DETAILED ACTION
This office action is in response to applicant’s RCE submission filed on 04/28/2021.  Claims 1 and 11 have been amended.  Claims 1-20 are pending and are directed towards system, method, and computer product for Sensor-Based Wireless Network Vulnerability Detection.  This is Non-Final action.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
1.	Applicant’s arguments filed 04/28/2021 have been fully considered.
A) Applicant’s arguments, with respect to the 102 rejection of claim 1, that Stephens fails to teach “collecting wireless traffic data for at least two of the plurality of coexisting wireless networks, the collecting being performed by at least one network sensor deployed in the wireless environment” (page 6-7 of the present response) have been fully considered but they are moot in view of the new grounds of 35 U.S.C. 103 rejections.
B) Applicant’s arguments, with respect to the 102 rejection of claim 1, that Stephens is “improperly ignoring the word remote in the recitation of Stephens that says remote sites or networks via wired or wireless connections” (page 7 of 
C) Applicant’s arguments, with respect to the 102 rejection of claim 1, that Stephens fails to teach “collecting wireless traffic data for at least two of the plurality of coexisting wireless networks, the collecting being performed by at least one network sensor deployed in the wireless environment as an out-of-band device with respect to each of the at least two of the plurality of coexisting wireless networks” (page 8-9 of the present response) have been fully considered but they are moot in view of the new grounds of 35 U.S.C. 103 rejections.
Claim Rejections - 35 USC § 103
2.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the 
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
3.	Claims 1-7, 10-17, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Stephens et al. (US Pub. 2008/0271143), hereinafter Stephens, filed on Apr. 24, 2007 in view of Bailey et al. (US Pub. 2016/0380989), hereinafter Bailey, filed on Jun. 23, 2015.
Regarding claim 1, Stephens teaches method for detecting potential vulnerabilities in a wireless environment comprising a wireless network (Fig. 1 and para 40, line 1-5 and para 88, line 1-9; a method for insider threat detection with network interface 918 of computer communicating via wireless connections), comprising: 
Stephens does not teach a plurality of coexisting wireless networks
Bailey teaches a plurality of coexisting wireless networks (Fig. 1 and para 54, line 1-15; Wi-Fi networks and other networks such as cellular networks)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Stephens to incorporate the teachings of Bailey to provide sensor data indicating out-of-band networks present for a network, where out-of-band networks include Wi-Fi networks and other networks.  Doing so would allow for sensor data determined to correlate with network contextual information for used in credentials authentication, as recognized by Bailey.
Stephens teaches collecting wireless traffic data for the wireless network, the collecting being performed by at least one network sensor deployed in the wireless environment (para 33, line 1-14 and para 40, line 3-9 and para 88, line 1-9; step 202, which includes collecting the network activity and can be achieved by 
Stephens does not teach sensor as an out-of-band device with respect to each of the at least two of the plurality of coexisting wireless networks
Bailey teaches sensor as an out-of-band device with respect to each of the at least two of the plurality of coexisting wireless networks (Fig. 1 and para 53, line 1-23 and para 54, line 1-15; sensor data indicating out-of-band networks present for a network, where out-of-band networks include Wi-Fi networks and other networks)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Stephens to incorporate the teachings of Bailey to provide sensor data indicating out-of-band networks present for a network, where out-of-band networks include Wi-Fi networks and other networks.  Doing so would allow for sensor data determined to correlate with network contextual information for used in credentials authentication, as recognized by Bailey.
Stephens teaches analyzing the collected wireless traffic data to detect at least activity initiated by a wireless entity in the wireless environment (para 41, 
initiating at least one investigation action to determine if any wireless network is a vulnerable network (para 43, line 1-12 and para 44, line 1-5 and para 88, line 1-9; step 208 includes examining network activities enabled by the information-use events for volumetric anomalies and suspicious and/evasive behavior, and network interface 918 of computer communicating with networks via wireless connections);
Stephens does not teach the at least two of the plurality of coexisting wireless networks
Bailey teaches the at least two of the plurality of coexisting wireless networks (Fig. 1 and para 54, line 1-15; Wi-Fi networks and other networks such as cellular networks)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Stephens to incorporate the teachings of Bailey to provide sensor data indicating out-of-band networks present for a network, where out-of-band networks include Wi-Fi networks and other networks.  Doing so would allow for sensor data 
Stephens teaches determining a risk score based in part on the at least one investigation action (para 43, line 1-3 and para 45, line 1-2; step 210 includes determining a threat score for each user of the network using the generated alerts based on the information-use events); and 
enforcing a security policy on the identified vulnerable network, wherein the security policy is determined responsive to the risk score and instructions received from a control system (para 45, line 3-8 and para 88, line 1-9; using a Bayesian network, if a given user’s threat score is above a set threshold, the user’s activity is further examined to determine whether it corresponds to a real insider threat, and network interface 918 of computer communicating with networks via wireless connections).
Stephens does not teach the plurality of coexisting wireless networks
Bailey teaches the plurality of coexisting wireless networks (Fig. 1 and para 54, line 1-15; Wi-Fi networks and other networks such as cellular networks)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Stephens to incorporate the teachings of Bailey to provide sensor data indicating 
Regarding claim 2, Stephens and Bailey teach method of claim 1.
	Stephens teaches a vulnerable network is detected when a risk score is over a predefined threshold value (para 45, line 1-8; if a given user’s threat score is above a threshold, the user’s activity is further examined to determine whether it corresponds to a real insider threat to the network).
Regarding claim 3, Stephens and Bailey teach method of claim 1.
	Stephens teaches performing a mitigation action based on the determined risk score (para 39, line 10-12 and para 45, line 1-6; if the threat score is above a set threshold and corresponds to a real insider threat, the analysts inform appropriate organizational authorities to take action).
Regarding claim 4, Stephens and Bailey teach method of claim 1.
	Stephens teaches a suspicious network is automatically labeled as a vulnerable network (para 43, line 3-6 and para 45, line 1-6; if the threat score is above a set threshold through examining volumetric anomalies and suspicious 
Regarding claim 5, Stephens and Bailey teach method of claim 1.
	Stephens teaches determining a vulnerable network based on at least one of: a connection type, transmitted data, usage patterns (para 43, line 1-6 and para 45, line 1-2; determine a threat score for the network based on examining volumetric anomalies and suspicious and/or evasive behavior), and a fingerprint of an unknown device.
Regarding claim 6, Stephens and Bailey teach method of claim 1.
	Stephens teaches determining whether a wireless network, or any device connected in the wireless network, performs a malicious activity (para 43, line 3-6 and para 45, line 1-6 and para 88, line 1-9; if the threat score is above a set threshold through examining volumetric anomalies and suspicious and/or evasive behavior, the user’s activity is further examined to determine whether it corresponds to a real insider threat to the network, and network interface 918 of computer communicates via wireless connections).   
Stephens does not teach the plurality of wireless networks
Bailey teaches the plurality of wireless networks (Fig. 1 and para 54, line 1-15; Wi-Fi networks and other networks such as cellular networks)

Regarding claim 7, Stephens and Bailey teach method of claim 6.
	Stephens teaches determining the wireless network to be vulnerable when the wireless network, or any device connected in the wireless network, performs a malicious activity (para 43, line 3-6 and para 45, line 1-6 and para 88, line 1-9; if the threat score is above a set threshold through examining volumetric anomalies and suspicious and/or evasive behavior, the user’s activity is further examined to determine whether it corresponds to a real insider threat to the network, and network interface 918 of computer communicates via wireless connections).
Stephens does not teach the plurality of wireless networks
Bailey teaches the plurality of wireless networks (Fig. 1 and para 54, line 1-15; Wi-Fi networks and other networks such as cellular networks)

	Regarding claim 10, Stephens teaches a non-transitory computer readable medium having stored thereon instructions for causing a processing circuitry (para 90, line 1-11; computer readable medium having computer program that, when executed by one or more data processing devices) to execute the method of claim 1 (same teaching as claim 1).
	Regarding claim 11, Stephens teaches a system for detecting potential vulnerabilities in a wireless environment comprising a wireless network (para 40, line 1-5 and para 88, line 1-9; a system for insider threat detection with network interface 918 of computer communicating with networks via wireless connections), comprising:
Stephens does not teach a plurality of coexisting wireless networks
a plurality of coexisting wireless networks (Fig. 1 and para 54, line 1-15; Wi-Fi networks and other networks such as cellular networks)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Stephens to incorporate the teachings of Bailey to provide sensor data indicating out-of-band networks present for a network, where out-of-band networks include Wi-Fi networks and other networks.  Doing so would allow for sensor data determined to correlate with network contextual information for used in credentials authentication, as recognized by Bailey. 
Stephens teaches a processing circuitry (para 90, line 8-10; one or more data processing devices); and 
a memory, the memory containing instructions that, when executed by the processing circuitry (para 90, line 1-11; computer readable medium having computer program that, when executed by one or more data processing devices), configure the system to:
collect wireless traffic data for the wireless network, the collecting being performed by at least one network sensor deployed in the wireless environment (para 33, line 1-14 and para 40, line 3-9 and para 88, line 1-9; step 202, which includes collecting the network activity and can be achieved by sensors in the 
Stephens does not teach sensor as an out-of-band device with respect to each of the at least two of the plurality of coexisting wireless networks
Bailey teaches sensor as an out-of-band device with respect to each of the at least two of the plurality of coexisting wireless networks (Fig. 1 and para 53, line 1-23 and para 54, line 1-15; sensor data indicating out-of-band networks present for a network, where out-of-band networks include Wi-Fi networks and other networks)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Stephens to incorporate the teachings of Bailey to provide sensor data indicating out-of-band networks present for a network, where out-of-band networks include Wi-Fi networks and other networks.  Doing so would allow for sensor data determined to correlate with network contextual information for used in credentials authentication, as recognized by Bailey.
Stephens teaches analyze the collected wireless traffic data to detect at least activity initiated by a wireless entity in the wireless environment (para 41, 
initiate at least one investigation action to determine if any wireless network is a vulnerable network (para 43, line 1-12 and para 44, line 1-5 and para 88, line 1-9; step 208 includes examining network activities enabled by the information-use events for volumetric anomalies and suspicious and/evasive behavior, and network interface 918 of computer communicating with networks via wireless connections);
Stephens does not teach the at least two of the plurality of coexisting wireless networks
Bailey teaches the at least two of the plurality of coexisting wireless networks (Fig. 1 and para 54, line 1-15; Wi-Fi networks and other networks such as cellular networks)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Stephens to incorporate the teachings of Bailey to provide sensor data indicating out-of-band networks present for a network, where out-of-band networks include Wi-Fi networks and other networks.  Doing so would allow for sensor data 
Stephens teaches determine a risk score based in part on the at least one investigation action (para 43, line 1-3 and para 45, line 1-2; step 210 includes determining a threat score for each user of the network using the generated alerts based on the information-use events); and 
enforce a security policy on the identified vulnerable network, wherein the security policy is determined responsive to the risk score and instructions received from a control system (para 45, line 3-8 and para 88, line 1-9; using a Bayesian network, if a given user’s threat score is above a set threshold, the user’s activity is further examined to determine whether it corresponds to a real insider threat, and network interface 918 of computer communicating with networks via wireless connections).
Stephens does not teach the plurality of coexisting wireless networks
Bailey teaches the plurality of coexisting wireless networks (Fig. 1 and para 54, line 1-15; Wi-Fi networks and other networks such as cellular networks)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Stephens to incorporate the teachings of Bailey to provide sensor data indicating 
Regarding claim 12, Stephens and Bailey teach system of claim 11.
Stephens teaches the system is configured such that a vulnerable network is detected when a risk score is over a predefined threshold value (para 45, line 1-8; if a given user’s threat score is above a threshold, the user’s activity is further examined to determine whether it corresponds to a real insider threat to the network). 
Regarding claim 13, Stephens and Bailey teach system of claim 11.
	Stephens teaches perform a mitigation action based on the determined risk score (para 39, line 10-12 and para 45, line 1-6; if the threat score is above a set threshold and corresponds to a real insider threat, the analysts inform appropriate organizational authorities to take action).
Regarding claim 14, Stephens and Bailey teach system of claim 11.
Stephens teaches the system is further configured such that a suspicious network is automatically labeled as a vulnerable network (para 43, line 3-6 and para 45, line 1-6; if the threat score is above a set threshold through examining 
Regarding claim 15, Stephens and Bailey teach system of claim 11.
Stephens teaches determine a vulnerable network based on at least one of: a connection type, transmitted data, usage patterns (para 43, line 1-6 and para 45, line 1-2; determine a threat score for the network based on examining volumetric anomalies and suspicious and/or evasive behavior), and a fingerprint of an unknown device.
Regarding claim 16, Stephens and Bailey teach system of claim 11.
Stephens teaches determining whether a wireless network, or any device connected in the wireless network, performs a malicious activity (para 43, line 3-6 and para 45, line 1-6 and para 88, line 1-9; if the threat score is above a set threshold through examining volumetric anomalies and suspicious and/or evasive behavior, the user’s activity is further examined to determine whether it corresponds to a real insider threat to the network, and network interface 918 of computer communicates via wireless connections).   
Stephens does not teach the plurality of wireless networks
the plurality of wireless networks (Fig. 1 and para 54, line 1-15; Wi-Fi networks and other networks such as cellular networks)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Stephens to incorporate the teachings of Bailey to provide sensor data indicating out-of-band networks present for a network, where out-of-band networks include Wi-Fi networks and other networks.  Doing so would allow for sensor data determined to correlate with network contextual information for used in credentials authentication, as recognized by Bailey.  
Regarding claim 17, Stephens teaches system of claim 16.
Stephens teaches determining the wireless network to be vulnerable when the wireless network, or any device connected in the wireless network, performs a malicious activity (para 43, line 3-6 and para 45, line 1-6 and para 88, line 1-9; if the threat score is above a set threshold through examining volumetric anomalies and suspicious and/or evasive behavior, the user’s activity is further examined to determine whether it corresponds to a real insider threat to the network, and network interface 918 of computer communicates via wireless connections).
Stephens does not teach the plurality of wireless networks
the plurality of wireless networks (Fig. 1 and para 54, line 1-15; Wi-Fi networks and other networks such as cellular networks)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Stephens to incorporate the teachings of Bailey to provide sensor data indicating out-of-band networks present for a network, where out-of-band networks include Wi-Fi networks and other networks.  Doing so would allow for sensor data determined to correlate with network contextual information for used in credentials authentication, as recognized by Bailey.
Regarding claim 20, Stephens and Bailey teach method of claim 1.
Stephens teaches wherein the at least one network sensor comprises at least two network sensors, wherein a first of the at least two network sensors collects wireless traffic data for at least one of the wireless network and wherein a second of the at least two network sensors collects wireless traffic data and wireless network employ different network protocols (para 33, line 1-14 and para 88, line 1-9; sensors 104 collect the network traffic associated with a set of network protocols, sensors are embedded within network 102 and may be placed on hosts to detect local activity, and network interface 918 of computer communicating via wireless connections).

Bailey teaches the at least two of the plurality of coexisting wireless networks and at least second of the at least two of the plurality of coexisting wireless networks (Fig. 1 and para 54, line 1-15; Wi-Fi networks and other networks such as cellular networks)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Stephens to incorporate the teachings of Bailey to provide sensor data indicating out-of-band networks present for a network, where out-of-band networks include Wi-Fi networks and other networks.  Doing so would allow for sensor data determined to correlate with network contextual information for used in credentials authentication, as recognized by Bailey.
4.	Claims 8-9 and 18-19 are rejected under 35 U.S.C. 103 as being unpatentable over Stephens in view of Bailey and Gong et al. (US Pub. 2016/0078229), hereinafter Gong, filed on Nov. 9, 2015.
Regarding claim 8, Stephens and Bailey teach method of claim 1.

	Gong teaches generating a list of wireless entities in the wireless environment (para 47, line 6-10 and para 53, line 1-6; the security server 108 may provide new entries for a whitelist and entries for a blacklist to assist the data flagging module 418 to determine if network data is suspicious, where the network data is network traffic on a network from one device to another).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Stephens and Bailey to incorporate the teachings of Gong to provide new entries to a whitelist and a blacklist, which are associated with network traffic on a network from one device to another.  Doing so would allow for the detection of suspicious network activities, as recognized by Gong.
Regarding claim 9, Stephens, Bailey, and Gong teach method of claim 8.
	Stephens teaches checking a wireless device to detect at least known or unknown vulnerabilities (para 40, line 3-9 and para 43, line 3-8; sensors 101 in system 100 of Fig. 1 may collect network activity and examine for volumetric anomalies and suspicious and/or evasive behaviors)

Gong teaches where the wireless device is added to the list of wireless entities in the wireless environment (para 47, line 6-10 and para 53, line 1-6; the security server 108 may provide new entries for a whitelist and entries for a blacklist to assist the data flagging module 418 to determine if network data is suspicious, where the network data is network traffic on a network from one device to another).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Stephens and Bailey to incorporate the teachings of Gong to provide new entries to a whitelist and a blacklist, which are associated with network traffic on a network from one device to another.  Doing so would allow for the detection of suspicious network activities, as recognized by Gong.
Regarding claim 18, Stephens teaches system of claim 11.
	Stephens and Bailey do not teach generating a list of wireless entities in the wireless environment.
	Gong teaches generating a list of wireless entities in the wireless environment (para 47, line 6-10 and para 53, line 1-6; the security server 108 may 
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Stephens and Bailey to incorporate the teachings of Gong to provide new entries to a whitelist and a blacklist, which are associated with network traffic on a network from one device to another.  Doing so would allow for the detection of suspicious network activities, as recognized by Gong.
Regarding claim 19, Stephens, Bailey, and Gong teach system of claim 18.
	Stephens teaches checking a wireless device to detect at least known or unknown vulnerabilities (para 40, line 3-9 and para 43, line 3-8; sensors 101 in system 100 of Fig. 1 may collect network activity and examine for volumetric anomalies and suspicious and/or evasive behaviors)
Stephens and Bailey do not teach where the wireless device is added to the list of wireless entities in the wireless environment.
Gong teaches where the wireless device is added to the list of wireless entities in the wireless environment (para 47, line 6-10 and para 53, line 1-6; the security server 108 may provide new entries for a whitelist and entries for a 
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Stephens and Bailey to incorporate the teachings of Gong to provide new entries to a whitelist and a blacklist, which are associated with network traffic on a network from one device to another.  Doing so would allow for the detection of suspicious network activities, as recognized by Gong.
Conclusion
5.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
	The following are the related patents and applications: Gukal et al. (US Pub. 2017/0353491) discloses network device using the particular network address to monitor network activity for a network scan; Sheleheda et al. (US Pub. 2013/0127618) discloses receiving communications traffic associated with a sensor network from a sensor that is a member of the sensor network, analyzes the communications traffic to determine if an attack is occurring on the sensor network; Janssen (US Pub. 2016/0127417) discloses monitoring the secure 
6.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to NHAN H NGUYEN whose telephone number is (571)272-6443.  The examiner can normally be reached on Monday-Friday 8:30am - 4:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on 571-272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-






/NHAN HUU NGUYEN/Examiner, Art Unit 2492

/SALEH NAJJAR/Supervisory Patent Examiner, Art Unit 2492