in paragraph 0307, determining, by the managed container on the user device, whether the user device is located within the geographical location); receives a request (Qureshi, paragraph 0109, wherein such mobile device management can comprise sending rule packages to the mobile devices 120 (as described below) and/or regulating access to enterprise resources 130; paragraph 0110; FIG. 1A; paragraph 0413, “The enterprise system 110 (which can be partially or entirely within the cloud 156) can transmit documents to the devices 120, which can be stored (e.g., by the enterprise agent 320) within the container 336.”; paragraph 0091, --- managed container encompasses enterprise agent 320 with secure container component 350D; component 350D may create a secure container to store documents and other information so secure container may be considered a managed cache; paragraph 0413, enterprise agent 320, considered by examiner as part of a managed container, can stored documents within secure document container 336, considered by examiner as a managed cache) determines whether the user device is located within the geographical location (Qureshi, paragraph 0307, “suppose that the mobile device rule 318 allows for an application 318 to be used only when the mobile device 120 is in a defined geographical zone, and that the application 318 is invoked when this condition is met”);; and based on a determination by the managed container that the user device is not located within the geographical location (Qureshi, paragraph 0417, “the document access policy can instruct the container 336 or agent 320 to otherwise make them unavailable if the mobile device 120 is taken outside of the defined geographic zone.”), denies or restricts access by the application to the content in the managed cache in the managed container on the user device (Qureshi, paragraph 0417, “the document access policy can instruct the container 336 or agent 320 to otherwise make them unavailable if the mobile device 120 is taken outside of the defined geographic zone.”). Qureshi discloses a geofencing rule for restricting access to content in the managed container based on a geographical location of the user device; a request from an application running in the managed container to access the content; denies or restricts access by the application to the content in the managed container on the user device, but does not explicitly disclose a geofencing rule for restricting access to content in a managed cache in the managed container based on a geographical location of the user device; a request from an application running in the managed container to access the content in the managed cache; responsive to the request from the application, denies or restricts access by the application to the content in the managed cache in the managed container on the user device. However, in an analogous art, Borzycki discloses a geofencing rule for restricting access to content in a managed cache in the managed container based on a geographical location of the user device (Borzycki, FIG. 5 shows managed cache 528 in managed container 510; col. 19, line 53, through col. 20, line 25, “The data secured in the secure data container may be accessed by the secure wrapped applications 514, applications executed by a secure application launcher 518, virtualization applications 526 executed by a secure application launcher 518, and the like.”); a request from an application running in the managed container to access the content in the managed cache (Borzycki, FIG. 5 shows managed cache 528 in managed container 510; col. 19, line 53, through col. 20, line 25, “The data secured in the secure data container may be accessed by the secure wrapped applications 514, applications executed by a secure application launcher 518, virtualization applications 526 executed by a secure application launcher 518, and the like.”); responsive to the request from the application, denies or restricts access by the application to the content in the managed cache in the managed container on the user device (Borzycki, col. 19, line 53, through col. 20, line 25, “The data secured in the secure data container may be accessed by the secure wrapped applications 514, applications executed by a secure application launcher 518, virtualization applications 526 executed by a secure application launcher 518, and the like.”). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Borzycki with the method/ system/ computer program product comprising a non-transitory computer-readable medium of Qureshi to include a geofencing rule for restricting access to content in a managed cache in the managed container based on a geographical location of the user device; a request from an application running in the managed container to access the content in the managed cache; responsive to the request from the application, denies or restricts access by the application to the content in the managed cache in the managed container on the user device. One would have been motivated to provide users with the benefits of placing temporal and geographic restrictions on document access (Borzycki: col. 57, lines 18-29). Qureshi and Borzycki disclose restricting access, application, data, content, managed container, managed cache but do not explicitly disclose wherein the managed container controls, in accordance with the geofencing rule regardless of whether the user device is or is not connected to the application gateway server computer: the application in the managed cache in the managed container; and the content in the managed cache in the managed container. However, in an analogous art, James discloses wherein the managed container controls, in accordance with the geofencing rule regardless of whether the user device is or is not connected to the application gateway server computer; and the application in the managed cache in the managed container; and the content in the managed cache in the managed container (James, paragraph 0053, local cache can allow local applications to execute when a connection is lost to the remote application server, synchronization with remote application server may occur after connection is re-established). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of James with the method/ system/ computer program product comprising a non-transitory computer-readable medium of Qureshi and Borzycki to include wherein the managed container controls, in accordance with the geofencing rule regardless of whether the user device is or is not connected to the application gateway server computer: the application in the managed cache in the managed container; and the content in the managed cache in the managed container. One would have been motivated to provide users with the benefits of a secure execution environment capable of operating across multiple computing platforms in an operating system agnostic manner (James: paragraph 0011). Qureshi, Borzycki, and James do not explicitly disclose independently of any local operating system of the client device. However, in an analogous art, Lin discloses independently of any local operating system of the client device (Lin, paragraph 0021, virtual machine is an isolated container that users is own operating system and own application programs, container behaves like an independently separate computer). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Lin with the method/ application gateway server computer system of Barton 691 and Nakajima to include independently of any local operating system of the client device. One would have been motivated to provide users with the benefits of portability of a software container that behaves like an independently separate physical computer (Lin: paragraph 0021). Claims 2-4, 9-11, 16, and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Qureshi (US20140007222), filed October 10, 2012, in view of Borzycki (US8613070), filed August 9, 2013, James (US20110314534), filed April 14, 2011, and Lin (US20120044538), filed May 6, 2009, and further in view of Pinsky (US20110191822), filed January 29, 2010. Regarding claim 2, Qureshi, Borzycki, James, and Lin disclose the method according to claim 1. Qureshi, Borzycki, James, and Lin disclose further comprising: downloading, from a storage system on the private network, the content into the managed cache in the managed container (Qureshi, paragraph 0060, corporate intranet, content). Qureshi, Borzycki, James, and Lin do not explicitly disclose downloading the managed container from a source on the Internet or from a network site on a private network. However, in an analogous art, Pinsky discloses downloading the managed container from a source on the Internet or from a network site on a private network (Pinsky, paragraph 0018, “The system and methods described herein also provide for construction of virtualized medical application containers, and mechanisms to store and download these containers”; paragraph 0070, “the server 104 (or one or more other servers) can support a website to provide an image of the client application 112 for download to or installation on the client computer 102”). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Pinsky with the system/method/computer program product of Qureshi, Borzycki, James, and Lin to include downloading the managed container from a source on the Internet or from a network site on a private network. One would have been motivated to provide users with the benefits of addressing operational efficiencies by reducing paperwork or providing logistical support (Pinsky: paragraph 0001). Regarding claim 3, Qureshi, Borzycki, James, Lin, and Pinsky disclose the method according to claim 2. Qureshi, Borzycki, James, Lin, and Pinsky disclose wherein the geofencing rule is received from an application gateway server computer that operates as a gateway for the private network (Pinsky, paragraph 0019, “each virtualized medical application container includes a virtualized operating system, separate from a client operating system and a medical application executable installed on the virtualized operating system”). Regarding claim 4, Qureshi, Borzycki, James, Lin, and Pinsky disclose the method according to claim 3. Qureshi, Borzycki, James, Lin, and Pinsky disclose further comprising :continuously denying or restricting access by the application to the content in the managed cache in the managed container on the user device until the managed container makes a connection to the application gateway server computer or until the user device is within the geographical location (Qureshi, paragraph 0181, geographic location of the mobile device, filter out communications; paragraph 0417, geography restrictions on document access, document access policy that restricts availability of documents, geographic zone). Regarding claim 9, Qureshi, Borzycki, James, and Lin disclose the system according to claim 8. Qureshi, Borzycki, James, and Lin disclose further comprising: downloading, from a storage system on the private network, the content into the managed cache in the managed container (Qureshi, paragraph 0060, corporate intranet, content). Qureshi, Borzycki, James, and Lin do not explicitly disclose wherein the managed container is downloaded from a source on the Internet or from a network site on a private network . However, in an analogous art, Pinsky discloses wherein the managed container is downloaded from a source on the Internet or from a network site on a private network (Pinsky, paragraph 0018, “The system and methods described herein also provide for construction of virtualized medical application containers, and mechanisms to store and download these containers”; paragraph 0070, “the server 104 (or one or more other servers) can support a website to provide an image of the client application 112 for download to or installation on the client computer 102”) Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Pinsky with the system/method/computer program product of Qureshi, Borzycki, James, and Lin to include wherein the managed container is downloaded from a source on the Internet or from a network site on a private network to provide users with the benefits of addressing operational efficiencies by reducing paperwork or providing logistical support (Pinsky: paragraph 0001). Regarding claim 10, Qureshi, Borzycki, James, Lin, and Pinsky disclose the system of claim 9, Qureshi, Borzycki, James, Lin, and Pinsky disclose wherein the geofencing rule is received from an application gateway server computer that operates as a gateway for the private network (Pinsky, paragraph 0019, “each virtualized medical application container includes a virtualized operating system, separate from a client operating system and a medical application executable installed on the virtualized operating system”). Regarding claim 11, Qureshi, Borzycki, James, Lin, and Pinsky disclose the system of claim 10. Qureshi, Borzycki, James, Lin, and Pinsky disclose wherein the managed container continuously denies or restricts access by the application to the content in the managed cache in the managed container on the user device until the managed container makes a connection to the application gateway server computer or until the user device is within the geographical location (Qureshi, paragraph 0181, geographic location of the mobile device, filter out communications; paragraph 0417, geography restrictions on document access, document access policy that restricts availability of documents, geographic zone). Regarding claim 16, Qureshi, Borzycki, James, and Lin disclose the computer program product of claim 15. Qureshi, Borzycki, James, and Lin disclose wherein the managed container downloads, from a storage system on the private network, the content into the managed cache in the managed container. (Qureshi, paragraph 0060, corporate intranet, content). Qureshi, Borzycki, James, and Lin do not explicitly disclose wherein the managed container is downloaded from a source on the Internet or from a network site on a private network. However, in an analogous art, Pinsky discloses wherein the managed container is downloaded from a source on the Internet or from a network site on a private network (Pinsky, paragraph 0018, “The system and methods described herein also provide for construction of virtualized medical application containers, and mechanisms to store and download these containers”; paragraph 0070, “the server 104 (or one or more other servers) can support a website to provide an image of the client application 112 for download to or installation on the client computer 102”). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Pinsky with the system/method/computer program product of Qureshi, Borzycki, James, and Lin to include wherein the managed container is downloaded from a source on the Internet or from a network site on a private network. One would have been motivated to provide users with the benefits of addressing operational efficiencies by reducing paperwork or providing logistical support (Pinsky: paragraph 0001). Regarding claim 17, Qureshi, Borzycki, James, Lin, and Pinsky disclose the computer program product of claim 16, Qureshi, Borzycki, James, Lin, and Pinsky disclose wherein the geofencing rule is received from an application gateway server computer that operates as a gateway for the private network (Pinsky, paragraph 0019, “each virtualized medical application container includes a virtualized operating system, separate from a client operating system and a medical application executable installed on the virtualized operating system”) and wherein the managed container continuously denies or restricts access by the application to the content in the managed cache in the managed container on the user device until the managed container makes a connection to the application gateway server computer or until the user device is within the geographical location (Qureshi, paragraph 0181, geographic location of the mobile device, filter out communications; paragraph 0417, geography restrictions on document access, document access policy that restricts availability of documents, geographic zone). Claims 5-7, 12-14, and 18-20 are rejected under 35 U.S.C. 103 as being unpatentable over Qureshi (US20140007222), filed October 10, 2012, in view of Borzycki (US8613070), filed August 9, 2013, James (US20110314534), filed April 14, 2011, and Lin (US20120044538), filed May 6, 2009, and further in view of Conant (US20020129056), filed February 14, 2001. Regarding claim 5, Qureshi, Borzycki, James, and Lin disclose the method according to claim 1. Qureshi, Borzycki, James, and Lin do not explicitly disclose wherein restricting access by the application to the content in the managed cache in the managed container on the user device comprises: providing a read-only version of the content to the application; or providing a watermarked version of the content to the application. However, in an analogous art, Conant discloses wherein restricting access by the application to the content in the managed cache in the managed container on the user device comprises: providing a read-only version of the content to the application; or providing a watermarked version of the content to the application (Conant, paragraph 0032, read only version, watermark can be placed on read-only file). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Conant with the system/method/computer program product of Qureshi, Borzycki, James, and Lin to include wherein restricting access by the application to the content in the managed cache in the managed container on the user device comprises: providing a read-only version of the content to the application; or providing a watermarked version of the content to the application to provide users with the benefits of electronic negotiation of a contract (Conant: paragraph 0006). Regarding claim 6, Qureshi, Borzycki, James, Lin, and Conant disclose the method according to claim 5. Qureshi, Borzycki, James, Lin, and Conant disclose further comprising: performing a restrictive action on the content prior to providing the read-only version of the content or the watermarked version of the content to the application, wherein the restrictive action comprises watermarking the content or making the content read only. (Conant, paragraph 0032, read only version, watermark can be placed on read-only file). Regarding claim 7, Qureshi, Borzycki, James, Lin, and Conant disclose the method according to claim 5. Qureshi, Borzycki, James, Lin, and Conant disclose further comprising: downloading the read-only version of the content or the watermarked version of the content from an application gateway server computer that operates as a gateway for a private network where the geofencing rule is originated. (Conant, paragraph 0032, read only version, watermark can be placed on read-only file) (Qureshi, paragraph 0060, corporate intranet, content, paragraph 0413, 0091, 0109, 0110, and 0413, and FIG. 1A a method, comprising: receiving, by a managed container on a user device managed container encompasses enterprise agent 320 with secure container component 350D; FIG. 1A shows an application gateway server computer encompassing mobile device management system 126 and secure mobile gateway 128 with the enterprise computing environment 100). Regarding claim 12, Qureshi, Borzycki, James, and Lin disclose the system of claim 8. Qureshi, Borzycki, James, and Lin do not explicitly disclose wherein restricting access by the application to the content in the managed cache in the managed container on the user device comprises: providing a read-only version of the content to the application; or providing a watermarked version of the content to the application. However, in an analogous art, Conant discloses wherein restricting access by the application to the content in the managed cache in the managed container on the user device comprises: providing a read-only version of the content to the application; or providing a watermarked version of the content to the application (Conant, paragraph 0032, read only version, watermark can be placed on read-only file). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Conant with the system/method/computer program product of Qureshi, Borzycki, James, and Lin to include wherein restricting access by the application to the content in the managed cache in the managed container on the user device comprises: providing a read-only version of the content to the application; or providing a watermarked version of the content to the application to provide users with the benefits of electronic negotiation of a contract (Conant: paragraph 0006). Regarding claim 13, Qureshi, Borzycki, James, Lin, and Conant disclose the system of claim 12. Qureshi, Borzycki, James, Lin, and Conant disclose wherein the managed container performs a restrictive action on the content prior to providing the read-only version of the content or the watermarked version of the content to the application and wherein the restrictive action comprises watermarking the content or making the content read only (Conant, paragraph 0032, read only version, watermark can be placed on read-only file). Regarding claim 14, Qureshi, Borzycki, James, Lin, and Conant disclose the system of claim 12. Qureshi, Borzycki, James, Lin, and Conant disclose wherein the managed container downloads the read-only version of the content or the watermarked version of the content from an application gateway server computer that operates as a gateway for a private network where the geofencing rule is originated (Conant, paragraph 0032, read only version, watermark can be placed on read-only file) (Qureshi, paragraph 0060, corporate intranet, content, paragraph 0413, 0091, 0109, 0110, and 0413, and FIG. 1A a method, comprising: receiving, by a managed container on a user device managed container encompasses enterprise agent 320 with secure container component 350D; FIG. 1A shows an application gateway server computer encompassing mobile device management system 126 and secure mobile gateway 128 with the enterprise computing environment 100). Regarding claim 18, Qureshi, Borzycki, James, and Lin disclose the computer program product of claim 15. Qureshi, Borzycki, James, and Lin do not explicitly disclose wherein restricting access by the application to the content in the managed cache in the managed container on the user device comprises: providing a read-only version of the content to the application; or providing a watermarked version of the content to the application. However, in an analogous art, Conant discloses wherein restricting access by the application to the content in the managed cache in the managed container on the user device comprises: providing a read-only version of the content to the application; or providing a watermarked version of the content to the application (Conant, paragraph 0032, read only version, watermark can be placed on read-only file). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Conant with the system/method/computer program product of Qureshi, Borzycki, James, and Lin to include wherein restricting access by the application to the content in the managed cache in the managed container on the user device comprises: providing a read-only version of the content to the application; or providing a watermarked version of the content to the application to provide users with the benefits of electronic negotiation of a contract (Conant: paragraph 0006). Regarding claim 19, Qureshi, Borzycki, James, Lin, and Conant disclose the computer program product of claim 18. Qureshi, Borzycki, James, Lin, and Conant disclose wherein the managed container performs a restrictive action on the content prior to providing the read-only version of the content or the watermarked version of the content to the application and wherein the restrictive action comprises watermarking the content or making the content read only (Conant, paragraph 0032, read only version, watermark can be placed on read-only file). Regarding claim 20, Qureshi, Borzycki, James, Lin, and Conant disclose the computer program product of claim 18. Qureshi, Borzycki, James, Lin, and Conant disclose wherein the managed container downloads the read-only version of the content or the watermarked version of the content from an application gateway server computer that operates as a gateway for a private network where the geofencing rule is originated (Conant, paragraph 0032, read only version, watermark can be placed on read-only file) (Qureshi, paragraph 0060, corporate intranet, content, paragraph 0413, 0091, 0109, 0110, and 0413, and FIG. 1A a method, comprising: receiving, by a managed container on a user device managed container encompasses enterprise agent 320 with secure container component 350D; FIG. 1A shows an application gateway server computer encompassing mobile device management system 126 and secure mobile gateway 128 with the enterprise computing environment 100). Conclusion THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to WALTER J MALINOWSKI whose telephone number is (571)272-5368. The examiner can normally be reached 8-6:30 MTWH. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, LUU PHAM can be reached at 5712705002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /W.J.M/Examiner, Art Unit 2439 /LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439