DETAILED ACTION

In a Request for Continued Examination filed on March 28, 2022, Applicant amends claims 1 and 10. Claims 1, 3-10 and 12-22 are presented for examination.

Notice of Pre-A/A or A/A Status

The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on March 28, 2022 has been entered.
 

Response to Arguments

Applicant's arguments submitted March 28, 2022 have been fully considered, but they are not persuasive for at least the following reasons.
On page 8, in the Remarks section of the Response, Applicant argues:

 	 None of Shuman, Valencia, Maloo and Doi teaches independent Claims 1 and 10 each further recite that the "private cloud control center agent is configured to modify at least a portion of the monitored data transmission before it is sent to an intended destination" including by "encrypting at least a portion of the monitored data.".

 	Examiner agrees with Applicant's argument since Maloo and Doi were used to rejected the now removed feature: removing or rewriting at least a portion of the monitored data to remove at least one of: a header of an HTTP packet to remove a device address. Accordingly, the previously presented obviousness rejections of the claims have been withdrawn.
 	However, Applicant's amendment to the claims necessitate new grounds of prior art rejection for obviousness. Therefore, as necessitated by Applicant's amendment to the claims, Examiner further applies Leung et. al. (US Patent 8,973,088) in place of Maloo and Doi  and raises new grounds of rejection as set forth below.
 	Since Applicant argues its remaining claims mutatis mutandis as per independent claims 1 and 10, Examiner's rebuttal to Applicant's foregoing argument equally applies to Applicant's remaining argument (i.e., "remaining claims depend...from one of the aforementioned independent claims and are therefore believed to be allowable for the same reasons").

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


 	Claim 10 is rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  The claim(s) does/do not fall within at least one of the four categories of patent eligible subject matter because the claim recites a system comprises a private cloud control center agent to perform a series of steps as instructions. Par. 43 per disclosure states “…the private cloud control center agent 208 can be implemented, in part, through a mobile application executed at a mobile device of an administrator…”. Hence, the claim is interpreted as software per se.
	Claims 12-18, 20 and 22 are rejected as being dependent to claim 10.

Claim Rejections - 35 USC § 103

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 3, 7-10, 12, 16-18, 21 and 22 are rejected under 35 U.S.C. 103 as being unpatentable over Shuman et al. (US 2016/0128043 A1, hereinafter Shuman) in view of Valencia et al. (US 2014/0337862 A1, hereinafter Valencia) further in view of Leung et.al. (US Patent 8973088, hereinafter Leung) 
 	Regarding claims 1 and 10, Shuman teaches a system (example: 140, FIG. 1C / 1160, FIG. 11) comprising a private cloud control center agent (D2D Application, FIG. 11) provided between a public network (175, FIG. 1C) and a private cloud (130/160, FIG. 1C) and configured to:
 	data transmission to or from an loT device (example: 1150, FIG. 11) that is carried out through the private cloud in accordance with an loT rule that is applied in the data transmission of the loT device, the loT device is connected for management thereof by the private cloud control center agent through the private cloud (par. 46 "device 130 may... control or otherwise manage components 110-118"; par. 53 "peer-to-peer communication network"; par.  105 "device 1150 may determine whether the information conveyed...matches registration criteria...rules/policies...enable gateway 1160 to manage communications"; note: Shuman's gateway 1160 acts as a firewall by managing intra-network [see par.  53] and "inter-network'' communications [see par.  106]).
 	However, Shuman does not explicitly disclose: wherein the private cloud control center agent is configured to modify at least a portion of the monitored data transmission before it is sent to an intended destination, wherein modifying the at least the portion of the monitored data transmission includes performing at least one action including encrypting at least a portion of the monitored data; detect security-risking behavior or state of the loT device at least based on the monitored data transmission to or from the loT device, wherein detecting the security-risking behavior of the loT device includes comparing a previously determined device profile for the loT device with the monitored data transmission; wherein the previously determined device profile describes previously determined normal behavior of the loT device, and wherein the previously determined device profile was determined at least in part by a device profiling engine configured to: monitor data collected by a device interposed between the loT device and a remote resource, wherein the collected data comprises data transmitted from the loT device to the remote resource; generate an initial device profile; and update the device profile based at least in part on observed data; and upon detecting the security-risking behavior or state of the loT device, performing a remedial action for the data transmission to or from the loT device.
	In an analogous art, Valencia teaches a system comprising:
monitor (316, FIG. 3A) data transmission (112, FIG. 1) to or from an loT device (214, FIGS. 2A-2B) (inquiry concerning this communication 27 "The terms 'mobile computing device' and 'mobile device' are used interchangeably herein to refer to...internet-of-things (loT) connected devices"; inquiry concerning this communication 54 "two-way wireless communication links 112"; par. 66 "monitor/observe transmissions or communications of the loT/mobile device"; par. 134, 135 "observing loT/mobile device behaviors in block 316"; note: Valencia may monitor 316 [see par. 134, 135] transmissions 112 [see par. 54, 66] of an loT device, such as the processor(s) 214 running a high-level operating system [see par. 25, 27, 58, 148]);
 	detect security-risking behavior or state of the loT device at least based on the monitored data transmission to or from the loT device (FIG. 3A: 320-322 and par. 27, 66, 134, 135 "detect/determine that the observed behavior is...'Malicious'[] in block 322"; note: Valencia's loT/mobile device behavior may cause a security risk [see par. 24, 58, 76),
 	wherein detecting the security-risking behavior of the loT device includes comparing a previously determined device profile for the loT device with the monitored data transmission (par. 24, 27, 58, 76, 81 "behavior analyzer module 204 may be configured to...learn the normal operational behaviors of the mobile device; par. 134 "compare monitored/observed loT/mobile device behaviors to the received models/mappings to determine whether an observed behavior is... malicious"; par. 135 "determine that the monitored/observed behavior is...'Malicious' [] in block 322"), wherein the previously determined device profile describes previously determined normal behavior of the loT device (par.  81 "learn the normal operational
behaviors of the loT/mobile device...to determine whether a particular loT/mobile device behavior...is...malicious"; note: the profile of Valencia's "normal operational behaviors" must be learned/previously determined in order to determine whether the behavior of Valencia's loT/mobile device 214 is malicious [see par.  58, 81]), and
wherein the previously determined device profile was determined at least in part by a device profiling engine (204, FIG. 2A) (par.  81 "module 204 may...learn/determine the normal operational behaviors of the mobile device"; note: module 204 reads on Applicant's "device profiling engine" [see par.  81]) configured to:
monitor data collected by a device (202, FIG. 2A) interposed between the loT device and a remote resource, wherein the collected data comprises data transmitted from the loT device to the remote resource (par.  58 "modules 202-210 may be implemented...in specialized...processors"; note: "communication links 112, such as 4G, 3G, CDMA, TOMA, LTE" are transmitted to a remote resource such as a server 114/116 [see par.  54, 55]);
generate an initial device profile (note: the "normal behavior'' that module 204 initially "learns," is an "initial device profile" [see par.  81]); and
update the device profile based at least in part on observed data (par.  52 "generate
...updated classifier models/device profile based on...new information, machine learning
...and detected changes/observed data"); and
upon detecting the security-risking behavior or state of the loT device, performing (322, FIG. 3A) a remedial action for the data transmission to or from the loT device (par.  24, 27, 58, 66, 76, 135 "If the loT/mobile device processor determines that the observed behavior is...'Malicious'[] in block 322, the mobile device processor may perform various operations/remedial action to correct or prevent the performance-degrading behavior'').
 	One of ordinary skill in the art would have recognized the ability to utilize the teachings of Valencia for determining when security risking behavior that requires a
remedial action is detected, by having a device profiling engine/behavior analyzer: (1) monitor transmissions from an loT device/ processor to a remote resource/server; and (2) generate a loT device profile that the device profiling engine/behavior analyzer updates based on the transmissions. The teachings of Valencia, when used within the existing system of Shuman's private cloud control center agent, will improve security by enabling the system to determine the security risk posed by malicious behavior. Therefore, Examiner concludes that it would have been obvious before the effective date of the claimed invention to combine both art in same field of endeavor to arrive at the above-claimed invention with reasonable expectation of success.
However, Shuman in view of Valencia does not explicitly disclose: wherein the private cloud control center agent is configured to modify at least a portion of the
monitored data transmission before it is sent to an intended destination, wherein
modifying the at least the portion of the monitored data transmission includes
performing at least one action including encrypting at least a portion of the
monitored data.
 	In an analogous art, Leung teaches: to modify at least a portion of a monitored data transmission before it is sent to an intended destination, wherein modifying the at least the portion of the monitored data transmission includes performing at least one action including encrypting at least a portion of the monitored data (col. 7, lines 7-15, 53: "[a system of] policy enforcement using host profile information [], network traffic is monitored at a firewall 100. In some embodiments, network traffic is monitored using a data appliance (e.g., a data appliance that includes security functions, such as a security appliance that includes a firewall). In some embodiments, network traffic is monitored using a gateway (e.g., a gateway that includes security functions, such as a security gateway). In some embodiments, network traffic is monitored using a host (e.g., security software executed on a host device, such as a network server or client computing device, such as a personal computer, laptop, tablet, or smart phone) [] ", col. 8, lines 42-44: “the security device 202 includes a data appliance (e.g., a security appliance))”, col. 9, lines 32-51: “the security device 202 (e.g., an integrated security appliance/gateway/server) can communicate with security cloud service 210 (e.g., using secure communications, such as encrypted communication techniques) [] to provide the monitored traffic information (e.g., and/or subsets of such monitored traffic information, such as a portion of the packet flow, monitored URL/DNS information, monitored files requested for upload/download/access, and/or other information, along with HIP report information for the client device associated with the traffic flow and possibly user identification and/or application identification information as well)” ).
One of ordinary skill in the art would have recognized the ability to utilize the teachings of Leung for encrypting a portion of monitored data based on the device HIP report information that may be enforced (see also col. 14, lines 34-38). The teachings of Leung, when used within the system of Shuman in view of Valencia's private cloud control center agent, will improve security further by having the system modify a monitored data transmission that poses a security risk, in order to reduce the security risk of the transmission if the client device is not in a controlled network (e.g. secure network/private cloud) (Leung: col. 13, line 4-28). Therefore, Examiner concludes that it would have been obvious before the effective filing date of the claimed invention to combine Shuman and Valencia with Leung using known encryption process to arrive at the above-claimed invention with reasonable expectation of success.

Regarding claims 3 and 12, Shuman in view of Valencia and further in view of Leung teaches all the limitations of claims 1 and 10, as previously stated, and further teaches: wherein
the security-risking behavior of the loT device is detected (Valencia: 320-322, FIG. 3A) based at least in part on comparison (Valencia: 138, FIG. 3A) of a reference behavior with the monitored (Valencia: 316, FIG. 3A) data transmission to or from the loT device (Shuman: par. 53, 105, 106; Valencia: par. 27, 66, 134 "compare observed mobile device behaviors to the received models/mappings to determine whether an observed behavior is...malicious"; Valencia: par. 135 "detect/determine that the observed behavior is...'Malicious'[] in block 322"; note: Valencia's mobile device behavior may cause a security risk [see Valencia: par.  24, 76), and
the reference behavior is one or an applicable combination of: past behavior of the loT device, behavior of other loT devices managed by the private cloud control center agent, behavior of other loT devices of the same type, or loT devices used by
users other than a user of the loT device (Shuman: par.  53, 105, 106; Valencia: par.  27, 81, 148 "determine whether...behavior [] is acceptable or common...by comparing the current behavior with past behaviors of the mobile device").
One of ordinary skill in the art would have recognized the ability to utilize the teachings of Valencia for comparing monitored loT transmissions against past behavior. The teachings of Valencia, when used within the system of Shuman in view of Valencia further in view of Leung, will make the system's detection of security risks straightforward and, thus, efficient by simply comparing the system's monitored loT transmissions against past behavior. Therefore, Examiner concludes that it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to arrive at the above-claimed feature.

Regarding claims 7 and 16, Shuman in view of Valencia further in view of Leung teaches all of the limitations of claims 1 and 10, as previously stated, and further teaches: wherein the remedial action includes alerting a user associated with the private cloud (Shuman: 130/160, FIG. 1C) that the loT device is behaving abnormally (Shuman:  par. 52, 53; Valencia: par. 27, 82 "When the behavior analyzer module determines that a behavior is malicious ...notify the user'').
One of ordinary skill in the art would have recognized the ability to utilize the teachings of Valencia for notifying a user when abnormal behavior is detected. The teachings of Valencia, when used with the system of Shuman in view of Valencia further in view of Leung, will make the system more user-friendly by enabling it to notify users of abnormal behavior. Therefore, Examiner concludes that it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to arrive at the above-claimed feature.

Regarding claims 8 and 17, Shuman in view of Valencia further in view of Leung teaches all of the limitations of claims 1 and 10, as previously stated, and further teaches: 
wherein the data transmission to or from the loT device includes data transmission between the loT device and other loT devices managed through the private cloud (Shuman: 130/160, FIG. 1C) (Shuman: par. 46 "device 130 may... control or otherwise manage components 110-118"; Shuman: par. 53 "peer-to-peer communication network'').

Regarding claims 9 and 18, Shuman in view of Valencia further in view of Leung teaches all of the limitations of claims 1 and 10, as previously stated, and further teaches:  
wherein the data transmission to or from the loT device includes data transmission between the loT device and a source accessed through, at least in part, a public network (Shuman: 175, FIG. 1C) (Shuman: par.  58).

Regarding claims 21 and 22, Shuman in view of Valencia further in view of Leung teaches all of the limitations of claims 1 and 10, as previously stated, and further teaches: wherein the device (Valencia: 202, FIGS. 2A-2B) interposed between the loT device (Shuman: 1150, FIG. 11 / Valencia: 214, FIGS. 2A-2B) and the remote resource (Valencia: 116/118, FIG. 1) is configured to intercept the data transmitted from the loT device to the remote resource (Valencia par.  62 "module 202 may monitor...the type and number of calls or messages/transmitted data...intercepted").
One of ordinary skill in the art would have recognized the ability to utilize the teachings of Valencia for intercepting data transmitted from an loT device/processor to a remote resource/ server. The teachings of Valencia, when used within the system of Shuman in view of Valencia further in view of Leung, will improve the device by providing it with a practical, straight-forward way of monitoring the loT's behavior. Therefore, Examiner concludes that it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to arrive at the above- claimed feature.

Claims 4, 6, 13 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Shuman in view of Valencia in view of Leung and further in view of Joo (US 2016/0173495 A1, hereinafter Joo).
Regarding claims 4 and 13, Shuman in view of Valencia further in view of Leung teaches all of the limitations of claims 1 and 10, as previously stated, and further teaches: wherein
the security-risking behavior of the loT device is detected (Valencia: 320-322, FIG. 3A) based at least in part on comparison (Valencia: 138, FIG. 3A) of a reference behavior with the monitored (Valencia: 316, FIG. 3A) data transmission to or from the loT device (Shuman: par.  53, 105, 106; Valencia: par.  27, 66, 134 "compare observed mobile device behaviors to the received models/mappings to determine whether an observed behavior is...malicious"; Valencia: par.  135 "detect/determine that the observed behavior is...'Malicious'[] in block 322"; note: Valencia's mobile device behavior may cause a security risk [see Valencia: par.  24, 76]).
 	 However, Shuman in view of Valencia further in view of Leung does not explicitly disclose, yet Joo teaches: a comparison includes comparison of at least one of: a destination of data transmitted through a data transmission, timing of a data transmission, an amount of data transmitted through a data transmission, or bytes histogram of data transmitted through a data transmission (par.  36 comparing/checking 122 whether the interval/data timing has exceeded a predetermined threshold/amount").
One of ordinary skill in the art would have recognized the ability to utilize the teachings of Joo for comparing monitored loT transmissions against a predetermined timing threshold. The teachings of Joo, when used within the system of Shuman in view of Valencia further in view of Leung, will: (1) improve security by enabling the system to detect a DoS attack; and (2) make the system's detection of security risks straightforward and, thus, efficient by simply comparing the system's monitored loT transmissions against a predetermined timing threshold. Therefore, Examiner concludes that it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to arrive at the above-claimed invention.

 	Regarding claims 6 and 15, Shuman in view of Valencia further in view of Leung teaches all of the limitations of claims 1 and 10, as previously stated, and further teaches: the remedial action (Valencia: par.  24, 27, 66, 76, 135 "If the mobile device processor determines that the observed behavior is...'Malicious'[] in block 322, the mobile device processor may perform various operations/remedial action to correct or prevent the performance-degrading behavior").
 	However, Shuman in view of Valencia further in view of Leung does not explicitly disclose, yet Joo teaches: wherein a remedial action includes quarantining the loT device (note: when "the authentication history... exceeds" a threshold [i.e., malicious behavior] Joo may "quarantine" by blocking authentication [see par.  66]).
One of ordinary skill in the art would have recognized the ability to utilize the teachings of Joo for quarantining an loT device that appears to pose a security risk. The teachings of Joo, when used with the system of Shuman in view of Valencia further in view of Leung, will provide the system with straightforward and, thus, efficient remedial action by simply having the system quarantine an loT device that appears to pose a security risk. Therefore, Examiner concludes that it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to arrive at the above-claimed feature.

Claims 5 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Shuman in view of Valencia in view of Leung further in view of Borlick et al. (US 2016/0119372 A1, hereinafter Borlick).
 	 Regarding claims 5 and 14, Shuman in view of Valencia further in view of Leung teaches all of the limitations of claims 1 and 10, as previously stated, and further teaches: wherein the private cloud control center agent (Shuman: D2D Application, FIG. 11) is further configured to sending data to the loT device (Shuman: 1150, FIG. 11), and determine (Valencia: 320-322, FIG. 3A) security-risking state of the loT device based on a response to the sent data by the loT device (Shuman: par.  46, 53, 105 "send/transmit an announcement message... the loT device(s) 1150 may then respond/transmit a registration message"; Valencia: par. 27, 66, 134, 135 "determine that the observed behavior is...'Malicious'[] in block 322"; note: Valencia's mobile device behavior may cause a security risk [see Valencia par.  24, 76).
 	One of ordinary skill in the art would have recognized the ability to utilize the teachings of Valencia for determining whether loT device's behavior is a security risk. The teachings of Valencia, when used with the loT devices of the system of Shuman in view of Valencia further in view of Leung, will improve security by enabling the system to determine whether its loT device's registration message is normal or a security risk. Therefore, Examiner concludes that it would have been obvious for one of ordinary skill in the art before the effective filing date of the invention to arrive at the above-claimed feature.
 	However, Shuman in view of Valencia further in view of Leung does not explicitly disclose, yet Borlick teaches: wherein an agent is further configured to simulate an attack of a third party device attempting to gain control of a device by sending data to the device, and determine security-risking state of the device based on a response to the sent data by the device (par. 21 "simulate an attack to probe if device 114 is susceptible to a known security vulnerability by determining whether expected data can be obtained by device 114").
	One of ordinary skill in the art would have recognized the ability to utilize the teachings of Borlick for simulating an attack in order to detect a security risk. The teachings of Borlick, when used within the system of Shuman in view of Valencia further in view of Leung, will improve security by enabling the system's security- risk detection feature to detect known security vulnerabilities. Therefore, Examiner concludes that it would have been obvious for one of ordinary skill in the art before the effective filing date of the invention to arrive at the above-claimed feature.

Claims 19 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Shuman in view of Valencia further in view of Leung and further in view of Perier (US 2015/0229654 A1, hereinafter Perier).
 	Regarding claims 19 and 20, Shuman in view of Valencia further in view of Leung teaches all of the limitations of claims 1 and 10, as previously stated, and further teaches: the device (Valencia: 202, FIGS. 2A-2B) interposed between the loT device (Shuman: 1150, FIG. 11 / Valencia: 214, FIGS. 2A-2B) and the remote resource (Valencia: 116/118, FIG. 1) (Valencia: par.  58 "modules 202-210 may be implemented...in specialized... processors"; note: "communication links 112, such as 
4G, 3G, CDMA, TOMA, LTE" are transmitted to a remote resource such as a server 114/116 [see Valencia: par.  54, 55]).
  	However, Shuman in view of Valencia further in view of Leung does not explicitly disclose, yet Perier teaches: wherein a device (124, FIG. 2) interposed between an loT device (112, FIG. 2) and a remote resource comprises a firewall (par.  80 "loT security module 124 acts as a firewall"; par.  40 "remote resource/utility company 206 provides the resource 204"; par.  32 "modules 112...and 124 may be configured independently'').
 	One of ordinary skill in the art would have recognized the ability to utilize the teachings of Perier for interposing a firewall device between an loT device and a remote resource. The teachings of Perier, when used within the device interpose between the system of Shuman in view of Valencia further in view of Leung, will improve the system's security by providing a protective barrier between its loT device and remote resources and, thereby, shield the system's loT device from malicious transmissions of a remote resource. Therefore, Examiner concludes that it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to arrive at the above- claimed feature.

Inquiry communication

Any inquiry concerning this communication or earlier communications from the examiner should be directed to TRI M TRAN whose telephone number is (571)270-1994. The examiner can normally be reached Mon-Fri: 9am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Nickerson can be reached on (469)295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/TRI M TRAN/ Primary Examiner, Art Unit 2432