DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In communications filed on 02/26/2020. Claims 1-19 are pending in this examination.
 In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.   This examination is in response to US Patent Application No. 16/801,681.
                                                             Examiner note

Applicant is encouraged to review the relevant references mentioned at the conclusion section of this office action.
Allowable Subject Matter 
Claims  8-9, and 18-19 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims. 
 Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper time-wise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees.  A nonstatutory double patenting rejection is appropriate where the claims at issue are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the reference application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The USPTO internet Web site contains terminal disclaimer forms which may be used.  Please visit http://www.uspto.gov/forms/.  The filing date of the application will determine what form should be used.  A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission.  For more information about eTerminal Disclaimers, refer to http://www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.  
Claims 1, 7-11, and 17-19 are  provisionally rejected on the ground of non-statutory double patenting as being unpatentable over claims 1, 7-11, and 17-19  of Patent application 16801748. Although the claims at issue are not identical, they are not patentably distinct from each other because the claims in the present application and application No. 16801748 relate generally to a system and method for determining device attributes using a classifier hierarchy. The method includes: determining at least one exploitation condition for a medical device based on at least one first device attribute of the medical device and a plurality of second device attributes indicated in a vulnerabilities database, wherein the vulnerabilities database further indicates a plurality of known exploits for the plurality of second device attributes; analyzing behavior and configuration of the medical device to detect an exploitable vulnerability for the medical device, wherein the exploitable vulnerability is a behavior or configuration of the medical device which meets the at least one exploitation condition; and performing at least one mitigation action based on the exploitable vulnerability.
This is a provisional non-statutory double patenting because the conflicting claims have not in fact been patented. 
Co-pending Application 16801748
 Instant Application 16801681
1. A method for detecting manufacturing device exploitable vulnerabilities, comprising: determining at least one exploitation condition for a manufacturing device based on at least one first device attribute of the manufacturing device and a plurality of second device attributes indicated in a vulnerabilities database, wherein the vulnerabilities database further indicates a plurality of known exploits for the plurality of second device attributes; analyzing behavior and configuration of the medical device to detect an exploitable vulnerability for the manufacturing device, wherein the exploitable vulnerability is a behavior or configuration of the manufacturing device which meets the at least one exploitation condition; and performing at least one mitigation action based on the exploitable vulnerability.
1. A method for detecting medical device exploitable vulnerabilities, comprising: determining at least one exploitation condition for a medical device based on at least one first device attribute of the medical device and a plurality of second device attributes indicated in a vulnerabilities database, wherein the vulnerabilities database further indicates a plurality of known exploits for the plurality of second device attributes; analyzing behavior and configuration of the medical device to detect an exploitable vulnerability for the medical device, wherein the exploitable vulnerability is a behavior or configuration of the medical device which meets the at least one exploitation condition; and performing at least one mitigation action based on the exploitable vulnerability.
7. The method of claim 1, further comprising: querying a vulnerability scanner based on the analyzed behavior and configuration of the manufacturing device, wherein the currently exploitable vulnerability is detected based further on a response of the vulnerability scanner to the query.  
8. The method of claim 1, further comprising: sequentially applying a plurality of sub-models of a hierarchy to a plurality of features extracted from device activity data, wherein the sequential application ends with applying a last sub-model of the plurality of sub-models, wherein each sub-model includes a plurality of classifiers, wherein each sub-model outputs a class when applied to at least a portion of the plurality of features, wherein each class is a classifier output representing a device attribute, wherein applying the plurality of sub-models further comprises iteratively determining a next sub-model to apply based on the class output by a most recently applied sub-model and the hierarchy; and determining one of the at least one first device attribute based on the class output by the last sub-model.  
9. The method of claim 8, wherein each classifier is trained to output a class and a confidence score, wherein the class output by each sub-model is determined based on the class and the confidence score output by each classifier of the sub-model.

7. The method of claim 1, further comprising: querying a vulnerability scanner based on the analyzed behavior and configuration of the medical device, wherein the currently exploitable vulnerability is detected based further on a response of the vulnerability scanner to the query.  
8. The method of claim 1, further comprising: sequentially applying a plurality of sub-models of a hierarchy to a plurality of features extracted from device activity data, wherein the sequential application ends with applying a last sub-model of the plurality of sub-models, wherein each sub-model includes a plurality of classifiers, wherein each sub-model outputs a class when applied to at least a portion of the plurality of features, wherein each class is a classifier output representing a device attribute, wherein applying the plurality of sub-models further comprises iteratively determining a next sub-model to apply based on the class output by a most recently applied sub-model and the hierarchy; and determining one of the at least one first device attribute based on the class output by the last sub-model.  
9. The method of claim 8, wherein each classifier is trained to output a class and a confidence score, wherein the class output by each sub-model is determined based on the class and the confidence score output by each classifier of the sub-model.



Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-19 are rejected under 35 U.S.C. 103 as being unpatentable over US Patent No. (US2013/0247194) issued to Jha (filed in IDS 04/27/2021) and in view of US Patent No. (US2008/0289027) issued to Yariv(filed in IDS 04/27/2021) .
Regarding claims 1. 10-11, Jha discloses a method for detecting medical device exploitable vulnerabilities, comprising[Abstract,  An anomaly detector having a set of security polices is configured to detect an anomaly by analyzing the communications between the first medical device and second device for compliance with the security policies], and [¶31,  A variety of threats can potentially compromise a PHS and make its operation outside of its intended parameters. These threats may arise from hardware/software errors as well as malicious attacks, including wireless attacks, side-channel attacks, malware attacks and vulnerability exploits]; and
 and a plurality of second device attributes indicated in a vulnerabilities database, wherein the vulnerabilities database further indicates a plurality of known exploits for the plurality of second device attributes [¶48,  Side-channel attacks employ statistical analysis of information leaked through physical channels, such as power consumption, execution time, electromagnetic emission, etc. Side-channel attacks can possibly be used against PHSs(personal healthcare systems) and medical devices for privacy invasion]; and 
 analyzing behavior and configuration of the medical device to detect an exploitable vulnerability for the medical device, wherein the exploitable vulnerability is a behavior or configuration of the medical device which meets the at least one exploitation condition [¶48, other attack scenarios are possible as well. Suppose communications between implanted pacemakers and external programmers are encrypted, and the same secret key is shared by substantially all pacemakers of the same model so that the ambulance staff can access the device in case of an emergency. If an attacker has access to a pacemaker unit, the secret key can become a vulnerable target for differential power analysis, a form of side-channel attack that utilizes power consumption information. Once successful, the attacker could reveal and publicize the secret key and thus make the cryptographic protection ineffectual], and [¶51, a PHS that is impacted by attacks or malfunctions can lead to different types of risks. Ensuring the safety of PHSs involves protection against each type of potential risk. PHS security shares the high-level goals of traditional information security: confidentiality, integrity and availability. In addition, privacy is another useful goal for PHSs and medical devices. Privacy involves keeping the presence of the device on the patient confidential. Correspondingly, a PHS can be subject to four types of potential risks: confidentiality, integrity, availability, and privacy], and [¶¶52-60, Abstract]; and 
 and performing at least one mitigation action based on the exploitable vulnerability[Abstract, . A response generator configured to generate a response on a condition that an anomaly is detected. The response may be a warning message configured to warn the patient. The MedMon may include a transmitter configured to transmit the response. The response may be a jamming signal configured to disrupt communications between the first medical device and second device], and [¶11], and [¶69,  Cryptography is one approach for securing the wireless communication channel and preventing unauthorized access. It can protect device integrity as well as data confidentiality], and [¶70,  Another straightforward key-distribution solution is to ask patients to carry cards or bracelets imprinted with the secret keys of their devices]. 
determining at least one exploitation condition for a medical device based on at least one first device attribute of the medical device
Even though Jha discloses this limitation as: [0046] Furthermore, since software is inherently complex, abstract and intangible, software vulnerabilities are inevitable and difficult to detect. In an incident of buffer overflow, the corrupted memory could originally be holding an address to an instruction, which the program should be redirected to. After corruption of the address, the program may be redirected to a false address and start executing random code. If a buffer overflow is triggered by especially-crafted user inputs, causing the redirected program to execute malicious code, it is called a buffer overflow attack. With some knowledge of system software, attackers can exploit the buffer overflow vulnerabilities as well as other software vulnerabilities to steal private information, tamper with medical data and even change device settings ( configuration)].
However, Jha does not explicitly discloses first device attribute of the medical device[¶59,  a broad firewall rule may require that most connections be encrypted and checked for integrity, but a narrower firewall rule that takes precedence over the broad firewall rule may require only integrity checking and not encryption if the connection is being made to a particular computer behind the firewall or to a particular service transmitting or receiving the data], and  See  FIG. 2 and corresponding text for more detail].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Jha with the teaching of Yariv in order for  establishing and/or implementing firewall rules that may employ parameters based on connection security levels for a connection between devices which may require no encryption[ Yariv, Abstract ¶59].
Regarding claims 2, 12,  Jha does not explicitly disclose, however, Yariv discloses  wherein the at least one first device attribute includes use of an unencrypted communications protocol, wherein the behavior of the medical device includes a connection to the Internet, wherein the plurality of known exploits includes connecting to the Internet while using the unencrypted communications protocol [¶59,  a broad firewall rule may require that most connections be encrypted and checked for integrity, but a narrower firewall rule that takes precedence over the broad firewall rule may require only integrity checking and not encryption if the connection is being made to a particular computer behind the firewall or to a particular service transmitting or receiving the data], and [¶68,  The firewall rule may also store an indicator of what range of remote addresses (the address of the sender/receiver) to which it applies, for both Internet Protocol Version 4 (IPv4) (the RA4 field) and Internet Protocol Version 6 (IPv6) (the RA6 field)], and [¶82, see FIGS 10A-B,  communication network 1000 may be any suitable wired and/or wireless communication medium or media for exchanging data between two or more computers, including the Internet.].
Regarding claims 3, 13, Jha does not explicitly disclose, however, Yariv discloses   wherein the at least one mitigation action includes disconnecting the medical device from the Internet[¶21,  the computer network may block the sender/computer because it does not have sufficiently secure algorithms for connection security or may not be configured to connect securely (i.e., the sender/computer does not support connection security). 
Regarding claims 4, and 14, Jha discloses  wherein the medical device is any of a medical imaging device, a diagnostic device, life support equipment, a pump, a defibrillator, and a pacemaker[¶7, Due to the absence of cryptographic protection, the wireless channel has been identified as the Achilles' heel of medical devices. Recent demonstrations of successful RF wireless attacks on cardiac pacemakers and insulin pumps have placed medical device security under great scrutiny], and [¶34, Many medical devices perform life-sustaining functions, such as cardiac pacing and defibrillation].
Regarding claims 5, and 15 ,Jha discloses, wherein the at least one exploitation condition includes at least one of: a point of connection, a behavior, and a configuration parameter [¶92, To accommodate different devices and patient needs, the MedMon may be trained and configured first in order to learn the characteristics of normal behavior. For both training and actual use, it must be placed at a fixed position relative to the IWMD. When in use, the MedMon quietly monitors communications among the different components of a PHS. It searches for anomalies in transmitted signals to determine whether a wireless attack is being launched against the PHS], and [¶97, ¶¶104-109, Behavioral Anomalies]. 
Regarding claims 6, 16, Jha does not explicitly disclose, however, Yariv discloses   , wherein the at least one exploitation condition includes a point of connection, wherein the point of connection is any of: a port, a router, a network, and a switch [¶75, a standalone networking device such as a switch, hub, router, access point, hardware firewall, or any other suitable electronic device].
Regarding claims 7, and 17 ,Jha discloses further comprising: querying a vulnerability scanner based on the analyzed behavior and configuration of the medical device, wherein the currently exploitable vulnerability is detected based further on a response of the vulnerability scanner to the query [¶¶92-93, the MedMon may be trained and configured first in order to learn the characteristics of normal behavior. For both training and actual use, it must be placed at a fixed position relative to the IWMD. When in use, the MedMon quietly monitors communications among the different components of a PHS. It searches for anomalies in transmitted signals to determine whether a wireless attack is being launched against the PHS. When anomalies are identified, indicating a possible attack, the MedMon can respond passively or actively, depending on its configuration for this type of anomaly or attack. FIG. 4a is a block diagram showing a passive mode configuration where: once an attack is identified the MedMon is configured to provide a warning to the patient. FIG. 4b is a block diagram showing an active mode configuration where: once an attack is identified the MedMon is configured to jam communications ].

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Mestha (US2020/0097651) [ SYSTEMS AND METHODS TO ACHIEVE ROBUSTNESS AND SECURITY IN MEDICAL DEVICES, see ¶¶ 6, 27, behavior]. 
Somasundaram (US2019/0238584)  [SYSTEM AND METHOD FOR VULNERABILITY MANAGEMENT FOR CONNECTED DEVICES, medical devices, vulnerability score, configuration, internet( ¶¶55-56].
Wasily(US2019/0020641) [SECURE COMMUNICATION FOR MEDICAL DEVICES, search for encryption].
Patel (US2018/0351987)[ DEVICE VULNERABILITY MANAGEMENT,  search for medical devices vulnerability , configuration. exploit , internet].
EP3745291A1[ INTERFACE PROXY DEVICE FOR CYBER SECURITY, medical device vulnerability, encryption, behavior].
CN112019494[ Interface Proxy Device For Network Security, search for  medical device, vulnerability, encryption].
WO2020/093020[ RUNTIME ADAPTIVE RISK ASSESSMENT AND AUTOMATED MITIGATION, search for medical device vulnerabilities and threats, encryption, behavior(¶17(d), ¶23)].
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHAHRIAR ZARRINEH whose telephone number is (571)272-1207. The examiner can normally be reached Monday-Friday, 8:30am-5:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge Ortiz-Criado can be reached on 571-272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SHAHRIAR ZARRINEH/Examiner, Art Unit 2496