Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The present Office Action is responsive to communication received 8/31/2020. Claims 1-2 re pending.

Priority
This application claims priority from a series of CIP dating back 10/28/2015. The examiner has verified support for the claims in the instant application, and has found the earliest parent application related to the claims to be 15655113, now US patent 10248910, filed 8/15/2016. Therefore the effective filing date for the claims is considered to be 8/15/2016.

Informalities
Claims 1-2 recite informalities to be corrected please, and indicated as follows: create or creating  [[a]]an observed system.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-2 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.

Claim 1 recites 2 instances of “a virtual computer network” in lines 6 and 9, rendering the subsequent recitation of “the virtual computer network” in the claim indefinite. For examination purpose, the second instance will be considered as “the virtual computer network”.
Claim 2 recites “the virtual computer” in line 10, it is believed the correct limitation is ‘the virtual computer network”. Note it is previously recited 2 instances of “a virtual computer network” in lines 2 and 5, and that would render the subsequent recitation of “the virtual computer network” in the claim indefinite. For examination purpose, the second instance will be considered as “the virtual computer network”.
Claims 1-2 recite “the operation of the observed system” in line 21, which lacks antecedent basis and renders the claim indefinite. For examination purpose, the limitation  will be considered as “an operation of the observed system”.
Correction or clarification is kindly requested.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-2 are rejected under 35 U.S.C. 103 as being unpatentable over publication titled “KYPO – A Platform for Cyber Defence Exercises”, by Pavel Čeleda et al., 2015, 12 pages, hereinafter Celeda, in view of publication titled “Application Security through Sandbox Virtualization”, by Liberios Vokorokos et al., Acta Polytechnica Hungarica, Vol. 12, No. 1, 2015, 83-101, hereinafter Vokorokos.

Regarding claim 1, Celeda discloses:
A system for secure evaluation of cybersecurity tools is disclosed,  comprising (Abstract: modelling and simulating cyberattacks computer systems and networks): a computing device comprising a memory and a processor (p.1, Fig. 1, 1.0: KYPO platform that includes at least a computing device); a sandbox environment manager comprising a first plurality of programming instructions stored in the memory and operating on the processor, wherein the first plurality of programming instructions, when operating on the processor, cause the computing device to (p.3, Fig. 1: Scenario and sandbox management API): receive a configuration for a virtual computer network (p.7, 5.3.1: the network of a Blue Team ...representing all critical services):, the virtual computer network comprising one or more virtual domain controllers (p.7, 5.3.1: simulates DNS), one or more member servers, and one or more workstations (p.5, 4.1 Users are able to create various networks populated with desktops, servers, and even mobile devices in this sandbox); create a sandbox environment for the testing of a virtual computer network (p.1, 1.0:  Kypo aims to provide a virtualized environment for performing complex cybernetic attack against a simulated critical infrastructure; p.4: create, edit ... sandboxes) :, wherein the sandbox environment is provided with a set of controlled computing resources of the computing device for its operation (p..4: a sandbox is a isolated set of virtual machines, networks and monitoring configurations, and p.5, 4.2 include tools for analysis); and create a observed system within the sandbox environment, the observed system comprising an isolated instance of the virtual computer network, one or more cybersecurity defense tools, and one or more instances of malware (p.4 & 7, Fig.2-3: a portal within the environment allow users to observe a particular sandbox and interact with the tools; p.5, 4.2 tools in the sandbox including malware); an observed system manager comprising a second plurality of programming instructions stored in the memory and operating on the processor, wherein the second plurality of programming instructions, when operating on the processor, cause the computing device to (p.3, Fig.1 Scenario ...API/Monitoring API): operate the observed system as a test of the virtual computer network and the cybersecurity defense tools against the malware (p.6, 5.1 scenario which includes the actions of attackers and assignments  for defenders ..; 5.2:  different Teams to plan attacks, defense and remediation) ; allow a user to monitor and change the operation of the observed system during operation (p.4 monitoring API responsible for monitoring management, i.e. it provides fine-grained control over network links and hosts monitoring configuration (starting, stopping, and attributes manipulation); and display results from the test of the observed system (p.9, 5.4: access the exercise sandbox with a web browser, display scenario topology and score of all teams).  
Although Celeda disclose the sandbox is a separated (Abstract) and isolated environment (p.4, 3.0: A sandbox is an isolated set of VM ...), Celeda does not explicitly teach the sandbox environment is prevented from accessing any other computing resources of the computing device. However, that is the definition of a sandbox, as evidenced by Vokorokos, who, in an analogous art, discloses: 
“A more specific definition states that a sandbox allows applications to be executed so that these applications are not allowed to read or write the data beyond the specified path, i.e. beyond the sandbox. In a broader sense, one has to add the control and allocation of operating system resources to this definition, such as network services, hardware management, low-level access, etc.” (p.84, 2).

It would have been obvious to a skilled artisan before the instant application’s effective filing date to implement a sandbox as taught by Vokorokos because it would would ensure reliability and consistency in the system i.e “A system error in the virtual machine does not affect the other parts of the system on the same hardware platform – this ensures the reliability and the consistency of the system as a whole. Technology providing protection against application faults provides isolation from security faults. If the security of a specific part of the virtual machine is compromised, it may be terminated at any time” (Vokorokos, p.85, first para.).

Regarding claim 2, the claim recites substantially the same content as claim 1 and is rejected by the rationales rejecting claim 1.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Karnikis et al 20130232576  disclose a scalable cyber-threat detection systems and methods that systematically and automatically execute and monitor code within a secure isolated environment to automatically identify and filter out malicious code so that it is not executed on a live system.
Bobritsky et al 20160212154 disclose providing an environment to the endpoint device which simulates an environment, for example, a security environment, where malware is known to refrain from executing.
Altman et al 20140359761 disclose monitoring a protected computer network that is to be protected from malicious software, and an infected computer network that is known to be infected with malicious software, extracting transactions known to be malicious are extracted from both the protected computer network and the infected computer network, and  transactions that are not known to be malicious are extracted only from the protected computer network, analyzing communications using the extracted transactions ...
Adams et al 20160094565 disclose receiving a threat assessment, and implementing necessary security measures (e.g., increase a blocking threshold, perform additional and/or deeper scanning, implement a sandbox for object testing etc.) in order to ensure that an infection does not take hold within the company network.
Langton et al 20160292420 disclose  receiving a file to be analyzed in a sandbox environment, and determining configuration information for configuring the sandbox environment. The configuration information may be determined based on at least one of: file information associated with the file to be analyzed, or client device information associated with a client device for which the file is intended ...
Brueckner et al 20170032694 discloses outputting a graphical dashboard that includes one or more learning objective nodes and one or more skill nodes, selecting one or more software agents that are associated with the one or more skill nodes, providing, to at least one host computing system, an indication of the one or more software agents that are configured to collect parameter data from the at least one host computing system while a trainee performs actions, receiving the parameter data collected by the one or more software agents during execution, determining, based on the parameter data ...

Any inquiry concerning this communication or earlier communications from the examiner should be directed to CATHERINE B THIAW whose telephone number is (571)270-1138. The examiner can normally be reached Monday-Friday 7am-4pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, CARL G COLIN can be reached on 571-272-3862. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/Catherine Thiaw/Primary Examiner, Art Unit 2493                                                                                                                                                                                                        6/29/2022