Detailed Action
This office action has been issued in response to a request for continued examination filed 2/25/2021 and Examiner’s Interview conducted 4/28/2021.  Claims 16, 29 and 33 were amended. Claims 1-15 were previously canceled. Claims 16-33 are pending and are examined.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 2/25/2021 has been entered.

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below.  Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Alphonso Collins, Reg. No. 43559, on 4/28/2021.
Claims 16, 29 and 33 have been amended.  
This application has been amended as follows:
In the claims:

16. (Currently Amended) A method for detecting a deviation in a security state of a computation device from a desired security state which is defined for the computation device one of (i) externally, (ii) in advance and (iii) after an assessment performed during operation, the computation device being mapped by a virtual machine, the method comprising: creating a virtual copy of an entirety of the virtual machine, said creating being performed during runtime of the virtual machine and operation of the computation device being continued unimpaired; starting operation of the virtual copy automatically; performing a security check on the virtual copy automatically, the operation of the computation device being continued unimpaired; generating a result of the security check automatically, the result describing a security state of the virtual copy; and creating a threat indication for the computation device if the result indicates a deviation in the security state of the virtual copy from the desired security state of the computation device which is defined for the computation device one of (i) externally, (ii) in advance and (iii) after the assessment performed during operation.

29. (Currently Amended) An apparatus for detecting a deviation in a security state of a computation device from a desired security state which is defined for the (i) externally, (ii) in advance and (iii) after an assessment performed during operation, the computation device being mapped by a virtual machine, the apparatus comprising: a processor; memory; a copier which creates a virtual copy of an entirety of the virtual machine, said creation being performable during runtime of the virtual 4 LEGAL\50699662\1 14944.0001.000/441985.000Attorney Docket # 5029-1881PUS/441985Patent machine and operation of the computation device being continuously unimpaired; a checker which automatically performs a security check on the virtual copy, the operation of the computation device being continuously unimpaired, and which automatically generates a result of the security check which describes a security state of the virtual copy; and a threat indicator which outputs a threat indication for the computation device if the result indicates a deviation in the security state of the virtual copy from the desired security state of the computation device which is defined for the computation device one of (i) externally, (ii) in advance and (iii) after the assessment performed during operation.

33. (Currently Amended) A non-transitory computer program product encoded with a computer program executed by on program-controlled device which causes detection of a5 LEGAL\50699662\1 14944.0001.000/441985.000Attorney Docket # 5029-1881PUS/441985Patentdeviation in a security state of a computation device from a desired security state which is defined for the computation device one of (i) externally, (ii) in advance and (iii) after an assessment performed during operation, the computation device being mapped by a virtual machine, the computer program comprising: program code for creating a virtual copy of an entirety of the virtual machine, said creating being performed during runtime of the virtual machine and operation of the computation device being continued unimpaired; program code for (i) externally, (ii) in advance and (iii) after the assessment performed during operation.

Response to Arguments
Applicant’s amendments, filed 1/27/2021, to claim 29 amending the claim to recite that the apparatus comprises a processor and memory are sufficient to overcome the rejection to the aforementioned claim. Accordingly, the rejection of claims 29-32 under 112, second paragraph, as filed in (9) of the Non-Final Office action filed 12/10/2020, is withdrawn.  
Applicant’s arguments, see pages 7-10 in Remarks, filed 1/27/2021, with respect to amended claims 16, 29 and 33, and dependent claims as being rejected under 35 U.S.C. 103(a) as being unpatentable over Bhargava (US 2013/0246685 A1) in view of Hodgman (US 8904525 B1), further in view of Sanders (US 2011/0191852 A1) have been fully considered and are found persuasive.  These rejections have been withdrawn.

Allowable Subject Matter
Claims 16-33 are allowed in light of the Applicant’s arguments and in light of the prior art made of record.

Reasons for Allowance
The following is an examiner’s statement for reasons for allowance:
Newly amended independent claims 16, 29 and 33 are allowed for reasons argued by applicant in pages 7-10 of the Remarks, filed 1/27/2021, and for reasons explained below.
As to independent claims 16, 29 and 33, the prior art including Bhargava (US 2013/0246685 A1), Hodgman (US 8904525 B1) and Sanders (US 2011/0191852 A1), alone or in combination, fails to anticipate or render obvious the claimed invention.  
Bhargava (prior art on the record) teaches a method for detecting malware in a memory page of a guest machine by means of creating a copy of the memory page of a guest machine via a live migration runtime of the virtual machine. An analysis is performed on the copied memory page as part of a system security check which generates a message containing detected threat information of the copied memory page. An alert is created when a threat is detected.
Hodgman (prior art on the record) teaches a method of performing a virtual machine image procedure while the mobile device operates in a normal operating mode. Hodgman also teaches a method of detecting malware in a virtual machine image of a device which indicates malware being present in the device itself.

Additionally, Sweet (US 2013/0042115 A1), teaches a method of evaluating the security, compliance and integrity of virtual machine processes and data structures utilizing a cloned copy of another virtual machine.
Additionally, Harrison (US 2017/0235951 A1), teaches a method of detecting malware in a virtual machine by means of copying a virtual machine to a secure hosted virtual machine and determining remediation for the malware on the virtual machine.
Additionally, Morgan (US 2012/0304170 A1), teaches a method of determining security of a virtual machine by means of analyzing security states determined for applications running on a virtual machine image.
None of the prior art of record cited above teaches the non-obvious features of the present invention: “a desired security state which is defined for the computation device one of (i) externally, (ii) in advance and (iii) after an assessment performed during operation” and “creating a threat indication for the computation device if the result indicates a deviation in the security state of the virtual copy from the desired security state of the computation device which is defined for the computation device one of (i) externally, (ii) in advance and (iii) after the assessment performed during operation”
None of the prior art of record, either taken by itself or in any combination, would have anticipated or made obvious the invention of the present application at or before the time it was filed.

Conclusion
Therefore, claims 16-33 are hereby allowed in view of applicant’s persuasive arguments and in light of amendment to the claims.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should be preferably accompany the issue fee.  Such submissions should be clearly labeled "Comments on Statement of Reasons for Allowance".
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BLAKE ISAAC NARRAMORE whose telephone number is (303)297-4357.  The examiner can normally be reached on Monday - Friday 0700-1700 MT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi T Arani can be reached on (571) 272-3787.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-


/B.I.N./Examiner, Art Unit 2438 

/SAMSON B LEMMA/Primary Examiner, Art Unit 2498