Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . This is in reply to papers filed on 03/31/2021. Claims 1-12 are pending. Claims 1 and 11 is/are independent.

Information Disclosure Statement
	The information disclosure statement(s) (IDS) submitted on 02/05/2020 and 01/21/2019 is/are in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement(s) is/are being considered by the examiner.

Priority Claim

Acknowledgment is made of applicant's claim for foreign priority based on an application filed in Great Britain on August 16, 2016 and an application filed in the European Patent Office on August 16, 2016. It is noted, however, that applicant has not filed a certified copy of the GB1614017 application as required by 37 CFR 1.55. Receipt is acknowledged of certified copies of papers required by 37 CFR 1.55 for application EP16184382.6 filed in the European Patent Office.
	
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-12 are provisionally rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over claims 1-11 of copending U.S Patent Application No. 16/323,084 in view of Shamsee U.S. Publication 20130263125 (hereinafter “Shamsee”). This is a provisional nonstatutory double patenting rejection because the patentably indistinct claims have not in fact been patented.

Claim 1 of U.S Patent Application No. 16/323,084 lacks supplementing the target VM configuration with a security facility associated with at least one of the identified VM parameters so as to protect the target VM from the security attack.
Shamsee at para. 15 and 36 teaches providing enhanced network services (e.g., firewall protection) for the virtual machine and determining whether the network entity of a machine receiving a transferred virtual machine and firewall process is compatible for the transfer based on hardware/software resources including a sufficient security level. Therefore, it may be advantageous to include a security facility such as a firewall for a virtual machine configuration, the firewall being associated with a security level of a network entity, as taught by Shamsee, in order to improve the ability of a system to respond to specific attacks with the firewall.
The foregoing analysis is equally applicable to claim 11 of the instant application.
Claims 2-9 and 12 of the instant application are each dependent from claim 1 of the instant application, incorporate all of the features of claim 1, and are therefore rejected under the same rationale and a corresponding dependent claim in the reference patent.
Claim 10 does not have a corresponding dependent claim in the reference application. Claim 10 recites wherein the security facility includes one or more of: an email scanner; a malware scanner; an email attachment removal facility; an email link removal facility; an email link replacement facility; a domain name server redirection detector; a firewall; a proxy; an HTTP filter; a download detector; a malware scanner; a multi-factor authentication facility; logging functions; and a behaviour monitor.
security facility such as a firewall for a virtual machine configuration, the firewall being associated with security level of a network entity, as taught by Shamsee, in order to improve the ability of a system to respond to specific attacks with the firewall.

Claims 1-12 are rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over claims 1-11 of U.S. Patent No. 10484402 (U.S. Application No. 15/677,322) in view of Shamsee U.S. Publication 20130263125 (hereinafter “Shamsee”).
Although the claims at issue are not identical, they are not patentably distinct from each other, because the claims of U.S. Patent No. 10484402 render obvious the claims of the present application. For example, claim 1 of U.S. Patent No. 10484402 is substantively the same as claim 1 of the instant application, 16/319,391, for four limitations of the claim body (“training a machine learning algorithm...”, “generating a first data structure...”, “receiving a second data structure…”, “identifying VM parameters…”). 
Claim 1 of U.S. Patent No. 10484402 lacks supplementing the target VM configuration with a security facility associated with at least one of the identified VM parameters so as to protect the target VM from the security attack.
Shamsee at para. 15 and 36 teaches providing enhanced network services (e.g., firewall protection) for the virtual machine and determining whether the network entity of a machine receiving a transferred virtual machine and firewall process is compatible for the transfer based on hardware/software resources including a sufficient security level. Therefore, it may be advantageous to include a security facility such as a firewall for a virtual machine configuration, the firewall being associated with security level of a network entity, as taught by Shamsee, in order to improve the ability of a system to respond to specific attacks with the firewall.

Claims 2-9 and 12 of the instant application are each dependent from claim 1 of the instant application, incorporate all of the features of claim 1, and are therefore rejected under the same rationale and a corresponding dependent claim in the reference patent.
Claim 10 does not have a corresponding dependent claim in the reference patent. Claim 10 recites wherein the security facility includes one or more of: an email scanner; a malware scanner; an email attachment removal facility; an email link removal facility; an email link replacement facility; a domain name server redirection detector; a firewall; a proxy; an HTTP filter; a download detector; a malware scanner; a multi-factor authentication facility; logging functions; and a behaviour monitor.
Shamsee at para. 36 teaches providing the enhanced network services (e.g., firewall protection) for the virtual machine. As discussed above with respect to claim 1, it may be advantageous to include a security facility such as a firewall for a virtual machine configuration, the firewall being associated with security level of a network entity, as taught by Shamsee, in order to improve the ability of a system to respond to specific attacks with the firewall.

Allowable Subject Matter
	Claims 1-12 would be allowable if the double patenting rejection is overcome by filing a valid terminal disclaimer.

The following is a statement of reasons for the indication of allowable subject matter:  

The prior art of record (in particular, Fries U.S. Publication 2012/0323853 (hereinafter "Fries"), Le Roux U.S. Publication 2010/0228694 (hereinafter "Le Roux"), Dumitras U.S. Patent No. 9043922 (hereinafter "Dumitras"), Haugsnes U.S. Patent No. 8914406 (hereinafter "Haugsnes"), does not expressly disclose all the limitations recited in independent claims and 
generating a first data structure for storing one or more relationships between VM configuration parameters and attack characteristics, wherein the first data structure is generated by sampling the trained machine learning algorithm to identify the relationships; 
receiving a second data structure storing a directed graph representation of one or more sequences of VM configuration parameters for achieving the particular attack characteristic of the security attack, the VM parameters in the directed graph representation being determined based on the first data structure; 
identifying VM parameters of the target VM used in the security attack as a subset of sequences in the directed graph representation corresponding to VM parameters of the target VM; 

Rather, Fries discloses machine learning with virtual machines that are labeled as infected or non-infected machines.  A trained machine can then classify a virtual machine as being infected with a computer virus [Fries para. 34, 36, 37, 42]. However, Fries does not disclose at least the features of claim 1 quoted above. 
To this, Le Roux adds generating a data structure capable of storing relationship data [Le Roux, Figure 1, para. 22, 29]. Dumitras adds a machine-learning-based detection system to detect and classify unknown attacks, correlations between software component properties and its malicious-attack exposure level, susceptibility of software components to malicious attacks, and a level of exposure to malicious attacks of each software component [Dumitras, 13:12-16, 13:28-31, 45-46]. Haugsnes adds detected events can be used to trigger a request for a new configuration (e.g., for a new rule or policy, or a new VM) [Haugsnes, 5:53-56].  
The combination of Fries, Le Roux, Dumitras, and Haugsnes also does not teach the features of claim 1 quoted above.
Claim 11 recites features analogous to the features of claim 1 and is allowable for the same reasons.
None of the prior art of record, either taken by itself or in any combination, would have anticipated or made obvious the invention of the present application at or before the time it was filed.	

Dependent claims 2-10 and 12 are allowable in view of their respective dependence from independent claims 1 and 11.




Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HOWARD H LOUIE whose telephone number is 571-272-0036.  The examiner can normally be reached on Monday-Friday 9 AM-5 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jung W. Kim can be reached on 571-272-3804.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/HOWARD H. LOUIE/Examiner, Art Unit 2494    

/JUNG W KIM/Supervisory Patent Examiner, Art Unit 2494