DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

      Information Disclosure Statement
The information disclosure statement(s) (IDS) submitted on 01/29/2020, 08/04/2020 and 10/20/2021 were filed before the mailing date of this office action.  The submissions are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statements are being considered by the examiner.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claim 20 is rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  The claim(s) does/do not fall within at least one of the four categories of patent eligible subject matter because the "computer readable recording medium", under the broadest reasonable definition, may encompass transitory signals and carrier waves. 
Although the applicant diligently claimed “a non-transitory computer readable medium” and “non-transitory storage medium”, the omission of the term “non-transitory” in the actual claim language is a broadening of the term “computer readable medium” that may encompass transitory signals. It should be further noted that the applicant did not define the term “computer readable medium” to explicitly exclude carrier waves or transitory signals. 
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.


Claims 1-2, 7-12 and 17-20 are rejected under 35 U.S.C. 102(a)(2) as being anticipated      by US-PGPUB No. US 2019/0044974 A1 to Hayward et al. (hereinafter Hayward)  
Regarding claim 1:
Hayward discloses:
An electronic device comprising: 
a communicator (see Hayward ¶32: “A … network interface …”); 
a memory including at least one command (see Hayward ¶04: “… a memory that stores code executable by the processor … to check a first set of network settings information …”); 
and at least one processor configured to execute the at least one command to obtain an Internet protocol (IP) address corresponding to a domain name of a web page when a user command inputting the domain name is received (see Hayward ¶04: “… includes a processor …”, and 
¶62: “… the request module 304 may send a ping requestor command … to determine … the MAC address, the IP address …”),
and at least one processor configured to execute the at least one command to obtain an Internet protocol (IP) address corresponding to a domain name of a web page when a user command inputting the domain name is received (see Hayward ¶62: “… the request module 304 may send a ping requestor command … to determine … the MAC address, the IP address …”),
 (see Hayward ¶66: “… the request module 304 may run the traceroute command to determine the number of hops …”), 
and determine that a man-in-the-middle attack exists in the network path when a communication connection with the server is established on the basis of a smaller number of hops than the identified number of hops (see Hayward ¶07: "The man-in-the-middle attacker may be detected in response to the number of hops to the network router being different than a previously determined number of hops to the network router.”).   

Regarding claim 2:
Hayward discloses: 
The electronic device as claimed in claim 1, wherein the at least one processor is further configured to identify the number of hops included in the network path connecting the server corresponding to the obtained IP address and the electronic device to each other on the basis of information on the number of hops stored in the memory (see Hayward ¶07: “The second set of network settings information may include a number of hops …”, and 
¶76: “… the previously stored network settings information”).
 
Regarding claim 7:
Hayward discloses:
The electronic device as claimed in claim 1, wherein the at least one processor is further configured to: obtain the IP address corresponding to the domain name of the web page when the user command inputting the domain name is received (see Hayward ¶62: “… the request module 304 may send a ping requestor command … to determine … the MAC address, the IP address …”), 
and determine that the man-in-the-middle attack exists in the network when the communication connection with the server corresponding to the obtained IP address is established on the basis of one hop (see Hayward ¶66: “…  if a victim device 206 is connected directly to the network router 210, then the number of hops will be one.”).  

Regarding claim 8: 
Hayward discloses:
The electronic device as claimed in claim 1, wherein the at least one processor is further configured to provide a notification for security of the network through an output when it is determined that the man-in-the-middle attack exists in the network (see Hayward ¶10: “… the countermeasure action comprises one or more of logging information associated with the man-in-the-middle attacker and sending a notification to an administrator that indicates the presence of the man-in-the-middle attacker.”).  

Regarding claim 9:
Hayward discloses: 
The electronic device as claimed in claim 1, wherein the at least one processor is further configured to end the communication connection with the server when it is determined that the man-in-the-middle attack exists in the network (see Hayward ¶11: “… the countermeasure action comprises remotely shutting-down the device of the man-in-the-middle attacker.”, and ¶75: “… the action module 308 may send a kill command, a shutdown command, a deactivate command, a hibernate command, and/or the like to the MITM device 208 that triggers or causes the MitM device 208 to shut down, turn off, deactivate, cease sending data packets, disconnect from the network, deactivates the network card, and/or the like so that the MITM device 208 cannot send or receive data packets …”).   

Regarding claim 10:
Hayward discloses:
The electronic device as claimed in claim 1, wherein the at least one processor is further configured to transmit information on security of the network to an external device connected to the electronic device through the communicator when it is determined that the man-in-the-middle attack exists in the network (see Hayward ¶10: “… the countermeasure action comprises broadcasting the logged information to other devices on the network and updating a blacklist of man-in-the-middle devices based on the broadcasted logged information.”). 


Regarding claims 11-12 and 17-19: 
Claims 11-12 and 17-19 recite substantially the same limitations as claims 1-2 and 7-9, respectively, in the form of an electronic device implementing the corresponding method, therefore, they are rejected under the same rationale.

Regarding claim 20:
.

Claim Rejections - 35 USC § 103

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: 
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 5 and 15 are rejected under 35 USC § 103 as being unpatentable over Hayward, and further in view of  US -PGPUB No. US 2018/0176248 A1 to Nikravesh et al. (hereinafter Nikravesh)

Regarding claim 5:
Hayward discloses the electronic device as claimed in claim 1, but failed to explicitly disclose the following limitation taught by Nikravesh: 
wherein the at least one processor is further configured to: 
identify the number of hops included in the network path connecting the server corresponding to the obtained IP address and the electronic device to each other when it is determined that the IP address corresponding to the domain name and an IP address corresponding to a domain name different from the domain name are the same as each other (see Nikravesh ¶33: “The computing device 140 may be configured to identify and record the hop count for each data query.”, and see also
¶21: “… the computing device 140 may recognize or detect that multiple data queries that seem to be transmitted by the same transmitting device … were received by the different anycast server instances 110, 120, 130 simultaneously or nearly simultaneously … by comparing or analyzing the IP addresses … to determine that the IP addresses are the same … “), 
and determine that the man-in-the-middle attack exists in the network when the communication connection with the server is established on the basis of the smaller number of hops than the identified number of hops (see Nikravesh ¶48: “… the computing device 140 may determine or identify which (if any) of the hop counts … fail to match the known/stored hop counts …  by more than the predetermined amount higher or lower … This may indicate that the first … the second … the third spoofed data query, or a combination thereof are, in fact, from a spoofed IP address and/or are part of an attack or other harmful action.”).  

It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the teachings of Hayward to incorporate the functionality of the computing device to detect multiple data queries, analyze IP addresses and trigger a responsive mitigation action as disclosed by Nikravesh, such modification would provide timely detection and identification of MITM attacks, such as IP spoofing, and take mitigation actions. 

Regarding claim 15: 
Claim 15 recites substantially the same limitations as claim 5, in the form of an electronic device implementing the corresponding method, therefore, it is rejected under the same rationale.

Claims 3-4, 6, 13-14 and 16 are rejected under 35 USC § 103 as being unpatentable over Hayward, and further in view of USPAT No. US 10440053 B2 to Wyatt et al. (hereinafter Wyatt) 
Regarding claim 3:
Hayward discloses the electronic device as claimed in claim 1, but failed to explicitly disclose the following limitation taught by Wyatt:
wherein the at least one processor is further configured to:  
identify the number of hops included in the network path connecting the server corresponding to the obtained IP address and the electronic device to each other when a hypertext transfer protocol (HTTP) connection with the server is established on the basis of the obtained IP address (see Wyatt ¶79: “… AMD 304 may request to load a static HTML page from an un-encrypted endpoint ... The ‘static HTML page’ is a document which is part of the content response (which contains the HTTP status code, any optional HTTP headers, and the HTTP content (i.e., the document)). …  AMD 304 parses this document, and counts the number of secure links encountered in the document.”), 
determine that the man-in-the-middle attack exists in the network when the communication connection with the server is established on the basis of the smaller number of hops than the identified number of hops (see Wyatt ¶80: AMD 304 verifies that received …  secure link count match the expected content response.”, and ¶102: “TABLE 2 … ANOMALOUS_LINK _PROFILE An unexpected count of secure links indicates that so-called ‘SSL Stripping’ ”). 

It would have been obvious to one of ordinary skill in the art before the effective filing date of 

Regarding claim 4:
Hayward discloses the electronic device as claimed in claim 1, but failed to explicitly disclose the following limitation taught by Wyatt:
wherein the at least one processor is further configured to: 
identify the number of hops included in the network path connecting the server corresponding to the obtained IP address and the electronic device to each other when a hypertext transfer protocol secure (HTTPS) connection with the server is established on the basis of the obtained IP address (see Wyatt ¶41: “… AMD 304 counts the number of HTTPS href links embedded in the document received as a response to its probe, and compares that count to an expected count.”), 
and determine that the man-in-the-middle attack exists in the network when the communication connection with the server is established on the basis of the smaller number of hops than the identified number of hops (see Wyatt ¶09: “… an attacker subverts un-encrypted connections made by the victim, rewriting URLs in plain text documents that would normally be specified as HTTPS … to use plaintext HTTP (Hyper Text Transfer Protocol).”, and 
¶80: AMD 304 verifies that received …  secure link count match the expected content response.”, and ¶102: “TABLE 2 … ANOMALOUS_LINK _PROFILE An unexpected count of secure links indicates that so-called ‘SSL Stripping’”).  

It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the teachings of Hayward to incorporate the functionality of the AMD (Active MITM Detection) component to monitor network connections, and perform certain methods, such as, counting the number of HTTP(S) links (hops) and compare a response result to an expected value, to detect MITM attacks on the network connection,  as disclosed by Wyatt, such modification would provide timely detection and identification of anomalous devices when HTTPS connection is established.

Regarding claim 6:
Hayward discloses the electronic device as claimed in claim 1, but failed to explicitly disclose the following limitation taught by Wyatt:
wherein the at least one processor is further configured to: identify the number of hops included in the network path connecting the server corresponding to the obtained IP address and the electronic device to each other when the obtained IP address is a public IP address (see Wyatt ¶79: “… AMD 304 … counts the number of secure links encountered …”, 
¶21: “Computer network 100 includes … one or more server systems 120 coupled to a communication network 125 via a plurality of communication links 130.”, and
¶22: “… communication network 125 may be any suitable communication network including a local area network (LAN), a wide area network (WAN … an intranet, a private network … a public network …”), 
and determine that the man-in-the-middle attack exists in the network when the communication connection with the server is established on the basis of the smaller number of hops than the identified number of hops (see Wyatt ¶80: AMD 304 verifies that received …  secure link count match the expected content response.”, and ¶102: “TABLE 2 … ANOMALOUS_LINK _PROFILE An unexpected count of secure links indicates that so-called ‘SSL Stripping’ ”).

  It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the teachings of Hayward to incorporate the functionality of the communication network to provide a mechanism for allowing the various components to communicate and exchange information with each other, and is suitable for networks such as a private network and a public network as disclosed by Wyatt, such modification would enable to detect and mitigate anomalous devices in various types of networks, including public networks.

Regarding claims 13-14 and 16: 
Claims 13-14 and 16 recite substantially the same limitations as claims 3-4 and 6, respectively, in the form of an electronic device implementing the corresponding method, therefore, they are rejected under the same rationale.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: 

Marzorati et al.  (US-PGPUB No. 2019/0222588 A1)- disclosed various methods for detecting a man-in-the-middle (MITM) attack during HTTP(S) communications.
Singhal et al. (US-PGPUB No. 2017/0070419 A1)- disclosed systems and methods for associating multiple transport layer hops between a client and a server.  
Binder (US-PGPUB No. 2016/0028695 A1)- disclosed a system for improving the security of storing digital data in a memory or its delivery as a message over the Internet from a sender to a receiver using one or more hops.
Van der Kluit et al. (US-PGPUB 2017/0295088 A1)- disclosed a path discovery process for discovering a lowest cost combination of a plurality of paths from the source node to the destination node via links between pairs of nodes along the paths.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Matthias Habtegeorgis whose telephone number is (571)272-1916. The examiner can normally be reached on 8:00am - 4:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview 
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Ashok B Patel can be reached on 5712723972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/M.H./Examiner, Art Unit 2491


/ALEXANDER LAGOR/Primary Examiner, Art Unit 2491