DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Amendment
Claims 1-20 are pending and currently amended.
Applicant’s amendments to the claims will overcome each and every claim objection previously set forth in the Non-Final Office Action mailed 07/14/2020.
Response to Arguments
Applicant's arguments with respect to claim(s) 1, 17 and 20 have been considered but are moot in view of new grounds of rejection. 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the 

Claims 1-6, 10 and 16-20 are rejected under 35 U.S.C. 103 as being unpatentable over Hulten et al. (US Pub No. 2010/0005291) in view of Zonouz et al. (US Pub No. 2020/0293682).
Regarding independent claim 1, Hulten teaches a system, comprising: a processor configured to: Attorney Docket No. PALOP17953PATENTreceive, by an operating system executing on a device, a request to launch an application (Hulten, page 1, paragraph 0013 and page 2, paragraph 0027; attempt to install application); determine that a stored copy of the application should be executed within a sandbox (Hulten, page 2-3, paragraphs 0027-0028 and page 5, paragraph 0055; determine reputation of the application is unknown and executing in a sandbox); and execute the stored copy of the application in the sandbox (Hulten, page 5, paragraph 0055; executing in a sandbox); a memory coupled to the processor and configured to provide the processor with instructions (Hulten, page 6, paragraph 0068). 
	Hulten discloses the application may execute in a protected environment such as a sandbox (Hulten, page 5, paragraph 0055 and page 1, paragraph 0013), however, does not explicitly teach an application-level sandbox provided by the third party host application; application-level sandbox provided by the third party host application, wherein the third party host application provides a framework layer that provides hooking functionality for monitoring system calls made by the application.
	Zonouz teaches an application-level sandbox provided by the third party host application (Zonouz, page 9, paragraph 0097 and page 14, paragraph 0154; application sandboxing by target application); application-level sandbox provided by the third party host application, wherein the third party host application provides a framework layer that provides Zonouz, page 8, paragraph 0094, page 9, paragraphs 0097-0098 & 0103 and page 14, paragraph 0154; application sandboxing with system call interceptions). 
	It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Hulten with the teachings of Zonouz to have application sandboxing to provide the advantage of monitoring installed application for data leaks and providing privacy protection and verification (Zonouz, page 1, paragraph 0004 and page 8, paragraph 0092). 
	Regarding claim 2, Hulten in view of Zonouz teaches the system wherein the request to launch the application is a first request to launch the application after installation of the application on the device (Hulten, page 2, paragraph 0027; attempt to install/execute; the application is pre-stored/downloaded in the memory), and wherein determining that the stored copy of the application should be executed within the application-level sandbox includes determining that a security verdict for the application has not yet been received at the 15device (Hulten, page 5, paragraph 0055; no indication/no establish reputation with the reputation service provider).
Regarding claim 3, Hulten in view of Zonouz teaches the system wherein determining that the security verdict has not been received includes determining that a security assessment by the device has not been performed (Hulten, page 5, paragraph 0055 and page 3, paragraph 0036; no indication/no establish reputation with the reputation service provider).
Regarding claim 4, Hulten in view of Zonouz teaches the system wherein determining that the security verdict has not been received includes determining that a security assessment Hulten, page 5, paragraph 0055 and page 3, paragraph 0036; no indication/no establish reputation with the reputation service provider (page 3, paragraph 0029; reputation service provider remote server)).
Regarding claim 5, Hulten in view of Zonouz teaches each and every claim limitation of claim 1, however, Zonouz teaches the system wherein the application-level sandbox is configured to monitor behavior of the application during execution of the application in the application-level sandbox (Zonouz, page 8, paragraph 0094, page 9, paragraphs 0097-0098 & 0103 and page 14, paragraph 0154; application tracking).
	It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Hulten with the teachings of Zonouz to have application sandboxing to provide the advantage of monitoring installed application for data leaks and providing privacy protection and verification (Zonouz, page 1, paragraph 0004 and page 8, paragraph 0092). 
Regarding claim 6, Hulten in view of Zonouz teaches each and every claim limitation of claim 1, however, Zonouz teaches the system wherein the application-level sandbox is configured to log data during execution of the application in the application-level sandbox (Zonouz, page 8, paragraph 0094 and page 9, paragraphs 0097-0098; stores values).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Hulten with the teachings of Zonouz to have application sandboxing to provide the advantage of monitoring installed application for data leaks and providing privacy protection and verification (Zonouz, page 1, paragraph 0004 and page 8, paragraph 0092). 
claim 10, Hulten in view of Zonouz teaches the system wherein determining that the stored copy of the application should be executed within an application-level sandbox includes determining that a user has indicated that the user would like to execute the application in the application-level sandbox (Hulten, page 5, paragraph 0055 and page 3, paragraph 0037; user choose to continue execution).
Regarding claim 16, Hulten in view of Zonouz teaches the system wherein the request to launch the application is a first request, and wherein, at a time subsequent to the first request, a second request to launch the application is received, and a determination is made that the stored copy of the application need not be executed in the application-level sandbox (Hulten, pages 1-2, paragraph 0013 and page 2, paragraph 0027; subsequent user access when the reputation is non-malicious is allowed to execute). 
Regarding independent claim 17, Hulten teaches a method, comprising: Attorney Docket No. PALOP17953PATENTreceiving, by an operating system executing on a device, a request to launch an application (Hulten, page 1, paragraph 0013 and page 2, paragraph 0027; attempt to install application); determining that a stored copy of the application should be executed within a sandbox (Hulten, page 2-3, paragraphs 0027-0028 and page 5, paragraph 0055; determine reputation of the application is unknown and executing in a sandbox); and executing the stored copy of the application in the sandbox (Hulten, page 5, paragraph 0055; executing in a sandbox). 
	Hulten discloses the application may execute in a protected environment such as a sandbox (Hulten, page 5, paragraph 0055 and page 1, paragraph 0013), however, does not explicitly teach an application-level sandbox provided by the third party host application; application-level sandbox provided by the third party host application, wherein the third party 
Zonouz teaches an application-level sandbox provided by the third party host application (Zonouz, page 9, paragraph 0097 and page 14, paragraph 0154; application sandboxing by target application); application-level sandbox provided by the third party host application, wherein the third party host application provides a framework layer that provides hooking functionality for monitoring system calls made by the application (Zonouz, page 8, paragraph 0094, page 9, paragraphs 0097-0098 & 0103 and page 14, paragraph 0154; application sandboxing with system call interceptions). 
	It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Hulten with the teachings of Zonouz to have application sandboxing to provide the advantage of monitoring installed application for data leaks and providing privacy protection and verification (Zonouz, page 1, paragraph 0004 and page 8, paragraph 0092). 
Regarding claim 18, Hulten in view of Zonouz teaches the method wherein the request to launch the application is a first request, and wherein, at a time subsequent to the first request, a second request to launch the application is received, and a determination is made that the stored copy of the application need not be executed in the application-level sandbox (Hulten, pages 1-2, paragraph 0013 and page 2, paragraph 0027; subsequent user access when the reputation is non-malicious is allowed to execute). 
Regarding claim 19, Hulten in view of Zonouz teaches the method wherein determining that the security verdict has not been received includes determining that a security assessment Hulten, page 5, paragraph 0055 and page 3, paragraph 0036; no indication/no establish reputation with the reputation service provider).
Regarding independent claim 20, Hulten teaches a computer program product embodied in a tangible, non-transitory computer readable storage medium and comprising computer instructions for: Attorney Docket No. PALOP17953PATENTreceiving, by an operating system executing on a device, a request to launch an application (Hulten, page 1, paragraph 0013 and page 2, paragraph 0027; attempt to install application); determining that a stored copy of the application should be executed within a sandbox (Hulten, page 2-3, paragraphs 0027-0028 and page 5, paragraph 0055; determine reputation of the application is unknown and executing in a sandbox); and executing the stored copy of the application in the sandbox (Hulten, page 5, paragraph 0055; executing in a sandbox). 
	Hulten discloses the application may execute in a protected environment such as a sandbox (Hulten, page 5, paragraph 0055 and page 1, paragraph 0013), however, does not explicitly teach an application-level sandbox provided by the third party host application; application-level sandbox provided by the third party host application, wherein the third party host application provides a framework layer that provides hooking functionality for monitoring system calls made by the application.
Zonouz teaches an application-level sandbox provided by the third party host application (Zonouz, page 9, paragraph 0097 and page 14, paragraph 0154; application sandboxing by target application); application-level sandbox provided by the third party host application, wherein the third party host application provides a framework layer that provides hooking functionality for monitoring system calls made by the application (Zonouz, page 8, paragraph 0094, page 9, paragraphs 0097-0098 & 0103 and page 14, paragraph 0154; application sandboxing with system call interceptions). 
	It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Hulten with the teachings of Zonouz to have application sandboxing to provide the advantage of monitoring installed application for data leaks and providing privacy protection and verification (Zonouz, page 1, paragraph 0004 and page 8, paragraph 0092). 

Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over Hulten et al. (US Pub No. 2010/0005291) in view of Zonouz et al. (US Pub No. 2020/0293682) as applied to claims 1-6, 10 and 16-20  above, and further in view of Hariharakrishnan et al. (US Pub No. 2016/0098334).
Regarding claim 7, Hulten in view of Zonouz teaches each and every claim limitation of claim 6.
Hulten in view of Zonouz does not explicitly teach wherein the system is configured to transmit collected log data to a 25remote server for analysis
Hariharakrishnan teaches wherein the system is configured to transmit collected log data to a 25remote server for analysis (Hariharakrishnan, page 17, paragraph 0199; send stored performance-related data to server for analysis).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Hulten in view of Zonouz with the teachings of Hariharakrishnan to send performance related data from a sandbox to a server for analysis to Hariharakrishnan, page 1, paragraph 0006). 

Claims 8-9 are rejected under 35 U.S.C. 103 as being unpatentable over Hulten et al. (US Pub No. 2010/0005291) in view of Zonouz et al. (US Pub No. 2020/0293682) as applied to claims 1-6, 10 and 16-20  above, and further in view of Ronen et al. (US Pub No. 2007/0250405).
Regarding claim 8, Hulten in view of Zonouz teaches each and every claim limitation of claim 1. 
Hulten in view of Zonouz does not explicitly teach the system wherein the application-level sandbox is configured to provide artificial data to the application while the application is executing in the application-level sandbox. 
Ronen teaches wherein the application-level sandbox is configured to provide artificial data to the application while the application is executing in the application-level sandbox (Ronen, page 8, paragraph 0044; user can play with the application in a runtime system with dummy data (sandbox)). 
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Hulten in view of Zonouz with the teachings of Ronen for the user to play with dummy data to provide the advantage of allowing user to Ronen, page 8, paragraph 0044).
Regarding claim 9, Hulten in view of Zonouz and in further view of Ronen teaches each and every claim limitation of claim 8, however, Ronen teaches the system wherein what artificial data to provide to the application is configurable by a user (Ronen, page 8, paragraph 0044).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Hulten in view of Zonouz with the teachings of Ronen for the user to play with dummy data to provide the advantage of allowing user to interact with components to determine whether the application meets expectations (Ronen, page 8, paragraph 0044).

Claims 11-15 are rejected under 35 U.S.C. 103 as being unpatentable over Hulten et al. (US Pub No. 2010/0005291) in view of Zonouz et al. (US Pub No. 2020/0293682) as applied to claims 1-6, 10 and 16-20  above, and further in view of Spertus (US Patent No. 8,001,606).
Regarding claim 11, Hulten in view of Zonouz teaches each and every claim limitation of claim 1. 
Hulten in view of Zonouz does not explicitly teach the system wherein the processor is further configured to detect malicious behavior during monitored execution of the application in the application-level sandbox. 
Spertus teaches wherein the processor is further configured to detect malicious behavior during monitored execution of the application in the application-level sandbox Spertus, column 6, lines 21-40; monitor unknown application in sandbox for malware/suspicious behavior).  
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Hulten in view of Zonouz with the teachings of Spertus to monitor applications in a protected environment to detect malware to provide the advantage of detecting malware while allowing applications to execute while minimizing the risk of harm to the client (Spertus, column 6, lines 37-40).
Regarding claim 12, Hulten in view of Zonouz and in further view of Spertus teaches each and every claim limitation of claim 11, however, Spertus teaches the system wherein the processor is configured to detect malicious behavior at least in part by detecting attempted malicious network activity (Spertus, column 6, lines 21-40 and line 63-column 7, line 3; monitor unknown application in sandbox for malware/suspicious behavior and string signatures; the behavior signature can indicate the application using a function to write to another process or remote server).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Hulten in view of Zonouz with the teachings of Spertus to monitor applications in a protected environment to detect malware to provide the advantage of detecting malware while allowing applications to execute while minimizing the risk of harm to the client (Spertus, column 6, lines 37-40).
Regarding claim 13, Hulten in view of Zonouz and in further view of Spertus teaches each and every claim limitation of claim 12, however, Spertus teaches the system wherein the Spertus, column 10, lines 60-67).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Hulten in view of Zonouz with the teachings of Spertus to monitor applications in a protected environment to detect malware to provide the advantage of detecting malware while allowing applications to execute while minimizing the risk of harm to the client (Spertus, column 6, lines 37-40).
Regarding claim 14, Hulten in view of Zonouz and in further view of Spertus teaches each and every claim limitation of claim 12, however, Spertus teaches the system wherein the attempted malicious network activity includes an unauthorized attempt to exfiltrate data from the device (Spertus, column 6, lines 21-40 and line 63-column 7, line 3; monitor unknown application in sandbox for malware/suspicious behavior and string signatures; the behavior signature can indicate the application using a function to write to another process or remote server).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Hulten in view of Zonouz with the teachings of Spertus to monitor applications in a protected environment to detect malware to provide the advantage of detecting malware while allowing applications to execute while minimizing the risk of harm to the client (Spertus, column 6, lines 37-40).
Regarding claim 15, Hulten in view of Zonouz and in further view of Spertus teaches each and every claim limitation of claim 12, however, Spertus teaches the system wherein the attempted malicious network activity includes an attempt to contact a known malicious domain Spertus, column 6, lines 21-40 and line 63-column 7, line 3; monitor unknown application in sandbox for malware/suspicious behavior and string signatures; the behavior signature can indicate the application using a function to write to another process or remote server).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Hulten in view of Zonouz with the teachings of Spertus to monitor applications in a protected environment to detect malware to provide the advantage of detecting malware while allowing applications to execute while minimizing the risk of harm to the client (Spertus, column 6, lines 37-40).

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on 571-272-4063.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/SHAQUEAL D WADE/             Examiner, Art Unit 2437 

/KRISTINE L KINCAID/             Supervisory Patent Examiner, Art Unit 2437