ETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Remarks
In a response filed on December 22, 2021 (the “Response”), Applicant amends claims 1 and 10.
Claims 1, 3-10 and 12-22 are presented for examination.
Response to Arguments
Applicant’s arguments submitted December 22, 2021 have been fully considered, but they are not persuasive for at least the following reasons.
On page 2, in the Remarks section of the Response, Applicant argues:
“As amended, independent Claims 1 and 10 each further recite that the ‘private cloud control center agent is configured to modify at least a portion of the monitored data transmission before it is sent to an intended destination’ including by ‘encrypting at least a portion of the monitored data’ or ‘removing at least one of: a header of an HTTP packet to remove a device type, an operating system, or a firmware version of the IoT device.’ ... None of Shuman, Valencia, or Terzis, whether considered individually or in combination discloses performing such....”

Examiner agrees with Applicant’s instant argument.  Accordingly, the previously presented obviousness rejections of the claims have been withdrawn.
However, Applicant’s amendment to the claims necessitate new grounds of prior art rejection for obviousness.  Therefore, as necessitated by Applicant’s amendment to the claims, Examiner further applies Maloo (US 2014/0006479 A1) and Doi (US 2014/0281912 A1) and raises new grounds of prior art rejection as set forth below.

mutatis mutandis as per independent claims 1 and 10, Examiner’s rebuttal to Applicant’s foregoing argument equally applies to Applicant’s remaining argument (i.e., “remaining claims depend...from one of the aforementioned independent claims and are therefore believed to be allowable for the same reasons”).
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 3, 7-10, 12, 16-18, 21 and 22 are rejected under 35 U.S.C. 103 as being unpatentable over Shuman et al. (US 2016/0128043 A1, hereinafter Shuman) in view of Valencia et al. (US 2014/0337862 A1, hereinafter Valencia) further in view of Maloo (US 2014/0006479 A1, hereinafter Maloo) further in view of Doi (US 2014/0281912 A1, hereinafter Doi).
Regarding claims 1 and 10, Shuman teaches a system (example: 140, FIG. 1C / 1160, FIG. 11) comprising a private cloud control center agent (D2D Application, FIG. 11) provided between a public network (175, FIG. 1C) and a private cloud (130/160, FIG. 1C) and configured to:
data transmission to or from an IoT device (example: 1150, FIG. 11) that is carried out through the private cloud in accordance with an IoT rule that is applied in the data transmission of the IoT device, when the IoT device is connected for management 
However, Shuman does not explicitly disclose: monitor data transmission to or from an IoT device, wherein the private cloud control center agent is configured to modify at least a portion of the monitored data transmission before it is sent to an intended destination, wherein modifying the at least the portion of the monitored data transmission includes performing at least one action including: (1) encrypting at least a portion of the monitored data, or (2) removing or rewriting at least a portion of the monitored data to remove at least one of: a header of an HTTP packet to remove a device type, an operating system, or a firmware version of the IoT device; detect security-risking behavior or state of the IoT device at least based on the monitored data transmission to or from the IoT device, wherein detecting the security-risking behavior of the IoT device includes comparing a previously determined device profile for the IoT device with the monitored data transmission; wherein the previously determined device profile describes previously determined normal behavior of the IoT device, and wherein the previously determined device profile was determined at least in part by a device profiling engine configured to: monitor data collected by a device interposed between the IoT device and a remote resource, wherein the collected data comprises data transmitted from the IoT device to the remote resource; generate an initial device 
In an analogous art, Valencia teaches a system comprising:
monitor (316, FIG. 3A) data transmission (112, FIG. 1) to or from an IoT device (214, FIGS. 2A-2B) (¶ 27 “The terms ‘mobile computing device’ and ‘mobile device’ are used interchangeably herein to refer to...internet-of-things (IoT) connected devices”; ¶ 54 “two-way wireless communication links 112”; ¶ 66 “monitor/observe transmissions or communications of the IoT/mobile device”; ¶ 134, 135 “observing IoT/mobile device behaviors in block 316”; note: Valencia may monitor 316 [see ¶ 134, 135] transmissions 112 [see ¶ 54, 66] of an IoT device, such as the processor(s) 214 running a high-level operating system [see ¶ 25, 27, 58, 148]);
detect (320-322, FIG. 3A) security-risking behavior or state of the IoT device at least based on the monitored data transmission to or from the IoT device (¶ 27, 66, 134, 135 “detect/determine that the observed behavior is...‘Malicious’[] in block 322”; note: Valencia’s IoT/mobile device behavior may cause a security risk [see ¶ 24, 58, 76),
wherein detecting the security-risking behavior of the IoT device includes comparing a previously determined device profile for the IoT device with the monitored data transmission (¶ 24, 27, 58, 76, 81 “behavior analyzer module 204 may be configured to...learn the normal operational behaviors of the mobile device; ¶ 134 “compare monitored/observed IoT/mobile device behaviors to the received models/ mappings to determine whether an observed behavior is... malicious”; ¶ 135 “determine that the monitored/observed behavior is...‘Malicious’ [] in block 322”),

wherein the previously determined device profile was determined at least in part by a device profiling engine (204, FIG. 2A) (¶ 81 “module 204 may...learn/determine the normal operational behaviors of the mobile device”; note: module 204 reads on Applicant’s “device profiling engine” [see ¶ 81]) configured to:
monitor data collected by a device (202, FIG. 2A) interposed between the IoT device and a remote resource, wherein the collected data comprises data transmitted from the IoT device to the remote resource (¶ 58 “modules 202-210 may be implemented...in specialized...processors”; note: “communication links 112, such as 4G, 3G, CDMA, TDMA, LTE” are transmitted to a remote resource such as a server 114/116 [see ¶ 54, 55]);
generate an initial device profile (note: the “normal behavior” that module 204 initially “learns,” is an “initial device profile” [see ¶ 81]); and
update the device profile based at least in part on observed data (¶ 52 “generate ...updated classifier models/device profile based on...new information, machine learning ...and detected changes/observed data”); and
upon detecting the security-risking behavior or state of the IoT device, performing (322, FIG. 3A) a remedial action for the data transmission to or from the IoT device (¶ 
Before the effective filing date of the invention, one of ordinary skill in the art would have recognized the ability to utilize the teachings of Valencia for determining when security risking behavior that requires a remedial action is detected, by having a device profiling engine/behavior analyzer: (1) monitor transmissions from an IoT device/ processor to a remote resource/server; and (2) generate a IoT device profile that the device profiling engine/behavior analyzer updates based on the transmissions.  The teachings of Valencia, when used within the existing system of Shuman’s private cloud control center agent, will improve security by enabling the system to determine the security risk posed by malicious behavior.  Therefore, Examiner concludes that it would have been obvious for one of ordinary skill in the art to arrive at the above-claimed invention.
However, Shuman in view of Valencia does not explicitly disclose: wherein the private cloud control center agent is configured to modify at least a portion of the monitored data transmission before it is sent to an intended destination, wherein modifying the at least the portion of the monitored data transmission includes performing at least one action including: (1) encrypting at least a portion of the monitored data, or (2) removing or rewriting at least a portion of the monitored data to remove at least one of: a header of an HTTP packet to remove a device type, an operating system, or a firmware version of the IoT device.

Maloo teaches: configured to modify at least a portion of a monitored data transmission before it is sent to an intended destination (¶ 16 “remove, or modify HTTP headers/portions...provide a forwarding IP address in the place of a destination address”),
wherein modifying the at least the portion of the monitored data transmission includes performing at least one action including: (1) encrypting at least a portion of the monitored data, or (2) removing or rewriting at least a portion of the monitored data to remove at least one of: a header of an HTTP packet to remove a device address (¶ 16 “remove, or modify HTTP headers/portions...provide a forwarding IP address in the place of a destination address”).
Before the effective filing date of the invention, one of ordinary skill in the art would have recognized the ability to utilize the teachings of Maloo for modifying a portion of a monitored transmission by removing its header to conceal an IP address.  The teachings of Maloo, when used within the system of Shuman in view of Valencia’s private cloud control center agent, will improve security further by having the system modify a monitored data transmission that poses a security risk, in order to reduce the security risk of the transmission.  Therefore, Examiner concludes that it would have been obvious for one of ordinary skill in the art to arrive at the above-claimed invention.
However Shuman in view of Valencia further in view of Maloo does not explicitly disclose: removing or rewriting at least a portion of the monitored data to remove at least one of: a header of an HTTP packet to remove a device address.
In an analogous art, Doi teaches: wherein an IP address corresponds to a device type (¶ 39 “decision unit 14 decides the device type of a communication destination, 
Before the effective filing date of the invention, one of ordinary skill in the art would have recognized the ability to utilize the teachings of Doi for determining a device type from an IP address by having the IP address identify (by corresponding to) the device type.  The teachings of Doi, when used with the system of Shuman in view of Valencia further in view of Maloo’s modification of an HTTP header to remove a destination IP address, will (1) improve efficiency by enabling the system’s private cloud control center agent to use identify a device type from an IP address, while (2) removing the device type’s identifier (i.e., the IP address) to conceal it from devices other than the cloud control center agent.
Regarding claims 3 and 12, Shuman in view of Valencia further in view of Maloo further in view of Doi teaches all of the limitations of claims 1 and 10, as previously stated, and further teaches: wherein
the security-risking behavior of the IoT device is detected (Valencia: 320-322, FIG. 3A) based at least in part on comparison (Valencia: 138, FIG. 3A) of a reference behavior with the monitored (Valencia: 316, FIG. 3A) data transmission to or from the IoT device (Shuman ¶ 53, 105, 106; Valencia ¶ 27, 66, 134 “compare observed mobile device behaviors to the received models/mappings to determine whether an observed behavior is...malicious”; Valencia ¶ 135 “detect/determine that the observed behavior is...‘Malicious’[] in block 322”; note: Valencia’s mobile device behavior may cause a security risk [see Valencia ¶ 24, 76), and
: past behavior of the IoT device, behavior of other IoT devices managed by the private cloud control center agent, behavior of other IoT devices of the same type, or IoT devices used by users other than a user of the IoT device (Shuman ¶ 53, 105, 106; Valencia ¶ 27, 81, 148 “determine whether...behavior [] is acceptable or common...by comparing the current behavior with past behaviors of the mobile device”).
Before the effective filing date of the invention, one of ordinary skill in the art would have recognized the ability to utilize the teachings of Valencia for comparing monitored IoT transmissions against past behavior.  The teachings of Valencia, when used within the system of Shuman in view of Valencia further in view of Maloo further in view of Doi’s security-risk detection feature, will make the system’s detection of security risks straightforward and, thus, efficient by simply comparing the system’s monitored IoT transmissions against past behavior.  Therefore, Examiner concludes that it would have been obvious for one of ordinary skill in the art to arrive at the above-claimed invention.
Regarding claims 7 and 16, Shuman in view of Valencia further in view of Maloo further in view of Doi teaches all of the limitations of claims 1 and 10, as previously stated, and further teaches: wherein the remedial action includes alerting a user associated with the private cloud (Shuman: 130/160, FIG. 1C) that the IoT device is behaving abnormally (Shuman ¶ 52, 53; Valencia ¶ 27, 82 “When the behavior analyzer module determines that a behavior is malicious…notify the user”).
Before the effective filing date of the invention, one of ordinary skill in the art would have recognized the ability to utilize the teachings of Valencia for notifying a user 
Regarding claims 8 and 17, Shuman in view of Valencia further in view of Maloo further in view of Doi teaches all of the limitations of claims 1 and 10, as previously stated, and further teaches: wherein the data transmission to or from the IoT device includes data transmission between the IoT device and other IoT devices managed through the private cloud (Shuman: 130/160, FIG. 1C) (Shuman ¶ 46 “device 130 may…control or otherwise manage components 110-118”; Shuman ¶ 53 “peer-to-peer communication network”).
Regarding claims 9 and 18, Shuman in view of Valencia further in view of Maloo further in view of Doi teaches all of the limitations of claims 1 and 10, as previously stated, and further teaches: wherein the data transmission to or from the IoT device includes data transmission between the IoT device and a source accessed through, at least in part, a public network (Shuman: 175, FIG. 1C) (Shuman ¶ 58).
Regarding claims 21 and 22, Shuman in view of Valencia further in view of Maloo further in view of Doi teaches all of the limitations of claims 1 and 10, as previously stated, and further teaches: wherein the device (Valencia: 202, FIGS. 2A-2B) interposed between the IoT device (Shuman: 1150, FIG. 11 / Valencia: 214, FIGS. 2A-2B) and the remote resource (Valencia: 116/118, FIG. 1) is configured to intercept the data 
Before the effective filing date of the invention, one of ordinary skill in the art would have recognized the ability to utilize the teachings of Valencia for intercepting data transmitted from an IoT device/processor to a remote resource/ server.  The teachings of Valencia, when used within the system of Shuman in view of Valencia further in view of Maloo further in view of Doi’s device interposed between the system’s IoT and remote resource, will improve the device by providing it with a practical, straight-forward way of monitoring the IoT’s behavior.  Therefore, Examiner concludes that it would have been obvious for one of ordinary skill in the art to arrive at the above-claimed invention.
Claims 4, 6, 13 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Shuman in view of Valencia further in view of Maloo further in view of Doi further in view of Joo (US 2016/0173495 A1, hereinafter Joo).
Regarding claims 4 and 13, Shuman in view of Valencia further in view of Maloo further in view of Doi teaches all of the limitations of claims 1 and 10, as previously stated, and further teaches: wherein
the security-risking behavior of the IoT device is detected (Valencia: 320-322, FIG. 3A) based at least in part on comparison (Valencia: 138, FIG. 3A) of a reference behavior with the monitored (Valencia: 316, FIG. 3A) data transmission to or from the IoT device (Shuman ¶ 53, 105, 106; Valencia ¶ 27, 66, 134 “compare observed mobile device behaviors to the received models/mappings to determine whether an observed behavior is...malicious”; Valencia ¶ 135 “detect/determine that the observed behavior 
However, Shuman in view of Valencia further in view of Maloo further in view of Doi does not explicitly disclose, yet Joo teaches: a comparison includes comparison of at least one of: a destination of data transmitted through a data transmission, timing of a data transmission, an amount of data transmitted through a data transmission, or bytes histogram of data transmitted through a data transmission (¶ 36 “comparing/checking 122 whether the interval/data timing has exceeded a predetermined threshold/amount”).
Before the effective filing date of the invention, one of ordinary skill in the art would have recognized the ability to utilize the teachings of Joo for comparing monitored IoT transmissions against a predetermined timing threshold.  The teachings of Joo, when used within the system of Shuman in view of Valencia further in view of Maloo further in view of Doi’s security-risk detection feature, will: (1) improve security by enabling the system to detect a DoS attack; and (2) make the system’s detection of security risks straightforward and, thus, efficient by simply comparing the system’s monitored IoT transmissions against a predetermined timing threshold.  Therefore, Examiner concludes that it would have been obvious for one of ordinary skill in the art to arrive at the above-claimed invention.
Regarding claims 6 and 15, Shuman in view of Valencia further in view of Maloo further in view of Doi teaches all of the limitations of claims 1 and 10, as previously stated, and further teaches: the remedial action (Valencia ¶ 24, 27, 66, 76, 135 “If the mobile device processor determines that the observed behavior is...‘Malicious’[] in block 
However, Shuman in view of Valencia further in view of Maloo further in view of Doi does not explicitly disclose, yet Joo teaches: wherein a remedial action includes quarantining the IoT device (note: when “the authentication history…exceeds” a threshold [i.e., malicious behavior] Joo may “quarantine” by blocking authentication [see ¶ 66]).
Before the effective filing date of the invention, one of ordinary skill in the art would have recognized the ability to utilize the teachings of Joo for quarantining an IoT device that appears to pose a security risk.  The teachings of Joo, when used with the system of Shuman in view of Valencia further in view of Maloo further in view of Doi’s remedial action, will provide the system with straightforward and, thus, efficient remedial action by simply having the system quarantine an IoT device that appears to pose a security risk.  Therefore, Examiner concludes that it would have been obvious for one of ordinary skill in the art to arrive at the above-claimed invention.
Claims 5 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Shuman in view of Valencia further in view of Maloo further in view of Doi further in view of Borlick et al. (US 2016/0119372 A1, hereinafter Borlick).
Regarding claims 5 and 14, Shuman in view of Valencia further in view of Maloo further in view of Doi teaches all of the limitations of claims 1 and 10, as previously stated, and further teaches: wherein the private cloud control center agent (Shuman: D2D Application, FIG. 11) is further configured to sending data to the IoT device (Shuman: 1150, FIG. 11), and determine (Valencia: 320-322, FIG. 3A) security-risking 
Before the effective filing date of the invention, one of ordinary skill in the art would have recognized the ability to utilize the teachings of Valencia for determining whether IoT device’s behavior is a security risk.  The teachings of Valencia, when used with the IoT devices of the system of Shuman in view of Valencia further in view of Maloo further in view of Doi’s registration-based response, will improve security by enabling the system to determine whether its IoT device’s registration message is normal or a security risk.  Therefore, Examiner concludes that it would have been obvious for one of ordinary skill in the art to arrive at the above-claimed invention.
However, Shuman in view of Valencia further in view of Maloo further in view of Doi does not explicitly disclose, yet Borlick teaches: wherein an agent is further configured to simulate an attack of a third party device attempting to gain control of a device by sending data to the device, and determine security-risking state of the device based on a response to the sent data by the device (¶ 21 “simulate an attack to probe if device 114 is susceptible to a known security vulnerability by determining whether expected data can be obtained by device 114”).
Before the effective filing date of the invention, one of ordinary skill in the art would have recognized the ability to utilize the teachings of Borlick for simulating an attack in order to detect a security risk.  The teachings of Borlick, when used within the .
Claims 19 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Shuman in view of Valencia further in view of Maloo further in view of Doi further in view of Perier (US 2015/0229654 A1, hereinafter Perier).
Regarding claims 19 and 20, Shuman in view of Valencia further in view of Maloo further in view of Doi teaches all of the limitations of claims 1 and 10, as previously stated, and further teaches: the device (Valencia: 202, FIGS. 2A-2B) interposed between the IoT device (Shuman: 1150, FIG. 11 / Valencia: 214, FIGS. 2A-2B) and the remote resource (Valencia: 116/118, FIG. 1) (Valencia ¶ 58 “modules 202-210 may be implemented...in specialized... processors”; note: “communication links 112, such as 4G, 3G, CDMA, TDMA, LTE” are transmitted to a remote resource such as a server 114/116 [see Valencia ¶ 54, 55]).
However, Shuman in view of Valencia further in view of Maloo further in view of Doi does not explicitly disclose, yet Perier teaches: wherein a device (124, FIG. 2) interposed between an IoT device (112, FIG. 2) and a remote resource comprises a firewall (¶ 80 “IoT security module 124 acts as a firewall”; ¶ 40 “remote resource/utility company 206 provides the resource 204”; ¶ 32 “modules 112...and 124 may be configured independently”).
.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Kalish Bell whose telephone number is (571) 272-5294. The examiner can normally be reached 9am-5pm, M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool.  To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey L Nickerson can be reached on (469) 295-9235. The fax phone 
Information regarding the status of published or unpublished applications may be obtained from Patent Center.  Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format.  For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).  If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/Jeffrey Nickerson/Supervisory Patent Examiner, Art Unit 2432                                                                                                                                                                                                        
/KALISH K BELL/Examiner, Art Unit 2432