DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Election/Restrictions
NO restrictions warranted at applicant’s initial time of filing for patent. 
Priority
Applicant’s instant applicant claim[s] domestic priority under 35 USC 120 to non – provisional application 14/927897, filed on 10/30/2015, now US PAT # 11212255; which further claim[s] domestic priority under 35 USC 119e to provisional application # 62/073130, filed on 10/31/2014. 
Information Disclosure Statement
Applicant filed NO information disclosure statement was filed initial with the CON. 
Drawings
Applicant’s drawings filed on 11/08/2021 have been inspected and are in compliance with MPEP 608.02. 
Specification
Applicant’s specification filed on 11/08/2021 have been inspected, and is in compliance with MPEP 608.01. 
Claim Objections
NO objections warranted at applicant’s time of filing the CON. 
Claim Interpretation – 35 USC 112th 6th or F
It is in the examiner’s opinion that claim[s] 1 – 2 do not invoke means for or step plus functional claim language under the meaning of the statute.
Double Patenting
The non-statutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claim[s] 1 is rejected on the ground of non - statutory double patenting as being unpatentable over claim[s] 1 of U.S. Patent No. 10313373. Although the claims at issue are not identical, they are not patentably distinct from each other because the subject matter of the pending application is the same or similar to the subject matter of the patent in the following manner:
	The network appliance intercepts/monitors web and email traffic, then determines and extracts unknown executable applications from the known executable applications, by comparing the executables with a policy/rule. The system or appliance further delivers an alert to a client system indicating the detection of an unknown executable application. The detected unknown executable application is sent to the client/endpoint device and executed in a sandbox, where if any, modifications to the file systems, registry accesses, such communications and traffic isolated on the end point device. Where communication is prevented with any local/resident agent on such client/endpoint device. 


Pending US Patent application # 17/521,775 	US Patent # 10313373

		1					1

Claim[s] 1, 2, are rejected on the ground of non - statutory double patenting as being unpatentable over claim[s] 1, 21, 40 of U.S. Patent No. 11212255. Although the claims at issue are not identical, they are not patentably distinct from each other because the subject matter of the pending application is the same or similar to the subject matter of the patent in the following manner:
	The network appliance intercepts/monitors web and email traffic, then determines and extracts unknown executable applications from the known executable applications, by comparing the executables with a policy/rule. The system or appliance further delivers an alert to a client system indicating the detection of an unknown executable application. The detected unknown executable application is sent to the client/endpoint device and executed in a sandbox, where if any, modifications to the file systems, registry accesses, such communications and traffic isolated on the end point device. Where communication is prevented with any local/resident agent on such client/endpoint device. 

Pending US Patent application # 17/521,775 	US Patent # 11212255

		1					1 and 21

		2					    40

Claim[s] 1 is rejected on the ground of non - statutory double patenting as being unpatentable over claim[s] 1, 15 of U.S. Patent No. 10735447. Although the claims at issue are not identical, they are not patentably distinct from each other because the subject matter of the pending application is the same or similar to the subject matter of the patent in the following manner:
	The network appliance intercepts/monitors web and email traffic, then determines and extracts unknown executable applications from the known executable applications, by comparing the executables with a policy/rule. The system or appliance further delivers an alert to a client system indicating the detection of an unknown executable application. The detected unknown executable application is sent to the client/endpoint device and executed in a sandbox, where if any, modifications to the file systems, registry accesses, such communications and traffic isolated on the end point device. Where communication is prevented with any local/resident agent on such client/endpoint device. 

Pending US Patent application # 17/521,775 	US Patent # 10735447

		1					1 and 15

Claim Rejections - 35 USC § 101
NO rejections warranted at applicant’s time of filing the CON. 
Claim Rejections - 35 USC § 102
NO rejections warranted at applicant’s time of filing the CON. 
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or non-obviousness.
Claim(s) 1 is/are rejected under 35 U.S.C. 103 as being unpatentable over Song et al. [US PGPUB # 2011/0167493] in view of Muyres et al. [US PGPUB # 2001/0010046]
As per claim(s) 1.  Song does teach a method to securely deliver executables to an end user [paragraph 0022, lines 5 ~ 8, In another example, a network-situated
sensor can be provided that monitors incoming communication protocol messages or
any other suitable content to a web server and determines if a portion of the content is anomalous] comprising:

	monitoring network traffic [figure # 1b and paragraph 0032, lines 8-11, For example, as shown in FIG. 1B, detector 1050 may operate as a packet sniffer that monitors network traffic flowing between the communication network 1030 and server
computer 1070];

	identifying an unknown executable application based on at least one rule,………[paragraph 0031, Alternatively, detector 1030 can redirect communication protocol messages and/or any other incoming traffic that is deemed to be anomalous [i.e. applicant’s identifying an unknown executable application] to a shadow server (which may be part of server computer 1070). The shadow server can be used to run application programs that ultimately use communication protocol messages and/or incoming traffic. For example, a shadow server and server computer 1040 can be configured to have the same software programs running, except that the shadow server can be operating in a protected environment using an emulator, virtual machine, sandbox [i.e. applicant’s rule] or other suitable mechanism for protecting server 1040 from potential code injection attacks or any other suitable attacks];

	sending an alert to the end user to run the unknown executable application in a sandbox [paragraph 0031, In some embodiments, detector 1030 is a network-situated sensor that analyzes incoming communication protocol messages and/or other incoming traffic and issues alerts for communication protocol messages that are deemed to be anomalous. Alternatively, detector 1030 can redirect communication protocol messages and/or any other incoming traffic that is deemed to be anomalous to a shadow server (which may be part of server computer 1070). The shadow server can be used to run application programs that ultimately use communication protocol messages and/or incoming traffic. For example, a shadow server and server computer 1040 can be configured to have the same software programs running, except that the shadow server can be operating in a protected environment using an emulator, virtual machine, sandbox or other suitable mechanism for protecting server 1040 from potential code injection attacks or any other suitable attacks];
	sending the unknown executable application to said sandbox located on a computer or handheld device of an end user [paragraph: 0031, lines 5 – 8, Alternatively, detector 1030 can redirect communication protocol messages and/or any other incoming traffic that is deemed to be anomalous to a shadow server (which may be part of server computer 1070)], said sandbox redirecting file system modifications  and registry modifications [paragraph: 0046, In yet another example, the attacker can use attacker computer 1080 to perform a Structure Query Language (SQL) injection attack that attempts to print the elements of a restricted table [i.e. applicants registry modification]. An example of a SQL injection attack is as follows: [0047] http://www.vulnerable.com/retrieve.php?paperID='/**/union/**/select/**/0,- concat(username,0x3a,password)/**/from/**/users/*], said sandbox redirecting file system modifications and registry modifications to an isolated storage area on said computer or handheld device [paragraph 0031, lines 8 – 16, The shadow server can be used to run application programs that ultimately use communication protocol messages and/or incoming traffic. For example, a shadow server [i.e. applicants sandbox located on a computer] and server computer 1040 can be configured to have the same software program running, except that the shadow server can be operating in a protected environment using an emulator, virtual machine, sandbox or other suitable mechanism for protecting server 1040 from potential code injection attacks or any other suitable attacks].

	Song does not teach clearly the claim limitation of:….. said at least one rule applied to executable applications to separate said unknown executable application from said executable applications;
	preventing the unknown executable application from communicating instructions with an agent existing on the computer or handheld device of the end user.
	However, Muyres does teach…..said at least one rule applied to executable applications to separate said unknown executable application from said executable applications [paragraph: 0150, lines 11-16, A"Try Before You Buy"
(TBYB) asset 22 can be made available in a form [i.e. applicant’s at least one rule
applied to....], say, limited by maximum number of tries, maximum time, or maximum
duration. Such a TBYB type asset 22 can may be either "wrapped" in a digital wrapper
60, and limited to running in a protected environment [i.e. applicant's separate said
unknown executable application from said executable applications]];
	preventing the unknown executable application from communicating instructions with an agent existing on the computer or handheld device of the end user [paragraph 0150, lines 11-17, A "Try Before You Buy" (TBYB) asset 22 can
be made available in a form, say, limited by maximum number of tries, maximum time,
or maximum duration. Such a TBYB type asset 22 can may be either “wrapped” in a digital wrapper 60, and limited to running in a protected environment, or "injected" with a
runtime module that restricts use].
	It would have been obvious to one of ordinary skilled in the art before the
effective fling date of the claimed invention to combine the teachings of Song and
Muyres in order for the detector monitoring the network traffic owing between parties of
the communication network and the server of Song to include authenticating the
communication parties by using public key infrastructure of Muyres. This would allow for
the monitoring of the parties by verifying the identity of the suspected parties that
originated such monitored network traffic. See paragraph 0076 of Muyres.


As per claim(s) 2 is/are rejected under 35 U.S.C. 103 as being unpatentable over Song et al. [US PGPUB # 2011/0167493] in view of Muyres et al. [US PGPUB # 2001/0010046] as applied to claim[s] 1 above, and further in view of Libenzi et al. [US PAT # 6745192].
As per claim 2. Song and Muyres do teach what is taught in the rejection of claim 1 above. 
	Song and Myures do not teach clearly the method of claim 1 wherein said unknown executable application is from an email with an executable application which said email claims is not an executable application; 
	said email originating from a sender which has not previously communicated with the recipient of said email.
	However, Libenzi does teach the method of claim 1 wherein said unknown executable application is from an email with an executable application which said email claims is not an executable application [Col. 1, lines 23 - 26, Computer viruses, or simply "viruses," are executable programs or procedures, often masquerading [i.e. applicant's said emails claims is not an executable application] as legitimate files, messages or attachments that cause malicious and sometimes destructive results]; 
	said email originating from a sender which has not previously communicated with the recipient of said email [col. 4, lines 5 — 7, Optionally, a
firewall 20 can provide limited security to the intra-network 14 by providing filtering of
packets originating from unauthorized users [i.e. applicant's a sender which has not
previously communicated... etc.]].
	It would have been obvious to one of ordinary skilled in the art before the
effective filing date of the claimed invention to combine the teachings of Song as
modified and Libenzi in order for the detector monitoring the network traffic flowing
between parties of the communication network and the server of Song to include a
specialized antivirus system that intercepts the network traffic of Libenzi. This would
allow for the protection of the client and servers from viruses, malware sent from
external networks. See col. 1, lines 60 - 67 of Libenzi.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Kraft et al., who does teach static analysis is applied to unrecognized software objects in order to identify and address potential anti-sandboxing techniques. Where static analysis suggests the presence of any such corresponding code, the software object may be forwarded to a sandbox for further analysis. In another aspect, multiple types of sandboxes may be provided, with the type being selected according to the type of exploit suggested by the static analysis.
McKerchar et al., who does teach documents can be transmitted to a sandbox environment where they can be concurrently opened for remote preview from an endpoint and scanned for possible malware. A gateway or other intermediate network element may enforce this process by replacing attachments, e.g., in incoming electronic mail communications, with links to a document preview hosted in the sandbox environment. 
Kraft et al. [US PGPUB # 2018/0191739], who does teach analyzing a digital signature of a software object for a target endpoint to detect a known, trusted software object that is executed without further analysis. A request for configuration information of the target endpoint is sent to a repository of configuration information of an enterprise facility when the software object is determined based on the digital signature. The configuration information of the target endpoint is received in response to the request. A sandbox is configured to match the configuration information of the target endpoint for the software object, where the configuration information includes an application configuration, an operating system configuration and a hardware configuration. The software object is forwarded to the sandbox for execution.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DANT SHAIFER - HARRIMAN whose telephone number is (571)272-7910. The examiner can normally be reached M - F: 9am to 5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on 571- 272- 3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/DANT B SHAIFER HARRIMAN/          Primary Examiner, Art Unit 2434