DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

The following is a Non-Final Office Action in response to communications received on December 28, 2018. Claims 1-14 are pending and addressed below.

Specification
For the record, Examiner acknowledges that the Specification submitted on December 28, 2018 has been accepted.

Drawings
The drawings are objected to as failing to comply with 37 CFR 1.84(p)(5) because they include the following reference character(s) not mentioned in the description: “1008” in Fig. 9.  Corrected drawing sheets in compliance with 37 CFR 1.121(d), or amendment to the specification to add the reference character(s) in the description in compliance with 37 CFR 1.121(b) are required in reply to the Office action to avoid abandonment of the application. Any amended replacement drawing sheet should include all of the figures appearing on the immediate prior version of the sheet, even if only one figure is being amended. Each drawing sheet submitted after the filing date of an application must be labeled in the top margin as either “Replacement Sheet” or “New Sheet” pursuant to 37 CFR 1.121(d). If the changes are not accepted by the 

Claim Objections
Claims 1, 5 and 11 are objected to because of the following informalities:  
Claim 1 recites the phrase “A system for establishing a trust indicator for networked location” in the preamble. It is suggested the phrase be amended to “A system for establishing a trust indicator for a networked location” for grammatical correctness.
Claim 5 recites the phrase “the match value” which lacks antecedent basis. It is suggested the phrase be amended to “the match vector 
Claim 11 recites the phrase “the storage system” which lacks antecedent basis. It is suggested the phrase be amended to “the storage device .
Appropriate correction is required.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 10 and 13 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention. Claims 10 and 13 both recite the limitation “the IoT system.” There are multiple previously recited IoT systems and it is unclear as to which particular IoT system the limitations are referring.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 8, 9 and 11 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 10,867,055. Although the claims at issue are not identical, they are not patentably distinct from each other because it is clear that all of the limitations of claims 8, 9 and 11 are anticipated by claims 1-20 of U.S. Patent No. 10,867,055.
Claim 10 is rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 10,867,055 in view of Mahaffey et al. (U.S. Pub. No. 2017/0339178 and hereinafter referred to as Mahaffey). Although the it is clear that all of the limitations of claim 10 are taught by claims 1-20 of U.S. Patent No. 10,867,055 except for the system data being harvested from firmware. However, Mahaffey discloses the system data being harvested from firmware (paragraphs [0007], [0011], [0082], [0113] and [0178] of Mahaffey). It would have been obvious to use firmware data because this would allow greater access to device status data, thus increasing accuracy of behavior deviation.
Claims 12-13 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 10,867,055 in view of Zou et al. (U.S. Pub. No. 2016/0212099 cited in the IDS filed on 5/28/2019 and hereinafter referred to as Zou). Although the claims at issue are not identical, they are not patentably distinct from each other because it is clear that all of the limitations of claims 12-13 are taught by claims 1-20 of U.S. Patent No. 10,867,055 except for replacing at least a portion of the baseline characteristics profile (as recited in claim 12) and generating an alert (as recited in claim 13). However, Zou discloses replacing at least a portion of the baseline characteristics profile (paragraphs [0075], [0078], [0119], [0121] and [0129] of Zou) and generating an alert (paragraphs [0100] and [0132] of Zou). It would have been obvious to replacing at least a portion of the baseline characteristics profile and generate an alert because this would improve security and accuracy.
Claim 14 is rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 10,867,055 in view of Staples et al. (U.S. Pub. No. 2017/0249235 and hereinafter referred to as Staples). Although the claims at issue are not identical, they are not patentably distinct from each other it is clear that all of the limitations of claim 14 are taught by claims 1-20 of U.S. Patent No. 10,867,055 except for generating a hash based at least in part on the system data. However, Staples discloses generating a hash based at least in part on the system data (paragraphs [0046], [0078], [0079], [0083] and [0084] of Staples). It would have been obvious to generate a hash because this would improve efficiency.

Claims 8-14 are provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of copending Application No. 16/119,357. Although the claims at issue are not identical, they are not patentably distinct from each other because it is clear that all of the limitations of claims 8-14 are anticipated by claims 1-20 of copending Application No. 16/119,357.
This is a provisional nonstatutory double patenting rejection.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having 

Claims 8, 9, 12 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Zou et al. (U.S. Pub. No. 2016/0212099 cited in the IDS filed on 5/28/2019 and hereinafter referred to as Zou) in view of Babol et al. (U.S. Pub. No. 2017/0078435 and hereinafter referred to as Babol) in view of ElNakib et al. (U.S. Patent No. 10,057,264 and hereinafter referred to as ElNakib).
As to claim 8, Zou discloses a system for determining trust of a plurality of Internet of Things (IoT) systems within a networked environment, the system comprising: 
a communication interface in communication with the plurality of IoT systems via the networked environment (paragraphs [0036], [0041] and [0042] and Figs. 2-3, Zou teaches communications interfaces for sending/receiving data), wherein the communication interface is configured to receive system data indicative of artifacts of the plurality of IoT systems (paragraphs [0046], [0077], [0078], [0098], [0105], [0129], [0130], [0133] and Fig. 11, Zou teaches receiving data of IoT devices); 
a storage device (paragraph [0031], Zou teaches a computer-readable medium); and 
one or more processors collectively (paragraph [0031], Zou teaches a processor) configured to: 
generate a baseline characteristics profile based at least in part on the system data (paragraphs [0046], [0077], [0078], [0129] and Fig. 11, Zou teaches generating profiles containing normal (i.e. baseline) IoT device behavior); 
store the baseline characteristics profile within the storage device (paragraphs [0046], [0077]-[0079], [0129] and Fig. 11, Zou teaches storing the profiles); 
receive, via the communication interface, updated system data indicative of updated artifacts harvested from the IoT system (paragraphs [0098], [0105], [0130], [0133] and Fig. 11, Zou teaches monitoring current behavior of the IoT devices); and 
determine whether the updated system data indicates that an IoT system of the plurality of IoT systems is compromised by: 
comparing the updated system data against the baseline characteristics profile (paragraphs [0098], [0099], [0105], [0130], [0133] and Fig. 11, Zou teaches comparing the monitored current behavior to the normal behavior); and 
upon detecting a discrepancy between the updated system data and the baseline characteristics profile (paragraphs [0098], [0099], [0105], [0130], [0133] and Fig. 11, Zou teaches determining abnormal behavior based on the comparison.).
Zou does not specifically disclose harvested by a software agent installed on each IoT system of the plurality of IoT systems; via the communication interface in communication with the software agent installed on each IoT system 
harvested by a software agent installed on each IoT system of the plurality of IoT systems; via the communication interface in communication with the software agent installed on each IoT system of the plurality of IoT systems (paragraphs [0015], [0016], [0056], [0060] and [0061], Babol teaches monitoring agents installed on monitoring devices in an IoT system for sending status messages about the device for analysis.).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Zou with the teachings of Babol for having a software agent installed on each IoT system because this would offload processing requirements from a central node while allowing greater access to device status data, thus increasing accuracy of behavior deviation. 
The combination of teachings between Zou and Babol does not specifically disclose establishing a trust metric based at least in part on the detected discrepancy as claimed. However, ElNakib does disclose
establishing a trust metric based at least in part on the detected discrepancy (col. 8 line 40 – col. 9 line 8 and Fig. 6, ElNakib teaches determining anomalies in an IoT network and assigning trust scores based on the anomalies.).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the modified invention of 
As to claim 9, the combination of teachings between Zou, Babol, and ElNakib disclose the system of claim 8, wherein the system data comprises one or more of: system hardware data; system image data; application data; and system behavior data (paragraphs [0046], [0077], [0078], [0129] and Fig. 11, Zou teaches IoT device behavior. paragraphs [0015], [0016], [0056], [0060] and [0061], Babol teaches monitoring hardware and software of an IoT device.).
Examiner supplies the same rationale for the combination of the references as in claim 8 above.
As to claim 12, the combination of teachings between Zou, Babol, and ElNakib disclose the system of claim 8, wherein the one or more processors are further configured for updating the baseline characteristics profile by: replacing at least a portion of the baseline characteristics profile with at least a portion of the updated system data (paragraphs [0075], [0078], [0119], [0121] and [0129], Zou teaches updating a behavior profile over time using newly monitored data.).
As to claim 13, the combination of teachings between Zou, Babol, and ElNakib disclose the system of claim 8, wherein the one or more processors are further configured for generating an alert upon determining that the trust metric indicates that the IoT system is compromised (paragraphs [0100] and [0132], Zou teaches generating an alert when an abnormality is detected. col. 8 line 40 – col. 9 line 44 and Figs. 6 and 7, ElNakib teaches determining anomalies in an IoT network, assigning trust scores based on the anomalies, and performing operations based on an evaluation of the trust scores.).
Examiner supplies the same rationale for the combination of the references as in claim 8 above.

Claim 10 is rejected under 35 U.S.C. 103 as being unpatentable over Zou, Babol, and ElNakib as applied to claim 8 above, and further in view of Mahaffey et al. (U.S. Pub. No. 2017/0339178 and hereinafter referred to as Mahaffey).
As to claim 10, the combination of teachings between Zou, Babol, and ElNakib disclose the system of claim 8. The combination of teachings between Zou, Babol, and ElNakib does not specifically disclose wherein at least a portion of the system data is harvested from firmware of the IoT system as claimed. However, Mahaffey does disclose
wherein at least a portion of the system data is harvested from firmware of the IoT system (paragraphs [0007], [0011], [0082], [0113] and [0178], Mahaffey teaches data for determining baseline behavior may include firmware data of an IoT device.).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the modified invention of Zou with the teachings of Mahaffey for having at least a portion of the system data be harvested from firmware because this would allow greater access to device status data, thus increasing accuracy of behavior deviation.

Claim 11 is rejected under 35 U.S.C. 103 as being unpatentable over Zou, Babol, and ElNakib as applied to claim 8 above, and further in view of Huang et al. (U.S. Pub. No. 2019/0138716 and hereinafter referred to as Huang).
As to claim 11, the combination of teachings between Zou, Babol, and ElNakib disclose the system of claim 8. The combination of teachings between Zou, Babol, and ElNakib does not specifically disclose wherein the storage system is embodied as one or more of a blockchain ledger and a processor as claimed. However, Huang does disclose
wherein the storage system is embodied as one or more of a blockchain ledger and a processor (paragraphs [0014], [0034] and claim 1, Huang teaches storing IoT data in a ledger for determining anomalies.).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the modified invention of Zou with the teachings of Huang for having a blockchain ledger because this would increase security.

Claim 14 is rejected under 35 U.S.C. 103 as being unpatentable over Zou, Babol, and ElNakib as applied to claim 8 above, and further in view of Staples et al. (U.S. Pub. No. 2017/0249235 and hereinafter referred to as Staples).
As to claim 14, the combination of teachings between Zou, Babol, and ElNakib disclose the system of claim 8. The combination of teachings between Zou, Babol, and ElNakib does not specifically disclose wherein: generating the 
wherein: generating the baseline characteristics profile comprises generating a hash based at least in part on the system data; and comparing the updated system data against the baseline characteristics profile comprises: generating a hash based on the updated system data; and comparing the hash of the updated system data against the baseline characteristics profile (paragraphs [0046], [0078], [0079], [0083] and [0084], Staples teaches hashing device data for behavior determination and comparing the hashed behavior data to expected behavior.).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the modified invention of Zou with the teachings of Staples for generating a hash based at least in part on the system data because this would increase efficiency.

Allowable Subject Matter
Claims 1-7 would be allowable if rewritten or amended to overcome the claim objections set forth in this Office action.
Claim 1 recites, inter alia, “determining a directional difference between the match vector and the monitored characteristics vector; and determining a trust indicator for the IoT device based on the determined directional difference; generate an aggregated trust indicator for the networked location based on all of the trust indicators for the Internet of Things (IoT) devices of the plurality of IoT devices, the networked location associated with a networked location identifier; and render an interface for display on a remote computing device, the interface comprising at least the aggregated trust indicator and information associated with the networked location identifier.” While the prior art does disclose determining baseline operations of IoT systems using vectors, the prior art was not found to disclose the cited limitations in combination with the other limitations. Therefore, claim 1 is considered to recite allowable subject matter. Dependent claims 2-7 are considered to recite allowable subject matter based on their dependency.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to THADDEUS J PLECHA whose telephone number is (571)270-7506.  The examiner can normally be reached on M-F 8-4:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/THADDEUS J PLECHA/Examiner, Art Unit 2438