Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
Response to Amendment
This is a reply to the application filed on 08/12/2022, in which, claim(s) 1-2, 5-18 and 20 is/are pending.
Claim(s) 3-4 and 19 is/are cancelled. 

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 08/17/2022 (2), has been reviewed. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the examiner is considering the information disclosure statement.

Response to Arguments
Claim Rejections - 35 U.S.C. § 102 and 35 U.S.C. § 103:
In response to applicant's arguments against the references individually, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986).

Applicant’s arguments with respect to the rejection of claim(s) 1-2, 5-18 and 20 have been considered but are moot in view of the new ground(s) of rejection.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-2, 5-18 and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Paithane et al. (Pat. No.: US 10,534,906 B1; hereinafter Paithane) in view of Banga et al. (Pub. No.: US 2013/0055256 A1; hereinafter Banga) further in view of Liu (Pat. No.: US 9,876,812 B1).
Regarding claims 1, 17 and 20, Paithane discloses a system for isolating and analyzing suspicious information in disposable virtual containers, the system comprising (Virtual machine VM instance to analyzed possibly malicious content [Paithane; Abstract, Fig. 3 – Element 196]): 
one or more memory components storing computer-readable code (storage 230 for storing instruction [Paithane; Fig. 2 and associated texts]); and 
one or more processing components operatively coupled to the one or more memory components, wherein the one or more processing components are configured to execute the computer-readable code to (processor 200 executing instruction stored in storage 230 [Paithane; Fig. 2 and associated texts]): 
receive an indication of the suspicious information (intercept/received object possible malicious [Paithane; 14:29-67, 15:1-67; Fig. 5 – step 505 and associated texts]); 
allow an analyst user access to a first disposable virtual container in order to analyze the suspicious information (analysis the intercepted/received object within the VM instance [Paithane; 14:29-67, 15:1-67; Fig. 5 – step 507A-J and associated texts]); 
allow the analyst user to analyze the suspicious information within the first disposable virtual container (monitor and analyzed the possible malicious object in the VM [Paithane; 14:29-67, 15:1-67; Fig. 5 – step 507A-J and associated texts]); 
identify the suspicious information includes harmful information (analyzed at different stage to determine malicious and not false positive [Paithane; 14:29-67, 15:1-67; Fig. 5 – step 507A-J and associated texts]). Paithane discloses classifying objects as malicious by processing the objects in a virtual environment and monitoring behaviors during processing by one or more monitors. Paithane does not explicitly discloses discard the first disposable virtual container when the harmful information is identified; and allow the analyst user access to a second disposable virtual container; however, in a related and analogous art, Banga teaches these features.
In particular, Banga teaches when VM detects of possible malicious codes affecting any undesirable consequence, discard the VM and create a new VM for further evaluation [Banga; ¶35, 107, 136-139]. It would have been obvious before the effective filing date of the claimed invention to modify Paithane in view of Banga with the motivation to rerun the analysis in a new instance for more accurate analyzation.
Paithane-Banga combination does not explicilty discloses allow the analyst user to analyze the suspicious information within the second disposable virtual container while bypassing the harmful information when analyzing the suspicious information within the second disposable virtual container; however, in a related and analogous art, Liu teaches this feature.
In particular, Liu teaches determine the file contains malware, execute the malicious file in a sandbox to obtains its malware pattern and behavior, dumped the code and memory that are infected and user can malware pattern and behavior can be review elsewhere [Liu; 3:30-67, 4:1-42, 6:1-55; Figs. 2, 5-6 and associated text]. It would have been obvious before the effective filing date of the claimed invention to modify Paithane-Banga combination in view of Liu with the motivation to obtains malware pattern/behavior for faster detection later on.

Regarding claims 2 and 18, Paithane-Banga-Liu combination discloses wherein the second disposable virtual container is a replacement container for the first disposable virtual container (a new VM instance is created from a clean immutable VM template, same as the old VM but clean version [Banga; ¶35, 107, 136-139]. The motivation to rerun the analysis in a new instance for more accurate analyzation.

Regarding claim 5, Paithane-Banga-Liu combination discloses the system of claim 1, wherein discarding the first disposable virtual container comprises folding up and deleting the first disposable virtual container (discarding the VM instance [Banga; ¶35, 48, 107]. The motivation to prevent malicious code from spreading.

Regarding claim 6, Paithane-Banga-Liu combination discloses the system of claim 1, wherein the one or more processing components are further configured to execute the computer-readable code to: identify the suspicious information fails to include the harmful information; and send a notification to a target user that the suspicious information is cleared when the harmful information fails to be identified (send a report classification and confidence score, the score evaluate if the object is malicious or not [Paithane; 14:29-67, 15:1-67; Fig. 5 – step 507A-J and associated texts]).

Regarding claim 7, Paithane-Banga-Liu combination discloses the system of claim 1, wherein the indication of the suspicious information is received from a target user (received the object from network device [Paithane; 14:29-67, 15:1-67; Fig. 1, 5 and associated texts]).

Regarding claim 8, Paithane-Banga-Liu combination discloses the system of claim 1, wherein the indication of the suspicious information is received automatically from an organization system (from the malicious content detection MCD system [Paithane; Fig. 1 – element 110 and associated texts]).

Regarding claim 9, Paithane-Banga-Liu combination discloses the system of claim 1, wherein the system is an isolation system that provides physical separation and logical separation when analyzing the suspicious information (the VM is an isolated system [Paithane; 14:29-67, 15:1-67; Fig. 1, 5 and associated texts]).

Regarding claim 10, Paithane-Banga-Liu combination discloses the system of claim 9, wherein the isolation system is accessed through an application programming interface located on an analyst computer system, on the isolation system, or on an application programing interface system (running on API [Paithane; 14:29-67, 15:1-67; Fig. 1, 5 and associated texts]).

Regarding claim 11, Paithane-Banga-Liu combination discloses the system of claim 1, wherein the one or more processing components are further configured to execute the computer-readable code to: create a plurality of virtual containers for a plurality of analysts, wherein each of the plurality of virtual containers are specific to each of the plurality of analysts (the VMM can create multiple VM instances [Paithane; 14:29-67, 15:1-67; Fig. 1, 5 and associated texts]).

Regarding claim 12, Paithane-Banga-Liu combination discloses the system of claim 1, wherein the one or more processing components are further configured to execute the computer-readable code to: create a virtual container when the analyst user accesses the system (the VM can be used for access the system [Paithane; 14:29-67, 15:1-67; Fig. 1, 5 and associated texts]).

Regarding claim 13, Paithane-Banga-Liu combination discloses the system of claim 1, wherein the one or more processing components are further configured to execute the computer-readable code to: receive virtual environment configurations from the analyst user for the first disposable virtual container for the suspicious information or automatically based on configurations of a target user computer system of a target user that received the suspicious information (the report includes metadata  [Paithane; 8:7-33, 9:44-67; Fig. 1, 5 and associated texts]).

Regarding claim 14, Paithane-Banga-Liu combination discloses the system of claim 1, wherein the one or more processing components are further configured to execute the computer-readable code to: implement a mitigation action when the suspicious information is determined to include the harmful information (discard the VM instance when determine malicious [Paithane; 14:29-67, 15:1-67; Fig. 1, 5 and associated texts]).

Regarding claim 15, Paithane-Banga-Liu combination discloses the system of claim 14, wherein the mitigation action comprises sending a notification to a user when the harmful information is identified (sending the report [Paithane; 14:29-67, 15:1-67; Fig. 5 – elements 507A-J and associated texts]).

Regarding claim 16, Paithane-Banga-Liu combination discloses the system of claim 14, wherein the mitigation action comprises requesting removal of the harmful information from a target user computer system, allowing the analyst user access to a target user computer of a target user to remediate the harmful information, requiring a username or password change, notifying other analyst users of the harmful information, notifying other users within an organization of the harmful information, notifying a third-party of the harmful information, blocking a website for the harmful information, preventing future download of the harmful information, or automatically deleting any future communications with the harmful information  (discard the VM instance when determine malicious, would results in removing of the threats [Paithane; 14:29-67, 15:1-67; Fig. 1, 5 and associated texts] and discard of the object [Paithane; 3:40-53]).

Internet Communications
Applicant is encouraged to submit a written authorization for Internet communications (PTO/SB/439, http:ljwww.uspto.gov/sites/default/files/documents/sb0439.pdf) in the instant patent application to authorize the examiner to communicate with the applicant via email. The authorization will allow the examiner to better practice compact prosecution. The written authorization can be submitted via one of the following methods only: (1) Central Fax which can be found in the Conclusion section of this Office action; (2) regular postal mail; (3) EFS WEB; or (4) the service window on the Alexandria campus. EFS web is the recommended way to submit the form since this allows the form to be entered into the file wrapper within the same day (system dependent). Written authorization submitted via other methods, such as direct fax to the examiner or email, will not be accepted. See MPEP § 502.03.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

	
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DAO Q HO whose telephone number is (571)270-5998.  The examiner can normally be reached on 7:00am - 5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Nickerson can be reached on (469) 295-9235.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/DAO Q HO/Primary Examiner, Art Unit 2432