Remarks
Claims 1-20 are pending.  

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-13, 15, and 19 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.  
The end of the penultimate limitation of claim 1 does not have a conjunction (e.g., “and” or “or”).  Therefore, it is unclear whether all steps are required or just a single one.  Claims 2-13 are rejected at least based on their dependencies.  
Claim 2 recites the limitation "the at least harmful information" in the in response to limitation.  There is insufficient antecedent basis for this limitation in the claim.  Claims 15 and 19 have the same issue.  

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1-20 are rejected under 35 U.S.C. 102(a)(1) and/or 102(a)(2) as being anticipated by Shiravi Khozani (U.S. Patent Application Publication 2016/0328742).
Regarding Claim 1,
Shiravi Khozani discloses a system for isolated access and analysis of suspicious code in a disposable computing environment using a user interface and an automated intelligent system, the system comprising:
One or more memory devices storing computer readable code (Exemplary Citations: Figure 13 and associated written description, as well as all below citations; memory, for example); and
One or more processing devices operatively coupled to the one or more memory devices, wherein the one or more processing devices are configured to execute the computer readable code to (Exemplary Citations: Figure 13 and associated written description, as well as all below citations; processor, for example):
Receive an indication of suspicious information (Exemplary Citations: for example, Paragraphs 93, 102, 111, 117, 126, 143, 178-183, 192, 220, 222, 244, 257, 258, 324, and associated figures; receive samples, inputs, code for analysis, further analysis, etc., as examples);
Allow an analyst user to access to a virtual container in order to analyze the suspicious information (Exemplary Citations: for example, Paragraphs 93-97, 99, 102-107, 109-111, 117, 123-127, 144-146, 156, 168, 169, 178-196, 207, 220-226, 239, 244-247, 252, 257, 258, 263, 264, 312-316, 321-334, and associated figures; this may be a passive step that can be met by doing nothing, having any form of analyst user control the system (e.g., all systems are controlled by analyst users/administrators/etc.), an analyst explicitly performing some review/analysis/updating, manual review, semi-automatic analysis, etc., as examples);
Allow the analyst user to analyze the suspicious information within the virtual container (Exemplary Citations: for example, Paragraphs 93-97, 99, 102-107, 109-111, 117, 123-127, 144-146, 156, 168, 169, 178-196, 207, 220-226, 239, 244-247, 252, 257, 258, 263, 264, 312-316, 321-334, and associated figures; as just explained, for example);
In response to allowing the analyst user to analyze the suspicious information, automatically performing analysis of the suspicious information in parallel, via an automated intelligent engine (Exemplary Citations: for example, Paragraphs 93-97, 99, 102-107, 109-111, 117, 123-127, 144-146, 156, 168, 169, 178-196, 207, 220-226, 239, 244-247, 252, 257, 258, 263, 264, 312-316, 321-334, and associated figures; any form of automatic analysis, such as signature checking, hashing, static analysis, dynamic analysis, running binaries in sandboxes, debugging, or the like, as examples); 
Identify at least one harmful information in the suspicious information based on performing analysis of the suspicious information in parallel (Exemplary Citations: for example, Paragraphs 93-97, 99, 102-107, 109-111, 117, 123-127, 144-146, 156, 168, 169, 178-196, 207, 220-226, 239, 244-247, 252, 257, 258, 263, 264, 312-316, 321-334, and associated figures; malware found based on the above, for example).  
Regarding Claim 14,
Claim 14 is a method claim that corresponds to system claim 1 and is rejected for the same reasons.  
Regarding Claim 18,
Claim 18 is a computer program product claim that corresponds to system claim 1 and is rejected for the same reasons.  
Regarding Claim 2,
Shiravi Khozani discloses in response to identifying the at least harmful information in the suspicious information, determine a type of the harmful information (Exemplary Citations: for example, Paragraphs 93-97, 99, 102-107, 109-111, 117, 123-127, 144-146, 156, 168, 169, 178-196, 207, 220-226, 239, 244-247, 252, 257, 258, 263, 264, 312-316, 321-334, and associated figures; bot, C2 server, component, encrypted communication, hash/signature of malware, etc., as examples); and
Generate and transmit one or more notifications to one or more users based on the type of the harmful information (Exemplary Citations: for example, Paragraphs 93-97, 99, 102-107, 109-111, 117, 123-127, 144-146, 156, 168, 169, 178-196, 207, 220-226, 239, 244-247, 252, 257, 258, 263, 264, 312-316, 321-334, and associated figures; any notification, including any display of any of the above, results of analysis being given to analyst for creating milkers, or the like, as examples).  
Regarding Claim 15,
Claim 15 is a method claim that corresponds to system claim 2 and is rejected for the same reasons.  
Regarding Claim 19,
Claim 19 is a computer program product claim that corresponds to system claim 2 and is rejected for the same reasons.  
Regarding Claim 3,
Shiravi Khozani discloses that the indication of the suspicious information is received from a target user (Exemplary Citations: for example, Paragraphs 93, 102, 111, 117, 126, 143, 178-183, 192, 220, 222, 244, 257, 258, 324, and associated figures; any user that is the target of the code at any time, such as the analyst in being given the code, for example).  
Regarding Claim 16,
Claim 16 is a method claim that corresponds to system claim 3 and is rejected for the same reasons.  
Regarding Claim 4,
Shiravi Khozani discloses that the indication of the suspicious information is received automatically from an organization system (Exemplary Citations: for example, Paragraphs 93, 102, 111, 117, 126, 143, 178-183, 192, 220, 222, 244, 257, 258, 324, and associated figures).  
Regarding Claim 17,
Claim 17 is a method claim that corresponds to system claim 4 and is rejected for the same reasons.  
Regarding Claim 5,
Shiravi Khozani discloses that the system is an isolation system that provides physical separation from other systems located on a network when analyzing the suspicious information (Exemplary Citations: for example, Figure 2 and associated written description, as well as all above citations; system is physically separate from other systems, for example).  
Regarding Claim 6,
Shiravi Khozani discloses that the system is an isolation system that provides logical separation from other systems located on a network when analyzing the suspicious information (Exemplary Citations: for example, Figure 2 and associated written description, as well as all above citations; system is logically separate from other systems, for example.  Also found in additional sections, such as sandboxes, seen throughout the cited portions (e.g., Exemplary Citations: for example, Paragraphs 93-97, 99, 102-107, 109-111, 117, 123-127, 144-146, 156, 168, 169, 178-196, 207, 220-226, 239, 244-247, 252, 257, 258, 263, 264, 312-316, 321-334, and associated figures), for example).  
Regarding Claim 20,
Claim 20 is a computer program product claim that corresponds to system claim 6 and is rejected for the same reasons.  
Regarding Claim 7,
Shiravi Khozani discloses that the isolation system is accessed through an API located on an analyst computer system, on the isolation system, or on an API system (Exemplary Citations: for example, Paragraphs 205-217 and associated figures; communications using APIs, for example).  
Regarding Claim 8,
Shiravi Khozani discloses create a plurality of virtual containers for a plurality of analysts, wherein each of the plurality of virtual containers are specific to each of the plurality of analysts (Exemplary Citations: for example, Paragraphs 93-97, 99, 102-107, 109-111, 117, 123-127, 144-146, 156, 168, 169, 178-196, 207, 220-226, 239, 244-247, 252, 257, 258, 263, 264, 312-316, 321-334, and associated figures; use of multiple analysts, each having access to a set of data, code, sandbox or the like, for example).  
Regarding Claim 9,
Shiravi Khozani discloses create the virtual container when the analyst user accesses the system (Exemplary Citations: for example, Paragraphs 93-97, 99, 102-107, 109-111, 117, 123-127, 144-146, 156, 168, 169, 178-196, 207, 220-226, 239, 244-247, 252, 257, 258, 263, 264, 312-316, 321-334, and associated figures; the above is only created for the analyst when the analyst is using the system, for example).  
Regarding Claim 10,
Shiravi Khozani discloses receive virtual environment configurations from the analyst user for the virtual container for the suspicious information (Exemplary Citations: for example, Paragraphs 93-97, 99, 102-107, 109-111, 117, 123-127, 144-146, 156, 168, 169, 178-196, 207, 220-226, 239, 244-247, 252, 257, 258, 263, 264, 312-316, 321-334, and associated figures; feedback from analysts, automatic, semi-automatic, and manual processing, for example).  
Regarding Claim 11,
Shiravi Khozani discloses automatically set virtual environment configurations for the virtual container based on configurations of a target user computer system of a target user from which the suspicious information was received (Exemplary Citations: for example, Paragraphs 93-97, 99, 102-107, 109-111, 117, 123-127, 144-146, 156, 168, 169, 178-196, 207, 220-226, 239, 244-247, 252, 257, 258, 263, 264, 312-316, 321-334, and associated figures).  
Regarding Claim 12,
Shiravi Khozani discloses convert an originally format of the suspicious information into an analysis format that can be reviewed using a non-native application (Exemplary Citations: for example, Paragraphs 93-97, 99, 102-107, 109-111, 117, 123-127, 144-146, 156, 168, 169, 178-196, 207, 220-226, 239, 244-247, 252, 257, 258, 263, 264, 312-316, 321-334, and associated figures; normalizing or formatting the code/data for analysis by the analysis system’s application(s), for example).  
Regarding Claim 13,
Shiravi Khozani discloses that the system is an isolation system, and wherein the isolation system (Exemplary Citations: for example, Figure 2 and associated written description, as well as all above citations):
Provides physical separation from other systems located on a network when analyzing the suspicious information (Exemplary Citations: for example, Figure 2 and associated written description, as well as all above citations);
Provides logical separation from other systems located on the network when analyzing the suspicious information (Exemplary Citations: for example, Figure 2 and associated written description, as well as all above citations.  Also found in additional sections, such as sandboxes, seen throughout the cited portions (e.g., Exemplary Citations: for example, Paragraphs 93-97, 99, 102-107, 109-111, 117, 123-127, 144-146, 156, 168, 169, 178-196, 207, 220-226, 239, 244-247, 252, 257, 258, 263, 264, 312-316, 321-334, and associated figures), for example);
Provides a plurality of virtual containers for a plurality of analysts, wherein each of the plurality of virtual containers are specific to each of the plurality of analysts (Exemplary Citations: for example, Paragraphs 93-97, 99, 102-107, 109-111, 117, 123-127, 144-146, 156, 168, 169, 178-196, 207, 220-226, 239, 244-247, 252, 257, 258, 263, 264, 312-316, 321-334, and associated figures); and
Provides a non-native application that transforms a format of the suspicious information for analyzing the suspicious information (Exemplary Citations: for example, Paragraphs 93-97, 99, 102-107, 109-111, 117, 123-127, 144-146, 156, 168, 169, 178-196, 207, 220-226, 239, 244-247, 252, 257, 258, 263, 264, 312-316, 321-334, and associated figures).  

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Jeffrey D Popham whose telephone number is (571)272-7215. The examiner can normally be reached Monday through Friday 9:00-5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Nickerson can be reached on (469) 295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/Jeffrey D. Popham/Primary Examiner, Art Unit 2432