DETAILED ACTION

Examiner’s Amendment
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.

	Authorization for this Examiner’s Amendment was given in a telephone interview with Elizabeth A. Almeter on 25 May 2022.
This application has been amended as follows:
IN THE CLAIMS
Replace the following claims listed as follows.

1.	(Currently Amended)  A protection computing platform, comprising: 
at least one hardware processor; 
a communication interface; and 
memory storing computer-readable instructions that, when executed by the at least one hardware processor, cause the protection computing platform to: 
receive, via the communication interface, from a first user computing device, a first request for a first uniform resource locator associated with a first email message, wherein protection computing platform instead of corresponding to the first uniform resource locator and wherein the embedded link includes a unique token corresponding to an original link pointing to the first resource corresponding to the first uniform resource locator that was replaced by the embedded, rewritten link; 
evaluate the first request for the first uniform resource locator associated with the first email message using one or more isolation criteria; 
based on evaluating the first request for the first uniform resource locator associated with the first email message using the one or more isolation criteria, identify that the first request meets at least one isolation condition associated with the one or more isolation criteria; and 
in response to identifying that the first request meets the at least one isolation condition associated with the one or more isolation criteria, initiate a browser mirroring session with the first user computing device to provide the first user computing device with limited access to [[a]] the first resource corresponding to the first uniform resource locator associated with the first email message.  

2.	(Currently Amended) The protection computing platform of claim 1, wherein the embedded link was rewritten by an email filtering engine hosted on the computing platform.

3.	(Currently Amended) The protection computing platform of claim 1, wherein evaluating the first request for the first uniform resource locator associated with the first email message using the one or more isolation criteria comprises determining whether the first resource corresponding to the first uniform resource locator associated with the first email message is a file sharing site.

4.	(Currently Amended) The protection computing platform of claim 1, wherein evaluating the first request for the first uniform resource locator associated with the first email message using the one or more isolation criteria comprises determining whether the first resource corresponding to the first uniform resource locator associated with the first email message is a potentially malicious site.

5.	(Currently Amended) The protection computing platform of claim 4, wherein determining whether the first resource corresponding to the first uniform resource locator associated with the first email message is a potentially malicious site comprises determining whether the first resource corresponding to the first uniform resource locator associated with the first email message is a potentially malicious site using a URL defense (UD) tool hosted on the computing platform.

6.	(Currently Amended) The protection computing platform of claim 1, wherein evaluating the first request for the first uniform resource locator associated with the first email message using the one or more isolation criteria comprises determining whether the first resource corresponding to the first uniform resource locator associated with the first email message is a file having a predetermined file extension.

7.	(Currently Amended) The protection computing platform of claim 1, wherein identifying that the first request meets the at least one isolation condition associated with the one or more isolation criteria comprises cross-referencing a data table identifying specific resources to be opened using browser mirroring.

8.	(Currently Amended) The protection computing platform of claim 1, wherein the memory stores additional computer-readable instructions that, when executed by the at least one hardware processor, cause the computing platform to:
after initiating the browser mirroring session with the first user computing device to provide the first user computing device with limited access to the first resource corresponding to the first uniform resource locator associated with the first email message:
scan the first resource using a live analysis service that is configured to analyze information received from the first resource while a user of the first user computing device is accessing the first resource and return an indication of whether the first resource is safe or malicious.

9.	(Currently Amended) The protection computing platform of claim 8, wherein scanning the first resource using the live analysis service comprises scanning user-authenticated content received from the first resource after the user of the first user computing device is authenticated by the first resource.

10.	(Currently Amended) The protection computing platform of claim 8, wherein the memory stores additional computer-readable instructions that, when executed by the at least one hardware processor, cause the computing platform to:
receive, from the live analysis service, an indication that the first resource is safe; and
in response to receiving the indication that the first resource is safe from the live analysis service, provide a user-selectable option to break out of isolation.

11.	(Currently Amended) The protection computing platform of claim 8, wherein the memory stores additional computer-readable instructions that, when executed by the at least one hardware processor, cause the computing platform to:
receive, from the live analysis service, an indication that the first resource is malicious; and
in response to receiving the indication that the first resource is malicious from the live analysis service, store data captured from the first resource.

12.	(Currently Amended) The protection computing platform of claim 11, wherein the memory stores additional computer-readable instructions that, when executed by the at least one hardware processor, cause the computing platform to:
in response to receiving the indication that the first resource is malicious from the live analysis service, provide the data captured from the first resource to a machine learning engine to train one or more machine learning models to recognize other malicious resources.

13.	(Currently Amended) A method for controlling access to linked content, comprising:
at a protection computing platform comprising at least one hardware processor, a communication interface, and memory:
receiving, by the at least one hardware processor, via the communication interface, from a first user computing device, a first request for a first uniform resource locator associated with a first email message, wherein protection computing platform instead of a first resource corresponding to the first uniform resource locator and wherein the embedded link includes a unique token corresponding to an original link pointing to the first resource corresponding to the first uniform resource locator that was replaced by the embedded, rewritten link;
evaluating, by the at least one hardware processor, the first request for the first uniform resource locator associated with the first email message using one or more isolation criteria;
based on evaluating the first request for the first uniform resource locator associated with the first email message using the one or more isolation criteria, identifying, by the at least one processor, that the first request meets at least one isolation condition associated with the one or more isolation criteria; and
in response to identifying that the first request meets the at least one isolation condition associated with the one or more isolation criteria, initiating, by the at least one processor, a browser mirroring session with the first user computing device to provide the first user computing device with limited access to [[a]] the first resource corresponding to the first uniform resource locator associated with the first email message.

20.	(Currently Amended) One or more non-transitory computer-readable storage media storing instructions that, when executed by a protection computing platform comprising at least one hardware processor, a communication interface, and memory, cause the protection computing platform to:
receive, via the communication interface, from a first user computing device, a first request for a first uniform resource locator associated with a first email message, wherein protection computing platform instead of a first resource corresponding to the first uniform resource locator and wherein the embedded link includes a unique token corresponding to an original link pointing to the first resource corresponding to the first uniform resource locator that was replaced by the embedded, rewritten link;
evaluate the first request for the first uniform resource locator associated with the first email message using one or more isolation criteria;
based on evaluating the first request for the first uniform resource locator associated with the first email message using the one or more isolation criteria, identify that the first request meets at least one isolation condition associated with the one or more isolation criteria; and
in response to identifying that the first request meets the at least one isolation condition associated with the one or more isolation criteria, initiate a browser mirroring session with the first user computing device to provide the first user computing device with limited access to [[a]] the first resource corresponding to the first uniform resource locator associated with the first email message.


Allow Subject Matter

Claims 1 – 20 are allowed.
The following is an examiner’s statement of reasons for allowance:
The above mentioned claims are allowable over prior arts because the CPA (Cited Prior Art) of record fails to teach or render obvious the claimed limitations in combination with the specific added limitations recited in each of the independent claims 1, 13 & 20 (& associated dependent claims).

This communication warrants No Examiner's Reason for Allowance, applicant's reply make evident the reasons for allowance, satisfying the “record as a whole” proviso of the rule 37 CFR 1.104(e).  Specifically, applicant’s claim amendments and arguments filed on 5/5/2022 and Examiner’s Amendment are persuasive, as such the reasons for allowance are in all probability evident from the record and no statement is deemed necessary (see MPEP 1302.14).
Any comments Applicants considers necessary must be submitted no later than the payment of the Issue Fee and to avoid processing delays, should preferable accompany the Issue Fees.  Such submission should be clearly labeled “Comments on Statement of Reasons for Allowance”.  In event of any post-allowance papers (e.g. IDS, 312 amendment, petition, etc.), Applicant is exhorted to mail papers to the Production Control branch in Publications or faxed to post-allowance papers correspondence branch at (703) 308-5864 to expedite issuing process or call PUB's Customer Service if any questions at (703) 305-8497.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to LONGBIT CHAI whose telephone number is (571)272-3788.  The examiner can normally be reached on Monday - Friday 9:00am-5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn D. Feild can be reached on 571-272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.









Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

           /LONGBIT CHAI/Primary Examiner, Art Unit 2431                                                                                                                                                                                                                 (No. #2325 - 2022)