Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 

Examiner’s Amendment
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given by Mr. Michael W. Zimmerman (Reg. No. 57993) on 8/31/2022.
The claims have been amended as follows: 

1. (Currently Amended) A computer readable storage disk or storage device, comprising instructions that, when executed, cause a programmable device to at least:
	obtain first configuration data;
	configure, based on the first configuration data, a virtual environment on the programmable device before execution of received data begins in the virtual environment;
begin execution of the received data in [[a]] the virtual environment operating on the programmable device;
determine a need for additional configuration data associated with a computing device during execution of the received data in the virtual environment;
request second configuration data associated with a computing device during execution of the received data in the virtual environment, the configuration data including a property associated with the computing device, the property to include at least one of a binary representation of a hardware device or a binary image of a software application;
configure the virtual environment on the programmable device while the received data is executed in the virtual environment based on the second configuration data received in response to the request;
identify malware in the received data utilizing the configured virtual environment; and
in response to identifying the malware, prevent transmission of the received data.

2. (Previously Presented) The computer readable storage disk or storage device of claim 1, wherein the virtual environment is automatically configured.

3. (Previously Presented) The computer readable storage disk or storage device of claim 1, wherein the virtual environment includes at least one of a virtual machine, an emulator and a sandbox.

4. (Currently Amended) The computer readable storage disk or storage device of claim 1, wherein the virtual environment includes a virtual replica of the computing device.

5. (Previously Presented) The computer readable storage disk or storage device of claim 1, wherein the instructions, when executed, cause the programmable device to identify the malware utilizing an analysis of the received data executed in the virtual environment.

6. (Previously Presented) The computer readable storage disk or storage device of claim 1, wherein the instructions, when executed, cause the programmable device to identify, utilizing a hierarchical data structure, the malware by analyzing the received data in the virtual environment.

7. (Previously Presented) The computer readable storage disk or storage device of claim 1, wherein the instructions, when executed, cause the programmable device to perform a responsive action in response to identification of the malware.

8. (Previously Presented) The computer readable storage disk or storage device of claim 7, wherein the responsive action includes blocking the malware.

9. (Currently Amended) A method, comprising:
obtaining first configuration data;
	configuring, based on the first configuration data, a virtual environment on a programmable device before execution of received data begins in the virtual environment;
beginning execution of the received data in [[a]] the virtual environment operating on [[a]] the programmable device;
determining a need for additional configuration data associated with a computing device during execution of the received data in the virtual environment;
requesting second configuration data associated with a computing device during execution of the received data in the virtual environment, the configuration data including a property associated with the computing device, the property to include at least one of a binary representation of a hardware device or a binary image of a software application;
configuring the virtual environment on the programmable device while the received data is executed in the virtual environment based on the second configuration data received in response to the request; 
identifying malware in the received data utilizing the virtual environment; and
in response to identifying the malware, preventing transmission of the received data.

10. (Previously Presented) The method of claim 9, wherein the virtual environment is automatically configured.

11. (Currently Amended) The method of claim 9, wherein configuring the virtual environment includes configuring the virtual environment based on an operating system of the computing device and at least one property of the computing device, including configuring at least one of a list of hardware, a list of software, a patch identifier, and a binary representation of software.

12. (Previously Presented) The method of claim 9, wherein the virtual environment includes at least one of a virtual machine, an emulator and a sandbox.

13. (Currently Amended) The method of claim 9, wherein the virtual environment includes a virtual replica of the computing device.

14. (Previously Presented) The method of claim 9, wherein identifying malware includes utilizing an analysis of the received data executed in the virtual environment to identify the malware.

15. (Previously Presented) The method of claim 9, wherein identifying the malware includes analyzing the received data in the virtual environment based on a hierarchical data structure.

16. (Previously Presented) The method of claim 9, further including performing a responsive action in response to identifying the malware.

17. (Previously Presented) The method of claim 16, wherein the responsive action includes blocking the malware.

18. (Currently Amended) A system, comprising:
a first device; and
a second device, the first device including:
one or more hardware processors; and
a memory coupled with the one or more hardware processors, on which are stored instructions that, when executed, cause at least some of the one or more hardware processors to:
obtain first configuration data;
	configure, based on the first configuration data, a virtual environment on the first device before execution of received data begins in the virtual environment;
begin execution of the received data in [[a]] the virtual environment operating on the first device;
determine a need for additional configuration data associated with the second device during execution of the received data in the virtual environment;
request second configuration data associated with the second device during execution of the received data in the virtual environment, the configuration data including a property associated with the second device, the property to include at least one of a binary representation of a hardware device or a binary image of a software application;
configure the virtual environment on the first device while the received data is executed in the virtual environment based on the second configuration data received in response to the request; and
in response to identifying malware during the execution of the received data, prevent transmission of the received data.

19. (Previously Presented) The system of claim 18, wherein the virtual environment is automatically configured.

20. (Previously Presented) The system of claim 18, wherein the virtual environment includes at least one of a virtual machine, an emulator, and a sandbox.

21. (Previously Presented) The system of claim 18, wherein the virtual environment includes a virtual replica of the second device.

22. (Previously Presented) The system of claim 18, wherein the instructions, when executed, cause at least some of the one or more hardware processors to perform a responsive action in response to identifying the malware.

23 - 25. (Cancelled)	


Allowable Subject Matter 
Claims 1-22 are allowed.
The following is an Examiner’s Statement of Reasons for Allowance: 

Regarding independent claims  1, 9 and 18, the closest prior art made of record are:

The previously cited prior art Aziz (US 2007/0250930) teaches (see the Office Action dated 4/28/2022, pages 10-13) A computer readable storage disk or storage device, comprising instructions that, when executed, cause a programmable device to at least:
obtain first configuration data; configure, based on the first configuration data, a virtual environment on the programmable device before execution of received data begins in the virtual environment (see [0169] and Figs. 7 and 8: “The virtual machine 815 is a representation of the destination device that can be provided to the analysis environment 750 by the scheduler 735. In one example, the scheduler 735 retrieves a virtual machine 815 from the virtual machine pool 745 and configures the virtual machine 815 to mimic a destination device 7.10. The configured virtual machine 815 is then provided to the analysis environment 750 where it can receive flagged network data from the virtual switch 810”);
begin execution of the received (see [0146] and Fig. 7: “The tap 715 is a digital data tap configured to monitor network data and provide a copy of the network data to the controller 725…the tap 715 can receive and copy any number of data packets from the network data”. And see [0159] and Fig. 7: “The scheduler 735 can retrieve and configure the virtual machine to mimic the pertinent performance characteristics of the destination device 710. In one example, the scheduler 735 configures the characteristics of the virtual machine to mimic only those features of the destination device 710 that are affected by the network data copied by the tap 715”) data (see [0170] and Fig. 8: “As the analysis environment 750 simulates the transmission of the network data, behavior of the virtual machine 815 can be closely monitored for unauthorized activity. If the virtual machine 815 crashes, performs illegal operations, performs abnormally, or allows access of data to an unauthorized computer user, the analysis environment 750 can react. In some embodiments, the analysis environment 750 performs dynamic taint analysis to identify unauthorized activity (dynamic taint analysis is further described in FIG. 12.)”. And see [0200]: “In one example of dynamic taint analysis, all input data from untrusted or otherwise unknown sources are flagged. Program execution of programs with flagged input data is then monitored to track how the flagged data propagates (i.e., what other data becomes tainted) and to check when the flagged data is used in dangerous ways”. The Examiner interprets “execution of programs with flagged input data” as execution of the received data) in the virtual environment operating on the programmable device;
obtain (emphasis added to show the difference between the teaching of the reference and the claim) (see [0159] and Fig.7: “The scheduler 735 can retrieve and configure the virtual machine to mimic the pertinent performance characteristics of the destination device 710”. The Examiner interprets “the destination device 710” as a computing device. Aziz inherently teaches the controller 725 obtaining “the pertinent performance characteristics of the destination device 710” because otherwise controller 725 cannot “configure the virtual machine to mimic the pertinent performance characteristics of the destination device 710”), the configuration data including a property associated with the computing device;
configure the virtual environment on the programmable device 
identify malware in the received data utilizing the configured virtual environment; and
in response to identifying the malware, prevent transmission of the received data.

The new reference Feuillette (WO 2008/044877 A1) teaches instructions that, when executed, cause a programmable device to at least: determine a need for additional configuration data (see [38] and Fig. 1: “a method of managing contextual information for wireless communications, may comprise the steps of: determining a need to change from an old (first) configuration to a new (second) configuration (S 110); retrieving profile information necessary to make a decision about the second configuration (S 120); and making a decision about the second configuration based upon the retrieved profile information in order to manage contextual information for wireless communications (S 150), wherein the second configuration includes information about access technology and changes in one or more defined profiles”) 

The new reference Partamian (US 2003/0225917) teaches instructions that, when executed, cause a programmable device to at least: obtain (emphasis added to show the difference between the teaching of the reference and the claim) second configuration data (see abstract: “The present invention, in various embodiments, provides techniques for improving performance of programs. In one embodiment, the program is written in the Java language and runs in the Java Runtime Environment (JRE) that includes a Java Virtual Machine (JVM) having a configuration. A control panel having access to the JVM is invoked. Via the control panel, a user observes the execution of the Java program, analyzes the results of the execution, changes the configuration of the JVM, and forces re-optimization of the critical portions of the running program”. The Examiner interprets changed configuration of the JVM as second configuration data) (see Claim 11: “A method for tuning a virtual machine, comprising the steps of: executing a program and thereby invoking the virtual machine having a configuration affecting performance of the program; invoking a control panel having access to the program execution and the configuration of the virtual machine; and via the control panel and while the program and the virtual machine are being executed, analyzing the data resulted from the execution of the program, based on the result of the analyzing step, adjusting the configuration of the virtual machine, and running the program with the adjusted configuration of the virtual machine; wherein the virtual machine provides an environment for executing program code of the program”); 
configure the virtual environment on the programmable device while the received data is executed in the virtual environment based on the (see abstract: “The present invention, in various embodiments, provides techniques for improving performance of programs. In one embodiment, the program is written in the Java language and runs in the Java Runtime Environment (JRE) that includes a Java Virtual Machine (JVM) having a configuration. A control panel having access to the JVM is invoked. Via the control panel, a user observes the execution of the Java program, analyzes the results of the execution, changes the configuration of the JVM, and forces re-optimization of the critical portions of the running program”).

The previously cited prior art Choi (KR 20030023934) teaches (see the Office Action dated 4/28/2022, page 13) that a programmable device obtains configuration data associated with a computing device by requesting  

The previously cited prior art Johnson (US 2016/0344745) teaches (see the Office Action dated 4/28/2022, pages 13 and 14) configuration data used to configure a programmable device including a property …, the property to include at least one of a binary representation of a hardware device or a binary image of a software application.

Before the effective filing date of the claimed invention, it would not have been obvious to a person of ordinary skill in the art:
first to improve the computer readable storage disk or storage device of Aziz by letting the instructions cause the programmable device to: determine a need for additional configuration data, as taught by Feuillette;
second to improve the computer readable storage disk or storage device of Aziz modified in view of Feuillette by letting the instructions cause the programmable device to: obtain second configuration data during execution of the received data in the virtual environment, and configure the virtual environment on the programmable device while the received data is executed in the virtual environment based on the configuration data, as taught by Partamian;  
third to improve the computer readable storage disk or storage device of Aziz modified in view of Feuillette and Partamian by letting the instructions cause the programmable device to: obtain configuration data associated with a computing device by requesting the configuration data and receiving the configuration data in response to the request, as taught by Choi; and
finally to improve the computer readable storage disk or storage device of Aziz modified in view of Feuillette, Partamian and Choi by letting the second configuration data used to configure the programmable device include a property, the property to include at least one of a binary representation of a hardware device or a binary image of a software application, as taught by Johnson.

	
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZHIMEI ZHU whose telephone number is (571)270-7990. The examiner can normally be reached 10am-6pm Monday-Friday.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 571-272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/ZHIMEI ZHU/Examiner, Art Unit 2495                                                                                                                                                                                                        
/JEFFERY L WILLIAMS/Primary Examiner, Art Unit 2495