Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
Response to Amendment
This is a reply to the application filed on 07/26/2021, in which, claim(s) 1-20 is/are pending.
Claim(s) 13-20 is/are newly added.

Response to Arguments
Claim Objection: 
Applicant’s arguments with respect to objection of claim(s) 3 and 4 have been considered. The objection have been withdrawn in view of the amendment to claim.

Claim Rejections - 35 U.S.C. § 112:
Applicants’ arguments with respect to 112 2nd paragraph with rejection of claim(s) 2-10 have been fully considered and are persuasive.  The rejection of 112 2nd paragraph have been withdrawn in view of the amendment to claim. 

Applicants’ arguments with respect to 112 4th paragraph with rejection of claim(s) 11-12 have been fully considered and are persuasive.  The rejection have been withdrawn in view of the amendment to claim. 

Claim Rejections - 35 U.S.C. § 101:
Applicants’ arguments with respect to claim(s) 12 have been fully considered and are persuasive.  The rejection of 35 USC §101 have been withdrawn in view of the amendment to claim.

Claim Rejections - 35 U.S.C. § 102 and 35 U.S.C. § 103:
Applicant’s arguments with respect to the rejection of claim(s) 1-20 have been considered but are moot in view of the new ground(s) of rejection.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 13 and 17 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claims 13 and 17 reciting “wherein the network or security event includes a breach of a firewall, a detection of malware, or a physical movement of the device”. It is unclear how the encryption policy based on the network or security event triggers helps to allocate resources of the device more efficiently.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Wainner et al. (Pub. No.: US 2011/0164752 A1 – IDS; hereinafter Wainner) in view of Amarendran et al. (Pub. No.: US 2016/0306984 A1; hereinafter Amarendran) further in view of Masram et al. (NPL: Dynamic selection of symmetric key cryptographic algorithms for securing data based on various parameters – IDS; hereinafter Masram).
claims 1, 11 and 12, Wainner discloses a method of controlling a communications device to operate according to a prescribed policy, wherein an encryption server remote from the device selects an encryption policy for one or more applications running on the device and generates an encryption agent for transmission to the device for deployment, the agent being configured to control the device to encrypt data according to the encryption policy selected by the encryption server, in which method, in response to a network or security event (the key server communicate and controls all the client in the group members to use the encryption policies, in which it detects and determines if any members are not using the most recent encryption policy to either remove the member or request policy updates, the encryption policy is use to encrypt communication sent over the network [Wainner; Abstract; ¶27-28, 78, 83; Fig. 5a-5b, 6a-6b and associated text]).
Wainner discloses method involves receiving a message from a first group member via a network.  The message is received by a second group member.  The method then detects that the first group member is not using a most recent policy update supplied by a key server, in response to information in the message.  In response, the key server can remove the group member or send new policy to have them update policy. Wainner does not explicilty discloses the server analyses the resource usage of the device and adjusts the encryption policy in accordance with the analysis; Amarendran teaches this feature.
In particular, Amarendran teaches a system using agents to automatically generating of encryption rules, based on data types, sensitivity, historic usage and others criteria [Amarendran; ¶7-9, 258-268, 308-310]. It would have been obvious before the effective filing date of the claimed invention to modify Wainner in view of Amarendran with the motivation to maintain data integrity and prevent leakage.

IN particular, Masram teaches using different encryption algorithms with variations of parameters to encrypt various data, in which different encryption on different types of data would yields different results, resulting in determining CPU/memory utilization, energy consumption attacks, encrypt/decrypt time, etc… and to better determine and allocates resources to perform the right encryption on the proper data for better resources allocation and performance [Masram; Abstract, Intro, Case Study, Conclusion]. It would have been obvious before the effective filing date of the claimed invention to modify Wainner-Amarendran combination in view of Masram. The motivation is to maximize resources and better performance.

Regarding claim 2, Wainner-Amarendran combination discloses a method according to Claim 1, wherein the device is controlled to modify encryption levels in response to security threats detected or communicated to the network (detecting that if the data contains sensitive data, generate encryption rules for encrypting of data [Amarendran; ¶7-9, 258-268, 308-310]. The motivation to maintain data integrity and prevent leakage.

claim 3, Wainner-Amarendran combination discloses a method according to Claim 2, in which the security threats are reported to, or detected by, the server, and the server transmits a trigger signal to the device to activate a change in encryption level in the device in accordance with a previously deployed encryption policy (the combination teaches detecting/reporting of inconsistence in the encryption policy by the members and updating encryption policy to reflect changes for security [Wainner; Abstract; ¶27-28, 78, 83; Fig. 5a-5b, 6a-6b and associated text]).

Regarding claim 4, Wainner-Amarendran combination discloses a method according to Claim 1, in which the encryption server sets encryption types and key lengths to individual applications based on the type of IoT device and applications being run (the encryption is based on the various types of devices, grouping and configuration [Wainner; ¶21-23]).

Regarding claim 5, Wainner-Amarendran combination discloses a method according to Claim 1, in which encryption types and key lengths are dynamically adjusted by the server in response to notifications of vulnerabilities to device type and applications used, and the server transmits instructions to the device to make consequential changes in the policy to be run on the device (the encryption is based on the various types of devices, grouping and configuration [Wainner; ¶21-23], detecting that if the data contains sensitive data, generate encryption rules for encrypting of data [Amarendran; ¶7-9, 258-268, 308-310]). The motivation to maintain data integrity and prevent leakage.

claim 6, Wainner-Amarendran combination discloses a method according to Claim 1, in which the server analyses network and security events to determine if encryption is necessary and apply encryption as when it is required (detecting that if the data contains sensitive data, generate encryption rules for encrypting of data [Amarendran; ¶7-9, 258-268, 308-310]). The motivation to maintain data integrity and prevent leakage.

Regarding claim 7, Wainner-Amarendran combination discloses a method according to Claim 5 in which the server is instructed to cease processing of data if the resources usage of the device is insufficient to allow an encryption feature to be applied to the device (usage such as network, traffic, storage, etc., [Amarendran; ¶230, 232-234]). The motivation to maintain data integrity and prevent leakage.

Regarding claim 8, Wainner-Amarendran combination discloses a method according to Claim 5, wherein the server is instructed to cease local storage of data if the resources usage of the device is insufficient to allow an encryption feature to be applied to the device (one with ordinary skill in the art would understands that when the system is out of memory or storage space, you cannot perform any cache or encryption).

Regarding claim 9, Wainner-Amarendran combination discloses a method according to Claim 1, wherein the encryption server is embodied in a gateway device providing a communications interface between the communications device and a communications network (can act as a gateway to encrypt/decrypt all packets [Wainner; ¶24-25]).

claim 10, Wainner-Amarendran combination discloses a method according to Claim 9, wherein the gateway device provides communications interfaces between a plurality of communications devices and the communications network, and provides and co-ordinates encryption server functions for the plurality of communications devices (the gateway perform encrypt/decrypt for all communication packets between devices and also determines that all the devices have encryption policy [Wainner; ¶24-25, 27-28, 78, 83]).

Regarding claims 13 and 17, Wainner-Amarendran-Masram combination discloses wherein the network or security event includes a breach of a firewall, a detection of malware, or a physical movement of the device (information exchange through applications need to be secure and different cryptographic algorithms address different security concerns [Masram; Abstract, Intro, Case Study, Conclusion]. The motivation is to maximize resources and better performance.

Regarding claims 14 and 18, Wainner-Amarendran-Masram combination discloses wherein the analyzed resource usage of the device includes usage of a CPU, bandwidth or battery of the device (using different encryption algorithms with variations of parameters to encrypt various data, in which different encryption on different types of data would yields different results, resulting in determining CPU/memory utilization, energy consumption attacks, encrypt/decrypt time, etc… and to better determine and allocates resources to perform the right encryption on the proper data for better resources allocation and performance [Masram; Abstract, Intro, Case Study, Conclusion]. The motivation is to maximize resources and better performance.

claims 15 and 19, Wainner-Amarendran-Masram combination discloses wherein the adjustment of the encryption policy in accordance with the analysis results in a reduction in an amount of encrypted data being transmitted from the device (using different encryption algorithms with variations of parameters to encrypt various data, in which different encryption on different types of data would yields different results, resulting in determining CPU/memory utilization, energy consumption attacks, encrypt/decrypt time, etc… and to better determine and allocates resources to perform the right encryption on the proper data for better resources allocation and performance [Masram; Abstract, Intro, Case Study, Conclusion]. The motivation is to maximize resources and better performance.

Regarding claims 16 and 20, Wainner-Amarendran-Masram combination discloses wherein the adjustment of the encryption policy in accordance with the analysis results in a reduction in an amount of processing power of the device needed to encrypt data (using different encryption algorithms with variations of parameters to encrypt various data, in which different encryption on different types of data would yields different results, resulting in determining CPU/memory utilization, energy consumption attacks, encrypt/decrypt time, etc… and to better determine and allocates resources to perform the right encryption on the proper data for better resources allocation and performance [Masram; Abstract, Intro, Case Study, Conclusion]. The motivation is to maximize resources and better performance.

Internet Communications
Applicant is encouraged to submit a written authorization for Internet communications (PTO/SB/439, http:ljwww.uspto.gov/sites/default/files/documents/sb0439.pdf) in the instant only: (1) Central Fax which can be found in the Conclusion section of this Office action; (2) regular postal mail; (3) EFS WEB; or (4) the service window on the Alexandria campus. EFS web is the recommended way to submit the form since this allows the form to be entered into the file wrapper within the same day (system dependent). Written authorization submitted via other methods, such as direct fax to the examiner or email, will not be accepted. See MPEP § 502.03.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

	

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Nickerson can be reached on (469) 295-9235.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/DAO Q HO/Primary Examiner, Art Unit 2432