DETAILED ACTION
This communication is in response to Applicant’s amendment filed on September 13, 2021.Claims 2, 9 and 16 have been canceled. Claims 1, 3-8, 10-15 and 17-20 are pending and are directed towards METHODS, SYSTEMS, AND MEDIA FOR DYNAMICALLY SEPARATING INTERNET OF THINGS DEVICES IN A NETWORK. Examiner acknowledges Applicant’s amendment to the claims, and therefore withdraws the previous office action’s claim objections and the 35 USC § 112 rejection. However, the rejection under 35 USC § 103 is maintained. The rejection is stated below.
 
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Bachar et al. U.S. Patent Pub. No. 2018/0013761 A1 (hereinafter “Bachar) in view of Josefsberg et al. U.S. Patent Pub. No. 2009/0222582 A1 (hereinafter “Josefsberg”) and further in view of McLinden et al. U.S. Patent No. 10,742,674 B1 (hereinafter “McLinden”) 

As per claims 1, 8 and 15, Bachar teaches method, system and a non-transitory computer-readable medium containing computer-executable instructions that, when executed by a processor, cause the processor to perform a method for dynamically separating Internet of Things (IoT) devices in a network, the method/system comprising: 
A hardware processor (a device having a processor coupled to memory. Bachar, para [0007]) that is configured to:
detecting a first IoT device in the network having a first Internet Protocol (IP) address (detecting a device connecting to a local network, wherein the local network is divided into subnets. Bachar, para [0005])( DHCP Server 410 may be configured to dynamically distribute network configuration parameters, such as IP addresses, to devices in the network. Bachar, para [0067]) [any device connected to a network must have an IP address]; 
monitoring network communication of the first IoT device (monitoring communication traffic of devices in each of the subnets. Bachar, para [0006]); 
determining device information of the first IoT device based on the monitored network communication (determining a usage profile of the device. Bachar, para [0005])[the usage profile has all the device information]; and 
assigning the first IoT device to a second IP address of a first subnet of a plurality of subnets in the network based on the device information (automatically selecting a subnet of the local network to connect the device based on the usage profile; and connecting the device to the selected subnet in the local network. Bachar, para [0005]) (IoT subnets may be created. In some exemplary embodiments, all IoT devices may be added to a same IoT subnet. Additionally or alternatively, different IoT subnets may be created for cluster of IoT devices that are expected to communicate with one another, such as for example in case of IoT temperature sensors, IoT air conditioning device and IoT windows (not shown). FIG. 1B exemplifies such an IoT subnet in IoT Subnet 154 which comprises IoT Devices 146, 147. As another example, as IoT Device 148, which may be an IoT of a refrigerator, is not expected to communicate with the IoT Devices in IoT Subnet 154, it may be added to a separate subnet--IoT Subnet 156. Bachar, para [0031]).
Bachar does not explicitly teach determining if the first IoT device has not reconfigured from the first IP address to the second IP address in response to being assigned to the first subnet. 
However, Josefsberg teaches determining if the first IoT device has not reconfigured from the first IP address to the second IP address in response to being assigned to the first subnet (recognizing a connection problem to the host server associated with the first IP address, selecting the second IP address in the list and establishing a connection to the host server at the second IP address. Josefsberg, para [0025]) 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to modify the teaching of Bachar to determining if the first IoT device has not reconfigured from the first IP address to the second IP address in response to being assigned to the first subnet. One would be motivated to do so, to detect devices and applications that fail to incorporate. (Josefsberg, para [0013]).
Bachar does not explicitly teach in response to determining that the first IoT device has not reconfigured from the first IP address to the second IP address in response to being assigned to the first subnet, adding a media access control (MAC) address of the first IoT device to a deny list of a host access point.
However, McLinden teaches in response to determining that the first IoT device has not reconfigured from the first IP address to the second IP address in response to being assigned to the first subnet, adding a media access control (MAC) address of the first IoT device to a deny list of a host access point (the SAPSIN device may mark the previously configured device as potentially compromised and quarantine the potentially compromised device. For example, the SAPSIN device may update the table of compromised devices in the security database to include the potentially compromised device. The table may include identifiers of the compromised devices, including the media access control (MAC) address, internet protocol (IP) address, domain name, and the like. In one embodiment, the SAPSIN device may block requests from one of the compromised device. When the SAPSIN device receives a new request, the SAPSIN device may obtain the source MAC address of the request, and compare the source MAC address with the MAC address of the compromised devices in the security database. If there is a match, the SAPSIN may determine the request comes from a compromised device, and deny the request by dropping the request data packets. McLinden, Col. 9 Lines 37-53).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to modify the teaching of Bachar so that in response to determining that the first IoT device has not reconfigured from the first IP address to the second IP address in response to being assigned to the first subnet, adding a media access control (MAC) address of the first IoT device to a deny list of a host access point. One would be motivated to do so, to prevent attacks in internet of things (IoT) networks. (McLinden, Col. 1, lines 8-9).

As per claims 2, 9 and 16, Bachar, Josefsberg and McLinden teach claims 1, 8 and 15 above, further comprising assigning to the first IoT device the second IP address corresponding to the first subnet (DHCP Server 410 may be configured to dynamically distribute network configuration parameters, such as IP addresses, to devices in the network. DHCP Server 410 may be configured to define for each device an IP address which may include a subnet portion defining a subnet to which the device is connected and a host part defining an identifier of the device within the subnet. The DHCP Server 410 may be configured to create new subnets, assign devices to subnets, move devices from one subnet to the other. Bachar, para [0068]).

As per claims 3,  10 and 17, Bachar, Josefsberg and McLinden teach claims 1, 8 and 15 above, further comprising restricting communication between the first IoT device configured to communicate on the first subnet and a second IoT device configured to communicate on a (one or more security rules may be selected. The security rules may be firewall rules for blocking packets, for acting upon packets having some data or meta-data, or the like. In some cases, a rule may prohibit certain or all intra-subnet communication, inter-subnet communication, communication towards another device or sets of devices, communication towards an external network, such as the Internet, or the like. The security rules may be selected as a set of security rules applicable to the subnet to which the device is connected. In some embodiments, one set of rules may be applicable, for example, for guest subnet such as 150 of FIG. 1B, while another set of rules may be applicable, for example, for user device subnet such as 152 of FIG. 1B. Additionally or alternatively, there may be specific rules for the device itself, such as expecting an IoT device to communicate only with a remote server at a certain domain, expecting IoT device to send packets of specific content. Bachar, para [0056]).

As per claims 4, 11 and 18, Bachar, Josefsberg and McLinden teach claims 1, 8 and 15 above, further comprising dynamically creating the first subnet in response to determining the device information (subnets may be created upon demand when they are needed, such as when a singleton subnet is required for a device (e.g., IoT device, user device, or the like), the singleton subnet may be created. As another example, after a cluster of IoT devices is detected, a new subnet may be created for the cluster and the cluster may be moved from their subnet to the newly created subnet. Bachar, para [0041]).

As per claims 5, 12 and 19, Bachar, Josefsberg and McLinden teach claims 1, 8 and 15 above, further comprising allowing the first IoT device to communicate with a remediation  (removing the device from the subnet and connecting the device to a quarantine subnet of the local network, whereby reducing connectivity of the device with other devices connected to the local network. Bachar, para [0005]).

As per claims 6 and 13, Bachar teaches claims 2 and 9 above, wherein assigning the first IoT device to the first subnet comprises sending at least one Dynamic Host Configuration Protocol (DHCP) message to cause the first IoT device to reconfigure to the second IP address (creation of subnets may be automatic when needed. Additionally or alternatively, devices may be automatically assigned to subnets and moved from one subnet to the other based on their profile, including their expected and actual behavior. Bachar, para [0018]) (DHCP Server 410 may be configured to dynamically distribute network configuration parameters, such as IP addresses, to devices in the network. DHCP Server 410 may be configured to define for each device an IP address which may include a subnet portion defining a subnet to which the device is connected and a host part defining an identifier of the device within the subnet. The DHCP Server 410 may be configured to create new subnets, assign devices to subnets, move devices from one subnet to the other, or the like. Bachar, para [0068]).

As per claims 7, 14 and 20, Bachar, Josefsberg and McLinden teach claims 1, 8 and 15 above, further comprising: 
detecting an anomaly associated with the first IoT device (performing anomaly detection to detect an abnormal communication of a device connected to a subnet. Bachar, claim 1).


Response to Arguments
Applicant's arguments with respect to 35 U.S.C. § 103 rejection have been fully considered but they are not persuasive.
Applicant’s argues that the secondary reference Josefsberg does not disclose the limitation “determining if the first IoT device has not reconfigured from the first IP address to the second IP address in response to being assigned to the first subnet” recited in independent claims 1, 8 and 15.
 
In Response:
Examiner respectfully disagrees with Applicant’s assertion. The reconfiguration process is done a Dynamic Host Configuration Protocol (DHCP) as stated in the specification (an IoT device newly connected to a network can send a DHCP DISCOVER message. For example, in some embodiments, the IoT device can broadcast the DHCP DISCOVER message. At 204, a router can receive the DHCP DISCOVER message from the IoT device. At 206, the router can respond to the IoT device with a DHCP OFFER message. For example, in some embodiments, the router can broadcast a DHCP OFFER message assigning an IP address to the IoT device for a relatively short lease time (e.g., five minutes). In some embodiments, the assigned IP address can correspond to a "newly connected" subnet. At 208, the IoT device can receive the DHCP OFFER message from the router. At 210, the IoT device can send a DHCP REQUEST message to the router. For example, in some embodiments, the IoT device can broadcast a DHCP REQUEST message requesting the IP address. At 212, the router can receive the DHCP REQUEST message from the IoT device. At 214, the router can respond to the IoT device with a DHCP ACK message. At 216, the IoT device can receive the DHCP ACK message from the IoT device. Spec, para [0038] [0045]). 
The primary reference explicitly teach (DHCP) that grant, renew, reassign IP addresses for internet of thing devices, when they move from one subnet to another (creation of subnets may be automatic when needed. Additionally or alternatively, devices may be automatically assigned to subnets and moved from one subnet to the other based on their profile, including their expected and actual behavior. Bachar, para [0018]) (DHCP Server 410 may be configured to dynamically distribute network configuration parameters, such as IP addresses, to devices in the network. DHCP Server 410 may be configured to define for each device an IP address which may include a subnet portion defining a subnet to which the device is connected and a host part defining an identifier of the device within the subnet. The DHCP Server 410 may be configured to create new subnets, assign devices to subnets, move devices from one subnet to the other, or the like. Bachar, para [0068]).
When the broadest reasonable interpretation give to the claimed limitation, the language of the limitation indicates that the recited step is optional, in that they may or may not be performed, usage of the term “if” is deemed to be optional language, as there remains the possibility that the claim limitations based upon the "if" condition are not exercised or triggered. In another words, if the reference teaches that the Iot device has been reconfigured, then it reads on the determination step. Since the primary reference teaches the DHCP configuration, the secondary reference was added to teach that a device can fail a reconfiguration of a first IP address and be assigned to a second IP address (recognizing a connection problem to the host server associated with the first IP address, selecting the second IP address in the list and establishing a connection to the host server at the second IP address. Josefsberg, para [0025]). 

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KHALID M ALMAGHAYREH whose telephone number is (571)272-0179. The examiner can normally be reached Monday - Thursday 8AM-5PM EST & Friday variable.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, SALEH NAJJAR can be reached on (571)272-4006. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



Respectfully Submitted

/KHALID M ALMAGHAYREH/Examiner, Art Unit 2492                                                                                                                                                                                                        
/SALEH NAJJAR/Supervisory Patent Examiner, Art Unit 2492