Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. 
Information Disclosure Statement PTO-1449 
	The Information Disclosure Statement submitted by applicant on 02-12-2021 and 06-29-2021  have been considered. Please see attached PTO-1449. 
	Claims 1-19 are pending.
Double Patenting
	The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the "right to exclude" granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory obviousness-type double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the conflicting application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Effective January 1, 1994, a registered attorney or agent of record may sign a terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply with 37 CFR 3.73(b).
	Claims 1-4 and 10-14  are rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 10,922,418. Claims 1-20 of US Patent No. 10,922,418 contains every element of claims 1-4 and 10-14 of the instant application and as such anticipate claims 1-4 and 10-14 of the instant application, as shown below in mapping of the claim 1. Although the conflicting claims are not identical, they are not patentably distinct from each other. 
"A later patent claim is not patentably distinct from an earlier patent claim if the later claim is obvious over, or anticipated by, the earlier claim. In re Longi, 759 F.2d at 896, 225 USPQ at 651 (affirming a holding of obviousness-type double patenting because the claims at issue were obvious over claims in four prior art patents); In re Berg, 140 F.3d at 1437, 46 USPQ2d at 1233 (Fed. Cir. 1998) (affirming a holding of obviousness-type double patenting where a patent application claim to a genus is anticipated by a patent claim to a species within that genus). " ELI LILLY AND COMPANY v BARR LABORATORIES, INC., United States Court of Appeals for the Federal Circuit, ON PETITION FOR REHEARING EN BANC (DECIDED: May 30, 2001).

Instant Application
Patent No. 10,922,418
1. A method for securing execution environments by quarantining software containers, the method comprising: 


determining, based on configuration data for an application stored in the application software container, at least one intended behavior of the application when executed by the application software container; 
monitoring execution of the application software container in a first execution environment, wherein the monitoring further comprises comparing the execution of the application software container to the at least one intended behavior; 
detecting an unauthorized action by the application software container when the execution of the application software container is anomalous as compared to the at least one intended behavior; and
 quarantining the application software container by migrating the application software container from the first execution environment to a second execution environment when the unauthorized action is detected.
1. A method for runtime detection of vulnerabilities in an application software container, wherein the application software container is configured to execute an application, the method comprising: …
determining, based on the identified configuration data, at least one intended behavior of the application when executed in the application software container…

 monitoring execution of the application software container, wherein the monitoring includes comparing the execution of the application software container to the at least one intended behavior and to the at least one first unauthorized action; 
detecting a second unauthorized action by the application software container when the execution of the application software container is anomalous as compared to the at least one intended behavior…
4. The method of claim 1, further comprising: migrating the application software container from a first execution environment to a second execution environment, …


Claim Rejections - 35 USC § 103
		The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

	Claims 1, 2, 9, 10, 11, 12 and 19  are rejected under 35 U.S.C. 103 as being unpatentable over Wiest et al. (US Patent No.9,355,248) in view of Cabrera et al. (US Publication No. 2015/0381641), further in view of Satish et al. (US Patent No. 9,223,966).
	As per claim 1, 10 and 11, Wiest teaches a method for securing execution environments by quarantining software containers, the method comprising: monitoring execution of the application software container in a first execution environment, wherein the monitoring further comprises comparing the execution of the application software container to the at least one [intended behavior] defined patterns  ( column 10, liens 29-32, figure 4, step 420, the scanning process detect patterns in the remaining portion of the new application image that are defined in a configured definition file); detecting an unauthorized action by the application software container when the execution of the application software container is anomalous as compared to the defined patterns [at least one intended behavior] (figure 4, step 430, column 10, lines 38-39, if the scan result failed).	
	Wiest does not explicitly disclose determining, based on configuration data for an application stored in the application software container, at least one intended behavior of the application when executed by the application software container; and quarantining the application software container by migrating the application software container from the first execution environment to a second execution environment when the unauthorized action is detected. 
	However, in an analogous art, Cabrera discloses determining, based on configuration data for an application stored in the application software container, at least one intended behavior of the application when executed by the application software container (paragraph [0070], lines 8-24, activity monitor retrieves and stores operational characteristics of the application, the virtual asset establishes an average or baseline performance to the operation characteristics of the application. Security threat engine compares the operational characteristics of the application to patterns of operational characteristics and detecting unauthorize actions/threats based on comparison results).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Wiest  and Cabrera. This would have been obvious because one of ordinary skill in the art would have been motivated to establish a baseline operational characteristics for the application in order to determine malicious activity by determining deviation from the baseline operational characteristics .
	Wiest in view of Cabrera  does not explicitly disclose quarantining the application software container by migrating the application software container from the first execution environment to a second execution environment when the unauthorized action is detected. However, in an analogues art , Satish discloses quarantining the application software container by migrating the application software container from the first execution environment to a second execution environment when the unauthorized action is detected (column 13, lines 22-33, the file is sent to virtual machine image after determination that file is potentially malicious file directed to target computing system).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Wiest and Cabrera with  Satish. This would have been obvious because one of ordinary skill in the art would have been motivated to do so in order to execute infected application in an isolated environment and determine how malicious application affect the computing system.
Wiest further discloses non-statutory computer readable medium, processing circuity and memory, as claimed in claim 10 and 11 (figure 6, column 11, lines 34-40). 
	As per claim 2 and 12, Satish furthermore discloses, wherein quarantining the application software container further comprises: creating the second execution environment (column 8, lines 16-21, “at step 304…create, within a virtual machine image, virtual containers..”). The motivation is similar to the motivation provided in claim 1.
	As per claim 9 and 19,  Cabrera furthermore discloses  accessing a configuration file of the application software container, wherein the at least one intended behavior is determined based on the configuration file (paragraph [0070], the activity monitor retrieves operational  characteristics of the application to enable the virtual asset to selectively analyze the operational characteristics of the application). The motivation is similar to  motivation provided in claim 1.

	Claims 3 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Wiest, in view of Cabrera, in view of Satish, further in view of Colgrove et al. (US Patent No. 7,103,740).
	As per claims 3 and 13, Satish furthermore discloses, monitoring execution of the application software container in the second execution environment (column 13, lines 58-60, analysis module 114 may determine how file 214 impacts virtual machine 210 by identifying suspicious activity on virtual machine image). 
	Wiest as modified does not explicitly disclose, but in an analogous art Colgrove discloses migrating the application software container back to the first execution environment when no vulnerability is detected within a predetermined period of time (column 33, lines 43-46, migrate data that has not been modified for a given time interval from a fist storage class to a second storage class).
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Wiest, Cabrera and Satish with Colgrove. This would have been obvious because one of ordinary skill in the art would have been motivated to do so in order to achieve the predictable result of restoring the unchanged and not modified data back to the storage device.

	Claims 4and 14  are rejected under 35 U.S.C. 103 as being unpatentable over Wiest, in view of Cabrera, in view of Satish, in view of Colgrove, further in view of Tsirogiannis et al. (US publication No. 2014/0279838).
	As per claim 4 and 14, Wiest as modified teaches all limitations of claim as applied to claim 3 and 14 above. Wiest as modified does not explicitly disclose, but in an analogous art Tsirogiannis discloses deleting the second execution environment when the application software container is migrated back to the first execution environment (paragraph [0394], “remove a disk (or virtual disk), the data on that disk can be migrated to other free space”). 
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Wiest, Cabrera, Satish and  Colgrove  with Tsirogiannis . This would have been obvious because one of ordinary skill in the art would have been motivated to do so in order to free up storage space by removing not needed virtual spaces. 

	Claims 5 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Wiest, in view of Cabrera, in view of Satish, in view of Colgrove, further in view of  Banka et al. (US Publication No. 2017/0033995).
	As per claim 5 and 15, Wiest as modified teaches all limitations of claim as applied to claim 4 and 14 above. Wiest as modified does not explicitly disclose, but in an analogous art, Banka discloses wherein creating the second execution environment further comprises: launching an operating system (OS) kernel; instantiating a virtual machine (VM) via the OS kernel; and instantiating a [dummy] container and a [detector] container to be executed over the VM, wherein each of the dummy container and the detector container is a software container (paragraph[0051], figure 4, instantiating multiple containers 1-Q, paragraph  [0052], “a virtual machine 530 can be instantiated within the host device 510…The virtual machine can include assessment module 156 in an image of the host O/S 154 and can include container manager component 420 that can instantiate a container 550 . Paragraph [0021] , discloses containers are “containerized application”).
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Wiest, Cabrera, Satish and Colgrove  with Banka. This would have been obvious because one of ordinary skill in the art would have been motivated to do so in order to provides an assessment environment that permits generation of real-time or nearly real-time events and/or alarms based at least on operational state of a host device.
	It is noted that while Banka discloses instantiating multiple (first, second, etc.,) containers, Banka dos not label the container as dummy container and detector container. However, it is noted that a particular label does not affect the functionality of the invention as claimed. Labeling of containers does not include an inventive step and would have been obvious to one of ordinary skill in the art.
	
	Claims 6 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Wiest, in view of Cabrera, in view of Satish, in view of Colgrove, in view of  Banka, further in view of Pomerantz (US Publication No. 2007/0050766).
	As per claim 6 and 16, Wiest as modified teaches all limitations of claim as applied to claim 4 and 14 above. Wiest as modified does not explicitly disclose, but in an analogous art, Pomerantz discloses  wherein the dummy container is deployed such that any attempt to infect other containers executed in the second execution environment results in interacting with the dummy container (paragraph [0026], a virtual machine creates sandbox (dummy container) that intercepts request from applications).
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Wiest as modified with Pomerantz. This would have been obvious because one of ordinary skill in the art would have been motivated to do so in order to isolate the user’s application and computer system form any potential adverse or undesired effects of the request.

Allowable Subject Matter
Claims 7, 8, 17 and 18 are  objected to as being dependent upon a rejected base claim, but would be allowable if overcome the double patenting rejections of claims and rewritten in independent form including all of the limitations of the base claim and any intervening claims.

References Cited, Not Used

	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
	Mohler, US Publication No. 2013/0086684, discloses embodiments that provide for the use of multiple quarantine partitions and/or multi-partition spaces ( e.g., virtual machines) for initially installing and running downloaded content. The downloaded content can be run securely in the quarantine partitions and/or multi-partition spaces.
	Ismael et al., US Pub No. 2010/0192223, discloses a Malicious network content is identified based on the behavior of one or more virtual environment components which process network content in a virtual environment. Network content can be monitored and analyzed using a set of heuristics.
Conclusion
	 Any inquiry concerning this communication or earlier communications from the examiner should be directed to Ali Abyaneh whose telephone number is (571) 272-7961. The examiner can normally be reached on Monday-Friday from (8:00-5:00). If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on (571) 272-4063. The fax phone numbers for the organization where this application or proceeding is assigned as (571) 273-8300 Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).
/ALI S ABYANEH/Primary Examiner, Art Unit 2437