DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Amendment
This office action is in response to applicant’s amendment filed, 29 July 2021, of application filed, with the above serial number, on 03 June 2019 in which claims 1, 8, 15 have been amended. Claims 1-20 are pending in the application. 

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 1-20 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.

The claims also have been amended to ‘determining similarity between the category and one or more categories of domains connected to by devices similar to the IoT device’. This is also not complying with the written description requirement as the description describes identifying ‘categories of domains frequently connected to by similar devices’. This is notably different as the description is comparing to an existing DB with historical entries, while the amended claims are in essence comparing to (a real-time updated database) what categories of ‘domains connected to by devices’.
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:



The term "similar" and “similarity” in claim 1, 8, 15 is a relative term which renders the claim indefinite.  The term "similar" and “similarity” is not defined by the claim, the specification does not provide a standard for ascertaining the requisite degree, and one of ordinary skill in the art would not be reasonably apprised of the scope of the invention.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claim(s) 1-6, 8-13, 15-20 is/are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Bagasra (hereinafter “Bagasra”, 2017/0180380).
As per Claim 1, Bagasra discloses a system for securing an Internet of Things (IoT) device, comprising: 
a memory (at least paragraph 30-31, 45; IoT security engine network device installed in DNS server having memory); and 
a hardware processor that is coupled to the memory (at least paragraph 30-31, 45; IoT security engine network device installed in DNS server having processing unit) and that is configured to: 

in response to receiving the DNS request, determine whether to allow or drop a connection between the IoT device and a target domain corresponding to the FQDN by (at least paragraph 37-38, 44; If the DNS query domain name is identified as valid, then IoT security engine 150 may allow 630 network access to IoT device 105 by sending a network access message 635 that notifies IoT device 105 of its permission to access the network; If the DNS query domain name is not identified as a valid domain name, then IoT security engine 150 may deny 435 network access to IoT device 105 by sending a network denial message 435 that notifies IoT device 105 that its access to the network is denied and blocked):
classifying the FQDN into a category describing content associated with the FQDN (at least Fig. 11-13, paragraph 57-59, 62-63, 71-72, 74, 77, 81; IoT security engine logging and processing DNS queries of newly discovered IoT device(s) and by using OUI, manufacturer data field and device class field, determining whether the domain of a query is a legitimate domain to grant network access based on OUI, manufacturer data field and device class field);
determining similarity between the category and one or more categories of domains connected to by devices similar to the IoT device (at least Fig. 11-13, 
respond to the DNS request with instructions to allow or drop the connection based on the determining (at least paragraph 37-38, 44; If the DNS query domain name is identified as valid, then IoT security engine 150 may allow 630 network access to IoT device 105 by sending a network access message 635 that notifies IoT device 105 of its permission to access the network; If the DNS query domain name is not identified as a valid domain name, then IoT security engine 150 may deny 435 network access to IoT device 105 by sending a network denial message 435 that notifies IoT device 105 that its access to the network is denied and blocked).
As per Claim 2. The system of claim 1, wherein in determining whether to allow or drop the connection between the IoT device and the target domain corresponding to the FQDN, the hardware processor determines whether the target domain is owned by a manufacturer of the IoT device (at least paragraph 57-59, 62-63, 72-73; IoT security engine 150 identifying valid domains for the particular IoT security engine 150 … to identify one or more valid domains (e.g., manufacturer's domain(s)) for storing in IoT device-valid domain DB 120).
As per Claim 3. The system of claim 1, wherein in determining whether to allow or drop the connection between the IoT device and the target domain corresponding to the FQDN, the hardware processor determines a type, a manufacturer, and a model of 
As per Claim 4. The system of claim 1, wherein in determining whether to allow or drop the connection between the IoT device and the target domain corresponding to the FQDN, the hardware processor determines whether a category of domains of the target domain is in a black-list (at least paragraph 56, 62-63; domain(s) blacklist DB 125).
As per Claim 5. The system of claim 1, wherein in determining whether to allow or drop the connection between the IoT device and the target domain corresponding to the FQDN, the hardware processor determines whether the target domain or a category of domains of the target domain is in a white-list (at least paragraph 51, 56-58); valid lists and blacklists of valid domain names for IoT devices to send DNS requests to “Valid domain(s) field 815 stores one or more domain names that have been, using the exemplary processes described below, associated with a particular IoT device 105 identified in field 805 of an entry 800, where those associated domain names have been identified as being legitimate and valid domain names with which the particular IoT device 105 may communicate (e.g., a list of domains that the IoT device 105 may “visit”)).

As per Claims 8-13, 15-20. The limitations therein have substantially the same scope as claims 1-6 because claims 1-6 are a system for implementing those methods of claims 8-13 and non-transitory computer-readable medium of claims 15-20. Therefore claims 8-13 and 15-20 are rejected for at least the same reasons as claims 1-6.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 7, 14 is/are rejected under 35 U.S.C. 103 as being unpatentable over Bagasra in view of Fry et al (hereinafter “Fry”, 2019/0306182).

Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to incorporate the use of Fry’s behavior monitoring with Bagasra as Fry teaches this can learn expected behavior of an IoT device and can flag anomalous behavior to perform further tests to determine if the anomalous behavior is malicious.

Response to Arguments
Applicant's arguments filed 29 July 2021 have been fully considered but they are not persuasive.
Applicant argues, with respect to the amended limitations of exemplary claim 1, that Bagasra only provides examples in which database lookup is performed to validate the DNS, but no mechanisms to determine whether to allow or deny network access to the IoT device. However, Bagasra teaches multiple ways of determining whether to allow or deny network access to an IoT device. Bagasra teaches in at least Fig. 11-13, paragraph 57-59, 62-63, 71-72, 74, 77, 81, that an IoT security engine logs and processes DNS queries of newly discovered IoT device(s), and by using an OUI (organizationally unique identifier) or an IoT device, the manufacturer data field and the device class field, for example, determining whether the domain of a query is a legitimate domain to grant network access based on it’s OUI, manufacturer data field and device class field. Thus, Bagasra discloses the embodiment as claimed and as described in par. 66-72 of the specification where a target domain is determined to be on a white list or black list based on type, manufacturer or model of the device by determining if the target domain is in category of manufacturer category and whether other devices are similar by being from the same manufacturer.




Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP 
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to GREGORY G TODD whose telephone number is (303)297-4763.  The examiner can normally be reached on 8:30-5 MST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Nicholas Taylor can be reached on (571)272-3889.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.







/GREGORY G TODD/Primary Examiner, Art Unit 2457