DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

This office action is a response to an application filed 12/30/2019. This application claims benefit of a Continuation Application No. 15/448,476 now Patent No.10534909, filed 03/02/2019, wherein claims 1 – 16 are pending and ready for examination.  

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.


Claims 1-16 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-5, 8, and 10-12 of Patent No.10534909. Although the claims at issue are not identical, they are not patentably distinct from each other because.

Instant 16730892
15448476 (Patent No.10534909)
1. A method comprising:
receiving, by a virtual sandbox appliance, a file that has been tagged by a network security device based on one or more of an application to which the file pertains and a threat-level associated with the file as determined by a pre-filtering process performed on the file by the network security device, wherein the virtual multi-tiered sandbox appliance includes a plurality of virtualization layers each having different resource requirements and wherein the plurality of virtualization layers include:



a full hypervisor based environment, representing a most resource intensive virtualization layer of the plurality of virtualization layers; and

a container-based environment, representing an intermediate resource intensive virtualization layer of the plurality of virtualization layers; causing, by the virtual sandbox appliance, the file to exhibit a first set of behaviors by running the file within the virtualization application based environment;

causing, by the virtual sandbox appliance, the file to exhibit a second set of behaviors by running the file within the container based environment;

determining, by the virtual sandbox appliance, differences, if any, between the first set of behaviors and the second set of behaviors; and classifying, by the virtual sandbox appliance, the file as malicious when the differences are greater than a predefined or configurable threshold.



1. A method comprising:
receiving, by a computer system, a file;
causing the file to exhibit a first set of behaviors by processing the file within a virtualization application based environment of the computer system, wherein the virtualization application based environment is created based on an application to which the file pertains;

causing the file to exhibit a second set of behaviors by processing the file within a container of a plurality of containers of a container based environment of the computer system, wherein the plurality of containers share a common kernel of a particular operating system;

determining, by the computer system, differences, if any, between the first set of behaviors and the second set of behaviors; and

classifying, by the computer system, the file as malicious when the differences are greater than a predefined or configurable threshold.




2. The method of claim 1, wherein when the differences are less than or equal to the predefined or configurable threshold, the method further comprises: causing, by virtual sandbox appliance, the file to exhibit a third set of behaviors by running the file within the full hypervisor based environment; and 
classifying, by the virtual sandbox appliance, the file as malicious when differences, if any, between any of the first set of behaviors, the second set of behaviors and the third set of behaviors are greater than the predefined or configurable threshold.
2. (Original) The method of claim 1, wherein when the differences are less than or equal to the predefined or configurable threshold, the method further comprises

causing the file to exhibit a third set of behaviors by processing the file within a full hypervisor based environment of the computer system; and classifying, by the computer system, the file as malicious when differences, if any, between any of the first set of behaviors, the second set of behaviors and the third set of behaviors are 

3. (Currently Amended) The method of claim 2, wherein said processing the file within a virtualized application based environment and said processing the file within a container based environment are performed in parallel[[;]].
4. The method of claim 3, wherein the first set of behaviors and the second set of behaviors are provided as an input to the full hypervisor based environment prior to said running the file within the full hypervisor based environment.
4. (Previously Presented) The method of claim 3, wherein the first set of behaviors and the second set of behaviors are provided as an input to the full hypervisor based environment prior to said processing the file within the full hypervisor based environment.
5. The method of claim 1, wherein the hypervisor based environment employs a first level of entropy generation for creation of the hypervisor based environment that is greater than a second level of entropy generation employed in connection with creation of the container based environment, and wherein the second level of entropy generation is greater than a third level of entropy generation employed in connection with creation of the virtualization application based environment.
5. (Previously Presented) The method of claim 2, wherein the full hypervisor based environment employs a first level of entropy generation for creation of the full hypervisor based environment that is greater than a second level of entropy generation employed in connection with creation of the container based environment, and wherein the second level of entropy generation is greater than a third level of entropy generation employed in connection with creation of the virtualization application based environment.
6. The method of claim 1, further comprising queuing the file prior to said running the file within the virtualized application based environment and prior to said running the file within the container based environment.
10. (Original) The method of claim 1, further comprising queuing the file prior to said processing the file within a virtualized application based environment and prior to said processing the file within a container based environment.
7. The method of claim 6, wherein said queuing enables separation of the file from corresponding network security threat data.
11. (Original) The method of claim 10, wherein said queuing enables separation of the file from corresponding network security threat data.
8. The method of claim 1, wherein the virtualization application based environment and the container based environment use a pointer system through a change root environment rather than using a full operating system
12. (Original) The method of claim 1, wherein the virtualization application based environment and the container based environment use a pointer system through a change root environment rather than using a full operating system.
Claim 9 is the system that is directed to the method of claims 1 and 8.

Claim 10 is the system that is directed to the method of claim 2.

Claims 11 and 12 are system claims that is directed to the method of claims 3 and 4.



Claim 14 is the system that is directed to the method of claims 6. 

Claim 15 is the system that is directed to the method of claims 7. 

Claim 16 is the system that is directed to the method of claims 8.





Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WILLIAM B. JONES whose telephone number is (571) 272-9637.  The examiner can normally be reached on Mon - Fri., 5:30 a.m. to 2:00 p.m.  If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 571-272-3972.  The fax phone number for the organization where this application or proceeding is assigned is 571-272-3900.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
 /WILLIAM B JONES/Examiner, Art Unit 24915/13/2021
/ASHOKKUMAR B PATEL/Supervisory Patent Examiner, Art Unit 2491