DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

This action is responsive to Applicant’s Amendment filled on 2/14/2022.
Claims 1-20 are presented for examination. Claims 1-20 have been amended. 
Applicant’s amendments to the specification and claims have overcome claim objections and some of the 112 rejections set forth in the non-Final Office Action mailed 11/15/2021.

Examiner Notes
Examiner cites particular columns, paragraphs, figures and line numbers in the references as applied to the claims below for the convenience of the applicant. Although the specified citations are representative of the teachings in the art and are applied to the specific limitations within the individual claim, other passages and figures may apply as well. It is respectfully requested that, in preparing responses, the applicant fully consider the references in entirely as potentially teaching all or part of the claimed invention, as well as the context of the passage as taught by the prior art or disclosed by the examiner.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 2/14/2022.  The submissions are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner. 

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.

Regarding to Claim 1, the claim limitations “a virtual machine copy …, wherein the virtual machine copy is a copy of the original virtual machine” (lines 2-4), “plural point-in-time copies of data for the original virtual machine” (lines 4-5) and “backup data” (line 6) are not clear. It is not clear that the difference among a virtual machine copy, copies of data or backup data in view of the specification; such as whether the virtual machine copy would include the backup data or not (if the virtual machine copy does include the backup data, then it is not clear that how the invention to perform limitation of “restoring backup data to the virtual machine copy” at line 6. If the virtual machine copy does not include the backup data, then it is not clear at the specification or the claim what is the standard to define what components for the virtual machine are belonged to virtual machine copy and what components for the virtual machine are belonged to the backup data). At the Remarks submitted by 2/11/2022, Applicant stated it is apparent and clear to one with ordinary skill in the art that claimed “virtual machine copy” is copy of program(s) of the virtual machine and claimed “backup data” is the copy or backup of data generated during executions of the programs of the virtual machine; Applicant also stated that “[S]ince backup data is stored in a storage, a virtual machine copy that is initially generated would not include the backup data” (see pages 8-10 of the Remarks). According to this particular logic, does Applicant imply that the programs of the virtual machine are not stored in the storage? If the programs of the virtual machine are also stored in the storage as same as the backup data mentioned by Applicant, then why would Applicant interpret the virtual machine copy includes the programs but would not include the backup data? If the programs of the virtual machine from Applicant’s invention are not stored in a storage, then it is not making sense at all since it is inherently to require to store the programs at certain storage at the computing fields (even if the backup data and program(s) are stored in two different storages or virtual disks, the specification does not exclude the possibility of the generation of the virtual machine copy is performed via copying the two storages or virtual disks). It is well-known and understood and also make sense that restoring a virtual machine would require copying or backing up the programs of the virtual machine and also the data generated during execution of the programs. But the specification does not provide enough detail descriptions for one with ordinary skill in the art that drawing a fine line between the claimed virtual machine copy and the claimed backup data to figure out which component belonged to the claimed virtual machine copy and which component belonged to the claimed backup data.

In addition, even if Examiner follows Applicant’s interpretation about the claimed virtual machine copy is a copy of the program(s) of the virtual machine” (see 1st paragraph of page 9 from the Remarks), it is not clear that whether such claimed virtual machine copy would also include copy of electronic virus and/or ransomware that causes the claimed anomaly condition. According to [0001] and [0009] from the specification, the electronic virus or ransomware that causes the claimed anomaly condition that is also program(s)/software. Thereby, it is not clear that whether this claimed “virtual machine copy” comprises the copy of the electronic virus and/or ransomware that causes the claimed anomaly condition or not. If the virtual machine copy does include such electronic virus or ransomware, then the result of restored virtual machine always would be detected with anomaly condition. If the virtual machine copy does not include such electronic virus or ransomware, then the invention would have the ability to remove such virus or ransomware during generating the virtual machine copy; however, if so then the invention would also have the ability to remove the infected data when generating the plural point-in-time copies of data which means there is no reason to perform the evaluation step for the restored virtual machine. 

Examiner disagreed with Applicant’s interpretations for the claimed “a virtual machine copy” and “backup data”. However, for the purpose of compact prospection, examiner would interpret the claimed virtual machine copy as copy of programs of the virtual machine (such copy can be either of including the electronic virus and/or ransomware that causes the claimed anomaly condition or not including the electronic virus and/or ransomware) and the claimed backup data as copy of data that generation during executions of the virtual machine for the prior art rejection (note: such interpretations are same as the interpretation as Applicant stated at the Remarks).

Claims 2-7 are rejected for failing to cure the deficiency from their respective parent claim by dependency.
In addition to Claim 3, the meaning of “multiple copies of backup data” at line 2 is not clear. It is not clear this “multiple copies of backup data” means multiple copies of virtual machine data at the same point-in-time (i.e., multiple copies of same version of virtual machine data) OR multiple copies of virtual machine data at different point-in-times that each copy is one of the different point-in-times copies (i.e., multiple copies of different versions of virtual machine data). According to the descriptions of [0019] and [0052] from the specification, for the purpose of examination, examiner interprets “multiple copies of backup data” as multiple copies of virtual machine data at different point-in-times.

Regarding to Claim 8, Claim 8 is rejected under the same reason set forth in the rejection of Claim 1 above.
Claims 9-14 are rejected for failing to cure the deficiency from their respective parent claim by dependency.

Regarding to Claim 15, Claim 15 is rejected under the same reason set forth in the rejection of Claim 1 above.
Claims 16-20 are rejected for failing to cure the deficiency from their respective parent claim by dependency.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 5-6, 8-9, 11-12, 14-16, 18 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Kuwamura (US PGPUB 20100043073 A1) in view of Zhu et al. (US PGPUB 20140101656 A1, hereafter Zhu) and Savino et al. (US PGPUB 20190243737 A1, hereafter Savino).
Kuwamura, Zhu, Savino were cited on the previous office action.

Regarding to Claim 1, Kuwamura discloses: A method comprising:
an anomaly condition in an original virtual machine (see Fig. 4 and [0049]; “a virtual machine from which a virus is detected”), and wherein plural point-in-time copies of data for the original virtual machine are stored in a storage (see Fig. 4 and [0051]; “store their states as snapshots”. It is understood that snapshots of a virtual machine are point-in-times copies of state/data for the virtual machine, such as “restoring the first virtual machine at a state of a point in time when the snapshot is stored by using the snapshot of the suspended first virtual machine” from abstract and last limitation of Claim 1);
iteratively restoring backup data to the virtual machine to generate a restored virtual machine, wherein iteratively restoring the backup data to the virtual machine comprises restoring, in an order, respective point-in-time copies of data of the plural point-in-time copies of data to the virtual machine (see Fig. 4 and [0051]; “the state of the virtual machine from which the virus is detected is restored to the state when a snapshot representing the preceding state is stored by using the snapshot”. Also see [0052]-[0053]; “virus checking for a virtual machine after being restored with the latest snapshot is initially made. If a virus detected by the virus checking cannot be removed, the virtual machine is again restored by using the preceding snapshot. If a virus that cannot be removed is detected in the virtual machine again restored, the virtual machine is further restored by using the snapshot stored before the preceding one”, emphasis added. Based on the “yes” result of step 25 of Fig. 4 and the control flow from steps 22 to step 25 of Fig. 4, the system/method would iteratively restore the original virtual machine with snapshots, i.e., point-in-time copies of data of the virtual machine, when the corresponding restored virtual machine is also infected with virus, i.e., detected anomaly condition, and such virus at the restored virtual machine cannot be removed until the restored virtual machine is determined as “no infected with virus”. In addition, “the virtual machine is further restored by using the snapshot stored before the preceding one” from [0053] implies the iteratively restoring with snapshots is performed in an order of restoring the original virtual machine with most recent snapshot first and the next most recent snapshot later if the restored virtual machine with most recent snapshot is still infected with virus);
causing the restored virtual machine to be evaluated for the anomaly condition (see Fig. 4 and [0051]-[0052]; “the antivirus software 132 is caused to scan the virtual machine restored with the process in step S23” and “scanning results are received from the antivirus software 132, and whether or not the virtual machine restored to the preceding snapshot is infected with a virus is determined”); and
replacing the original virtual machine with the restored virtual machine if the anomaly condition does not exist in the restored virtual machine (see Fig. 4 and [0052]; “If the virtual machine restored to the preceding snapshot is not infected with the virus, the determination of step S25 results in “NO”. Then, the process goes to step S27, in which the restored virtual machine is resumed”).

Kuwamura does not disclose:
generating a virtual machine copy having an isolated network connection in response to an anomaly condition in an original virtual machine, wherein the virtual machine copy is a copy of the original virtual machine;
the generation of a restored virtual machine is performed via restoring backup data to the virtual machine copy utilizing the isolated network connection.

However, Zhu discloses: a method comprising:
generating a virtual machine copy in response to an anomaly condition, wherein the virtual machine copy is a copy of the original virtual machine (see [0037]-[0038]; “determines that a virtual machine, VM 108, should move from a first data center 102 to a second data center 104. The cloud management 106 can decide that the VM 108 should move based on a number of reasons. Such pre-defined criteria can include balancing loads between data centers, handling a data center fault or recovery” and “The hypervisor 130 instantiates a copy of VM 108 as newly launched VM 124 at data center 104 (step 216)”, emphasis added. In response to an anomaly condition of requiring handling a data center fault or recovery, a copy of original VM 108 is generated);
a restored virtual machine is generated via restoring backup data to the virtual machine copy (see [0037] and [0040]-[0042]; “VF 118 responds with the persistent session data related to VM 108 (step 208)” and “a separate step of synchronizing the session data between VF 118 and VF 126 can be provided”, emphasis added. Also see “This VM 108 makes use of the virtual firewall service provided by VF 118” from [0036] and “Synchronization of state related to persistent session information allows the second virtual service to continue executing services … State information can include policy information related to the session, an identifier of a user associated with the session, an address associated with the session, application data related to the session, or the session information at the protocol level” (emphasis added) from [0049], and thus a restored virtual machine is generated via restoring the backup/copy of session/program data to the virtual machine copy instead of restoring the backup/copy of session/program data to the original virtual machine).
It would have been obvious to one with ordinary skill, in the art before the effective filling date of the claim invention, to modify the generation of a restored virtual machine experiences anomaly condition from Kuwamura by including restoring a virtual machine experiences anomaly condition via generating a copy version of the original virtual machine and then applying the backed-up program/session data of the original virtual machine to the copy version of virtual machine to restore the original virtual machine from Zhu, since it would provide a mechanism of restoring the original virtual machine via instantiating a new virtual machine at a different execution environment location with the backup program/session data of the original virtual machine instead of applying the backup program/session data to the original virtual machine itself at the original execution environment location to provide a total new execution environment for the restored virtual machine.

Furthermore, Savino discloses: generating a virtual machine copy having isolated network connection response to an anomaly condition in an original virtual machine that needs to perform recovery process, wherein the virtual machine copy is a copy of the original virtual machine (see [0008]; “cloning, in the isolated network, virtual machines of the at least the portion of the client's data network to be included in the cloud-based disaster recovery test and enabling all cloned virtual machines as a virtual data network in the cloud-based computing platform for use by the client for performing the cloud-based disaster recovery test”).
It would have been obvious to one with ordinary skill, in the art before the effective filling date of the claim invention, to modify the restoration process of a virtual machine experiences anomaly condition from the combination of Kuwamura and Zhu by including creating the virtual machine copy in an isolated network connection environment for restoring the VM experiences certain anomaly condition that need to perform recovery process from Savino, and thus the combination of Kuwamura, Zhu and Savino would disclose the missing limitations from Kuwamura, since it would provide an isolated execution environment for the clones of virtual machine without interact with or communicate with or interrupt in any way the original VM (see [0008] and [0049] from Savino).

Regarding to Claim 5, the rejection of Claim 1 is incorporated and further the combination of Kuwamura, Zhu and Savino discloses: wherein the anomaly condition comprises an electronic virus attack (see [0013] from Kuwamura; “detect the virus invading the first virtual machine”).

Regarding to Claim 6, the rejection of Claim 1 is incorporated and further the combination of Kuwamura, Zhu and Savino discloses: wherein causing the restored virtual machine to be evaluated for the anomaly condition comprises triggering an anomaly detection mechanism (see [0051]-[0052] from Kuwamura; “the antivirus software 132 is caused to scan the virtual machine restored with the process in step S23”).

Regarding to Claim 8, Kuwamura discloses: A non-transitory computer-readable medium comprising instructions that (see [0037] and Claim 10), when executed by one or more processors, cause the one or more processors to (see [0034]):
an anomaly condition in an original virtual machine (see Fig. 4 and [0049]; “a virtual machine from which a virus is detected”);
restore first backup data to the virtual machine [copy utilizing the isolated network connection] to generate a first restored virtual machine (see Fig. 4 and [0051]; “the state of the virtual machine from which the virus is detected is restored to the state when a snapshot representing the preceding state is stored by using the snapshot”);
cause the first restored virtual machine to be evaluated for the anomaly condition (see Fig. 4 and [0051]-[0052]; “the antivirus software 132 is caused to scan the virtual machine restored with the process in step S23” and “whether or not the virtual machine restored to the preceding snapshot is infected with a virus is determined”);
replace the original virtual machine with the first restored virtual machine in response to detecting that the anomaly condition does not exist the first restored virtual machine (see Fig. 4 and [0051]-[0052]; “In step S25 subsequent to step S24, scanning results are received from the antivirus software 132, and whether or not the virtual machine restored to the preceding snapshot is infected with a virus is determined” and “If the virtual machine restored to the preceding snapshot is not infected with the virus, the determination of step S25 results in “NO”. Then, the process goes to step S27, in which the restored virtual machine is resumed”); and
restore second backup data to the virtual machine [copy utilizing the isolated network connection] to generate a second restored virtual machine in response to detecting that the anomaly condition exists in the first restored virtual machine (see Fig. 4 and [0051]-[0053]; “In step S25 subsequent to step S24, scanning results are received from the antivirus software 132, and whether or not the virtual machine restored to the preceding snapshot is infected with a virus is determined” and “virus checking for a virtual machine after being restored with the latest snapshot is initially made. If a virus detected by the virus checking cannot be removed, the virtual machine is again restored by using the preceding snapshot. If a virus that cannot be removed is detected in the virtual machine again restored, the virtual machine is further restored by using the snapshot stored before the preceding one”, emphasis added).

Kuwamura does not disclose:
generate a virtual machine copy having an isolated network connection in response to an anomaly condition in an original virtual machine, wherein the virtual machine copy is a copy of the original virtual machine;
each of the restored virtual machine is generated via restoring a backup data to the virtual machine copy utilizing the isolated network connection; 

generating a virtual machine copy in response to an anomaly condition, wherein the virtual machine copy is a copy of the original virtual machine (see [0037]-[0038]; “determines that a virtual machine, VM 108, should move from a first data center 102 to a second data center 104. The cloud management 106 can decide that the VM 108 should move based on a number of reasons. Such pre-defined criteria can include balancing loads between data centers, handling a data center fault or recovery” and “The hypervisor 130 instantiates a copy of VM 108 as newly launched VM 124 at data center 104 (step 216)”, emphasis added. In response to an anomaly condition of requiring handling a data center fault or recovery, a copy of original VM 108 is generated);
a restored virtual machine is generated via restoring backup data to the virtual machine copy (see [0037] and [0040]-[0042]; “VF 118 responds with the persistent session data related to VM 108 (step 208)” and “a separate step of synchronizing the session data between VF 118 and VF 126 can be provided”, emphasis added. Also see “This VM 108 makes use of the virtual firewall service provided by VF 118” from [0036] and “Synchronization of state related to persistent session information allows the second virtual service to continue executing services … State information can include policy information related to the session, an identifier of a user associated with the session, an address associated with the session, application data related to the session, or the session information at the protocol level” (emphasis added) from [0049], and thus a restored virtual machine is generated via restoring the backup/copy of session/program data to the virtual machine copy instead of restoring the backup/copy of session/program data to the original virtual machine).
It would have been obvious to one with ordinary skill, in the art before the effective filling date of the claim invention, to modify the generation of a restored virtual machine experiences anomaly condition from Kuwamura by including restoring a virtual machine experiences anomaly condition via generating a copy version of the original virtual machine and then applying the backed-up program/session data of the original virtual machine to the copy version of virtual machine to restore the original virtual machine from Zhu, since it would provide a mechanism of restoring the original virtual machine via instantiating a new virtual machine at a different execution environment location with the backup program/session data of the original virtual machine instead of applying the backup program/session data to the original virtual machine itself at the original execution environment location to provide a total new execution environment for the restored virtual machine.

Furthermore, Savino discloses: generating a virtual machine copy having isolated network connection response to an anomaly condition in an original virtual machine that needs to perform recovery process, wherein the virtual machine copy is a copy of the original virtual machine (see [0008]; “cloning, in the isolated network, virtual machines of the at least the portion of the client's data network to be included in the cloud-based disaster recovery test and enabling all cloned virtual machines as a virtual data network in the cloud-based computing platform for use by the client for performing the cloud-based disaster recovery test”).
It would have been obvious to one with ordinary skill, in the art before the effective filling date of the claim invention, to modify the restoration process of a virtual machine experiences anomaly condition from the combination of Kuwamura and Zhu by including creating the virtual machine copy in an isolated network connection environment for restoring the VM experiences certain anomaly condition that need to perform recovery process from Savino, and thus the combination of Kuwamura, Zhu and Savino would disclose the missing limitations from Kuwamura, since it would provide an isolated execution environment for the clones of virtual machine without interact with or communicate with or interrupt in any way the original VM (see [0008] and [0049] from Savino).

Regarding to Claim 9, the rejection of Claim 8 is incorporated and further the combination of Kuwamura, Zhu and Savino discloses:
cause the second restored virtual machine to be evaluated for the anomaly condition (see Fig. 4 and [0051]-[0052] from Kuwamura; “the antivirus software 132 is caused to scan the virtual machine restored with the process in step S23” and “scanning results are received from the antivirus software 132, and whether or not the virtual machine restored to the preceding snapshot is infected with a virus is determined”. Based on the descriptions of Fig. 4, it is understood to one with ordinary skill in art that the combination system would include an embodiment of scanning the restored virtual machine restored with the second most recent snapshot or backup data to determine whether this version of restored virtual machine is still infected with virus or not);
replace the original virtual machine with the second restored virtual machine in response to detecting that the anomaly condition does not exist in the second restored virtual machine (see Fig. 4 and [0052] from Kuwamura; “If the virtual machine restored to the preceding snapshot is not infected with the virus, the determination of step S25 results in “NO”. Then, the process goes to step S27, in which the restored virtual machine is resumed”. As explained above, if version of restored virtual machine restored from the second most recent snapshot is not infected with virus, then such version of restored virtual machine will used to replace the original virtual machine infected with virus); and
restore third backup data to the virtual machine copy utilizing the isolated network connection to generate a third restored virtual machine in response to detecting that the anomaly condition exists in the second restored virtual machine (see steps 22-25, steps 25-22, steps 25-27 of Fig. 4 and [0051]-[0053] from Kuwamura; “virus checking for a virtual machine after being restored with the latest snapshot is initially made. If a virus detected by the virus checking cannot be removed, the virtual machine is again restored by using the preceding snapshot. If a virus that cannot be removed is detected in the virtual machine again restored, the virtual machine is further restored by using the snapshot stored before the preceding one”. The system/method would generate a third restored virtual machine via the third most recent snapshot of the original VM if the second version of restored VM is found to be infected with virus and the virus at the second version of restored VM cannot be removed safely).

Regarding to Claim 11, the rejection of Claim 8 is incorporated and further the combination of Kuwamura, Zhu and Savino discloses: wherein the first backup  data is a first point-in-time copy of data, and the second backup data is a second point-in-time copy of the data that was created prior to the first point-in-time copy of data (see abstract, [0051], [0053] from Kuwanmura; “restoring the first virtual machine at a state of a point in time when the snapshot is stored by using the snapshot of the suspended first virtual machine”, “periodically store their states as snapshots” and “virus checking for a virtual machine after being restored with the latest snapshot is initially made. If a virus detected by the virus checking cannot be removed, the virtual machine is again restored by using the preceding snapshot. If a virus that cannot be removed is detected in the virtual machine again restored, the virtual machine is further restored by using the snapshot stored before the preceding one”, emphasis added)

Regarding to Claim 12, the rejection of Claim 8 is incorporated and further the combination of Kuwamura, Zhu and Savino discloses: wherein the anomaly condition comprises a ransomware attach or an electronic virus attack (see [0013] from Kuwamura; “detect the virus invading the first virtual machine”).

Regarding to Claim 14, the rejection of Claim 8 is incorporated and further Claim 14 is a product claim corresponds to method Claim 6 and is rejected for the same reason set forth in the rejection of Claim 6 above.

Regarding to Claim 15, Claim 15 is a system claim corresponds to product Claim 8 and is rejected for the same reason set forth in the rejection of Claim 8 above.

Regarding to Claim 16, the rejection of Claim 15 is incorporated and further Claim 16 is a system claim corresponds to product Claim 9 and is rejected for the same reason set forth in the rejection of Claim 9 above.

Regarding to Claim 18, the rejection of Claim 15 is incorporated and further Claim 18 is a system claim corresponds to product Claim 11 and is rejected for the same reason set forth in the rejection of Claim 11 above.

Regarding to Claim 20, the rejection of Claim 15 is incorporated and further Claim 20 is a system claim corresponds to product Claim 12 and is rejected for the same reason set forth in the rejection of Claim 12 above.

Claims 2, 10, 13 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Kuwamura (US PGPUB 20100043073 A1) in view of Zhu et al. (US PGPUB 20140101656 A1, hereafter Zhu) and Savino et al. (US PGPUB 20190243737 A1, hereafter Savino) and in further view of Moorthi et al. (US PGPUB 20120131591 A1, hereafter Moorthi).
Kuwamura, Zhu, Savino and Moorthi were cited on the previous office action.

Regarding to Claim 2, the rejection of Claim 1 is incorporated, the combination of Kuwamura, Zhu and Savino does not disclose: wherein the isolated network connection comprises a virtual private network (VPN), and the virtual machine copy operates in a sandbox environment.
However, Moorthi discloses: an isolated network connection environment for virtual machine includes virtual private network (VPN), and virtual machine operates in a sandbox environment (see [0221]; “This subsystem may do so using one or more known existing techniques such as virtual machines, virtualized storage, or virtualized networking. Virtualized networking technologies that can be used with a trusted sandbox platform include virtual LAN (VLAN) tagging, virtual private networks (VPNs)”).
It would have been obvious to one with ordinary skill, in the art before the effective filling date of the claim invention, to modify the isolated environment for the virtual machine clones/copies from the combination of Kuwamura, Zhu and Savino by including a trusted sandbox platform include virtual LAN (VLAN) tagging, virtual private networks (VPNs) from Moorthi, and thus the combination of Kuwamura, Zhu, Savino and Moorthi discloses the missing limitations from the combination of Kuwamura, Zhu and Savino, since a sandbox platform includes VPN functionalities is a well-known and understood type of isolated environment for virtualized components to implement network privacy, firewalls, load balancers, and/or ARP spoof protection features (see [0221] from Moorthi).

Regarding to Claim 10, the rejection of Claim 8 is incorporated and further Claim 10 is a product claim corresponds to method Claim 2 and is rejected for the same reason set forth in the rejection of Claim 2 above.

Regarding to Claim 13, the rejection of Claim 10 is incorporated and further the combination of Kuwamura, Zhu, Savino and Moorthi discloses: wherein the restoring of the first backup data to the virtual machine copy comprises transferring the first backup data over the VPN to the virtual machine copy in the sandbox environment (see Fig. 2, [0040]-[0042] and [0049] from Zhu. The generation of the restored virtual machine is performed via transferring the session data, i.e., the snapshot or claimed backup data, from the first virtual machine location running the failed virtual machine to the second virtual machine location running the copy of the failed virtual machine, i.e., the restored virtual machine. Also see [0008] from Savino and [0221] from Moorthi, at the combination system, the second virtual machine location running the copy of the failed virtual machine, i.e., the restored virtual machine, is a trusted sandbox environment having VPN as example for a type of isolated network connection, and thus the restoring process is performed via transferring the backup data, i.e., the most recent snapshot over the VPN to the virtual machine copy in the trusted sandbox environment).

Regarding to Claim 17, the rejection of Claim 15 is incorporated and further Claim 17 is a system claim corresponds to product Claims 10 and 13, and thus Claim 17 is rejected for the same reasons set forth in the rejections of Claims 10 and 10 above.

Claim 3 is rejected under 35 U.S.C. 103 as being unpatentable over Kuwamura (US PGPUB 20100043073 A1) in view of Zhu et al. (US PGPUB 20140101656 A1, hereafter Zhu) and Savino et al. (US PGPUB 20190243737 A1, hereafter Savino) and in further view of Arora et al. (US PGPUB 8099572 B1, hereafter Arora).
Kuwamura, Zhu, Savino and Arora were cited on the previous office action.

Regarding to Claim 3, the rejection of Claim 1 is incorporated, the combination of Kuwamura, Zhu and Savino does not disclose: wherein multiple virtual machine copies are generated and multiple copies of backup data are applied to the multiple virtual machine copies in parallel.
However, Arora discloses: wherein multiple versions of data/component copies are generated and restoration process of the data/component are performed via restoring the data/component via applying the multiple versions of data/component copies in parallel (see lines 61-4 of cols. 2-3; “backing up the multiple snapshot copies of the storage object concurrently” and “restoring the plurality of snapshot copies of the storage object concurrently”).
It would have been obvious to one with ordinary skill, in the art before the effective filling date of the claim invention, to modify the restoration process of a virtual machine experiences anomaly condition from the combination of Kuwamura, Zhu and Savino by including a restoration process of creating multiple snapshot copies of same object concurrently and then restoring the same object from the multiple snapshot copies concurrently from Arora, and thus the combination of Kuwamura, Zhu, Savino and Arora would discloses the missing limitations from the combination of Kuwamura, Zhu and Savino (note: although reference Arora would discloses a single type of snapshot copy instead of two different types of copies, i.e., virtual machine copies and backup data/copies. However, the combination of Kuwamura, Zhu and Savino originally would discuss restoring a virtual machine would involve utilizing the two different types of copies, after combining the concept of performing restoration process via restoring different versions of backup data concurrently, the new combination would also restore the virtual machine via restoring different versions of pairs of virtual machine copy and backup data/copy concurrently to form different versions of restored virtual machines), since it is well-known and understand that parallel executions of jobs/processes would reduce total execution time of the jobs/processes and thus the improve the efficiency of the system.

Claims 4, 7 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Kuwamura (US PGPUB 20100043073 A1) in view of Zhu et al. (US PGPUB 20140101656 A1, hereafter Zhu) and Savino et al. (US PGPUB 20190243737 A1, hereafter Savino) and in further view of Reid et al. (US PGPUB 20210097181 A1, hereafter Reid).
Kuwamura, Zhu, Savino and Reid were cited on the previous office action.

Regarding to Claim 4, the rejection of Claim 1 is incorporated, the combination of Kuwamura, Zhu and Savino does not disclose: wherein the anomaly condition comprises a ransomware attack.
However, Reid discloses: it is well-known and understood that an anomaly condition of a virtual machine infected by virus comprises a ransomware attack (see [0013] and [0015]; “general antivirus applications fail to detect ransomware” and “an application (which may be referred to herein as a " ransomware protection application") that is installable on the operating system of computing devices or systems (servers, laptops, clustered servers, virtual machines (VMs), cloud platforms, smart phones, Internet of Things (IoT) devices, tablet computing devices, and so forth) and which may be referred to as RBDP ( Ransomware Behavioral-based Detection and Protection)”).
It would have been obvious to one with ordinary skill, in the art before the effective filling date of the claim invention, to modify the antivirus software from the combination of Kuwamura, Zhu and Savino by including installing an ransomware protection application on the virtual machine to be monitored for virus activities from Reid, since it would provide a higher security platform for the virtual machine to detect ransomware type of virus which cannot detected by general antivirus application (see [0013] and [0015] from Reid).

Regarding to Claim 7, the rejection of Claim 1 is incorporated, the combination of Kuwamura, Zhu and Savino does not disclose: wherein causing the restored virtual machine to be evaluated for the anomaly condition comprises:
installing an anomaly detection mechanism in the restored virtual machine; and
causing the installed anomaly detection mechanism to evaluate the restored virtual machine.
However, Reid discloses: causing a virtual machine to be evaluated for the anomaly condition comprises: installing an anomaly detection mechanism in the [restored] virtual machine; and causing the installed anomaly detection mechanism to evaluate the [restored] virtual machine (see [0013] and [0015]; “general antivirus applications fail to detect ransomware” and “an application (which may be referred to herein as a " ransomware protection application") that is installable on the operating system of computing devices or systems (servers, laptops, clustered servers, virtual machines (VMs), cloud platforms, smart phones, Internet of Things (IoT) devices, tablet computing devices, and so forth) and which may be referred to as RBDP ( Ransomware Behavioral-based Detection and Protection)”).
It would have been obvious to one with ordinary skill, in the art before the effective filling date of the claim invention, to modify the antivirus software from the combination of Kuwamura, Zhu and Savino by including installing an ransomware protection application on the virtual machine to be monitored for virus activities from Reid, and thus the combination of Kuwamura, Zhu, Savino and Reid discloses the missing limitations from the combination of Kuwamura, Zhu and Savino, since it would provide a higher security platform for the virtual machine to detect ransomware type of virus which cannot detected by general antivirus application (see [0013] and [0015] from Reid).

Regarding to Claim 19, the rejection of Claim 15 is incorporated and further Claim 19 is rejected for the same reason set forth in the rejection of Claim 4 above.

Response to Arguments
Applicant’s arguments, filled 2/14/2022, with respect to rejections of Claims 1-20 under 35 U.S.C. 112(b) have been full considered but they are not persuasive.

Applicant’s arguments at pages 8-10 are summarized as the following:
“A person of ordinary skill in the art would understand that a virtual machine includes program(s), such as a guest operating system and/or an application program, as example. Thus, “a point-in-time copy of [a] virtual machine” as noted in [0041] of the Specification refers to a copy of the program(s) of the virtual machine” (see 1st paragraph of page 9 from the Remarks). In addition, “[A] person of ordinary skill in the art would also understand that during execution of the virtual machine, and more specifically, during execution of the program(s) of the virtual machine data can be written by the virtual machine” (see 2nd paragraph of page 9 from the Remarks). Applicant also stated that “[S]ince backup data is stored in a storage, a virtual machine copy that is initially generated would not include the backup data” (see 4th paragraph of page 9 from the Remarks). Furthermore, Applicant also stated that “when a virtual machine ‘is infected by a virus, ransomware or some other anomaly that result in an unrecoverable loss of data, the user of the VM will want to recover as much data as possible as quickly as possible.’ Specification, [0003]. Thus, the foregoing makes clear that techniques or mechanisms according to some examples of the present disclosure are to recover lost data base don generating a virtual machine copy and restoring backup data to the virtual machine copy” (see last paragraph of page 9 and 1st paragraph of page 10).

The examiner respectively disagrees.
Examiner agreed that a virtual machine would include program(s). However, the specification does not provide sufficient details to distinguish whether the claimed virtual machine copy would exclude the data generated during executions of the program(s) of the virtual machine and whether the claimed backup data would exclude the program(s) of the virtual machine to be backed up. For certain embodiments, not only the program(s) is considered as part of a virtual machine, but also the data generated during executions of program(s) of the virtual machine (even the virtual disk(s) associated with the virtual machine is also considered as part of the virtual machine). If the data generated during executions of the programs and even the virtual disk(s) are also part of the virtual machine, then it is not clear to one with ordinary skill in the art that why claimed virtual machine copy would not include such data and/or virtual disk but would include the program(s) of the virtual machine. The specification does not provide sufficient details of whether such data and/or virtual disk are part of the virtual machine or are not part of the virtual machine. Such as, Fig. 2A and [0026] of Singh et al. (US 20190235900 A1) shows application data stored in a virtual disk is still considered as part of a corresponding virtual machine (even Applicant’s figures show virtual disk 452 is separated from virtual machine 420; however it is well-known and understood that a virtual machine is a simulation of a physical machine which a physical machine in generally would include a disk, and thus such virtual disk 452 is reasonable to be considered as part of the virtual machine 420); [0306] from Iyer et al. (US 20180267861 A1) even specifies some features like backup copy of the application and application data is considered as backup copy of the virtual machine. Thereby, without specifying a virtual machine copy is generated via (copying the program(s) of the virtual machine and) without copying the data generated during execution of the virtual machine, one with ordinary skill in the art cannot clearly figure out whether “a virtual machine copy is a copy of the original virtual machine” would include or not include the data generated during execution of the virtual machine or not. In addition, based on the Applicant’s logic about [0039] from the specification (i.e., “When data (including, for example, backup data) is written by a virtual machine (e.g., 428), hypervisor 440 writes the data to datastore 450 (for example, to virtual disk 456)”), then whether the program installed by the VM to be written to the virtual disk 456 can also be considered as “data (including, for example, backup data)” mentioned at the [0039]? If yes, then why would Applicant interpret the program(s) of the virtual machine is excluded from the claimed backup data. If no, then why would Applicant consider the claimed backup data to be the data generated during execution of the virtual machine but not the program installed during execution of the virtual machine. 
For Applicant’s statement of “[S]ince backup data is stored in a storage, a virtual machine copy that is initially generated would not include the backup data”, as explained at the corresponding 112 rejection above, such statement is illogical since program(s) of the virtual machine are also required to be stored in a storage. If the reason of the virtual machine copy does not include the data generated during the execution of the virtual machine is the data is stored in a storage, then based on same logic, the virtual machine copy should not include the program(s) that is also stored in a storage either. Even if the program(s) and the data generated during execution of the virtual machine are stored in different storages or virtual disks, the specification does not provide details to exclude the virtual machine copy is generated in a way to copying or backing-up components from multiple storages or virtual disks associated with the virtual machine. 
For descriptions from [0003] of specification, [0003] only describes the restoration process of the virtual machine may include providing point-in-time data backups. It does not provide details of whether the claimed virtual machine copy would include the data generated during the execution of the virtual machine or not, i.e., whether such claimed virtual machine copy would include this “point-in-time data backups” or not. In addition, [0003] does describe “the user of the VM will want to recover as much data as possible as quickly as possible”, if the invention is trying to recover the virtual machine or data of the virtual machine as quickly as possible, then why would the invention would still spend additional time to perform a step of generating virtual machine copy instead of just restoring the backup data to the original virtual machine OR spend additional time to perform steps of distinguish which components should be copied or backed-up at the process of generating virtual machine copy and which components should be copied or backed-up at the process of generating backup data or point-in-times copies of data instead of just creating point-in-times copies of virtual machine including the data generated during the execution of the virtual machine.  
Therefore, Claims 1-20 are rejected due to the specification does not provide sufficient details for one with ordinary skill in the art to clearly distinguish which components should be copied or backed-up during generation of the claimed virtual machine copy and which component should be copied or backed-up during generation of the claimed point-in-time copies of data or claimed backup data. 

Applicant’s arguments, filled 2/14/2022, with respect to rejections of Claims 1-20 under 35 U.S.C. 103 have been full considered. New grounds of rejections based on same references as previously but different interpretations on the claim language are made for the purpose of compact prosecution. In additional, some of Applicant’s arguments are not persuasive.

Applicant’s arguments at pages 11-13 are summarized as the following:
“Suspending a virtual machine does not involve generating a copy of virtual machine-in fact, it is clearly Kuwamura keeps the same virtual machine but attempts to modify the virtual by restoring from a prior state” (see last two paragraph of page 11 from the Remarks).
“In Zhu, the launching of the copy of the VM is in response to a decision to move a virtual machine between data centers. In contrast, according to claim 1, a virtual machine copy is generated “in response to an anomaly condition in an original virtual machine” (see 3rd and 4th paragraph of page 12 from the Remarks).
“Once the copy of the VM is launched, Zhu makes no mention of restoring any backup data to the copy of the VM that includes ‘restoring, in an order, respective … to the virtual machine copy’” (see last paragraph of page 12 from the Remarks). “Zhu does refer to creating a new stateful virtual firewall and transferring ‘persistent session data’ to the new stateful virtual firewall. Id, [0040]. However, the virtual firewall is an entity that is different from the copy of the VM noted in [0038] of Zhu” (see 1st paragraph of page 13 from the Remarks). “Additionally, there is no teaching or hint in Zhu that the ‘new stateful virtual firewall’ that is instantiated in [0040] of Zhu is a copy of an original virtual machine. It appears that the new stateful virtual firewall is a newly created virtual firewall, which is not a copy of an original firewall” (see 2nd paragraph of page 13 from the Remarks).

The examiner respectively disagrees.
This argument is moot at current prior art rejection since currently examiner interprets claimed virtual machine copy as same as Applicant stated at the Remarks for the purpose of compact prosecution, i.e., claimed virtual machine copy is copy of program(s) of the original virtual machine. However, Applicant misunderstood Examiner’s previous rejection. At the previous rejection, Examiner considered the prior state as the claimed virtual machine copy (since previously examiner considered claimed virtual machine copy as copy of VM data) instead of examiner considered suspending a virtual machine as the claimed virtual machine copy.
According to [0037] from Zhu, the migration of the virtual machine or the generation of the virtual machine copy is performed in response to “handling a data center fault or recovery” which is reasonable to be considered as claimed anomaly condition in an original virtual machine at the combination system since Kuwamura discloses restoration of the virtual machine is performed due to recovering the virtual machine from anomaly condition caused by electronic virus. In addition, [0005] from Zhu also discloses “to move a virtual machine between hosts within the same data center” instead of “moving a virtual machine between data centers” only.
[0034] from Zhu states: “Three virtual machines 108, 100, 112 are allocated for running an application at data center 104. Three virtual machines are dedicated to running a virtual firewall (VF), shown as VFs 114, 116, 118, that is used to protect the other VMs in the data center 102”. According to such statement, the virtual machine from Zhu would at least include software program associated with the virtual firewall service in order to allow the virtual machine to running a virtual firewall. In this way, the copy of VM instantiated at [0038] of Zhu should also includes the software program associated with the virtual firewall service as same as the original VM 108 based on same logic that Applicant stated claimed “virtual machine copy” is copy of program(s) of the original virtual machine. Thereby, Applicant’s question/issue about “there is no teaching or hint in Zhu that the ‘new stateful virtual firewall’ that is instantiated in [0040] of Zhu is a copy of an original virtual machine” actually includes generating or instantiating a new virtual machine having same firewall software program as the original virtual machine, i.e., generating a virtual machine copy that is a copy of the original virtual machine (also see “launch a copy of the first virtual service in the second host” from [0048] of Zhu, the new virtual firewall mentioned at the [0040] is actually a copy of the virtual firewall at the source location). Similarity, the session data transferred or synchronized from first VM location to second VM location discussed at [0049] would also include data or configuration information associated with the firewall software program running at the original virtual machine in order to “allows the second virtual service to continue executing services related to the handling of session traffic where the first virtual session left off”, i.e., restoring the backup data to the copy of the VM. 
For the issue of “iteratively restoring” or “restoring, in an order”, primary reference Kuwamura already disclosed the features of iteratively using different versions of backup data in an order to generate different versions of restored virtual machine as similar as the claim required. The difference is Kuwamura discloses a restoration mechanism of applying/restoring the backup data to original virtual machine to generate a restored virtual machine while the claim requires applying/restoring the backup data to a copy of the original virtual machine to generate the restored virtual machine. That is the reason examiner citing Zhu instead of citing Zhu to discloses feature of “iteratively restoring” or “restoring, in an order”. As explained above, Zhu discloses feature of applying/restoring the backup data, i.e., copy of program data, to the copy of the original virtual machine to generate a restored virtual machine instead of applying/restoring such backup data to the original virtual machine itself. Thereby, after combining features from Zhu into Kuwamura, the combination system would disclose iteratively restoring backup data to the virtual machine copy instead of the original virtual machine itself and such iteratively restoring comprising restoring, in an order, respective point-in-time copies of data of the plural point-in-time copies of data to the virtual machine copy. 
Therefore, Claims 1-20 are rejected. 

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Singh et al. (US 20190235900 A1) discloses: application data stored in a virtual disk is still considered as part of a corresponding virtual machine (Fig. 2A and [0026]).
Iyer et al. (US 20180267861 A1) discloses: backup copy of the application and application data is considered as backup copy of the virtual machine (see [0306]).
Brown et al. (US 20180137016 A1) discloses: iteratively roll the recovery volume forward and backward to different point-in-times (see [0047]).

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZHI CHEN whose telephone number is (571)272-0805.  The examiner can normally be reached on Monday-Friday 9:30AM-5PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Emerson Puente can be reached on (571)272-3652.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/Zhi Chen/
Patent Examiner, AU2196

/EMERSON C PUENTE/Supervisory Patent Examiner, Art Unit 2196