SYSTEM AND METHOD FOR MODIFYING AN ISOLATED EXECUTION ENVIRONMENT

DETAILED ACTION This application has been examined. Claims 21-23,26-30,33-37,40-41 are pending. Claims 1-20,24-25,31-32,38-39 are cancelled. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Continued Examination Under 37 CFR 1.114 A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 12/1/2025 has been entered. Response to Arguments Applicant's arguments filed 12/1/2025 have been fully considered but they are moot in view of the new grounds for rejection. Priority This application claims benefits of priority from Foreign Application RU2021126174 (RUSSIA) filed September 6, 2021. The effective date of the claims described in this application is September 6, 2021. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 21-23,26,28-30,33,35-37,40 is/are rejected under 35 U.S.C. 103 as being unpatentable over Goldstein (USPGPUB 20200342100) further in view of Pintiysky (USPGPUB 2018/0225447) further in view of Wagner (US Patent 9830449) further in view of Tripathi (USPGPUB 2008/0307425) Regarding Claim 21 Goldstein Paragraph 25,Paragraph 75 disclosed wherein malicious code may comprise a portion that is intentionally obfuscated (e.g., encrypted) by the author of the code. Goldstein disclosed (re. Claim 21) a method for modifying application execution environment, comprising: identifying at least partially encrypted and/or at least partially obfuscated application;(Goldstein-Paragraph 19, Paragraph 25, detection, analysis, and signature determination of malicious code (e.g., JIT shellcode) that attempts to evade static analysis tools via obfuscation (e.g., encryption).) checking at least the encrypted part and/or at least obfuscated part of the application for a presence of a malicious code (Goldstein-Paragraph 19, Paragraph 25 detection, analysis, and signature determination of malicious code (e.g., JIT shellcode) that attempts to evade static analysis tools via obfuscation (e.g., encryption).) While Goldstein substantially disclosed the claimed invention Goldstein does not disclose (re. Claim 21) analyzing parameters and resources of the application to determine conditions for launching the application; generating, based on the determined conditions, a set of constraints for the isolated application execution environment, using constraints constraint generating rules that include a change in settings and/or characteristics of the isolated application execution environment that restrict operation of the isolated application execution environment according to the determined conditions; searching for an isolated execution environment that most closely matches the generated set of constraints among previously created isolated execution environments; launching the application in the said isolated execution environment; determining if the application executes incorrectly in the isolated execution environment due to insufficient resources and/or incorrect settings of the isolated execution environment; based on a determination that the application executes incorrectly,stopping the execution of the application; analyzing the application's activity, parameters, and/or resources used in the isolated execution environment that caused the incorrect execution of the application; modifying the set of constraints of the isolated execution environment to facilitate correct execution of the application; and re-launching the application in the modified isolated execution environment; checking at least the encrypted part and/or at least obfuscated part of the application for a presence of a malicious code in the modified isolated execution environment. Pintiysky Paragraph 33 disclose wherein when an event is intercept, the execution of the thread is halted by the intercept module 130. Pintiysky Paragraph 47 disclosed wherein the analysis module 140 on the basis of the rules makes a decision to change the result being returned to “success”, with the help of the intercept module 130 the result is replaced, and then the execution of the thread of the process created upon opening of the file 100 is continued. Pintiyski disclosed (re. Claim 21) analyzing parameters and resources of the application to determine conditions for launching the application; (Pintiysky-Paragraph 25, analysis of maliciousness the file 100 is opened in the virtual machine 120 in the form of an isolated environment for the execution of files. A security module 110 hands over the file 100 to the virtual machine 120…the virtual machine 120 is created by the security module 110…the virtual machine 120 is selected by the security module 110 from previously created virtual machines) generating, based on the determined conditions, a set of constraints for the isolated application execution environment, using constraints constraint generating rules that include a change in settings and/or characteristics of the isolated application execution environment that restrict operation of the isolated application execution environment according to the determined conditions; (Pintiysky-Paragraph 35, The analysis module 140 uses a set of templates…the templates are chosen by the analysis module 140 from a database, Paragraph 58, analysis consists in comparing the events which have occurred with a template. The event is compared consecutively with each rule saved in the template (depending on the order of the rules in the template or their priority).) launching the application in the said isolated execution environment; (Pintiysky-Paragraph 28, opening of the file 100 is the creation of a process and the launching of its execution in the virtual machine 120, and creation of at least one thread of execution) based on a determination that the application executes incorrectly,stopping the execution of the application; (Pintiysky-Paragraph 33, When an event is intercepted, the execution of the thread is halted by the intercept module 130, Paragraph 59, even if the file 100 was not recognized as being malicious (for example, a window was opened in the process of execution, awaiting data entry from the user), a decision is made to halt the execution of the process created upon opening of the file 100) re-launching the application in the modified isolated execution environment; (Pintiyski-Paragraph 60,The intercept module 130 carries out the actions in accordance with the decisions made. In the event that the analysis module 140 makes a decision to wait for the next event, the execution of the thread which was halted by the intercept module 130 is resumed.) Pintiysky and Goldstein are analogous art because they present concepts and practices regarding detection of malicious code. Before the time of the effective filing date of the claimed invention it would have been obvious to combine Pintiysky into Goldstein. The motivation for the said combination would have been to enable a hardware partitioning of the system and user levels of privileges, enabling the intercepting of events at: the kernel level (kernel mode) and/or the applications level (user mode).(Pintiyski-Paragraph 33) While Goldstein-Pintiyski substantially disclosed the claimed invention Goldstein-Pintiyski does not disclose (re. Claim 21) searching for an isolated execution environment wherein the isolated application environment most closely matches the generated set of constraints among previously created isolated execution environments. determining if the application executes incorrectly in the isolated execution environment due to the determined conditions being insufficient for correct execution of the application after the application is launched; analyzing the application's activity, parameters, and/or resources used during the execution of the application to identify additional conditions for the correct execution of the application; modifying the isolated execution environment by modifying the generated set of constraints based on the identified additional conditions to facilitate the correct execution of the application checking at least the encrypted part and/or at least obfuscated part of the application for a presence of a malicious code in the modified isolated execution environment. Wagner Column 5 Lines 25-30 disclosed wherein the on-demand code execution environment described herein may maintain a pool of pre-initialized virtual machine instances that are ready for use as soon as a user request is received. Wagner Column 5 Lines 40-45 disclosed wherein when the on-demand code execution environment receives a request to execute the program code of a user, which specifies one or more computing constraints for executing the program code of the user, the on-demand code execution environment may select a virtual machine instance for executing the program code of the user based on the one or more computing constraints specified by the request and cause the program code of the user to be executed on the selected virtual machine instance. Wagner Column 24 Lines 65 disclosed wherein after selecting a virtual machine instance 150 to which to assign execution of the task, the worker manager 130, at (7), assigns that virtual machine instance 150 to execute the task. Wagner Column 20 Lines 45-50 disclosed wherein the execution profile of a task may be generated or revised based on “dynamic analysis,” which includes information regarding one or more executions of the task. For example, at each execution of a task, the on-demand code execution environment 110 may record the computing resources utilized during that execution, or the levels of such computing resources used. Wagner Column 25 Lines 30-40 disclosed wherein frontend 120 can utilize the execution details to generate or update an execution profile or risk profile for the task (e.g., as described above with respect to generation of risk or execution profiles based on dynamic analysis of task executions). Thus, the risk and/or execution profile of a task can be continuously or periodically updated utilizing information regarding actual executions of the task on the on-demand code execution environment 110. Wagner disclosed (re. Claim 21) searching for the isolated execution environment, (Wagner-Column 5 Lines 50-55, the delay associated with finding compute capacity that can handle the requests (e.g., by executing the user code in one or more containers created on the virtual machine instances) is significantly reduced) wherein the isolated application environment most closely matches the generated set of constraints (Wagner-Column 5 Lines 40-45,the on-demand code execution environment may select a virtual machine instance for executing the program code of the user based on the one or more computing constraints specified by the request and cause the program code of the user to be executed on the selected virtual machine instance) among previously created isolated execution environments (Wagner- Column 5 Lines 25-30,the on-demand code execution environment described herein may maintain a pool of pre-initialized virtual machine instances that are ready for use as soon as a user request is received, Column 15 Lines 40, After the task has been executed, the worker manager 130 may tear down the container 156 used to execute the task to free up the resources it occupied to be used for other containers 156 in the instance 150. Alternatively, the worker manager 130 may keep the container 156 running to use it to service additional calls from the same user.) and launching the application in the selected isolated application execution environment (Wagner-Figure 3C,Column 24 Lines 65,after selecting a virtual machine instance 150 to which to assign execution of the task, the worker manager 130, at (7), assigns that virtual machine instance 150 to execute the task.) Goldstein,Pintiysky and Wagner are analogous art because they present concepts and practices regarding application execution environments. Before the time of the effective filing date of the claimed invention it would have been obvious to combine Wagner into Goldstein-Pintiysky. The motivation for the said combination would have been to enable the delay associated with finding compute capacity that can handle the requests (e.g., by executing the user code in one or more containers created on the virtual machine instances) to be significantly reduced (Wagner-Column 5 Lines 50-55) While Goldstein-Pintiyski-Wagner substantially disclosed the claimed invention Goldstein-Pintiyski-Wagner does not disclose (re. Claim 21) determining if the application executes incorrectly in the isolated execution environment due to the determined conditions being insufficient for correct execution of the application after the application is launched; analyzing the application's activity, parameters, and/or resources used during the execution of the application to identify additional conditions for the correct execution of the application; modifying the isolated execution environment by modifying the generated set of constraints based on the identified additional conditions to facilitate the correct execution of the application checking at least the encrypted part and/or at least obfuscated part of the application for a presence of a malicious code in the modified isolated execution environment. Tripathi Paragraph 10 disclosed first and second execution environments arranged to support execution of first and second programs respectively using respective resources of the plurality of hardware resources; and means to reassign resources associated with the second execution environment to the first execution environment in response to determining that the utilisation of a resource associated with the first execution environment is unacceptable. Tripathi disclosed (re. Claim 21) determining if the application executes incorrectly in the isolated execution environment due to the determined conditions being insufficient for correct execution of the application after the application is launched; (Tripathi-Paragraph 55, daemon 334 makes a determination as to whether or not resources in partitions are overutilised or underutilised, that is, a determination as to whether or not current utilisations of respective resources is acceptable.) analyzing the application's activity, parameters, and/or resources used during the execution of the application to identify additional conditions for the correct execution of the application (Tripathi-Paragraph 55, if the resource to be assessed is memory, the determination might be related to the current utilisation of that portion of physical memory 314 assigned to a virtual partition.) modifying the generated set of constraints of the isolated execution environment to facilitate correct execution of the application.(Tripathi-Paragraph 59, underutilised memory initially assigned to one virtual partition may be made available to another virtual partition in the event that the other virtual partition's memory utilisation is high, that is, has exceeded a predetermined threshold.) Goldstein,Pintiysky,Wagner and Tripathi are analogous art because they present concepts and practices regarding application execution environments. Before the time of the effective filing date of the claimed invention it would have been obvious to combine Tripathi into Pintiysky-Goldstein-Wagner. The motivation for the said combination would have been to enable resources of the execution environment to be allocated dynamically without disrupting the kernel and, in turn, the execution of the application.(Tripathi-Paragraph 11) Goldstein-Pintiysky-Wagner-Tripathi disclosed (re. Claim 21) checking at least an encrypted part and/or at least an obfuscated part of the application for a presence of a malicious code (Goldstein-Paragraph 19, Paragraph 25 detection, analysis, and signature determination of malicious code (e.g., JIT shellcode) that attempts to evade static analysis tools via obfuscation (e.g., encryption).) in the modified isolated execution environment (Tripathi-Paragraph 59, underutilised memory initially assigned to one virtual partition may be made available to another virtual partition in the event that the other virtual partition's memory utilisation is high, that is, has exceeded a predetermined threshold.) Regarding Claim 28 Claim 28 (re. system) recites substantially similar limitations as Claim 1. Claim 28 is rejected on the same basis as Claim 1. Regarding Claim 35 Claim 35 (re. non-transitory computer readable medium) recites substantially similar limitations as Claim 1. Claim 35 is rejected on the same basis as Claim 1. Regarding Claim 22,29,36 Goldstein-Pintiysky-Wagner-Bursell disclosed (re. Claim 22,29,36) wherein incorrect execution of the application includes: application terminates with an error,(Wagner-Column 11 Lines 20-25, output interface may transmit data regarding task executions (e.g., results of a task, errors related to the task execution) application stops responding to the system, and/or application begins to restart on its own. (Pintiysky-Paragraph 33, When an event is intercepted, the execution of the thread is halted by the intercept module 130, Paragraph 59, even if the file 100 was not recognized as being malicious (for example, a window was opened in the process of execution, awaiting data entry from the user), a decision is made to halt the execution of the process created upon opening of the file 100) Regarding Claim 23,30,37 Goldstein-Pintiysky-Wagner-Bursell disclosed (re. Claim 23,30,37) wherein the previously created application execution environments were used to execute other applications. (Wagner-Column 15 Lines 40, After the task has been executed, the worker manager 130 may tear down the container 156 used to execute the task to free up the resources it occupied to be used for other containers 156 in the instance 150. Alternatively, the worker manager 130 may keep the container 156 running to use it to service additional calls from the same user.) Regarding Claim 26,33,40 Goldstein-Pintiysky-Wagner-Bursell disclosed (re. Claim 26,33,40) wherein the identified additional conditions include additional resources or parameters of the application that are necessary for the correct execution of the application after the application is launched, (Tripathi-Paragraph 59, underutilised memory initially assigned to one virtual partition may be made available to another virtual partition in the event that the other virtual partition's memory utilisation is high, that is, has exceeded a predetermined threshold.) and wherein modifying the generated set of constraints include processing each of the identified additional conditions using the constraint generation rules. (Wagner-Column 20 Lines 45-50,the execution profile of a task may be generated or revised based on “dynamic analysis,” which includes information regarding one or more executions of the task. For example, at each execution of a task, the on-demand code execution environment 110 may record the computing resources utilized during that execution, or the levels of such computing resources used.) Claim(s) 27,34,41 is/are rejected under 35 U.S.C. 103 as being unpatentable over Goldstein (USPGPUB 20200342100) further in view of Pintiysky (USPGPUB 2018/0225447) further in view of Wagner (US Patent 9830449) further in view of Tripathi (USPGPUB 2008/0307425) further in view of Wagner (US Patent 10831898) hereinafter “Wagner2”. Regarding Claim 27,34,41 While Goldstein-Pintiyski-Wagner substantially disclosed the claimed invention Goldstein-Pintiyski-Wagner does not disclose (re. Claim 27,34,41) wherein constraint generating rules are created using machine learning algorithms and automated processing of large-scale data sets. Wagner2 Column 26 Lines 55-65 disclosed wherein on detection of a potential privilege escalation, a warning is generated to a user indicating the potential privilege escalation. The warning may indicate the specific security setting potential escapable by an execution of the task, and a specific invocation associated with the potential privilege escalation. Wagner2 disclosed (re. Claim 27,34,41) wherein constraint generating rules are created using machine learning algorithms and automated processing of large-scale data sets. (Wagner-Column 20 Lines , service analyzer 166 applies machine learning techniques to determine service information. For example, the service analyzer 166 may generate a neural network learning model using the calls to the service made during past task executions on the on-demand code execution system 110) Goldstein,Pintiysky and Wagner2 are analogous art because they present concepts and practices regarding application execution environments. Before the time of the effective filing date of the claimed invention it would have been obvious to combine Wagner2 into Goldstein-Pintiysky. The motivation for the said combination would have been to enable analyzing service invocations within code to detect potential issues such as parameter mismatches, privilege escalation vulnerabilities, scaling impedance between different services (Wagner2-Column 2 Lines 50-60) Conclusion Examiner’s Note: In the case of amending the claimed invention, Applicant is respectfully requested to indicate the portion(s) of the specification which dictate(s) the structure relied on for proper interpretation and also to verify and ascertain the metes and bounds of the claimed invention. Any inquiry concerning this communication or earlier communications from the examiner should be directed to GREG C BENGZON whose telephone number is (571)272-3944. The examiner can normally be reached on Monday - Friday 8 AM - 4:30 PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, John Follansbee can be reached on (571) 272-3964. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /GREG C BENGZON/ Primary Examiner, Art Unit 2444