Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
This Office Action is in response to the communication and claim amendment filed on 08/26/2021; Claims 5, 7, 12, 14, 18, and 20 were canceled;  Claims 1, 8, and 15 have been amended; and Claims 1, 8, and 15 are independent claims.  Claims 1-4, 6, 8-11, 13, 15-17, 19, and 21-26 have been examined and are pending.  This Action is made FINAL.
Response to Arguments
Applicants’ arguments in the instant Amendment, filed on 08/26/2021, with respect to limitations listed below, have been fully considered but they are not persuasive.
Applicant argues: Decenzo does not teach “identifying one or more network access points and one or more device characteristics of the one or more network access points via network mapping of border gateway protocol data” (Remark, pages 8-11).
The examiner disagrees with the applicant. The examiner respectfully submits that Decenzo does discloses a portion of the aforementioned limitations as the following:
Decenzo discloses identifying one or more network access points (Decenzo: abstract; par. 0050, The network of an embodiment includes additional components (e.g., access points, routers, switches, DSL modems, etc.) interconnecting the server with the data network, but is not so limited; par. 0055, The processing upon detection of an unacceptable level of feature differences, modifies the drone navigation pattern. If intrusion is detected by the drone and/or other sensors within a facility, such as a window being opened or a glass break detector or contact switch being asserted on an intrusion detection system; See also fig. 5, pars. 70, 73, 0108-0109, 0141-0142; triggering events include network devices) while self-guiding a route within an area of interest (Decenzo: par. 0056, When the drone is in autonomous mode (i.e. self-guiding), the modified pattern can be accomplished by the gateway/server producing a new route taking into consideration results of analytics processing, and reprogramming the drone with the new route …; See also pars. 0065; 0066; par. 0050). 
Applicant’s arguments with respect to the amended limitation “and one or more device characteristics of the one or more network access points via network mapping of border gateway protocol data” have been fully considered but are moot in view of the new ground(s) of rejection.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-2, 8-9, and 15-16 are rejected under 35 U.S.C. 103 as being unpatentable over Decenzo et al. (“Decenzo,” US 2017/0227965, published Aug. 10, 2017) in view of Hillier et al. (“Hillier,” US 2012/0320736, published Dec. 20, 2012). 
Regarding claim 1, Decenzo discloses a computer-implemented method for detecting and resolving network vulnerabilities using a drone, the method comprising:
 identifying one or more network access points (Decenzo: abstract; par. 0050, The network of an embodiment includes additional components (e.g., access points, routers, switches, DSL modems, etc.) interconnecting the server with the data network, but is not so limited; par. 0055, The processing upon detection of an unacceptable level of feature differences, modifies the drone navigation pattern. If intrusion is detected by the drone and/or other sensors within a facility, such as a window being opened or a glass break detector or contact switch being asserted on an intrusion detection system; See also fig. 5, pars. 70, 73, 0108-0109, 0141-0142; triggering events include network devices) while self-guiding a route within an area of interest (Decenzo: par. 0056, When the drone is in autonomous mode (i.e. self-guiding), the modified pattern can be accomplished by the gateway/server producing a new route taking into consideration results of analytics processing, and reprogramming the drone with the new route …; See also pars. 0065; 0066; par. 0050), wherein the route covers the entire area of interest (Decenzo: par. 0056, When the drone is in autonomous mode (i.e. self-guiding), the modified pattern can be accomplished by the gateway/server producing a new route taking into consideration results of analytics processing, and reprogramming the drone with the new route …; See also pars. 0065; 0066; par. 0050) and is at least one of (Decenzo: par. 0051, The sensors may communicate wirelessly to the gateway/server or communicate through an on-board computer on the drone. In general, sensors capture data (e.g., audio, video, environmental, data of drone systems/subsystems, etc.) and send signals to the gateway/server. Based on the information received from the onboard sensors, the gateway/server determines whether to trigger and/or send alarm messages to the remote server or device; pars. 0062, 0073);
detecting one or more network vulnerabilities of the one or more network access points (Decenzo: par. 0055, The processing upon detection of an unacceptable level of feature differences, modifies the drone navigation pattern. If intrusion is detected by the drone and/or other sensors within a facility, such as a window being opened or a glass break detector or contact switch being asserted on an intrusion detection system; See also fig. 5, pars. 70, 73, 0108, 0141-0142; triggering events include network devices);
 identifying a resolution to the one or more network vulnerabilities (Decenzo: par. 0062, The drone of an embodiment includes a triggered alarm response for responding to abnormal or alarm situations detected in/around the premises. On detecting or receiving any alarm or trouble that is initiated by an interconnected security system or as a result of drone sensors, the drone uses the route plan and crash avoidance to navigate to the waypoint closest to the reported point of protection that triggered the alarm or trouble to capture and transmit video images, sound, and/or environmental data. This data is stored and/or relayed to the command center and/or monitoring center); and
resolving, by the drone, the one or more network vulnerabilities based on the identified resolution (Decenzo: par. 0062, The drone of an embodiment includes a triggered alarm response for responding to abnormal or alarm situations detected in/around the premises. On detecting or receiving any alarm or trouble that is initiated by an interconnected security system or as a result of drone sensors, the drone uses the route plan and crash avoidance to navigate to the waypoint closest to the reported point of protection that triggered the alarm or trouble to capture and transmit video images, sound, and/or environmental data. This data is stored and/or relayed to the command center and/or monitoring center).
Decenzo discloses identifying one or more network access points while self-guiding a route within an area of interest, wherein the route covers the entire area of interest but does not “one or more device characteristics of the one or more network access points via network mapping of border gateway protocol data”
However, in an analogous art, Hillier discloses providing resilient digital telephony services for wireless device, wherein one or more device characteristics of the one or more network access points via network mapping of border gateway protocol data (Hillier: fig. 1, network access point 112 communicates with Border Gatewat 120; par. 0034, a mobile communication device 110 can connect directly with the network access point 112 via a longer range wireless communication standard than is available via the IEEE 802.11 and Bluetooth standards. For example, the mobile communication devices may connect to the network access point via one of the IEEE 802.16 standard and the 3GPP LTE standard; See also, pars. 0034-0036).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Hillier with the method and system of Decenzo, wherein one or more device characteristics of the one or (Hillier: abstract, pars. 0024-0026).
Regarding claim 2, the combination of Decenzo and Hillier discloses the method of claim 1. Decenzo further discloses comprising: 
transmitting information regarding the one or more vulnerabilities to a command center (Decenzo: par. 0055, The drone of an embodiment includes a triggered alarm response for responding to abnormal or alarm situations detected in/around the premises. On detecting or receiving any alarm or trouble that is initiated by an interconnected security system or as a result of drone sensors, the drone uses the route plan and crash avoidance to navigate to the waypoint closest to the reported point of protection that triggered the alarm or trouble to capture and transmit video images, sound, and/or environmental data. This data is stored and/or relayed to the command center and/or monitoring center).
Regarding claim 8, claim 8 is directed to a computer program product for detecting and resolving network vulnerabilities using a drone associated with the method 
Regarding claim 9, claim 9 is similar in scope to claim 2, and is therefore rejected under similar rationale.
Regarding claim 15, claim 15 is directed to a computer system for detecting and resolving network vulnerabilities using a drone, the computer system comprising: one or more computer processors, one or more computer-readable storage media, and program instructions stored on one or more of the computer-readable storage media for execution by at least one of the one or more processors associated with the method claimed in claim 1; claim 15 is similar in scope to claim 1, and is therefore rejected under similar rationale.
Regarding claim 16, claim 16 is similar in scope to claim 2, and is therefore rejected under similar rationale.
Claims 3, 10, and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Decenzo et al. (“Decenzo,” US 2017/0227965, published Aug. 10, 2017) Hillier et al. (“Hillier,” US 2012/0320736, published Dec. 20, 2012), further  view of Castro Duran et al. (“Castro,” US 2019/0172278,  filed Jul. 1, 2016).
Regarding claim 3, the combination of Decenzo and Hillier discloses the method of claim 2.  Decenzo and Hillier do not explicitly receiving a transmitted resolution to the one or more vulnerabilities from the command center based on the transmitted information.
(Castro: par. 0045, the drone processor 305 may be programmed to transmit a request for a solution to the service center. The request may include the received diagnostics information. The drone processor 305 may receive a response from the service center that includes a proposed solution.) 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Castro with the method and system of Decenzo and Hillier, wherein receiving a transmitted resolution to the one or more vulnerabilities from the command center based on the transmitted information to provide users with means for utilizing a drone to be in a better position to arrive at a vehicle location faster than a service lorry and provide support at a lower cost than other traditional methods of roadside assistance(Castro: par. 0007).
Regarding claim 10, claim 10 is similar in scope to claim 3, and is therefore rejected under similar rationale.
Regarding claim 17, claim 17 is similar in scope to claim 3, and is therefore rejected under similar rationale.



Claims 4 and 11 are rejected under 35 U.S.C. 103 as being unpatentable over Decenzo et al. (“Decenzo,” US 2017/0227965, published Aug. 10, 2017) Hillier et al. (“Hillier,” US 2012/0320736, published Dec. 20, 2012), further Castro Duran et al. (“Castro,” US Gu,” US 2019/0315482, filed Apr. 16, 2018).
Regarding claim 4, the combination of Decenzo, Hillier, and Castro discloses the method of claim 3. Decenzo, Hillier, and Castro do not explicitly disclose storing the transmitted resolution to the one or more vulnerabilities.
However, in an analogous art, Gu discloses storing the transmitted resolution (Gu: par. 0023, Moreover, because the determination is performed remotely from the UAV, the UAV's computing device need not have the additional processing power and data stored locally at the UAV required to make such determinations);
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Gu with the method and system of Decenzo, Hillier, and Castro, wherein storing the transmitted resolution to the one or more vulnerabilities to provide users with means for ensuring effective and efficient management for group of unmanned aerial vehicles.  Lowers overall cost and lead time of unmanned aerial vehicle since defective components and sub-assemblies are identified early in assembly process.  Ensures automatic responding to problem condition (Gu: abstract; pars. 0028, 0038).
Regarding claim 11, claim 11 is similar in scope to claim 4, and is therefore rejected under similar rationale.
Claims 6, 13, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Decenzo et al. (“Decenzo,” US 2017/0227965, published Aug. 10, 2017) Hillier et al. Hillier,” US 2012/0320736, published Dec. 20, 2012), and further in view of Flick (“Flick,” US 10,137,984, filed Aug. 12, 2016).
Regarding claim 6, the combination of Decenzo and Hillier disclose the method of claim 1.  Decenzo and Hillier do not explicitly disclose generating a model describing patterns of the identified one or more vulnerabilities; and modifying the route based on the model. 
However, in an analogous art, Flick disclose wherein generating a model describing patterns of the identified one or more vulnerabilities (Flick: Col. 23, lines 31-36; the machine learning programs may be trained by inputting sample data sets or certain data into the programs, such as drone, drone-mounted sensor, mobile device-mounted sensor, and/or home-mounted sensor data, smart home controller data, and other data discuss herein,,; Col. 23, line 59, Col. 24, line 6; Additionally, the machine learning programs may be trained with drone-mounted sensor data, home-mounted sensor data, mobile device sensor data, smart home controller data, and/or other sensor data to identify abnormal conditions (e.g., fires or water leaks); estimate damage to a property, property features, or personal articles; estimate repair or replacement costs for properties, property features, or personal articles; estimate insurance quotes for properties, property features, or personal articles; generate navigation maps; identify flight paths and obstacles within properties; determine corrective actions (de-energize circuits, control smart water valves, control smart fire extinguishers); determine recommendations; generate proposed insurance claims for insureds after an insurance-related event; and/or other actions discussed herein.); and 
 (Flick: Col. 23, lines 31-36; Col. 23, line 59, Col. 24, line 6; generate navigation maps; identify flight paths and obstacles within properties; determine corrective actions (de-energize circuits, control smart water valves, control smart fire extinguishers); determine recommendations; generate proposed insurance claims for insureds after an insurance-related event; and/or other actions discussed herein). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Flick with the method and system of Decenzo and Hillier, wherein generating a model describing patterns of the identified one or more vulnerabilities; and modifying the route based on the model to provide users with means for using machine learning to generate model which is created based upon example inputs of  data in order to make valid and reliable prediction for novel inputs (Flick: Col. 23: lines 28-30).
Regarding claim 13, claim 13 is similar in scope to claim 6, and is therefore rejected under similar rationale.
Regarding claim 19, claim 19 is similar in scope to claim 6, and is therefore rejected under similar rationale.

Claims 21, 23, and 25 are rejected under 35 U.S.C. 103 as being unpatentable over Decenzo et al. (“Decenzo,” US 2017/0227965, published Aug. 10, 2017) Hillier et al. (“Hillier,” US 2012/0320736, published Dec. 20, 2012), further in view of  Boyter et al. (“Boyter,”2003/0212779, published Nov. 13, 2003), and Simakov et al. (“Simakov,” US Von Bokern,” US 2014/0181891, published Jun. 26, 2014).
Regarding claim 21, the combination of Decenzo and Hillier teaches the method of claim 1. Decenzo and Hillier do not explicitly disclose wherein the one or more vulnerabilities are selected from a group comprising open ports, unsecured interfaces, unsecured APIs.
However, in an analogous art, Boyter discloses wherein the one or more vulnerabilities are selected from a group comprising open ports, unsecured interfaces, unsecured APIs (Boyter: par. 0060, determining all open ports, means for scanning each port of each active host for detecting security vulnerabilities, and means for notifying a user of all open ports and detected security vulnerabilities.  The system may further comprise a graphical user interface connected to a control database via a user interface gateway and a communications network for initiating a new scan job by entering a new set of address ranges by a user into a control database, and a daemon supervisor and a high priority port scanner daemon for executing an initial high priority port scan based on detecting an active host having an address within the new set of address ranges).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Boyter with the method and system of Decenzo and Hillier, wherein the one or more vulnerabilities are selected from a group comprising open ports, unsecured interfaces, unsecured APIs to provide users with means for detecting all designated hosts for changes in open ports and vulnerabilities effectively, and prevents access from unauthorized users (Boyter: abstract).

However, in an analogous art, Simakov discloses default administrative user credentials (Simakov : pars. 0082, 0085, A defender monitoring the admin user account activity may take remedial action, such as modifying the admin user account name, password, and/or group membership).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Simakov with the method and system of Decenzo, Hillier, and Boyter, wherein the one or more vulnerabilities are selected from a group comprising wherein default administrative user credentials to provides users with means for detecting a suspicious local activity using a remote admin interface protocol, so that defenders use remote admin interface protocol capabilities to gain visibility to local user's activities.  (Simakov: par. 0044).
Decenzo, Hillier, Boyter, and Simakov do not explicitly disclose a group publicly accessible networks.
However, in an analogous art, Von Bokern discloses a group publicly accessible networks (Von Borkern: par. 0052, an internet connection of the enterprise network 433 can be exploited by a system device to introduce threats and vulnerabilities to the enterprise domain from web-based sources).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Von Bokern with the method and system of Decenzo, Hillier, Boyter, and Simakov, wherein publicly (Von Bokern: abstract). 
Regarding claim 23, claim 23 is similar in scope to claim 21, and is therefore rejected under similar rationale.
Regarding claim 25, claim 25 is similar in scope to claim 21, and is therefore rejected under similar rationale.
Claims 22, 24, and 26 are rejected under 35 U.S.C. 103 as being unpatentable over Decenzo et al. (“Decenzo,” US 2017/0227965, published Aug. 10, 2017) Hillier et al. (“Hillier,” US 2012/0320736, published Dec. 20, 2012), further in view of Kotinas et al. (“Kotinas, US 2018/0255084 filed Mar. 1, 2018).
Regarding claim 22, the combination of Decenzo and Hillier teaches the method of claim 1. Decenzo and Hiller do not explicitly disclose wherein the one or more triggers are selected from a group comprising an electronic device connecting to the network, a power outage of the network, resetting of the network, updating the network, and updating the drone.
However, in an analogous art, Kotinas discloses systems and methods for behavioral cluster-based network threat detection, wherein the one or more triggers are selected from a group comprising an electronic device connecting to the network, a power outage of the network, resetting of the network, updating the network, and updating the (Kotinas: par.  0106; For example, the network security monitor 120 can, responsive to detecting the threat, disable the network element, restart the network element, reset the network element, repair the network element, patch or update the network element, or otherwise eliminate or remove the threat affecting the network element).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Kotinas with the method and system of Decenzo and Hillier, wherein at least one of randomized or based on one or more triggers to provide user with means for enabling indexing logs provided to a network security monitor, so that the network security monitor can achieve greater efficiency by comparing the logs to appropriate lists of potential threat indicators, thus reducing amount of computing resources consumed by the network security monitor during operation (Kotinas: pars. 0004; 0114).
Regarding claim 24, claim 24 is similar in scope to claim 22, and is therefore rejected under similar rationale.
Regarding claim 26, claim 26 is similar in scope to claim 22, and is therefore rejected under similar rationale.
Conclusion
Applicant’s amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Canh Le whose telephone number is 571-270-1380. The examiner can normally be reached on Monday to Friday 6:00AM to 3:30PM other Friday off.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on 571-270-5002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. 
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/Canh Le/
Examiner, Art Unit 2439

November 22nd, 2021 


/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439