DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Remarks
In a response filed on February 2, 2021 (the “Response”), Applicant: (1) amends claims 1, 3-5, 10, 12 and 13; and (2) cancels claims 2 and 11.
Claims 1, 3-10 and 12-18 are presented for examination.
Response to Arguments
Applicant’s arguments submitted February 2, 2021 have been fully considered, but they are not persuasive for at least the following reason(s).
On page 7, in the Remarks section of the Response, Applicant argues:
“As amended, independent Claims 1 and 10 each recite that detecting a ‘security-risking behavior’ of an IoT device ‘includes comparing a previously determined device profile for the IoT device with [a] monitored data transmission.’  As amended, independent Claims 1 and 10 each further recite that the ‘previously determined device profile describes previously determined normal behavior of the IoT device.’ ...Neither Shuman nor Joo, whether considered individually or in combination, discloses performing such a detection in such a manner.”

Applicant’s instant argument is persuasive.  Therefore, (1) the previously presented prior art rejection of claims 1 and 10 as being obviousness over Shuman in view of Joo, is hereby withdrawn; and (2) Examiner raises new grounds of rejection as set forth in the prior art rejections below.

mutatis mutandis as per claims 1 and 10, Examiner’s rebuttal to Applicant’s foregoing argument equally applies to Applicant’s remaining argument.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 3, 7-10, 12 and 16-18 are rejected under 35 U.S.C. 103 as being unpatentable over Shuman et al. (US 2016/0128043 A1, hereinafter Shuman) in view of Valencia et al. (US 2014/0337862 A1, hereinafter Valencia).
Regarding claims 1 and 10, Shuman teaches a system (example: 140, FIG. 1C / 1160, FIG. 11) comprising a private cloud control center agent (D2D Application, FIG. 11) provided between a public network (175, FIG. 1C) and a private cloud (130/160, FIG. 1C) and configured to:
data transmission to or from an IoT device (example: 1150, FIG. 11) that is carried out through the private cloud in accordance with an IoT rule that is applied in the data transmission of the IoT device, when the IoT device is connected for management thereof by the private cloud control center agent through the private cloud (¶ 46 “device 130 may…control or otherwise manage components 110-118”; ¶ 53 “peer-to-peer communication network”; ¶ 105 “device 1150 may determine whether the information conveyed…matches registration criteria…rules/policies...enable gateway 1160 to 
However, Shuman does not explicitly disclose, yet Valencia teaches a system comprising:
monitor (316, FIG. 3A) data transmission (112, FIG. 1) to or from an IoT device (¶ 27 “The terms "mobile computing device" and "mobile device" are used interchangeably herein to refer to...internet-of-things (IOT) connected devices”; ¶ 54 “two-way wireless communication links 112”; ¶ 66 “monitor/observe transmissions or communications of the mobile device”; ¶ 134, 135 “observing mobile device behaviors in block 316”; note: Valencia may monitor 316 [see ¶ 134, 135] transmissions 112 [see ¶ 54, 66] of an IoT device [see ¶ 27]);
detect (320-322, FIG. 3A) security-risking behavior or state of the IoT device at least based on the monitored data transmission to or from the IoT device (¶ 27, 66, 134, 135 “detect/determine that the observed behavior is...‘Malicious’[] in block 322”; note: Valencia’s mobile device behavior may cause a security risk [see ¶ 24, 76),
wherein detecting the security-risking behavior of the IoT device includes comparing a previously determined device profile for the IoT device with the monitored data transmission (¶ 24, 27, 76, 81 “behavior analyzer module 204 may be configured to...learn the normal operational behaviors of the mobile device; ¶ 134 “compare observed mobile device behaviors to the received models/mappings to determine whether an observed behavior is...malicious”; ¶ 135 “determine that the observed behavior is... ‘Malicious’[] in block 322”),
wherein the previously determined device profile describes previously determined normal behavior of the IoT device (¶ 81 “learn the normal operational behaviors of the mobile device...to determine whether a particular mobile device behavior...is...malicious”; note: the profile of Valencia’s “normal operational behaviors” must be learned/previously determined in order to determine whether the behavior of Valencia’s mobile device is malicious [see ¶ 81]); and
upon detecting the security-risking behavior or state of the IoT device, performing (322, FIG. 3A) a remedial action for the data transmission to or from the IoT device (¶ 24, 27, 66, 76, 135 “If the mobile device processor determines that the observed behavior is...‘Malicious’[] in block 322, the mobile device processor may perform various operations/remedial action to correct or prevent the performance-degrading behavior”).
Before the effective filing date of the invention, one of ordinary skill in the art would have recognized the ability to utilize the teachings of Valencia for monitoring IoT device transmissions and performing a remedial action to mitigate a risk detected in the transmissions.  The teachings of Valencia, when used within the existing system of Shuman’s private cloud control center agent, will improve security by reducing the risk posed by malicious behavior.  Therefore, Examiner concludes that it would have been obvious for one of ordinary skill in the art to arrive at the above-claimed invention.
Regarding claims 3 and 12, Shuman in view of Valencia teaches all of the limitations of claims 1 and 10, as previously stated, and further teaches: wherein
the security-risking behavior of the IoT device is detected (Valencia: 320-322, FIG. 3A) based at least in part on comparison (Valencia: 138, FIG. 3A) of a reference behavior with the monitored (Valencia: 316, FIG. 3A) data transmission to or from the 
the reference behavior is one or an applicable combination of: past behavior of the IoT device, behavior of other IoT devices managed by the private cloud control center agent, behavior of other IoT devices of the same type, or IoT devices used by users other than a user of the IoT device (Shuman ¶ 53, 105, 106; Valencia ¶ 27, 81, 148 “determine whether...behavior [] is acceptable or common...by comparing the current behavior with past behaviors of the mobile device”).
Before the effective filing date of the invention, one of ordinary skill in the art would have recognized the ability to utilize the teachings of Valencia for comparing monitored IoT transmissions against past behavior.  The teachings of Valencia, when used within the system of Shuman in view of Valencia’s security-risk detection feature, will make the system’s detection of security risks straightforward and, thus, efficient by simply comparing the system’s monitored IoT transmissions against past behavior.  Therefore, Examiner concludes that it would have been obvious for one of ordinary skill in the art to arrive at the above-claimed invention.
Regarding claims 7 and 16, Shuman in view of Valencia teaches all of the limitations of claims 1 and 10, as previously stated, and further teaches: wherein the remedial action includes alerting a user associated with the private cloud (Shuman: 130/160, FIG. 1C) that the IoT device is behaving abnormally (Shuman ¶ 52, 53; 
Before the effective filing date of the invention, one of ordinary skill in the art would have recognized the ability to utilize the teachings of Valencia for notifying a user when abnormal behavior is detected.  The teachings of Valencia, when used with the system of Shuman in view of Valencia’s remedial action feature, will make the system more user-friendly by enabling it to notify users of abnormal behavior.  Therefore, Examiner concludes that it would have been obvious for one of ordinary skill in the art to arrive at the above-claimed invention.
Regarding claims 8 and 17, Shuman in view of Valencia teaches all of the limitations of claims 1 and 10, as previously stated, and further teaches: wherein the data transmission to or from the IoT device includes data transmission between the IoT device and other IoT devices managed through the private cloud (Shuman: 130/160, FIG. 1C) (Shuman ¶ 46 “device 130 may…control or otherwise manage components 110-118”; Shuman ¶ 53 “peer-to-peer communication network”).
Regarding claims 9 and 18, Shuman in view of Valencia teaches all of the limitations of claims 1 and 10, as previously stated, and further teaches: wherein the data transmission to or from the IoT device includes data transmission between the IoT device and a source accessed through, at least in part, a public network (Shuman: 175, FIG. 1C) (Shuman ¶ 58).
Claims 4, 6, 13 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Shuman in view of Valencia further in view of Joo (US 2016/0173495 A1, hereinafter Joo).

the security-risking behavior of the IoT device is detected (Valencia: 320-322, FIG. 3A) based at least in part on comparison (Valencia: 138, FIG. 3A) of a reference behavior with the monitored (Valencia: 316, FIG. 3A) data transmission to or from the IoT device (Shuman ¶ 53, 105, 106; Valencia ¶ 27, 66, 134 “compare observed mobile device behaviors to the received models/mappings to determine whether an observed behavior is...malicious”; Valencia ¶ 135 “detect/determine that the observed behavior is...‘Malicious’[] in block 322”; note: Valencia’s mobile device behavior may cause a security risk [see Valencia ¶ 24, 76).
However, Shuman in view of Valencia does not explicitly disclose, yet Joo teaches: a comparison includes comparison of at least one of: a destination of data transmitted through a data transmission, timing of a data transmission, an amount of data transmitted through a data transmission, or bytes histogram of data transmitted through a data transmission (¶ 36 “comparing/checking 122 whether the interval/data timing has exceeded a predetermined threshold/amount”).
Before the effective filing date of the invention, one of ordinary skill in the art would have recognized the ability to utilize the teachings of Joo for comparing monitored IoT transmissions against a predetermined timing threshold.  The teachings of Joo, when used within the system of Shuman in view of Valencia’s security-risk detection feature, will: (1) improve security by enabling the system to detect a DoS attack; and (2) make the system’s detection of security risks straightforward and, thus, efficient by simply comparing the system’s monitored IoT transmissions against a 
Regarding claims 6 and 15, Shuman in view of Valencia teaches all of the limitations of claims 1 and 10, as previously stated, and further teaches: the remedial action (Valencia ¶ 24, 27, 66, 76, 135 “If the mobile device processor determines that the observed behavior is...‘Malicious’[] in block 322, the mobile device processor may perform various operations/remedial action to correct or prevent the performance-degrading behavior”).
However, Shuman in view of Valencia does not explicitly disclose, yet Joo teaches: wherein a remedial action includes quarantining the IoT device (note: when “the authentication history…exceeds” a threshold [i.e., malicious behavior] Joo may “quarantine” by blocking authentication [see ¶ 66]).
Before the effective filing date of the invention, one of ordinary skill in the art would have recognized the ability to utilize the teachings of Joo for quarantining an IoT device that appears to pose a security risk.  The teachings of Joo, when used with the system of Shuman in view of Valencia’s remedial action, will provide the system with straightforward and, thus, efficient remedial action by simply having the system quarantine an IoT device that appears to pose a security risk.  Therefore, Examiner concludes that it would have been obvious for one of ordinary skill in the art to arrive at the above-claimed invention.
Claims 5 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Shuman in view of Valencia further in view of Borlick et al. (US 2016/0119372 A1, hereinafter Borlick).

Before the effective filing date of the invention, one of ordinary skill in the art would have recognized the ability to utilize the teachings of Valencia for determining whether IoT device’s behavior is a security risk.  The teachings of Valencia, when used with the IoT devices of the system of Shuman in view of Valencia’s registration-based response, will improve security by enabling the system to determine whether its IoT device’s registration message is normal or a security risk.  Therefore, Examiner concludes that it would have been obvious for one of ordinary skill in the art to arrive at the above-claimed invention.
However, Shuman in view of Valencia does not explicitly disclose, yet Borlick teaches: wherein an agent is further configured to simulate an attack of a third party device attempting to gain control of a device by sending data to the device, and determine security-risking state of the device based on a response to the sent data by the device (¶ 21 “simulate an attack to probe if device 114 is susceptible to a known 
Before the effective filing date of the invention, one of ordinary skill in the art would have recognized the ability to utilize the teachings of Borlick for simulating an attack in order to detect a security risk.  The teachings of Borlick, when used within the system of Shuman in view of Valencia’s security-risk detection feature, will improve security by enabling the system’s security-risk detection feature to detect known security vulnerabilities.  Therefore, Examiner concludes that it would have been obvious for one of ordinary skill in the art to arrive at the above-claimed invention.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Kalish Bell whose telephone number is (571) 272-5294.  The examiner can normally be reached on 9am-5pm, M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool.  To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey L Nickerson can be reached on (469) 295-9235.  The fax phone 
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).  If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/KALISH K BELL/Examiner, Art Unit 2432


/MORSHED MEHEDI/Primary Examiner, Art Unit 2432