DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This is a first office action in response to application filed, with the above serial number, on 03 June 2019 in which claims 1-20 are presented for examination. Claims 1-20 are therefore pending in the application. 

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claim(s) 1-6, 8-13, 15-20 is/are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Bagasra (hereinafter “Bagasra”, 2017/0180380).
As per Claim 1, Bagasra discloses a system for securing an Internet of Things (IoT) device, comprising: 
a memory (at least paragraph 30-31, 45; IoT security engine network device installed in DNS server having memory); and 
a hardware processor that is coupled to the memory (at least paragraph 30-31, 45; IoT security engine network device installed in DNS server having processing unit) and that is configured to: 

in response to receiving the DNS request, determine whether to allow or drop a connection between the IoT device and a target domain corresponding to the FQDN (at least paragraph 37-38, 44; If the DNS query domain name is identified as valid, then IoT security engine 150 may allow 630 network access to IoT device 105 by sending a network access message 635 that notifies IoT device 105 of its permission to access the network; If the DNS query domain name is not identified as a valid domain name, then IoT security engine 150 may deny 435 network access to IoT device 105 by sending a network denial message 435 that notifies IoT device 105 that its access to the network is denied and blocked); and 
respond to the DNS request with instructions to allow or drop the connection based on the determining (at least paragraph 37-38, 44; If the DNS query domain name is identified as valid, then IoT security engine 150 may allow 630 network access to IoT device 105 by sending a network access message 635 that notifies IoT device 105 of its permission to access the network; If the DNS query domain name is not identified as a valid domain name, then IoT security engine 150 may deny 435 network access to IoT device 105 by sending a network denial message 435 that notifies IoT device 105 that its access to the network is denied and blocked).

As per Claim 3. The system of claim 1, wherein in determining whether to allow or drop the connection between the IoT device and the target domain corresponding to the FQDN, the hardware processor determines a type, a manufacturer, and a model of the IoT device (at least paragraph 57-59, 62-63, 70-73; identifying the device manufacturer, brand, model and/or some technical capabilities of the IoT device 105; different types of device classifications, other than or in addition to, a “computing” class or a “non-computing” class, may be identified by IoT security engine 150 for the IoT device 105 from an analysis of the IoT device 105's MAC address, OUI, IMEI, and/or other parameters).
As per Claim 4. The system of claim 1, wherein in determining whether to allow or drop the connection between the IoT device and the target domain corresponding to the FQDN, the hardware processor determines whether a category of domains of the target domain is in a black-list (at least paragraph 56, 62-63; domain(s) blacklist DB 125).
As per Claim 5. The system of claim 1, wherein in determining whether to allow or drop the connection between the IoT device and the target domain corresponding to 
As per Claim 6. The system of claim 1, wherein in determining whether to allow or drop the connection between the IoT device and the target domain corresponding to the FQDN, the hardware processor determines a relevance of the target domain to the IoT device (at least paragraph 57-59, 62-63, 72-73; IoT security engine 150 identifying valid domains for the particular IoT security engine 150 … to identify one or more valid domains (e.g., manufacturer's domain(s)) for storing in IoT device-valid domain DB 120, where the domain is relevant to the IoT device if it is for at least the manufacturer of the device).
As per Claims 8-13, 15-20. The limitations therein have substantially the same scope as claims 1-6 because claims 1-6 are a system for implementing those methods of claims 8-13 and non-transitory computer-readable medium of claims 15-20. Therefore claims 8-13 and 15-20 are rejected for at least the same reasons as claims 1-6.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 7, 14 is/are rejected under 35 U.S.C. 103 as being unpatentable over Bagasra in view of Fry et al (hereinafter “Fry”, 2019/0306182).
Bagasra fails to explicitly disclose wherein in determining whether to allow or drop the connection between the IoT device and the target domain corresponding to the FQDN, the hardware processor performs a behavioral analysis on the connection. However, the use and advantages for using such a system was well known to one skilled in the art before the effective filing date of the claimed invention as evidenced by the teachings of Fry. Fry discloses, in an analogous art (at least Fry paragraph 29-31, 34, 40, 42-53) fingerprinting an IoT device with an agent examining certain DNS packets from IoT devices 131-136, blocking specific traffic from one of devices based on device identifier including hardware make, where a DNS request can be examined and the hostname (eg. nest.com, Spotify) determined and fingerprints are generated such that a connection request in the future, if not matched with fingerprint is blocked/dropped or allowed, and detecting anomalous behavior for an existing device. Fry teaches in par. 53 “Based on the fingerprints and device profiles described above, the agent 115 can be configured to monitor traffic in the WLAN 120 and determine if the 
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to incorporate the use of Fry’s behavior monitoring with Bagasra as Fry teaches this can learn expected behavior of an IoT device and can flag anomalous behavior to perform further tests to determine if the anomalous behavior is malicious.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to GREGORY G TODD whose telephone number is (303)297-4763.  The examiner can normally be reached on 8:30-5 MST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Nicholas Taylor can be reached on (571)272-3889.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.







/GREGORY G TODD/Primary Examiner, Art Unit 2457