DETAILED ACTION

Currently pending claims are 1 – 44.


Response to Arguments
Applicant's arguments with respect to the subject matter of the instant claims have been fully considered but are not persuasive.
As per claim 1, Applicant asserts Shaffer does not teach actively detecting anything sent by the nodes such as a first message required by the recited claim 1 (Remarks: Page 12 / 2nd Para).  Examiner respectfully disagrees with the following rationale.
(a) Examiner notes according to MPEP 2111 of the broadest and reasonable claim interpretations, applicant’s argument has no merit since the alleged limitation such as exactly how to detect a first message which is transmitted by a source node has not been specifically and clearly recited into the claim.  Although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims.  See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993).
(b) In light of that, Shaffer teaches a security (monitoring) device facilitating a comparison and detection (see FIG. 5) of a particular message A (i.e. a 1st message, recited in the claim), as a part of a message receiving list, by matching the message A against the message A sent (transmitted) by a particular source node to the destination node (Shaffer: Figure 5 (& 3B), Col. 4 Line 33 – 35, Col. 8 Line 35 – Line 52, Col. 7 Line 32 – 35 and Col. 6 Line 54 – 59) and as such Applicant's arguments are respectfully traversed.
As per claim 1, Applicant asserts Shaffer fails to teach collecting, by the monitoring device, information from the first message as it is transmitted in the wireless mesh network (Remarks: Page 13 / 2nd Para).  Examiner respectfully disagrees with the following rationale.
(a) Examiner notes according to MPEP 2111 of the broadest and reasonable claim interpretations, applicant’s argument has no merit since the alleged limitation such as “exactly what is the information to be collected has not been specifically and clearly recited into the claim.  Although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims.  See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993).  
(b) In light of that, Shaffer teaches collecting security information of the 1st message as it is transferred over the network to determine any security compromise to the 1st message by collecting both of (i) an original hash value of the 1st message obtained from the sender (SRC) node and (ii) the instant hash value of the 1st message upon arriving at the destination node obtained from and reported by the receiver (DEST) node, wherein any message corruption in a message list would cause a corruption of the entire message list (Col. 8 Line 35 – Line 52) (Shaffer: Figure 5 (& 3B), Col. 4 Line 33 – 35, Col. 8 Line 35 – Line 52, Col. 7 Line 32 – 35 and Col. 6 Line 54 – 59) and as such Applicant's arguments are respectfully traversed.

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  


Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1 – 8, 11, 12, 16 – 29, 32, 33 and 37 – 44 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Shaffer et al. (U.S. Patent 8,806,633). 

As per claim 1, 22, 43 and 44, Shaffer teaches a method for detecting a security threat in a wireless mesh network, comprising: 
detecting, by a monitoring device in the wireless mesh network, a first message transmitted by a source node in the wireless mesh network to a destination node in the wireless mesh network via at least one relay node in the wireless mesh network (Shaffer: Figure 3B & Figure 5, Col. 4 Line 33 – 35, Col. 8 Line 35 – Line 52, Col. 7 Line 32 – 35 and Col. 6 Line 54 – 59: (a) a security device monitoring a message (packet) between a sender node and a receiver node over a wireless mesh network (Col. 4 Line 33 – 35 and Col. 3 Line 10 – 17), (b) facilitating a comparison and detection (FIG. 5) of a particular message A (i.e. a 1st message), as a part of a message receiving list, by matching the message A against the message A sent (transmitted) by a particular source node, in the wireless mesh network to a destination node via a plurality of relay nodes (FIG. 3B), to the destination node and (c) based on a message list received by the security node from the source node);  
collecting, by the monitoring device, information from the first message as it is transmitted in the wireless mesh network (Shaffer: see above & Col. 6 Line 54 – 59 and Col. 7 Line 40 – 42 / Line 28 – 30 and Col. 8 Line 35 – Line 52: collecting security information of the 1st message as it is transferred over the network to determine any security compromise to the 1st message by collecting both of (i) an original hash value of the 1st message obtained from the sender (SRC) node and (ii) the instant hash value of the 1st message upon arriving at the destination node obtained from and reported by the receiver (DEST) node (Col. 8 Line 35 – Line 52));  
determining, by the monitoring device, that the first message has been corrupted based on analysis of the information from the first message (Shaffer: see above & Figure 5, Col. 7 Line 46 – 55, Col. 9 Line 34 – 42 and Col. 8 Line 35 – Line 52: by comparing the original hash value of the 1st message reported by the sender (SRC) node and the instant hash value of the 1st message reported by the destination node to the monitoring device for determining whether the first message has been corrupted when no matching can be identified, wherein any message corruption in a message list would cause a corruption of the entire message list (e.g. FIG 5 / message B & D and  Col. 7 Line 50 – 55)); and 
detecting, by the monitoring device, the security threat in the wireless mesh network based on the first message being corrupted (Shaffer: see above & Figure 5, Col. 7 Line 50 – 55 and Col. 9 Line 34 – 42: an alarm would be generated when determining no matching can be identified).  

As per claim 2 and 23, Shaffer teaches identifying, by the monitoring device, the at least one relay node as the security threat in the wireless mesh network based on a determination that the first message has been corrupted by the at least one relay node (Shaffer: see above & Figure 3B / E-21 and Col. 7 Line 32 – 35 / Line 50 – 59: a malicious relay node (MN) (Col. 7 Line 56 – 59)).  

As per claim 3 and 24, Shaffer teaches notifying, by the monitoring device, a user of the wireless mesh network that the at least one relay node is the security threat (Shaffer: see above & Col. 7 Line 50 – 55: generating an alarm to a network administator to report a malicious relay node (MN) (Col. 7 Line 56 – 59)).  

As per claim 4 – 6 and 25 – 27, Shaffer teaches notifying, by the monitoring device, a manufacturer (& a make of model) of the at least one relay node that the at least one relay node is the security threat (Shaffer: see above & Col. 7 Line 56 – 61: initiating  mitigation activities such as downloading a new code or replacing the (malicious) relay node(s) evidently provide a notification including the manufacturer / model/ version of the target relay node(s)).  

As per claim 7 and 28, Shaffer teaches removing, by the monitoring device, the at least one relay node from the wireless mesh network (Shaffer: see above & Col. 7 Line 61 – 62 and Col. 8 Line 1 – 2: replacing / removing the (malicious) relay node(s)).  

As per claim 8 and 29, Shaffer teaches initiating, by the monitoring device, a network key refresh procedure for all remaining nodes in the wireless mesh network (Shaffer: see above & Col. 7 Line 59 – 61: initiating mitigation activities such as changing / refreshing the network security key).  

As per claim 11 – 12 and 32 – 33, Shaffer teaches wherein the monitoring device determines that the first message has been corrupted based on the address of the destination node, the sequence number, or both, being changed as the first message is transmitted in the wireless mesh network (Shaffer: see above & Figure 3B and Col. 1 Line 20 – 21: at least changing the address of the destination node to forward the target message to a malicious node).  

As per claim 16 and 37, Shaffer teaches uploading, by the monitoring device, the information from the first message to a remote server, wherein the remote server performs the analysis of the information from the first message; and receiving, at the monitoring device, a notification from the remote server that the first message has been corrupted (Shaffer: see above & Col. 5 Line 48 – 52: the security device can be either co-located or remotely located w.r.t. a head-end monitoring device).  

As per claim 17 and 38, Shaffer teaches wherein the monitoring device is a provisioner node in the wireless mesh network (Shaffer: see above & Col. 2 Line 5 – 10: (e.g.) a head-end service-provider (prosioner) node).  

As per claim 18 and 39, Shaffer teaches wherein the monitoring device is not a provisioner node or controller node in the wireless mesh network (Shaffer: see above & Col. 5 Line 48 – 52: the security device can be either co-located or remotely located w.r.t. a head-end monitoring device (i.e. not a provisioner (service-provider) node)).  

As per claim 19 and 40, Shaffer teaches wherein the monitoring device is a stationary mains-powered device in the wireless mesh network (Shaffer: see above & Figure 2 and Col. 3 Line 22 – 25: including a “plug-in” power supply).  

As per claim 20 and 41, Shaffer teaches wherein the monitoring device is a battery-powered mobile device in the wireless mesh network (Shaffer: see above & Figure 2 and Col. 3 Line 22 – 25: including a “battery” power supply).  


As per claim 21 and 42, Shaffer teaches wherein the wireless mesh network comprises a Bluetooth® mesh network (Shaffer: see above & Col. 3 Line 10 – 17: including a Bluetooth® wireless network).  

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 9, 10 and 30 – 31 are rejected under 35 U.S.C. 103 as being unpatentable over Shaffer et al. (U.S. Patent 8,806,633), and in view of Bare et al. (U.S. Patent 6,473,403).  

As per claim 9 and 30, Bare (& Shaffer) teaches:
instructing, by the monitoring device, all remaining nodes (Shaffer: see above & Col. 7 Line 56 – 60: initiating mitigation activities to all nodes in a vicinity (i.e. remaining nodes) to the malicious node that include downloading a new code or replacing the relay (switch) node),
in the wireless mesh network to flush their local source and sequence number cache (Bare: Col. 45 Line 17 – 19: flushing the sequence number cache and local source cache about 30 seconds after re-booting a switch (or relay node) (e.g. after downloading a new code or replacing the relay (switch) node) to assure a successful boot-up process).  
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention was made to combine the teaching of Bare within the system of Shaffer because (a) Shaffer teaches protecting from a network attack by initiating mitigation activities to all nodes in a vicinity (i.e. remaining nodes) to the malicious node that include downloading a new code or replacing the relay (switch) node (see above), and (b) Bare teaches flushing the sequence number cache and local source cache about 30 seconds after re-booting a switch (or relay node) (e.g. after downloading a new code or replacing the relay (switch) node) to assure a successful boot-up process (see above). 
As per claim 10 and 31, Bare (& Shaffer) teaches wherein the information from the first message comprises an address of the source node, an address of the destination node (Shaffer: see above & Col. 8 Line 35 – 52, Col. 7 / Line 15 – 16 / Line 17 – 20 and Col. 9 Line 34 – 41: the information from the 1st message should include data that can be used for the security (monitoring) device to track the received hash message-list specific to a pair of sender-receiver such as at least, an address of the source node, an address of the destination node), and 
a sequence number associated with the address of the source node (Bare: Col. 29 Line 37 – 42 and Col. 73 Line 10 – 12: the standard (conventional) networking protocol designating a communication packet (message) to include, at least, a source / destination addresses / MAC address and a sequence number to prevent lost or duplicated packets).  See the same rationale of combination applied herein as above in rejecting the claim 9.

Claims 13 – 15 and 34 – 36 are rejected under 35 U.S.C. 103 as being unpatentable over Shaffer et al. (U.S. Patent 8,806,633), and in view of Dillon et al. (U.S. Patent 2013/0197955).  

As per claim 13 and 34, Dillon (& Shaffer) teaches wherein the information from the first message comprises a time-to-live (TTL) field that is decremented by each relay node that relays the first message as it is transmitted in the wireless mesh network (Dillon: Para [0067] Line 8 – 12: managing security packet processing by providing a networking protocol that includes a protocol field such as a TTL / hop count to decrement by each relay node (hop) that relays the packet (message) as it is transmitted over the network so as to detect an occurrence of the error event (e.g security compromise) when the TTL / hop count is decremented to zero indicating time exceeded than normal situation before reaching the destination node).  
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention was made to combine the teaching of Noehring within the system of Shaffer because (a) Shaffer teaches protecting from a network attack by initiating mitigation activities to all nodes in a vicinity (i.e. remaining nodes) to the malicious node over a network (see above), and (b) Dillon teaches managing security packet processing by providing a networking protocol that includes a protocol field such as a TTL / hop count to decrement by each relay node (hop) that relays the packet (message) as it is transmitted over the network so as to detect an occurrence of the error event (e.g. security compromise) when the TTL / hop count is decremented to zero indicating time exceeded than normal situation before reaching the destination node (see above). 

As per claim 14 – 15 and 35 – 36, Dillon (& Shaffer) teaches wherein the monitoring device determines that the first message has been corrupted based on the TTL field being changed to 0 before it reached QC180737Qualcomm Ref. No. 18073731the destination node or to a value greater than a threshold indicative of a corrupted TTL field (Dillon: Para [0067] Line 8 – 12: managing security packet processing by providing a networking protocol that includes a protocol field such as a TTL / hop count to decrement by each relay node (hop) that relays the packet (message) so as to detect an occurrence of the error event (e.g. security compromise such as the message has been corrupted) when the TTL / hop count is decremented to zero indicating time exceeded beyond normal situation before reaching the destination node).  


Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to LONGBIT CHAI whose telephone number is (571)272-3788.  The examiner can normally be reached on Monday - Friday 9:00am-5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn D. Feild can be reached on 571-272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.








Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


---------------------------------------------------
                  /Longbit Chai/
           Longbit Chai E.E. Ph.D.
    Primary Examiner, Art Unit 2431
                   No. #2261 – 2021
---------------------------------------------------