DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

This is Response to Amendments/REMARKS, filed on 09/29/2021.
Claims 1—20 are pending. 
Wherein: Claims 10—20 are allowed.

Response to Arguments
Applicant’s arguments with respect to claim(s) 1—9 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1—7 is/are rejected under 35 U.S.C. 103 as being unpatentable over “Morozov” et al. [US 8,769,268 B2] in view of “Brownell” [US 7,150,040 B2], and further in view of “Cheetancheri” et al. [US 10,873,589 B2].

Regarding Claim 1. Morozov disclose A host computer system configured to connect to a network, wherein the host computer system comprises: a memory; and a processor configured to:
implement a workspace [Morozov disclose “providing multiple workspace sessions” (Abstract)], wherein the workspace is configured to enable operation of a first set of one or more applications or processes via a first memory space [Morozov disclose initiating 1st workspace session on existing Operating System (Abstract); see Also Secure Workspace System (SWS) 200 with underlying Operating System 230 (FIG.2A:col.9, line 42 to col.10, line 11)];
implement an isolated computing environment that uses a host operating system, the isolated computing environment being configured to enable operation of a second set of one or more applications or processes via a second memory space [Morozov disclose initiating 2nd workspace session on existing Operating System (Abstract); see Also Secure Workspace System (SWS) 200 with underlying Operating System 230 (FIG.2A:col.9, line 42 to col.10, line 11)]; 

Morozov disclose firewall having firewall rules [see col.4, lines 35—47; and claim 1]. 
Morozov does not expressly disclose; but, 
Brownell, analogues art, disclose, the isolated computing environment configured to authenticate with an authorization device [Brownell disclose authenticating user to firewall device (see steps 420, 424 where Authenticate Use…)] 
Therefore, it would have been obvious to a person having ordinary skill in the art before the effective filing date of applicant’s invention date was made to modify the system of Morozov by incorporating the firewall of Brownell for the benefit of cloud computing security, and providing scanning within segmented networks.

Morozov and Brownell may not expressly disclose; but, Cheetancheri, analogues art, disclose and isolate the isolated computing environment s data from being communicated between the isolated computing environment and the workspace , wherein the internal isolation firewall segregates the first memory space from the second memory space [see FIG.5, where Cheetancheri disclose Firewall 530 that prevents data being communicated and segregates the source computer 510 environment (1st memory space) from the Analysis/Destination Computer 550/570 (2nd memory space)]. 
Therefore, it would have been obvious to a person having ordinary skill in the art before the effective filing date of applicant’s invention date was made to modify the system of Morozov in view of Brownell by incorporating firewall 530 of Cheetancheri for the benefit of identifying whether malware is included in one or more data packets transmitted from a first computer to a second computer.

Morozov in view of Brownell, and further in view of Cheetancheri further disclose and implement one or more mechanisms that prevent malware see “secure workspace” session (SWS) 510 of FIG.5; where Morozov disclose blocking malware (col.28, line 45 to col.29, line 2)]. 

Morozov in view of Brownell, and further in view of Cheetancheri further disclose claim 2. The host computer system of claim 1, wherein the one or more mechanisms comprise a host-based firewall [Morozov disclose Firewall (col.4, lines 35—47; and claim 1); and Brownell disclose FIREWALL HOST 526/562 (FIGS.5A/5B)], 
the host-based firewall configured to: when the host computer system is connected to a trusted network, block incoming traffic from the other devices on the trusted network; and when the host computer system is connected to an untrusted network, block outgoing and incoming traffic to or from the workspace of the host computer system [Brownell disclose (e.g., FIG.3) monitoring incoming/outgoing traffic]. The motivation to combine is the same as that of claim 1 above.

Morozov in view of Brownell, and further in view of Cheetancheri further disclose claims 3—5. The host computer  [Morozov disclose Firewall (col.4, lines 35—47; and claim 1); and Brownell disclose FIREWALL HOST 526/562 (FIGS.5A/5B)]; and wherein when the malware is received by the workspace, the internal isolation firewall configured to prevent the malware from moving data from the workspace to the isolated computing environment, and wherein attempts by the malware to exfiltrate the data from the workspace are prevented by: one or more of a border firewall or a proxy device when the host computer system is connected to the trusted network; 
or the host-based firewall when the host computer system is connected to the untrusted network [Brownell disclose (e.g., FIG.3) monitoring incoming/outgoing traffic], and , wherein the host-based firewall is configured to allow pre-defined traffic via pre-defined ports [Morozov disclose Firewall (col.4, lines 35—47; and claim 1); and Brownell disclose FIREWALL HOST 526/562 (FIGS.5A/5B)]. The motivation to combine is the same as that of claim 1 above.

claims 6 & 7. The host computer system of claim 1, wherein when the malware is received by the isolated computing environment, the internal isolation firewall is configured to prevent the malware from accessing data on the workspace of the host computer system; and wherein the processor is configured to prevent the malware from using web-based protocols and non-web-based protocols to exfiltrate data to one or more network destinations [see “secure workspace” session (SWS) 510 of FIG.5; where Morozov disclose blocking malware (col.28, line 45 to col.29, line 2)]. 

Claims 8 and 9 is/are rejected under 35 U.S.C. 103 as being unpatentable over “Morozov” et al. [US 8,769,268 B2] in view of “Brownell” [US 7,150,040 B2], and further in view of “Cheetancheri” et al. [US 10,873,589 B2], and further in view of “JAY” et al. [US 2017/0206351 A1].

Morozov in view of Brownell, and further in view of Cheetancheri fail; however, JAY, analogues art, disclose claim 8. The host computer system of claim 1, wherein the sandbox computing environment enforced by a sandbox container process that enables the internal isolation firewall [see par.0045, 0085, 0094]. 


Morozov in view of Brownell and further in view of Cheetancheri, and further in view of JAY further disclose claim 9. The host computer system of claim 1, wherein the processor is configured to classify network destinations as trusted based on whitelist comprising a list of trusted network destinations or as untrusted based on a blacklist comprising a list of untrusted network destinations [JAY disclose whitelist & blacklist applications (see Abstract; par.0045, 0050, 0055, 0067,…)]. The motivation to combine is the same as that of claim 8 above.

Allowable Subject Matter
Claims 10—20 are allowed.  
/Examiner’s statement of reasons for allowance can be found in previous office action/

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to AMARE F TABOR whose telephone number is (571) 270-3155.  The examiner can normally be reached on Mon.—Fri.: 8:00 AM to 5:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/AMARE F TABOR/Primary Examiner, Art Unit 2434