DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first 
inventor to file provisions of the AIA .
      This office action is a response to an application filed 03/23/2018 wherein claims 9 – 25 are pending and ready for examination.  
Response to Arguments
Applicant’s arguments, see Remarks, filed 11/06/2020, with respect to the rejection(s) of claims 9-14, 16-22 and 25-25 as being obvious over Rieke and Smith and claims 15 and 23 as being obvious  over Rieke and Smith, in view of DeGraaf  under 35 U.S.C § 103 have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new grounds of rejection is made in view of Rieke and Smith, and in further view of Shimizu. 

Remarks
Applicant Asserts: While these operations in Rieke may involve collecting information (and even perhaps using a network management messaging system), there is no notion here of these activities (or any subset of them) occurring “during” a particular message exchange as now positively recited. Rather, in Rieke, these particular operations are disjoint, i.e., not connected to one another except to the except that they are carried out within the context of the system operation as a whole. But that said, the claim element here is much more directed in that the particular cause-and-effect operations are carried out in sequence, and “during” the lease 

Examiner Response:  Respectfully, the Examiner does not agree with applicant representative characterization of the prior art of record Rieke.  The independent claims are amended to cite a network management protocol lease acquisition message exchange.  A network management protocol message exchange is different from a network management protocol lease acquisition message exchange if for no other reason than a network management message exchange includes operations that can be performed after the lease is in effect.  Further, applicant amendment to the independent claims require subsequent steps be accomplished within the scope of the lease acquisition message exchange.  Claim 10 depends from claim 9 and further limits the amended lease acquisition message exchange to be the DHCP message exchange but fails to provide the subprocesses normally associated with provisioning IP circuit leasing.  In an effort to advance prosecution, the Examiner introduces a DHCP reference that incorporates the subprocesses and transactions between devices in the DHCP lease operation.  

                                                        Double PatentingExaminer Note:  A double patenting rejection of Claims 9-17 and 25 were provisionally rejected under 35 U.S.C. 101 as claiming the same invention as that of claims 1-8 of copending Application No. 16457948 (reference application).  However, applicant has provided a terminal disclaimer and the Examiner hereby withdraws the 35 U.S.C. 101 rejection.

Terminal Disclaimer
The terminal disclaimer filed on 11/06/2020 disclaiming the terminal portion of any patent granted on this application which would extend beyond the expiration date of 16/457,948 has been reviewed and is accepted.  The terminal disclaimer has been recorded.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 9-14, 16-22, and 24-25 are rejected under 35 U.S.C. 103 as being unpatentable over Rieke; Malcolm, US 20160072831, March 10, 2016, hereafter referred to as Rieke in view of Shimizu; Shinsuke et al, US 20070022211, January 25, 2007, hereafter referred to as Shimizu, and in further view of Smith; Ned M. et al, US 20190349426, November 14, 2019, hereafter referred to as Smith.

           As to claim 9, Rieke teaches an apparatus to protect a network - Rieke [0046] in FIG. 2, The SCMS 200 interacts with the computing environment through programmatic messaging mechanisms … to assure privacy and integrity of messages, events, directives and commands.  Here, the claimed ‘apparatus’ is taught by Rieke as ‘SCMS 200’), comprising:
        a processor;
computer memory holding computer program instructions executed by the processor, the computer program instructions configured to: - Rieke [0061] The security control software may comprise computer-readable instructions stored in a tangible computer-readable medium (such as the memory 814 of host computer system 810) and can be executed by one or more processors (such as processor 812 of host computer system 810) to perform the methods of various embodiments,
       during a network management protocol lease acquisition message exchange 
            receive a message from an Internet of Things (IoT) device - Rieke [0080] …if a Dynamic Host Configuration Protocol (DHCP) IP address lease expires and Asset1 receives a different IP address upon renewal of the lease; or Asset1 receives a different IP address through DHCP after being powered off for a period of time… the security control software can formulate and send a directive (435) to modify the ACL on the firewall to reflect the new IP address. Here, the claimed ‘network management protocol’ is taught by Rieke as ‘DHCP’ whereas the claimed IoT Device is taught by Rieke as ‘Asset 1’), the message including a network location storing a set of flow attributes for the IoT device - Rieke [0080]… the security control software can formulate and send a directive (435) to modify the ACL on the firewall to reflect the new IP address.  Here, the claimed ‘message’ is taught by Rieke as ‘directive’ whereas the claimed ‘storing’ is taught by Rieke as ‘ACL’ whereas the claimed ‘network location’ is taught by Rieke as ‘firewall’. The claimed ‘flow attributes’ are taught by Rieke as ‘IP address’.  RIEKE DOES NOT TEACH
          responsive to receipt of the message, issue a query to the network location 
in response to the query, receive information including the set of flow attributes responsive to receipt of the message 
            responsive to receipt of the information, configure the network control device to monitor a network behavior of the IoT device by associating at least a portion of the information with a network address associated with the IoT device HOWEVER SHULMU TEACHES responsive to receipt of the message, issue a query to the network location - Shimizu [0072] The packet transfer system with address monitoring 1 (2000) having received DHCP Discover transfers the DHCP Discover to the protocol handling unit 2020 via the reception port 2010-1 and reception buffer 2021 included therein.  Here, the claimed ‘query’ is taught by Shimizu as ‘DHCP Discover’ as illustrated in Figure 7);
          in response to the query, receive information including the set of flow attributes responsive to receipt of the message - Shimizu [0072]…the DHCP management routine 2026-1 is run in order to record the MAC address of the client terminal 1 and the protocol type of the packet (herein DHCP Discover), which are contained in the DHCP Discover packet, in the user management table 2024-1 (this results in a user management table 2024-11 shown in FIG. 12) (step 21).
            responsive to receipt of the information, configure the network control device to monitor a network behavior of the IoT device by associating at least a portion of the information with a network address associated with the IoT device - Shimizu [0077] In response to the DHCP offer, the client terminal 1 (1000) broadcasts a DHCP request (DHCP address request), which is an application for assignment of an offered IP address (192.168.0.1) (step 26)..  Here, packet transfer 2000 of Figure 7 monitors for the broadcasted DHCP message); and 
the computer program instructions further configured to monitor a network communication associated with the IoT device using the information - Shimizu [0078] The packet transfer system with address monitoring 1 (2000) having received the DHCP request transfers the DHCP request to the protocol handling unit 2020 via the reception port 2010-1 and reception buffer 2021 included therein.  WHILE RIEKE SUGGESTS an Internet of Things (IoT) device – SMITH TEACHES an Internet of Things (IoT) device - Smith [2448] monitoring an IoT device includes monitoring communications from the IoT device, receiving messages from a watchdog agent in the IoT device, monitoring for a failure to receive a message from the watchdog agent in the IoT device, or any combinations thereof.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate Shimizu full featured DHCP protocol operation into Rieke system for network analysis and reporting.  Rieke analysis and reporting is directed to validating security technical features and controls and requires contextual information.  Rieke discloses that circuit leasing via a DHCP protocol may be utilized.  Shimizu provides for the full featured use of the DHCP protocol whereby authentication challenges ensures connection device integrity and contextualized security a key motivator of Rieke.  The combination of Rieke and Shimizu would further benefit from the incorporation of Smith use of the Internet of Things device.  Rieke suggests the Assets identified in the prior art  could be Internet of Things Devices because internet traffic can be blocked or allowed between network assets.  Smith on the other hand positively cites the particular 

          As to claim 10, the combination of Rieke, Shimizu and Smith teaches an apparatus as described in claim 9 wherein the network management protocol is a Dynamic Host Configuration Protocol (DHCP) and the message is a DHCP discover message that has been extended with a custom DHCP option to include the network location - Smith [1306] the device and DNAP protocol could be implemented using PXE and DHCP protocols. In an example, if the discovery broadcast does not return the location of any DNAP-aware systems, then the network device may delay and retry.  Here, the claimed ‘options’ are taught as ‘delay and retry’).

              As to claim 11, the combination of Rieke, Shimizu and Smith teaches the apparatus as described in claim 10 wherein the network address is an Internet Protocol (IP) assigned to the IoT device in response to the DHCP discover message (Smith teaches at location [1103] the network address is an Internet Protocol (IP) assigned to the IoT device in response to the DHCP discover message since lower level addresses that are usually regulated by leases, such as Internet protocol (IP) in a dynamic host configuration protocol ( DHCP), may be charged and regulated by micropayments or other credit or currency).

             As to claim 12, the combination of Rieke, Shimizu and Smith teaches the apparatus as described in claim 9 wherein the computer program instructions are further configured to:
           determine whether the network communication is consistent with a network flow as defined in the information (Rieke teaches at location [0048] determine whether the network communication is consistent with a network flow as defined in the information since discovered information may also be used for evaluating compliance with governmental or industry regulations, security posture, security control function, security control efficacy, security control coverage, and/or security control operation); and
           upon a determination that the network communication is not consistent with the network flow, take a given action (Rieke teaches at location [0042]  upon a determination that the network communication is not consistent with the network flow, take a given action since logic evaluates changes in security technical control configuration and asset attributes and performs security technical control policy reconfigurations based on those asset attribute changes for the purpose of maintaining the policy and application of the security technical controls and compliance with the benchmark. Here, the claimed ‘not consistent’ is taught by Rieke as ‘changes’ whereas the claimed ‘network flow’ is taught by Rieke as ‘asset attributes’ because Rinke’s NE depicted in Figure 2 is a network element that communicates NE events to the security apparatus).

              As to claim 13, the combination of Rieke, Shimizu and Smith teaches the apparatus as described in claim 12 wherein the given action is one of: issuing a since Data that is collected may also include security technical control configuration attributes or policies defining allowed and blocked traffic between specific assets, groups of assets, and/or logical zones).

               As to claim 14, the combination of Rieke, Shimizu and Smith teaches the apparatus as described in claim 9 wherein the message includes a DHCP option comprising the network location that is an Internet location (Smith teaches at location [1112]  wherein the message includes a DHCP option comprising the network location that is an Internet location since the device may perform this function using dynamic or static processes, including, but not limited to, methods such as new DHCP options which specify the location of smart contract or consensus based networks), and a device identification string that identifies the IoT device (Smith teaches at location [1309]  a device identification string that identifies the IoT device since the tokens may appended to the header of the packet, or the packets can be signed with the private key of the identity sending the packet. Here, the claimed ‘device identification string’ is taught by Smith as ‘header’). 

            As to claim 16, the combination of Rieke, Shimizu and Smith teaches the apparatus as described in claim 9 wherein the computer program instructions operating since Dynamic Host Configuration Protocol (DHCP) IP address lease expires and Asset1 receives a different IP address upon renewal of the lease; or Asset1 receives a different IP address through DHCP after being powered off for a period of time)  Here, the claimed ‘protocol message’ is taught by Rieke as ‘renewal of the lease’ because messages are exchanged to renew the lease whereas the claimed ‘cache’ is taught by Rieke as ‘renewal’ which requires the new IP information to be stored).

             As to claim 17, claim 17 is a computer program product in a non-transitory computer readable medium that is directed to the apparatus of claim 9.  Therefore, claim 17 is rejected for the reasons as set forth in clam 9.

            As to claim 18, claim 18 is a computer program product in a non-transitory computer readable medium that is directed to the apparatus of claim 10. Therefore, claim 18 is rejected for the reasons as set forth in clam 10.

            As to claim 19, claim 19 is a computer program product in a non-transitory computer readable medium that is directed to the apparatus of claim 11. Therefore, claim 19 is rejected for the reasons as set forth in clam 11.

             As to claim 20, claim 20 is a computer program product in a non-transitory computer readable medium that is directed to the apparatus of claim 12. Therefore, claim 20 is rejected for the reasons as set forth in clam 12.

               As to claim 21, claim 21 is a computer program product in a non-transitory computer readable medium that is directed to the apparatus of claim 13. Therefore, claim 21 is rejected for the reasons as set forth in clam 13.

              As to claim 22, claim 22 is a computer program product in a non-transitory computer readable medium that is directed to the apparatus of claim 14. Therefore, claim 22 is rejected for the reasons as set forth in clam 14. 

           
            As to claim 24, claim 24 is a computer program product that is directed to the apparatus of claim 16. Therefore, claim 24 is rejected for the reasons as set forth in claim 16.

            As to claim 25, claim 25 is server that is directed to an apparatus as defined in claim 9.  Therefore, claim 25 is rejected for reasons as set forth in claim 9.  Further features not cited in claim 9 include: 
FIG. 2 is a drawing of a network topology for a number of internet-of-things (IoT) networks coupled through backbone links to gateways), comprising:
            a Dynamic Host Configuration Protocol (DHCP) server (Smith teaches at location [1306] a Dynamic Host Configuration Protocol (DHCP) server since the device may publish a discovery broadcast message, similar to a preboot execution environment (PXE) or dynamic host configuration protocol ( DHCP).

              a network control device (Smith teaches at location [0098] a network control device since FIG. 93 is a process flow diagram of an example method for registering an endpoint, or service component, with an network domain controller (NDC); and
an IoT device executing in a hardware processor  (Smith teaches at location [1241] an IoT device executing in a hardware processor since At block 17106, the permissions guide may begin executing.  Here, the claimed IoT device’ is taught by Smith as ‘permissions guide’).

Claims 15 and 23 are rejected under 35 U.S.C. 103 as being unpatentable over the combination of Rieke, Shimizu and Smith, in view of DeGraaf, Kathryn et al, US  20110154440, June 23, 2011, hereafter referred to as DeGraaf. 

              As to claim 15, the combination of Rieke, Shimizu and Smith teaches the apparatus as described in claim 14 wherein the computer program instructions operating in association with the network management protocol message exchange are further configured to:
since the absence of a periodic "Is Alive" message, or other heartbeat signal, from a watchdog agent in the IoT device to the power plug device may be used as a trigger to reset the IoT device.  Here, the claimed ‘known MAC address’ is taught by Smith as ‘heartbeat signal’ because the signal originates from a known IOT device under watchdog agent.  Smith teaches the MAC Frame 4305 in Figure 53 includes address fields as further taught at location [0551].  The combination of Rieke, Shimizu and Smith teaches does not teach when the message originates from a known MAC address and the DHCP option matches a previously-stored DHCP option for the MAC address, issue the query to the network location; when the message originates from the known MAC and the DHCP option does not match a previously-stored DHCP option for the MAC address, take the given action; however DeGraaf teaches
              when the message originates from a known MAC address and the DHCP option matches a previously-stored DHCP option for the MAC address, issue the query to the network location (DeGraaf teaches at location [0041] when the message originates from a known MAC address and the DHCP option matches a previously-stored DHCP option for the MAC address, issue the query to the network location; since network device 140 may recognize (e.g., as indicated by reference number 165) that user device 110 is a legacy user device based on the DHCP Option 82 information and/or user device information that may be stored by network device 140 As a result, network device 140 may not generate an encrypted challenge response. Rather, RADIUS server 145 may generate RADIUS access-accept message 170 and may not insert an encrypted challenge response. RADIUS server 145 may send RADIUS access-accept message 170 to network device 125.  Here, the claimed ‘known device’ is taught by DeGraaf as ‘legacy device’ whereas the claimed ‘match’ is taught by DeGraaf as ‘recognize’. The claimed ‘match’ is taught by DeGraaf as ‘recognize’ since a comparison is made);
            when the message originates from the known MAC and the DHCP option does not match a previously-stored DHCP option for the MAC address, take the given action
(DeGraaf teaches at location [0041] when the message originates from the known MAC and the DHCP option does not match a previously-stored DHCP option for the MAC address, take the given action since network device 125 may generate a DHCP FORCERENEW message 400. User device 110 and network device 140 may generate new encrypted challenges that may be compared by network device 125, as illustrated in FIG. 4. In instances when the encrypted challenges do not match, authentication may fail and security prevention measures may be actuated);
            when the message does not originate from a known MAC address, alert that a new IoT device has been detected and wait for a response before issuing the query to the network location (DeGraaf teaches at locations [0053 and 0054] when the message does not originate from a known MAC address, alert that a new IoT device has been detected and wait for a response before issuing the query to the network location since at ‘53 It may be determined whether the challenge responses match (block 630). For example, network device 125 may compare the encrypted challenges received from both user device 110 and network device 140, since at 54’ If it is determined that the challenge responses do not match (block 630--NO), authentication of the DHCP client may be denied (block 635). For example, DHCP server 130 may send DHCP negative acknowledgement 195 to DHCP client 115).  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Rieke, Shimizu and Smith to include the DCHP logic of DeGraaf.  Rieke, Shimizu, and Smith teaches the message challenge response protocol DHCP but are silent on logic/policy for authenticating new IOTs.  However, DeGraaf provides for extensive method options for new IOT device provisioning.  Rieke would be motivated to consider DeGraaf because conventional systems for network monitoring and control typically have limited or no ability to contextualize security and compliance-relevant data from various components of systems for computing, security control, and/or management as taught by Rieke at location [003]).

           As to claim 23, claim 23 is a computer program product that is directed to the apparatus of claim 15. Therefore, claim 23 is rejected for the reasons as set forth in claim 15.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WILLIAM B. JONES whose telephone number is (571) 272-9637.  The examiner can normally be reached on Mon - Fri., 5:30 a.m. to 2:00 p.m.  If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 571-272-3972.  The fax phone number for the organization where this application or proceeding is assigned is 571-272-3900.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through 
 /WILLIAM B JONES/Examiner, Art Unit 24911/6/2021

/ASHOKKUMAR B PATEL/Supervisory Patent Examiner, Art Unit 2491