DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

This action is responsive to communication filed 6/2/2022.
Claims 1-20 are presented for examination.
Applicant’s amendments to the specification, drawings and claims have overcome specification objects, drawing objections and claim objections set forth in the non-Final Office Action mailed by 3/2/2022.

Drawing
The drawings filed on 6/2/2022 are acceptable subject to correction of the informalities indicated below.  In order to avoid abandonment of this application, correction is required in reply to the Office action.  The correction will not be held in abeyance.
At Fig. 7, there are two different components are labeled/referenced as 720, i.e., path 720 and storage 720. In addition, there are two sessions resided at the secure sandbox 708 are labeled as  1023 and two sessions resided at the secure sandbox 708 are labeled as 1024  (note: Applicant may need to amend or change “path 720” at lines 2, 9 and 10 of [0043] from the specification according to Applicant’s actual correction on Fig. 7. Applicant may need to amend or change “session 1023” at line 12 of [0043], last 3rd-2nd lines of page 16, line 8 of page 19 and line 9 of page 19 from the specification according to Applicant’s actual correction on Fig. 7).
At Fig. 11, there are two different components are labeled/referenced as 1108, i.e., loop-back 1108 and secure sandbox 1108. In addition, there are two sessions resided at the secure sandbox 1108 are labeled as 1024, i.e., session 1024 and session 1024 (note: Applicant may need to amend or change “secure sandbox 1108” at line 6 of [0051] from the specification according to Applicant’s actual correction on Fig. 11).
At Fig. 12, there are two sessions resided at the secure sandbox 1208 are labeled as 1024, i.e., session 1024 and session 1024.
At Fig. 17, there are two different components are labeled/referenced as 1724, i.e., stunnel 1724 and path 1724 (note: Applicant may need to amend or change “path 1724” at last line of [0071] from the specification according to Applicant’s actual correction on Fig. 17).

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in a telephone interview with Erik Swenson (Reg. NO# 45147) on 6/15/2022.

Please amend the following locations at the specification:
1. “which persists at 620” at line 6 of [0034] should be “which persists at storage 620”.
2. “controlled storage 625” at line 8 of [0034] should be “controlled storage 620”.
3. “uses the certificate 620” at last 2nd line of [0034] should be “uses the certificate 618”.
4. “to storage 625” at line 5 of page 11 should be “to storage 620”. 

Please amend the following claims:

Claim 5 (cancel)
Claim 15 (cancel)

REASONS FOR ALLOWANCE
The following is an examiner’s statement of reasons for allowance:

Claims 1-4, 6-14 and 16-20 are allowable over the prior art of record because the Examiner found neither prior art cited in its entirety, nor based on the prior art, found any motivation to combine any of the said prior arts.

As per independent Claims 1 and 11, the primary reason for allowance is “creating an ecosystem for the guest-native source in a secure sandbox running on a host operating system, wherein the secure sandbox can only connect to storage through the guest operating system and connects to networking only through specific ports in the host operating system without general access to the host operating system networking” in conjunction with the rest of the limitations at claims.

The previous cited prior art references do not disclose the limitation mentioned above. 

The followings are some new found prior art references:
Walsh (US 20110154431 A1) discloses: apply a limited network access via accessing to only specific network ports (see [0052]).
Andrews et al. (US 20210136115 A1) discloses: disabling all unnecessary ports and establishing a VPN for protecting traffic to the local sandbox (see [0102]. Since disabling unnecessary ports and using VPN connection to protect the traffic of the sandbox, the sandbox connects networking via some particular/specific ports having VPN support functionalities).
Franciosi et al. (US 20180157444 A1, hereafter Franciosi) discloses: a sandbox or a user virtual machine can only connect to a storage through a service virtual machine that is not hosting the sandbox (see Fig. 1A, [0022], “the term vDisk refers to the storage abstraction that is exposed by a Controller/Service VM (CVM) 110 to be used by a user VM”).

However, Franciosi fails to disclose the sandbox or the user virtual machine is an environment including an ecosystem or another execution environment inside the sandbox or the user virtual machine to running the guest-native source that is required/requested by the service virtual machine. Instead, Franciosi even discloses feature of routing/transmitting the command having native protocol from the sandbox or the user virtual machine to the service virtual machine (see [0030]-[0032]). Thereby, even Franciosi does disclose a system having a sandbox (i.e., a user virtual machine, note: a virtual machine is known as sandbox) can only connect to a storage through OS of a guest virtual machine (i.e., a server virtual machine). In this way, the combination of Eltsin and Franciosi does not teach the limitations mentioned above.

The remaining claims, not specifically mentioned, are allowed because they are dependent upon the claims mentioned above.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZHI CHEN whose telephone number is (571)272-0805.  The examiner can normally be reached on Monday-Friday 9:30AM-5PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Emerson Puente can be reached on (571)272-3652.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/Zhi Chen/
Patent Examiner, AU2196

/EMERSON C PUENTE/Supervisory Patent Examiner, Art Unit 2196