Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

DETAILED ACTION
Claims 1-9 and 17-23 are presented for examination.


Election/Restrictions
Applicant’s election without traverse of group I (claims 1-9 and 17-23) in the reply filed on 01/15/2021 is acknowledged.


Information Disclosure Statement
No information disclosure statement (IDS) is submitted.


Drawings
The drawings filed on 10/25/2018 are accepted by the examiner.



Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to 

1.	Claims 1-9 and 17-23 rejected under 35 U.S.C. 103 as being unpatentable over McLinden et al. (US Patent No. 10,742,674, hereinafter “McLinden”) in view of Hao et al. (US Pub No. 2017/0155703, hereinafter “Hao”).

Regarding claim 1, McLinden does disclose, a system to support utilizing network security devices for industrial IoT device protection and control, comprising: a network security device configured to detect and block a cyber attack launched from an outside network against a network-enabled industrial IoT device based on a set of configurable rules (McLinden, (col. 8 lines 9-15), when the SAPSIN device receives a service request demanding service from an IoT device, the SAPSIN device may apply the defined rules by checking whether the request satisfies the network metrics of the rules. Specifically, the SAPSIN device may query the security database based on the IoT device identifier to retrieve a service data record associated with the device. The service data record may include access control rules defined for the IoT device); issue and communicate a control command to the network-enabled industrial IoT device following a communication protocol to control and perform an operation of the network-enabled industrial IoT device remotely in response to the detected cyber attack (McLinden, (col. 8 lines 21-33), the SAPSIN may compare one or more fields of the request containing the network metrics with the one or more fields of the service data record defining the rules. The SAPSIN device may determine that the service request is a malicious request when the comparison returns a mismatch. In other words, if any of the fields does not match, the SAPSIN device may determine the request is malicious. By defining the specific rules on a service request for protected IoT devices, the SAPSIN device may allow only authorized users to request the specific service from the IoT devices while denying unauthorized requests that do not satisfy the rules. As a result, the SAPSIN may achieve security protection); adjust one or more of the configurable rules concerning network traffic directed to the network-enabled industrial IoT device in response to a request from the network-enabled industrial IoT device (McLinden, (col. 9 lines 12-19), the SAPSIN device may update and edit the access control rules dynamically. The editing may require no knowledge of firewall configuration or routing table manipulation. Thus, the SAPSIN device may provide network security protection with minimum configuration); said network-enabled industrial IoT device configured to accept and execute the control command from the network security device to perform the operation (McLinden, (col. 5 lines 39-41), the SAPSIN 108 may route traffic requesting configuration or administration of an IoT device through the control network 110; (col. 11 lines 4-7),  the SAPSIN may allow the first request 404 to configure an IoT device 402 connected with the IoT network 410 as the first request 404 appears to be valid configuration traffic); 
McLinden does not explicitly disclose but the analogous art Hao which discloses, communicate said request to the network security device following the communication protocol to make certain adjustment to said one or more of the configurable rules concerning network traffic directed to the network-enabled industrial IoT device (Hao, (para. [0027-0028]), Cloud server 140 may further determine configuration parameters related to IoT devices 110. … Cloud server 140 may further function as a control center to direct IoT device 110 to perform certain actions. For example, IoT device 110 may connect to other IoT devices 110 and operate based on configuration parameters stored in a local policy engine, and cloud server 140 may update the parameters and/or direct IoT device 110 to perform an action. …; (para. [0043]), where leader IoT device 110-1 may receive may receive a connection request from another IoT device 110-2, and leader IoT device 110-1 may forward information included in the request, such as an identifier, location, function, serial number, etc., of requesting IoT device 110-2, to cloud server 140). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Primary ref.. by including communicate the request to the network security device following the to make certain adjustment to traffic directed to the network-enabled industrial IoT device taught by Hao for the advantage of preventing an unauthorized third-party to access and control actuator IoT devices 110 (Hao, (para. [0014])).

Regarding claim 2, the combination of McLinden-Hao disclose the system of claim 1, wherein: the communication protocol is a REpresentational State Transfer (REST), a HTTP or a HTTPS protocol (McLinden, (col. 7 lines 50-53), the SAPSIN device may determine the requests demanding for information (e.g., web pages (i.e. HTTP or HTTPS), hyperlinks, documents, files, records, and the like) are service requests).  

Regarding claim 3, the combination of McLinden-Hao disclose the system of claim 1, wherein: the communication protocol is a proprietary network communication protocol (McLinden, (col. 7 lines 50-53), the SAPSIN device may determine the requests demanding for information (e.g., web pages (i.e. HTTP or HTTPS), hyperlinks, documents, files, records, and the like) are service requests where HTTP or HTTPS is a proprietary protocol; (col. 5 lines 25-26), dynamic host configuration protocol (DHCP) for protected devices).  

Regarding claim 4, the combination of McLinden-Hao disclose the system of claim 1, wherein: the cyber attack is one of virus, a hacking attempt, a phishing attack (McLinden, (col. 7 lines 18-19), a hacker may try to break into the IoT network by gaining unauthorized access to the IoT network in a request).  

Regarding claim 5, the combination of McLinden-Hao disclose the system of claim 1, wherein: the command issued by the network security device and the operations performed by the industrial IoT device as a result of executing the command are pre-defined, configured, and customized by the network security device and the industrial IoT device (McLinden, (col. 6 lines 9-39), the security database 118a may include service data records of access control rules and/or security rules for different devices and different types of requests. For example, the security database 118a may include a table defining the access control rules of service requests for a protected IoT device. Specifically, the table may include a set of rules for the service requests by translating administratively defined services into rules of network metrics including the standard flow metric. … he SAPSIN 108 may query the data record from the security database 118a based on the device identifier, and retrieve the service data record of the access control rules for the device).  

Regarding claim 6, the combination of McLinden-Hao disclose the system of claim 1, wherein: the network security device is configured to communicate the command to the network-enabled industrial IoT device by invoking an Application Program Interface (API) of the network-enabled industrial IoT device (McLinden, (col. 11 lines 38-56), the SAPSIN approach may provide additional security features to detect, prevent and recover from IoT network attacks. ... The SAPSIN may also integrate standard traffic monitoring suites and protocols such as NetFlow or sFlow, providing network administrators with an up to date network state or attack alerts. The NetFlow may be a feature introduced on routers that provides the ability to collect IP network traffic as it enters or exits an interface).  

Regarding claim 7, the combination of McLinden-Hao disclose the system of claim 1, wherein: the one or more of the configurable rules include a block rule in place by default on the network security device to block all unauthorized access attempt to the industrial IoT device (McLinden, (col. 8 lines 9-33), by defining the specific rules on a service request for protected IoT devices, the SAPSIN device may allow only authorized users to request the specific service from the IoT devices while denying unauthorized requests that do not satisfy the rules. As a result, the SAPSIN may achieve security protection).  

Regarding claim 8, the combination of McLinden-Hao disclose the system of claim 7, wherein: the one or more of the configurable rules further include an unblock rule on the network security device to allow certain network traffic to the industrial IoT device under certain circumstance and/or event (McLinden, (col. 8 lines 9-33), by defining the specific rules on a service request for protected IoT devices, the SAPSIN device may allow only authorized users to request the specific service from the IoT devices while denying unauthorized requests that do not satisfy the rules. As a result, the SAPSIN may achieve security protection).  

Regarding claim 9, the combination of McLinden-Hao disclose the system of claim 8, wherein: the network security device is configured to activate the unblock rule to allow network traffic directed to the network-enabled industrial IoT device during maintenance of the network- enabled industrial IoT device; deactivate the unblock rule to block the network traffic directed to the network-enabled industrial IoT device after the maintenance of the network- enabled industrial IoT device (McLinden, (col. 6 lines 47-57), the security database 118a may include another table defining access control rules for configuration requests. In some embodiments, the table may define the rules by determining a threshold number of requests allowed within a predetermined time based on the configuration type. For example, the threshold may be the number of allowed configuration request within a second. The threshold may depend on the complexity of the configuration; (), the security database 118a may include another table for compromised devices. The SAPSIN 108 may store the identifiers of infected or potentially compromised devices into the table. As the result, when the SAPSIN 108 receives a new request, the SAPSIN may check if the request is from and/or to an infected device. The SAPSIN may quarantine the infected device by blocking any traffic from and/or to the infected devices to protect the IoT network).

Claims 10-16 are withdrawn.

Regarding claim 17, the substance of the claimed invention is similar to that of claim 1. Accordingly, this claim is rejected under the same rationale.
  
Regarding claim 18, the combination of McLinden-Hao disclose the method of claim 17, further comprising: pre-defining, configuring, and customizing the command issued by the network security device and the operations performed by the industrial IoT device as a result of executing the command by the network security device and the industrial IoT device (McLinden, (col. 6 lines 9-39), the security database 118a may include service data records of access control rules and/or security rules for different devices and different types of requests. For example, the security database 118a may include a table defining the access control rules of service requests for a protected IoT device. Specifically, the table may include a set of rules for the service requests by translating administratively defined services into rules of network metrics including the standard flow metric. … he SAPSIN 108 may query the data record from the security database 118a based on the device identifier, and retrieve the service data record of the access control rules for the device).  

Regarding claim 19, the substance of the claimed invention is similar to that of claim 6. Accordingly, this claim is rejected under the same rationale.
  
Regarding claim 20, the substance of the claimed invention is similar to that of claim 9. Accordingly, this claim is rejected under the same rationale.
  
Regarding claim 21, the substance of the claimed invention is similar to that of claim 9. Accordingly, this claim is rejected under the same rationale.

Regarding claim 22, the substance of the claimed invention is similar to that of claim 9. Accordingly, this claim is rejected under the same rationale.
 
Regarding claim 23, the combination of McLinden-Hao disclose the method of claim 22, further comprising: reactivating the block rule to block the network traffic directed to the network-enabled industrial IoT device after the event is over (McLinden (col. 9 lines 57-67 to col. 10 lines 3-19), the SAPSIN device may quarantine the potentially compromised device by blocking traffic both come from and sent to the compromised device. (32) At step 212, the SAPSIN device may transmit a notification to the administrator. … the administrator may examine the infected IoT device and mitigate the damage on the infected IoT device. In addition, the administrator may learn from the historical notifications on the malicious requests, derive new rules using artificial intelligent algorithms based on the historical notifications, and dynamically update the security rules in the security database with the new rules).

Claims 24-28 are withdrawn.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MORSHED MEHEDI	whose telephone number is (571) 270-7640. The examiner can normally be reached on M - F, 8:00 am to 4:00 pm EST.    If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Jeffrey L. Nickerson can be reach on (469) 295-9235. The fax number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from their Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. should you have questions on access to the Private PAIR system, contact the Electronic Business 

/MORSHED MEHEDI/Primary Examiner, Art Unit 2432