DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


	Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.



Regarding claims 1-7, the claims are directed to a "system", but fails to disclose physical "things". The elements of the claims may be construed as software (see PGPub paragraph 17 and 96)
[Paragraph 17], server may refer to a hardware device that acts as the host in a client-server relationship or a software process that shares a resource with or performs work for one or more clients.
[Paragraph 96], "PROCESSOR" in this context refers to any circuit or virtual circuit…
Since the word "system" is recited only in the preamble, and the body of the claims only recites software elements, the claims could reasonably be interpreted as directed to a combination of software elements. While the preamble recites a system, the claims as a whole cannot reasonably be interpreted as a machine, since under 101, a machine is defined as a physical device or a combination of devices having functionalities to effect an action or a result, and the software is not physical device(s)/system or objects. Thus, the claims only recite software per se (descriptive material covered in MPEP 2106.01), which constitute as non- statutory subject matter.

Claim Rejections - 35 USC § 112

The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.



Claim(s) *** is/are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.

Claim(s) 1, 2, 4 and 7 (similarly claims 8, 9, 11, 14, 15, 16, 18 and 21) recite: “an app” and/or “API”.  The use of these acronyms and/or abbreviation makes the claim ambiguous, since the acronyms and/or abbreviations were not clearly defined.  In interest of further examination, the examiner will interpret an app as an application and API as Application Program Interface.

Claim 1 (similarly claims 8 and 15) recites the limitation "the runtime".  There is insufficient antecedent basis for this limitation in the claim.  The examiner is unclear if the runtime is referring to the secure runtime or another runtime.

Claim 1 (similarly claims 8 and 15) recite: “read-only access to the app to the data source”.  The examiner is unclear how this should be interpreted.  

Claim 6 (similarly claims 13 and 20) recites the limitation "the containerized runtime".  There is insufficient antecedent basis for this limitation in the claim.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.

Claims 1-21 is/are provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-21 of copending Application No. 16811013 and 16811071 (reference application). Although the claims at issue are not identical, they are not patentably distinct from each other.
This is a provisional nonstatutory double patenting rejection because the patentably indistinct claims have not in fact been patented.

Claim Rejections - 35 USC § 103

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claim(s) 1-4, 6-11, 13-18 and 20-21 is/are rejected under 35 U.S.C. 103 as being unpatentable over Schwartz et al. (Pub 20200364354) (hereafter Schwartz) in view of Jain et al. (Pub 20160127307) (hereafter Jain).

As per claim 1, Schwartz teaches:
A data management system, comprising: 
a server configured to host a virtual machine; ([Paragraph 24], As shown in FIG. 1, computing device 102 includes a virtual machine 104 hosted…)
one or more processors in communication with the server, the one or more processors configured to perform operations including: 

generating, with the one or more processors, a secure runtime in a memory in communication with the one or more processors;
instantiating, with the one or more processors, an app in the runtime; ([Paragraph 19], In isolated computing arrangements, applications may be executed in an environment that is partially or completely isolated from the main computing environment of a computing host. Such isolated arrangements may provide for additional security to the host environment by restricting and/or preventing access to resources of the host environment by the applications.)
receiving, with the one or more processors, a request from the app for data;  ([Paragraph 2], However, in order to enhance a user's experience, certain holes in the isolation barrier may be intentionally present, such as by allowing access to files of the host environment by the application in the isolated environment.)
determining, with the one or more processors, a data source having the requested data;  ([Paragraph 66], authorizing a scope of access that is more limited than the scope indicated in authorization token 312 (e.g., a read-only access of accessed files on a storage device, preventing withdrawals from a financial institution, etc.), permitting access only for a certain time period (e.g., in days, hours, minutes, seconds, etc.) after which access may be terminated, denying access entirely (e.g., where the secured resources may be deemed too sensitive or important, such as bank or financial information, to allow any potentially untrusted access), and/or requiring one or more additional or alternative authorization procedures.  [Paragraph 71], For instance, resource access provider 318 may be configured to grant application 302 access, based on the trust indication included in the token, to open existing content in a user's file space and/or generate new content for storage in a user's file space, while preventing application 302 from modifying or deleting existing content.)
identifying, with the one or more processors, an API to access the data source; and ([Paragraph 26], Computing device 102 may each interface with authorization server 108 and/or resource server 112 through APIs and/or by other mechanisms. Note that any number of program interfaces may be present.)
providing, with the one or more processors, read-only access to the app to the data source via the API for the app to operate on. ([Paragraph 66], authorizing a scope of access that is more limited than the scope indicated in authorization token 312 (e.g., a read-only access of accessed files on a storage device, preventing withdrawals from a financial institution, etc.), permitting access only for a certain time period (e.g., in days, hours, minutes, seconds, etc.) after which access may be terminated, denying access entirely (e.g., where the secured resources may be deemed too sensitive or important, such as bank or financial information, to allow any potentially untrusted access), and/or requiring one or more additional or alternative authorization procedures.  [Paragraph 71], For instance, resource access provider 318 may be configured to grant application 302 access, based on the trust indication included in the token, to open existing content in a user's file space and/or generate new content for storage in a user's file space, while preventing application 302 from modifying or deleting existing content.)
However, Schwartz does not explicitly disclose identifying an API for accessing the data.
Jain teaches identifying an API for accessing the data ([Paragraph 30], The virtualization manager 169 may manage a virtualized infrastructure and perform management operations associated with the virtualized infrastructure. The virtualization manager 169 may manage the provisioning of virtual machines running within the virtualized infrastructure and provide an interface to computing devices interacting with the virtualized infrastructure. In one example, the virtualization manager 169 may set a virtual machine into a frozen state in response to a snapshot request made via an application programming interface (API) by a storage appliance, such as storage appliance 170. Setting the virtual machine into a frozen state may allow a point in time snapshot of the virtual machine to be stored or transferred. In one example, updates made to a virtual machine that has been set into a frozen state may be written to a separate file (e.g., an update file) while the virtual disk file associated with the state of the virtual disk at the point in time is frozen. The virtual disk file may be set into a read-only state to prevent modifications to the virtual disk file while the virtual machine is in the frozen state. The virtualization manager 169 may then transfer data associated with the virtual machine (e.g., an image of the virtual machine or a portion of the image of the virtual machine) to a storage appliance in response to a request made by the storage appliance. After the data associated with the point in time snapshot of the virtual machine has been transferred to the storage appliance, the virtual machine may be released from the frozen state (i.e., unfrozen) and the updates made to the virtual machine and stored in the separate file may be merged into the virtual disk file. The virtualization manager 169 may perform various virtual machine related tasks, such as cloning virtual machines, creating new virtual machines, monitoring the state of virtual machines, moving virtual machines between physical hosts for load balancing purposes, and facilitating backups of virtual machines.  [Paragraph 61] The virtualization interface 104 may provide an interface for communicating with a virtualized infrastructure manager managing a virtualization infrastructure, such as virtualized infrastructure manager 199 in FIG. 1B, and requesting data associated with virtual machine snapshots from the virtualization infrastructure. The virtualization interface 104 may communicate with the virtualized infrastructure manager using an API for accessing the virtualized infrastructure manager (e.g., to communicate a request for a snapshot of a virtual machine). In this case, storage appliance 170 may request and receive data from a virtualized infrastructure without requiring agent software to be installed or running on virtual machines within the virtualized infrastructure…)
It would have been obvious to a person with ordinary skill in the art, before the effective filing date of the invention, to combine the teachings of Schwartz wherein a secure runtime environment for an application is created and instantiated in a memory, application request for data is received, data source for the data is determined, API is used to access the data and data access is read-only access, into teachings of Jain wherein the API is identified which an be used for accessing the data, because this would enhance the teachings of Schwartz wherein by identifying an appropriate API, the identified API can be used as an interface (i.e. application program interface) for communicating with a virtualized infrastructure manager managing a virtualization infrastructure and requesting data associated with virtual machine snapshots from the virtualization infrastructure. 

As per claim 2, rejection of claim 1 is incorporated:
Schwartz teaches wherein the operations further comprise enabling, with the one or more processors, network access to the app. ([Paragraph 66], authorizing a scope of access that is more limited than the scope indicated in authorization token 312 (e.g., a read-only access of accessed files on a storage device, preventing withdrawals from a financial institution, etc.), permitting access only for a certain time period (e.g., in days, hours, minutes, seconds, etc.) after which access may be terminated, denying access entirely (e.g., where the secured resources may be deemed too sensitive or important, such as bank or financial information, to allow any potentially untrusted access), and/or requiring one or more additional or alternative authorization procedures.  [Paragraph 71], For instance, resource access provider 318 may be configured to grant application 302 access, based on the trust indication included in the token, to open existing content in a user's file space and/or generate new content for storage in a user's file space, while preventing application 302 from modifying or deleting existing content. [Paragraph 26], Computing device 102 may each interface with authorization server 108 and/or resource server 112 through APIs and/or by other mechanisms. Note that any number of program interfaces may be present.)
Jain also teaches ([Paragraph 61] The virtualization interface 104 may provide an interface for communicating with a virtualized infrastructure manager managing a virtualization infrastructure, such as virtualized infrastructure manager 199 in FIG. 1B, and requesting data associated with virtual machine snapshots from the virtualization infrastructure. The virtualization interface 104 may communicate with the virtualized infrastructure manager using an API for accessing the virtualized infrastructure manager (e.g., to communicate a request for a snapshot of a virtual machine). In this case, storage appliance 170 may request and receive data from a virtualized infrastructure without requiring agent software to be installed or running on virtual machines within the virtualized infrastructure…)

As per claim 3, rejection of claim 1 is incorporated:
Schwartz teaches wherein the data source is a snapshot of the virtual machine. ([Paragraph 36], Resource manager 114 includes a resource access provider 318 and a resource protector 320. Resource manager 114 may be coupled to secured resources 116 and resource snapshot 322.)
Jain also teaches ([Paragraph 61] The virtualization interface 104 may provide an interface for communicating with a virtualized infrastructure manager managing a virtualization infrastructure, such as virtualized infrastructure manager 199 in FIG. 1B, and requesting data associated with virtual machine snapshots from the virtualization infrastructure. The virtualization interface 104 may communicate with the virtualized infrastructure manager using an API for accessing the virtualized infrastructure manager (e.g., to communicate a request for a snapshot of a virtual machine). In this case, storage appliance 170 may request and receive data from a virtualized infrastructure without requiring agent software to be installed or running on virtual machines within the virtualized infrastructure…)

As per claim 4, rejection of claim 1 is incorporated:
Jain teaches wherein the operations further include restoring a database to a target location and the app performs queries on the restored database. ([Paragraph 12], FIG. 5A depicts one embodiment of a virtual machine search index. [Paragraph 26], The server 160, storage device 156, and storage appliance 170 may be in communication with each other via a networking fabric connecting servers and data storage units within the data center to each other. The storage appliance 170 may include a data management system for backing up virtual machines and/or files within a virtualized infrastructure. The server 160 may be used to create and manage one or more virtual machines associated with a virtualized infrastructure. The one or more virtual machines may run various applications, such as a database application or a web server.  [Paragraph 34], In some cases, networked computing environment 100 may provide remote access to secure applications and files stored within data center 150 from a remote computing device, such as computing device 154. The data center 150 may use an access control application to manage remote access to protected resources, such as protected applications, databases, or files located within the data center. To facilitate remote access to secure applications and files, a secure network connection may be established using a virtual private network (VPN). A VPN connection may allow a remote computing device, such as computing device 154, to securely access data from a private network (e.g., from a company file server or mail server) using an unsecure public network or the Internet. The VPN connection may require client-side software (e.g., running on the remote computing device) to establish and maintain the VPN connection. The VPN client software may provide data encryption and encapsulation prior to the transmission of secure private network traffic through the Internet.  [Paragraph 53], The distributed metadata store 110 may include a distributed database management system that provides high availability without a single point of failure. In one embodiment, the distributed metadata store 110 may comprise a database, such as a distributed document oriented database. The distributed metadata store 110 may be used as a distributed key value storage system. In one example, the distributed metadata store 110 may comprise a distributed NoSQL key value store database. In some cases, the distributed metadata store 110 may include a partitioned row store, in which rows are organized into tables or other collections of related data held within a structured format within the key value store database. A table (or a set of tables) may be used to store metadata information associated with one or more files stored within the distributed file system 112. The metadata information may include the name of a file, a size of the file, file permissions associated with the file, when the file was last modified, and file mapping information associated with an identification of the location of the file stored within a cluster of physical machines. In one embodiment, a new file corresponding with a snapshot of a virtual machine may be stored within the distributed file system 112 and metadata associated with the new file may be stored within the distributed metadata store 110. The distributed metadata store 110 may also be used to store a backup schedule for the virtual machine and a list of snapshots for the virtual machine that are stored using the storage appliance 170.)

As per claim 6, rejection of claim 1 is incorporated:
Schwartz teaches wherein the operations further comprise instantiating a second virtual machine and wherein the containerized runtime is within a section of the memory allocated to the second virtual machine. ([Paragraph 26], Computing device 102 includes any computing device of one or more users (e.g., individual users, family users, enterprise users, governmental users, etc.) that may comprise one or more applications, operating systems, virtual machines, storage devices, etc. that may be executed, hosted, and/or stored therein or via one or more other computing devices via network 110. [Paragraph 19], In isolated computing arrangements, applications may be executed in an environment that is partially or completely isolated from the main computing environment of a computing host. Such isolated arrangements may provide for additional security to the host environment by restricting and/or preventing access to resources of the host environment by the applications.  [Paragraph 31], In examples, virtual machine 104 and/or applications executed therein may be restricted by an isolation mechanism (e.g., a container managed by the host operating system, etc.))
Jain also teaches ([Paragraph 153], In one embodiment, a size of an operating system or a memory footprint associated with the operating system may be acquired and used to identify a first portion of a full image of a virtual machine (e.g., the first portion of the full image may be located at the beginning of the full image and correspond with the size of the operating system, such as the first 0.5 GB of the full image). In this case, a first set of data blocks may be sampled within the first portion of the full image and a set of hash values corresponding with the first set of data blocks may be generated. A portion of a signature for the virtual machine may comprise an ordered list of the set of hash values. The first set of data blocks may be arranged such that the data blocks of the first set of data blocks are spaced at a fixed distance from each other or are spaced at monotonically increasing distances from each other.)

As per claim 7, rejection of claim 1 is incorporated:
Jain teaches wherein the app includes a user interface and the operations further comprise generating a user interface to display indexed files. ([Paragraph 12], FIG. 5A depicts one embodiment of a virtual machine search index.  [Paragraph 64], In some cases, if a virtual machine includes a plurality of virtual disks, then a virtual machine search index may be generated for each virtual disk of the plurality of virtual disks. For example, a first virtual machine search index may catalog and map files located on a first virtual disk of the plurality of virtual disks and a second virtual machine search index may catalog and map files located on a second virtual disk of the plurality of virtual disks. In this case, a global file catalog or a global virtual machine search index for the virtual machine may include the first virtual machine search index and the second virtual machine search index. A global file catalog may be stored for each virtual machine backed up by a storage appliance within a file system, such as distributed file system 112 in FIG. 1C.  [Paragraph 37], The storage appliance 170 may provide a user interface (e.g., a web-based interface or a graphical user interface) that displays virtual machine backup information such as identifications of the virtual machines protected and the historical versions or time machine views for each of the virtual machines protected. A time machine view of a virtual machine may include snapshots of the virtual machine over a plurality of points in time. Each snapshot may comprise the state of the virtual machine at a particular point in time. Each snapshot may correspond with a different version of the virtual machine (e.g., Version 1 of a virtual machine may correspond with the state of the virtual machine at a first point in time and Version 2 of the virtual machine may correspond with the state of the virtual machine at a second point in time subsequent to the first point in time).) 

As per claims 8-11 and 13-14, these are method claims corresponding to the system claims 1-4 and 6-7.  Therefore, rejected based on similar rationale.

As per claims 15-18 and 20-21, these are non-transitory, machine readable medium claims corresponding to the system claims 1-4 and 6-7.  Therefore, rejected based on similar rationale.


Claim(s) 5, 12 and 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Schwartz in view of Jain and further in view of Armstrong et al. (Pub 20060136720) (hereafter Armstrong).

As per claim 5, rejection of claim 1 is incorporated:
Schwartz discloses protecting resources against varying types of malwares and restoring user resources. ([Paragraph 22], resources may be protected against malicious activity or malicious code, such as ransomware or any other type of malware, malicious code or breach in which an unauthorized entity is attempting to gain access to a user's resources (e.g., data or services). The backup copy of the user's resources, which may be stored in manner inaccessible to the attacker and/or encrypted may be later restored by the user such that the user need not pay a ransom to the attacker. As such, the harm caused by malicious activities of a less-trusted computing environment may be reduced or entirely prevented.  [Paragraph 30], other secure manner as appreciated by those skilled in the relevant arts such that read/write access may be provided only by the owner of the data.)
wherein the data includes input and output from the virtual machine and the operations further include disabling the virtual machine upon detection of malware.
However, Schwartz and Jain do not explicitly disclose disabling the virtual machine upon detection of malware.
Armstrong teaches disabling the virtual machine upon detection of malware. ([Paragraph 58], For example, the routine 600 may be used to detect and recover a virtual machine that has been disabled due to a malware infection.)
It would have been obvious to a person with ordinary skill in the art, before the effective filing date of the invention, to combine the teachings of Schwartz and Jain wherein a secure runtime environment for an application is created and instantiated in a memory, application request for data is received, data source for the data is determined, identified API is used to access the data and data access is read-only access, into teachings of Armstrong wherein the virtual machine is disabled due to malware infection can be recovered, because this would enhance the teachings of Schwartz and Jain wherein by accessing the data to a disabled virtual machine due to malware, the virtual machine can be recovered to a previously known state (i.e. safe state) utilizing the snapshots of the virtual machine.

As per claim 12, this is a method claim corresponding to the system claim 5.  Therefore, rejected based on similar rationale.

As per claim 19, this is a non-transitory, machine readable medium claim corresponding to the system claim 5.  Therefore, rejected based on similar rationale.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DONG U KIM whose telephone number is (571)270-1313. The examiner can normally be reached 9:00am - 5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Emerson Puente can be reached on 5712723652. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/DONG U KIM/Primary Examiner, Art Unit 2196