DETAILED ACTION
Notice of AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.


Response to Amendment
The amendment filed 2022-02-24 has been entered and fully considered.

In light of applicant’s amendment, filed 2022-02-24, the 35 U.S.C. § 101 rejection at ¶7 of the prior Office action regarding transitory propagating signals per se has been withdrawn.


Response to Arguments
Applicant’s arguments, see page 8, filed 2022-02-24, with respect to the nonstatutory obviousness-type double patenting rejection over parent patent 10616249 have been fully 

Applicant’s arguments, see pages 8-9, filed 2022-02-24, with respect to the rejection of claims 26-45 under 35 U.S.C. § 101 at ¶8 have been fully considered but they are not persuasive.
In response to applicant’s argument that the claims are directed towards statutory subject matter, the Examiner respectfully disagrees.  Applicant first argues that:
“It is unreasonable and counter to the actual language of the claims (as supported by the written description) to conclude that the operation of a network gateway could be replaced by or performed by a human mind. One skilled in the art would reject such a conclusion outright.  Instead, the claims are explicitly directed to improving the functioning of a computing system, namely, by more effectively providing network security for the computing system”.
The Examiner first notes that the operation of the system as claimed could be replaced by or performed by a human mind.  For example, the Examiner has a microwave that, in the past, behaved as one would expect.  One could enter a cook duration, and then after pressing “start”, the microwave would heat the food until the timer ended, at which point the microwave would halt and then ding to alert the user that the food was cooked as per the set duration.  Understanding this behavior is the equivalent of “receiving activities of a device” and “generating a device interaction summary signature” to detect normal activities of the microwave.  Lately, however, the Examiner’s microwave has exhibited e.g. normal activity) for performing security services in the manner as claimed is not necessarily any different from what any person does in recognizing unusual activity, nor is it necessarily improving the functioning of a computing system, as the claimed system doesn’t even recognize or respond to deviation from normal activity.  Further, merely using a remote server to generate the signature is no different from the Examiner relying on a third-party to determine whether microwaves are supposed to continue to cook food after the timer ends.
Applicant further argues that:
“Applicant asserts that the claims would nonetheless recite significantly more than an abstract idea. As set forth in more detail below, this is evidenced by the fact that the Office has failed to show how the prior art discloses or suggests all of the features recited in the present claims. Indeed, the Office offers no evidence that the recited features are well-known, generic, or conventional in the art”.
The Examiner first notes that novelty (alleged or actual) is of no relevance to the determination of whether an idea is abstract; the “‘novelty’ of any element or steps in a process, or even of the process itself, is of no relevance in determining whether the subject matter of a claim falls within the § 101 categories of possibly patentable subject matter” Intellectual Ventures I v. Symantec Corp., 838 F.3d 1307, 1315, 120 USPQ2d 1353, 1358 (Fed. Cir. 2016) (quoting Diamond v. Diehr, 450 U.S. at 188–89, 209 USPQ at 9).  Further, contrary to the Office offers no evidence that the recited features are well-known, generic, or conventional in the art, the Examiner notes that the rejection specifically went limitation by limitation and showed that the claim elements corresponded to features explicitly found by the courts to be well-known, generic, and conventional in the art.  The relevant portion for this argument is repeated infra.
Considering each of the claim elements in turn, the function performed by the computer system at each step of the process does no more than require a generic computer to perform a well-understood, routine, and conventional activity at a high level of generality.  For example, “receiving device interaction summary (DIS) data” and “serving the DIS signature to a gateway device” is merely receiving or transmitting data over a network, which has been found by the courts to be a well-understood, routine, conventional activity in computers; See e.g. Symantec, 838 F.3d at 1321, 120 USPQ2d at 1362 (utilizing an intermediary computer to forward information); TLI Communications LLC v. AV Auto. LLC, 823 F.3d 607, 610, 118 USPQ2d 1744, 1745 (Fed. Cir. 2016) (using a telephone for image transmission); OIP Techs., Inc., v. Amazon.com, Inc., 788 F.3d 1359, 1363, 115 USPQ2d 1090, 1093 (Fed. Cir. 2015) (sending messages over a network); buySAFE, Inc. v. Google, Inc., 765 F.3d 1350, 1355, 112 USPQ2d 1093, 1096 (Fed. Cir. 2014) (computer receives and sends information over a network).  In a similar manner, “generating a DIS signature comprising attributes associated with expected behavior of a particular edge device” encompasses mere data extraction and/or statistic generation, which has also been found by the courts to be a well-understood, routine, conventional activity in computers; See e.g. OIP Techs., 788 F.3d at 1362-63, 115 USPQ2d at 1092-93.  Further note that the abstract idea of observation and evaluation to which the claimed invention is directed has a prior art basis outside of a computing environment, e.g. a security guard that recognizes normal behavior in an environment and reports unusual activity.
Based on the above, the Examiner respectfully submits that the claims are drafted at a high level of abstraction that encompasses everyday mental observation.  Thus, the Examiner respectfully submits that the rejection is proper.  

Applicant’s arguments, see pages 10-12, filed 2022-02-24, with respect to the rejection of claims 26-28, 30, and 36-41 under 35 U.S.C. § 102(a)(1) and of claims 39, 31-35, and 42-45 under 35 U.S.C. § 103 have been fully considered but they are not persuasive.
In response to applicant’s argument that Zou fails to disclose “wherein the server computer system is remote from the gateway device and outside the loT system” because in Zou there is allegedly no disclosure that the private cloud control center agent cooperates with a separate, remote server system outside this private cloud to obtain a device interaction summary signature, the Examiner respectfully disagrees.  In particular, the Examiner respectfully submits that the private cloud control center agent is the claimed server computer system and that it is remote from the gateway device and outside the loT system, as reflected in the rejection revised to address the amended limitation.  Thus, the Examiner respectfully submits that the rejection of claims 26-28, 30, and 36-41 under 35 U.S.C. § 102(a)(1) and of claims 39, 31-35, and 42-45 under 35 U.S.C. § 103 is proper.


Double Patenting
Claims 26-45 are rejected, as similarly indicated in the Office Action mailed 2021-11-24, on the ground of nonstatutory double patenting over U.S. Patent No. 10616249, which is directed towards providing security to Internet of Things (loT) devices.  The rejection has not been addressed and is therefore maintained.


Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows: 
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 26-45 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea (35 U.S.C. 101 Judicial Exception) without significantly more.  The claims recite abstract idea of observation and evaluation, which is a concept performed in the human mind and thus grouped as mental processes.  This judicial exception is not integrated into a practical application because the generically recited computer elements do not add a meaningful limitation to the abstract idea because they amount to simply implementing the abstract idea on a computer.  The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because the additional elements, when considered separately and in combination, do not add significantly more to the abstract idea, as they are well-understood, routine, conventional computer functions as recognized by the courts.
Based upon consideration of all the relevant factors with respect to the claimed invention as a whole, the claims are determined to be directed to an abstract idea without significantly more.  The rationale for this determination is explained infra:
The following are Principles of Law:
A patent may be obtained for “any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof”; 35 U.S.C. § 101.  The Alice Corp. v. CLS Bank Int’l, 134 S. Ct. 2347, 2354 (2014); Gottschalk v. Benson, 409 U.S. 63, 67 (1972) (“Phenomena of nature, though just discovered, mental processes, and abstract intellectual concepts are not patentable, as they are the basic tools of scientific and technological work.”).  Notwithstanding that a law of nature or an abstract idea, by itself, is not patentable, an application of these concepts may be deserving of patent protection; See Mayo Collaborative Servs. v. Prometheus Labs., Inc., 132 S. Ct. 1289, 1293–94 (2012).  In Mayo, the Court stated that “to transform an unpatentable law of nature into a patent-eligible application of such a law, one must do more than simply state the law of nature while adding the words ‘apply it.’” Mayo, 132 S. Ct. at 1294 (citation omitted).
In Alice, the Court reaffirmed the framework set forth previously in Mayo “for distinguishing patents that claim laws of nature, natural phenomena, and abstract ideas from those that claim patent-eligible applications of these concepts.” Alice, 134 S. Ct. at 2355.  The test for determining subject matter eligibility requires a first step of determining whether the claims are directed to a process, machine, manufacture, or composition of matter.  If the claims are directed to one of the four patent-eligible subject matter categories, then the Examiner must perform a two-part analysis to determine whether a claim that is directed to a judicial exception recites additional elements that amount to significantly more than the exception.  The first part of the second step in the analysis is to “determine whether the claims at issue are directed to one of those patent-ineligible concepts.” Id.  If the claims are directed to a patent-ineligible concept, then the second part of the second step in the analysis is to consider the Id. (quoting Mayo, 132 S. Ct. at 1298, 1297).  In other words, the second step in the analysis is to “search for an ‘inventive concept’‒ i.e., an element or combination of elements that is ‘sufficient to ensure that the patent in practice amounts to significantly more than a patent on the [ineligible concept] itself.’” Id. (brackets in original) (quoting Mayo, 132 S. Ct. at 1294).  The prohibition against patenting an abstract idea “cannot be circumvented by attempting to limit the use of the formula to a particular technological environment or adding insignificant post-solution activity.”  Bilski v. Kappos, 561 U.S. 593, 610–11 (2010) (citation and internal quotation marks omitted).  The Court in Alice noted that “[s]imply appending conventional steps, specified at a high level of generality,” was not “enough” [in Mayo] to supply an “‘inventive concept.’” Alice, 134 S. Ct. at 2357 (quoting Mayo, 132 S. Ct. at 1300, 1297, 1294).
In the “2019 Revised Patent Subject Matter Eligibility Guidance” (2019 PEG), the USPTO has prepared revised guidance for use by USPTO personnel in evaluating subject matter eligibility based upon rulings by the courts.
The Examiner is bound by and applies the framework as set forth by the Court in Mayo and reaffirmed by the Court in Alice and follows the 2019 PEG for determining whether the claims are directed to patent-eligible subject matter.
Step 1: Are the claims at issue directed to a process, machine, manufacture, or composition of matter?

Step 2A – Prong One: Does the claim recite an abstract idea, law of nature, or natural phenomenon?
The Examiner finds that the claims are directed to the abstract idea of observation and evaluation, which is a concept performed in the human mind and thus grouped as mental processes.
Step 2A – Prong Two: Does the claim recite additional elements that integrate the Judicial Exception into a practical application?
The abstract idea is not integrated into a practical application because the generically recited computer elements do not add a meaningful limitation to the abstract idea because they amount to simply implementing the abstract idea on a computer.
In determining whether the abstract idea was integrated into a practical application, the Examiner has considered whether there were any limitations indicative of integration into a practical application, such as:
(1) Improvements to the functioning of a computer, or to any other technology or technical field; See MPEP § 2106.05(a) 
(2) Applying or using a judicial exception to effect a particular treatment or prophylaxis for a disease or medical condition; See Vanda Memo (Recent Subject Matter Eligibility Decision: Vanda Pharmaceuticals Inc. v. West-Ward Pharmaceuticals)

(4) Effecting a transformation or reduction of a particular article to a different state or thing; See MPEP § 2106.05(c)  
(5) Applying or using the judicial exception in some other meaningful way beyond generally linking the use of the judicial exception to a particular technological environment, such that the claim as a whole is more than a drafting effort designed to monopolize the exception; See MPEP § 2106.05(e) and Vanda Memo
The Examiner notes that clam features of: receiving device interaction summary (DIS) data, generating a DIS signature comprising attributes associated with expected behavior of a particular edge device, and serving the DIS signature to a gateway device do not improve the functioning of a computer or technical field, do not effect a particular treatment or prophylaxis for a disease or medical condition, do not apply or use a particular machine, do not effect a transformation or reduction of a particular article to a different state or thing, and do not apply or use the judicial exception in some other meaningful way beyond generally linking the use of the judicial exception to a particular technological environment, such that the claim as a whole is more than a drafting effort designed to monopolize the exception.
Instead, the claim features of receiving device interaction summary (DIS) data, generating a DIS signature comprising attributes associated with expected behavior of a particular edge device, and serving the DIS signature to a gateway device merely use a general-purpose computer as a tool to perform the abstract idea (See MPEP § 2106.05(f)), add insignificant extra-solution activity to the judicial exception, (See MPEP § 2106.05(g)), and 
Step 2B: Is there something else in the claims that ensures that they are directed to significantly more than a patent-ineligible concept?
The claims, as a whole, require nothing significantly more than generic computer implementation or can be performed entirely by a human.  The additional element(s) or combination of element(s) in the claims other than the abstract idea per se amount to no more than recitation of generic computer structure (e.g. machine accessible storage medium, edge device, gateway device, processor, memory, communication module, and security engine) that serves to perform generic computer functions (e.g. receiving data, signature generation (e.g. data extraction), and sending data) that are well-understood, routine, and conventional activities previously known to the pertinent industry.  The claimed device interaction summary (DIS) data, information, DIS signature, and attributes are all numbers, data structures, or datum.  Each of these elements are individually dispositive of patent eligibility because of the following legal holdings:
“Data in its ethereal, non-physical form is simply information that does not fall under any of the categories of eligible subject matter under section 101.” Digitech Image Techs., LLC v. Electronics for Imaging, Inc., 758 F.3d 1344, 1350 (Fed. Cir. 2014).
i.e., an abstraction. Microsoft Corp. v. AT&T Corp., 550 U.S. 437, 449 (2007). 
A claim that recites no more than software, logic, or a data structure (i.e., an abstract idea) – with no structural tie or functional interrelationship to an article of manufacture, machine, process or composition of matter does not fall within any statutory category and is not patentable subject matter; data structures in ethereal, non-physical form are non-statutory subject matter. In re Warmerdam, 33 F.3d 1354, 1361 (Fed. Cir. 1994); see Nuijten, 500 F.3d at 1357.
Furthermore, the claimed invention does not have a specific asserted improvement in computer capabilities, nor is it a specific implementation of a solution to a problem in the software arts; See Enfish, LLC v. Microsoft Corp., 822 F.3d 1327 (Fed. Cir. 2016).  Rather, the claims are merely directed towards receiving data, extracting data (signature creation), and sending data, which is similar to ideas that the courts have found to be abstract, as noted supra, and the claims are without a “practical application” or anything “significantly more”.
Considering each of the claim elements in turn, the function performed by the computer system at each step of the process does no more than require a generic computer to perform a well-understood, routine, and conventional activity at a high level of generality.  For example, “receiving … device interaction summary (DIS) data” and “sending … the DIS signature to a gateway device” is merely receiving or transmitting data over a network, which has been found by the courts to be a well-understood, routine, conventional activity in computers; See e.g. Symantec, 838 F.3d at 1321, 120 USPQ2d at 1362 (utilizing an intermediary computer to forward information); TLI Communications LLC v. AV Auto. LLC, 823 F.3d 607, 610, 118 USPQ2d 1744, 1745 (Fed. Cir. 2016) (using a telephone for image transmission); OIP Techs., Inc., v. Amazon.com, Inc., 788 F.3d 1359, 1363, 115 USPQ2d 1090, 1093 (Fed. Cir. 2015) (sending messages over a network); buySAFE, Inc. v. Google, Inc., 765 F.3d 1350, 1355, 112 USPQ2d 1093, 1096 (Fed. Cir. 2014) (computer receives and sends information over a network).  In a similar manner, “generating a DIS signature … [comprising] attributes associated with expected behavior of a particular edge device” encompasses mere data extraction and/or statistic generation, which has also been found by the courts to be a well-understood, routine, conventional activity in computers; See e.g. OIP Techs., 788 F.3d at 1362-63, 115 USPQ2d at 1092-93.  Further note that the abstract idea of observation and evaluation to which the claimed invention is directed has a prior art basis outside of a computing environment, e.g. a security guard that recognizes normal behavior in an environment and reports unusual activity.
The prohibition against patenting an abstract idea “cannot be circumvented by attempting to limit the use of the formula to a particular technological environment or adding insignificant post-solution activity.”  Bilski v. Kappos, 561 U.S. 593, 610–11 (2010) (citation and internal quotation marks omitted).  The Court in Alice noted that “[s]imply appending conventional steps, specified at a high level of generality,” was not “enough” [in Mayo] to supply an “‘inventive concept.’”  Alice, 134 S. Ct. at 2357 (quoting Mayo, 132 S. Ct. at 1300, 1297, 1294).
Viewed as a whole, the claims simply recite the steps of using generic computer components.  The claims do not purport, for example, to improve the functioning of the computer system itself.  Nor does it effect an improvement in any other technology or technical field.  Instead, the claims amount to nothing significantly more than an instruction to 
The dependent claims likewise incorporate the deficiencies of a claim upon which they ultimately depend and are also directed to non-patent-eligible subject matter.


Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.


Claims 26-28, 30, and 36-41 are rejected under 35 U.S.C. 102(a)(1) as being clearly anticipated by Zou et al. (US Pre-Grant Publication No. 20160212099-A1, hereinafter “Zou”).

With respect to independent claim 26, Zou discloses at least one non-transitory machine accessible storage medium having instructions stored thereon, the instructions when executed on a machine {para. 0033: “the software program is referred to as ‘implemented in a computer-readable storage medium.’ A processor is considered to be ‘configured to execute a program’”}, cause the machine to:
receive, at a server computer system, device interaction summary (DIS) data from a gateway device in an internet of things (loT) system {paras. 0031, 0052, & 0062; Fig.  “private cloud control center agent 208 [performs] monitoring traffic to and from the IoT devices 204”, private cloud control center agent 208 monitors the IoT devices 204 via traffic passed “through the gateway 206”; note that “the private cloud control center agent 208 … can be implemented as a computer system”}, wherein the server computer system is remote from the gateway device and outside the loT system {paras. 0028 & 0030; Fig. 2: “the private cloud control center agent 208 can be coupled to the gateway 206 through … the public network 210 (e.g., ‘in the cloud’)”}, the IoT system comprises a plurality of edge devices, and the DIS data comprises information collected by the gateway device to describe a type of at least a particular one of the plurality of edge devices and activities of the edge device during a time period {para. 0046: “Usage behaviors can include an amount of data sent to and received by the IoT devices 204, traffic flows of data sent to and received by the IoT devices 204, …, and/or times at which specific applications are executed by the IoT devices 204”}.
generate, at the server computer system, a DIS signature for the particular edge device based on the DIS data {para. 0062: “private cloud control center agent 208 can generate a device profile by monitoring traffic to and from the IoT devices 204”}, wherein the DIS signature comprises a plurality of attributes associated with expected behavior of the particular edge device {paras. 0046-0047: “create other types of profiles, e.g. time-based behavior profiles of IoT devices, traffic-based behavior profiles of IoT devices, location-based behavior profiles, and proximity-based behavior profiles”}.
send the DIS signature from the server computer system to the gateway device for use by the gateway device to perform security services for the IoT systems {paras. 0052 & 0068; Fig. 2: “private cloud control center agent 304 can onboard/authenticate IoT devices and manage data traffic to and from the IoT devices according to an IoT firewall, thereby creating a private cloud”}.

With respect to dependent claim 27, Zou discloses wherein DIS data describes characteristics of the particular edge device observed over a period of time {paras. 0046-0047 and 0075-0078: “Dynamic data describing an IoT device includes characteristics of an IoT device that change over time”}.

With respect to dependent claim 28, Zou discloses wherein the DIS signature is generated from a result of a machine learning algorithm using the DIS data as an input {para. 0078: “the IoT device profiling engine 404 can apply analytics to generate models of normal behavior of an IoT device. Normal behavior of an IoT device can be updated/modified over time by the IoT device profiling engine 404 based on data traffic to and from the IoT device”}.

With respect to dependent claim 30, Zou discloses wherein serving the DIS signature comprises pushing the DIS signature to the gateway device over a network connection {para. 0068 & Fig. 2: “private cloud control center agent 304 can onboard/authenticate IoT devices and manage data traffic to and from the IoT devices according to an IoT firewall, thereby creating a private cloud”}.

With respect to claims 36-37, a corresponding reasoning as given earlier in this section with respect to claim 26 applies, mutatis mutandis, to the subject matter of claims 36-37; therefore, claims 36-37 are rejected, for similar reasons, under the grounds as set forth for claim 26.

With respect to dependent claim 38, Zou discloses wherein the security engine is to provide cloud‐based security analytics to the gateway device {para. 0063: “the private cloud control center agent 208 functions to generate and/or update an IoT firewall”}.

With respect to dependent claim 39, Zou discloses wherein the security engine is to provide cloud‐based security analytics to a plurality of gateway devices in a plurality of different IoT systems {para. 0026: “the control center 108 functions to manage the private cloud control center agents 106 management of IoT devices”}.

With respect to dependent claim 40, Zou discloses further comprising the gateway device, wherein the gateway device is to use the DIS signature to compare observed behavior of the particular edge device with the DIS signature to identify anomalous behavior of the particular edge device {para. 0058: “the private cloud control center agent 208 functions to detect rogue IoT devices based on detection of abnormal behavior. Behavior can be determined to be abnormal based on data and data traffic for an IoT device”; detected traffic sent through gateway}.

With respect to claim 41, a corresponding reasoning as given earlier in this section with respect to claim 26 applies, mutatis mutandis, to the subject matter of claim 41; therefore, claim 41 is rejected, for similar reasons, under the grounds as set forth for claim 26.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 29, 31-35, and 42-45 are rejected under 35 U.S.C. 103 as being unpatentable over Zou et al. (US Pre-Grant Publication No. 20160212099-A1, hereinafter “Zou”) in view of Drabik et al. (US Pre-Grant Publication No. 20050193103-A1, hereinafter “Drabik”).

With respect to dependent claim 29, although Zou teaches communication of a profile, Zou does not explicitly disclose that the communication of the profile is over a secured Drabik discloses wherein the DIS signature is sent over a secured communication channel between the gateway device and the server computing system {para. 0149: “encrypted results are then sent to CFG programmer interface manager 806, which presents them to CFG hardware interface 702 for writing to the configuration carrier device”}.

Zou and Drabik are analogous art because they are from the same field of endeavor or problem-solving area of configuring network settings.  Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Zou and Drabik before him or her, to modify/develop the cloud control center agent of Zou’s system to utilize encryption of configuration databases to securely deliver network configuration information.  The suggestion and/or motivation for doing so would have been because it is merely combining prior art elements according to known methods to yield predictable results, i.e. storing configuration information in a database and encrypting it to achieve secure delivery of configuration information in a structured manner.  Therefore, it would have been obvious to combine the cloud control center agent in Zou’s system with encryption of configuration databases to securely deliver network configuration information to obtain the invention as specified in the instant claim(s).  The Examiner notes that this motivation applies to all dependent and/or otherwise subsequently addressed claims.

With respect to dependent claim 31, Drabik discloses wherein the DIS signature comprises a defined structure comprising a plurality of fields {para. 0149: “configuration database” includes “data fields”}.

With respect to dependent claim 32, Zou-Drabik disclose wherein each of the plurality of fields contains information for a respective one of a plurality of classes of expected behavior of the particular edge device {Zou, para. 0077: “behaviors can include sites an IoT device visits, a frequency at which the IoT device visits the sites, times at which the IoT device visits the sites, and/or an amount of data transmitted between the IoT device and the sites”; Drabik, para. 0149: “configuration database” includes “data fields”}.

With respect to dependent claim 33, Zou discloses wherein the plurality of classes of expected behavior comprise a frequency‐domain class, a periodicity class, a pattern of interaction class, a seasonal variation class, a time range of interaction class, and a related devices class {paras. 0074-0079: “behavior of an IoT device can include an amount of data transmitted to and from the IoT device, times at which data is transmitted, Internet access behaviors of the IoT device, and/or sources data is transmitted to and from the IoT device” and “data describing an IoT device includes characteristics of an IoT device that change over time”}.

With respect to dependent claim 34, Zou discloses wherein the expected behavior associated with the frequency‐domain class comprises one of periodic, continuous, random, piecewise periodic, piecewise continuous, and piecewise random, seasonal periodic, seasonal continuous, or seasonal random {paras. 0074-0079: “Dynamic data describing an IoT device includes characteristics of an IoT device that change over time”}.

Drabik discloses wherein the DIS signature is cryptographically protected {para. 0149: “security manager 801 to encrypt and otherwise manipulate the VPN settings”}.

With respect to claims 42-45, a corresponding reasoning as given earlier in this section with respect to claims 31-34 applies, mutatis mutandis, to the subject matter of claims 42-45; therefore, claims 42-45 are rejected, for similar reasons, under the grounds as set forth for claims 31-34.


Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 


Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 571-272-3972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/Kevin Bechtel/Primary Examiner, Art Unit 2491