DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Claims 1-22 are pending.

Priority
Acknowledgement is made of applicant's claim for priority based on application 16/260,453 (now US Patent No. 10965758) filed on 01/29/2019 and application 14/949,292 (now US Patent No. 10237351) filed on 11/23/2015.

Claim Objections
Claims --6, 9, 20, and 22 are objected to because of the following informalities:  
“monitoring the network activity” in line 2 of claim 6 should read “the monitoring of the network activity”.
“the automatic subnet selection” in last two lines of claim 9 should read “the automatically selecting”.
“thereto” in 4th to last line of claim 20 should read “to the selected subnet”.
“wherein the hardware processor is to select, for each device, a subnet based on a usage profile of the device” in lines 4-5 of claim 22 is already recited in claim 20 and should be deleted.
“connecting” in lines 7 and 9 of claim 22 should read “connect”.
“user devices” in line 10 of claim 22 should read “the user devices”.
“IoT devices” in line 10 of claim 22 should read “the IoT devices”.
Appropriate correction is required.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-22 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-15 and 17-19 of U.S. Patent No. 10965758. Although the claims at issue are not identical, they are not patentably distinct from each other because claims 1-15 and 17-19 of U.S. Patent No. 10965758 include the limitations recited in claims 1-22.
Claims 1, 6, 12, 16, and 20-22 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-2 of U.S. Patent No. 10237351 in view of Chillappa (US 20160381030).
Claims 1-2 of U.S. Patent No. 10237351include most of the limitations recited in claims 1, 6, 12, 16, and 20-22 of the instant application except for “determining a usage profile of the device, wherein the usage profile is indicative of content of packets transmitted by the device; automatically selecting a subnet of the subnets of the local network to connect the device based on the usage profile of the device” (claim 1), “determine a usage profile of the device, wherein the usage profile is indicative of content and target of packets transmitted by the device; automatically select a subnet of the local network to connect the device based on the usage profile of the device” (claims 12 and 16), and “select, for each device connected to the local network, a subnet based on a usage profile of the device” (claims 20 and 22).  
Chillapa discloses the above missing limitations (e.g. ¶8, 15, 30, 32, 38-40).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Chillappa into the device of the patent claim for the purpose of minimizing possible threats to or from the IoT devices themselves, as well other computing devices, services and data on the local area networks (Chillappa, ¶30).

Instant application 17211643
US Patent No. 10965758
1
1
2-11
2-11
12
12
13-15
13-15
16
12
17-19
13-15
20
17
21-22
18-19



Instant application 17211643
US Patent No. 10237351
1
1 and Chillapa
6
1
12
1 and Chillapa
16
1 and Chillapa
20
1 and Chillapa
21
2
22
1 and Chillapa


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 1, 4-8, 10-12, 14-16, and 18-19 are rejected under 35 U.S.C. 103 as being unpatentable over McNeill (US 6167052) in view of Chillappa (US 20160381030).

Claim 1, McNeill discloses A method comprising: 
detecting a device connecting to a local network, (e.g. col. 11, ll. 8-12: When a network station is powered up, it is placed in a "default" VLAN (a default VLAN exists in each layer 2 domain 116… the station sends a request to the UBNC server)) wherein the local network is divided into subnets; (e.g. fig. 2: network 110 is divided into a plurality of subnets)
determining a usage profile of the device; (e.g. col. 11, ll. 14-26: The UBNC server determines the associated VLAN from a UBNC server database…for each user name, the database contains identification of associated VLAN(s)…the database contains the following information provided by the management station: (A) for each user name, an identification of the connectivity group to which the user name belongs; (B) identifications of VLANs belonging to each connectivity group; (C) for each VLAN, the associated subnet(s))
automatically selecting a subnet of the subnets of the local network to connect the device based on the usage profile of the device; (e.g. col. 11, ll. 16-17: The UBNC server determines the associated VLAN from a UBNC server database) and 
connecting the device to the selected subnet in the local network (e.g. col. 11, ll. 36-39: the UBNC server sends an appropriate command to a switch or switches 128 in the layer 2 domain 116 that contains the station. The switches place the station into the VLAN assigned to the user).
Although McNeil discloses a usage profile of the device (see above), McNeil does not explicitly disclose but Chillappa discloses wherein the usage profile is indicative of content of packets transmitted by the device (e.g. ¶38-40: Expected activity for a device 123 indicates what behaviors the device 123 is known to execute in order to perform its authorized functionality. This can include factors such as domains with which the device communicates, protocols used, ports used, the direction, content and format of known legitimate communications, etc. This information can be tracked per device 123 at any level of granularity. For example, a known smart thermostat device could be expected to, e.g., transmit data to and receive data from specific domains (e.g., that of its own manufacturer and google.com), only on ports 9543, 11095, 80, and 443, but not to communicate with any other domains on any other ports, and not to directly communicate with other devices 123 on the local area network 107. Based on…what is known about the expected communication and other activity for the device 123, a constraint profile creating module of the backend component 119 creates and dynamically maintains a constraint profile 301 for the device 123, and provides the constraint profile 301 to the various router components 121 of the install base…A constraint profile enforcing module of the router component 123 enforces the constraint profile 301 received for a given device 123. As noted above, the constraint profile 301 can be at any level of granularity as desired. In some embodiments, constraint profiles 301 specify to place devices 123 with differing levels of reputation score and/or expected behaviors in different corresponding VLANS 309 on local area networks 107).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Chillappa into the invention of McNeil for the purpose of minimizing possible threats to or from the IoT devices themselves, as well other computing devices, services and data on the local area networks (Chillappa, ¶30).

Claim 4, McNeill-Chillappa combination discloses The method of claim 1, wherein the subnets comprise an Internet of Things (IoT) subnet, wherein the IoT subnet is a subnet to which only IoT devices are connected; wherein the device is an IoT device, wherein the determining of the usage profile comprises determining a usage profile that is consistent with the device being the IoT device, wherein the automatically selecting comprises selecting the IoT subnet for the IoT device. (Chillappa, e.g. ¶32, 39-40).  Same motivation would apply.

Claim 5, McNeill-Chillappa combination discloses The method of claim 1, wherein the subnets comprise two or more Internet of Things (IoT) subnets, wherein each of the two or more IoT subnets is a subnet to which only IoT devices are connected, wherein the automatically selecting comprises selecting one of the two or more IoT subnets for an IoT device, wherein the selected IoT subnet is selected based on the IoT device being expected to communicate with other IoT devices in the selected IoT subnet and based on the IoT device being restricted from communicating with IoT devices in other subnets of the two or more IoT subnets. (Chillappa, e.g. fig. 3, ¶8, 28, 30, 32, 38-41).  Same motivation would apply.

Claim 6, McNeill-Chillappa combination discloses The method of claim 1, further comprising monitoring network activity in each of the subnets of the local network, wherein monitoring the network activity comprises applying different security rules to each of the subnets. (McNeil, e.g. col. 13, ll. 5-15).

Claim 7, McNeill-Chillappa combination discloses The method of claim 1, wherein the determining of the usage profile comprises: performing fingerprinting of the device to detect expected functionality of the device. (Chillappa, ¶38-39). Same motivation would apply.

Claim 8, McNeill-Chillappa combination discloses The method of claim 1, wherein the determining of the usage profile comprises identifying a cloud server with which the device communicates, wherein the cloud server is in a network external to the local network. (Chillappa, e.g. ¶38).  Same motivation would apply.

Claim 10, McNeill-Chillappa combination discloses The method of claim 1, wherein the determining of the usage profile of the device is performed in response to the device being connected to the local network, wherein the determining of the usage profile comprises determining a first usage profile based on a fingerprint of the device, and wherein the method further comprises: monitoring traffic pattern of the device when the device is connected to the selected subnet; determining a second usage profile based on the traffic pattern of the device; and in response to the determining of the second usage profile, removing the device from the selected subnet and connecting the device to a second selected subnet. (Chillappa, e.g. fig. 3, ¶9, 30-32, 38-42).  Same motivation would apply.

Claim 11, McNeill-Chillappa combination discloses The method of claim 1, wherein the determining of the usage profile comprises: determining a type of the device, wherein the type is a class of an electric device the device implements, wherein obtaining an implicit expected usage profile is based on the type of the device, wherein the automatic subnet selection is based on the type of the device. (Chillappa, e.g. ¶38-41).  Same motivation would apply.

Claim 12, McNeill discloses A non-transitory computer program product comprising a computer readable storage medium retaining program instructions, which program instructions when read by a hardware processor, cause the hardware processor to: 
detect a device connecting to a local network, (e.g. col. 11, ll. 8-12: When a network station is powered up, it is placed in a "default" VLAN (a default VLAN exists in each layer 2 domain 116… the station sends a request to the UBNC server)) wherein the local network is divided into subnets; (e.g. fig. 2: network 110 is divided into a plurality of subnets)
determine a usage profile of the device; (e.g. col. 11, ll. 14-26: The UBNC server determines the associated VLAN from a UBNC server database…for each user name, the database contains identification of associated VLAN(s)…the database contains the following information provided by the management station: (A) for each user name, an identification of the connectivity group to which the user name belongs; (B) identifications of VLANs belonging to each connectivity group; (C) for each VLAN, the associated subnet(s))
automatically select a subnet of the subnets of the local network to connect the device based on the usage profile of the device; (e.g. col. 11, ll. 16-17: The UBNC server determines the associated VLAN from a UBNC server database) and 
connect the device to the selected subnet in the local network (e.g. col. 11, ll. 36-39: the UBNC server sends an appropriate command to a switch or switches 128 in the layer 2 domain 116 that contains the station. The switches place the station into the VLAN assigned to the user).
Although McNeil discloses a usage profile of the device (see above), McNeil does not explicitly disclose but Chillappa discloses wherein the usage profile is indicative of content and target of packets transmitted by the device (e.g. ¶38-40: Expected activity for a device 123 indicates what behaviors the device 123 is known to execute in order to perform its authorized functionality. This can include factors such as domains with which the device communicates, protocols used, ports used, the direction, content and format of known legitimate communications, etc. This information can be tracked per device 123 at any level of granularity. For example, a known smart thermostat device could be expected to, e.g., transmit data to and receive data from specific domains (e.g., that of its own manufacturer and google.com), only on ports 9543, 11095, 80, and 443, but not to communicate with any other domains on any other ports, and not to directly communicate with other devices 123 on the local area network 107. Based on…what is known about the expected communication and other activity for the device 123, a constraint profile creating module of the backend component 119 creates and dynamically maintains a constraint profile 301 for the device 123, and provides the constraint profile 301 to the various router components 121 of the install base…A constraint profile enforcing module of the router component 123 enforces the constraint profile 301 received for a given device 123. As noted above, the constraint profile 301 can be at any level of granularity as desired. In some embodiments, constraint profiles 301 specify to place devices 123 with differing levels of reputation score and/or expected behaviors in different corresponding VLANS 309 on local area networks 107).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Chillappa into the invention of McNeil for the purpose of minimizing possible threats to or from the IoT devices themselves, as well other computing devices, services and data on the local area networks (Chillappa, ¶30).

Claim 14, McNeill-Chillappa combination discloses The non-transitory computer program product of claim 12, wherein the subnets comprise an Internet of Things (IoT) subnet, wherein the IoT subnet is a subnet to which only IoT devices are connected, wherein to automatically select comprises selecting the IoT subnet for an IoT device. (Chillappa, e.g. ¶32, 39-40).  Same motivation would apply.

Claim 15, McNeill-Chillappa combination discloses The non-transitory computer program product of claim 12, wherein the subnets comprise two or more Internet of Things (IoT) subnets, wherein each of the two or more IoT subnets is a subnet to which only IoT devices are connected, wherein to automatically select comprises selecting one of the two or more IoT subnets for an IoT device, wherein the selected IoT subnet is selected based on the IoT device being expected to communicate with other IoT devices in the selected IoT subnet. (Chillappa, e.g. fig. 3, ¶8, 28, 30, 32, 38-41).  Same motivation would apply.

Claim 16, is rejected for similar reasons as in claim 12.  Also see (McNeil, e.g. col. 11, ll. 6-8 and/or Chillappa, e.g. ¶18, 27).

Claim 18, is rejected for similar reasons as in claim 14.

Claim 19, is rejected for similar reasons as in claim 15.

Claims 2-3, 13 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over McNeill (US 6167052) in view of Chillappa (US 20160381030) and further in view of Hopprich (US 6792474).

Claim 2, McNeill-Chillappa combination discloses The method of claim 1, and does not explicitly disclose but Hopprich discloses wherein the subnets comprise a guest subnet and at least one non-guest subnet, (e.g. abstract, fig.3, col. 13, ll. 35-39: sets of address 122 associated with the domain of the local network 102 are divided into guest addresses 124 and local addresses 126) wherein guest devices are connected temporarily to the guest subnet, (e.g. abstract, fig. 3, col. 16, ll. 30-37: the guest computer system is allowed to use an assigned guest address for a limited amount of time such as for the duration of a single data communication session) wherein non-guest devices are connected to the non-guest subnet, wherein the guest and non-guest devices are automatically separated; wherein the device is a non-guest device, wherein the automatically selecting comprises selecting the subnet from the at least one non-guest subnet. (e.g. abstract, fig. 3, col. 13, ll. 51-67: If the address server 120 assigns either a guest or local address to the requesting computer system (it may deny access and assign no address), the address server 120 then provides the assigned guest or local address to the requesting computer system to allow the computer system to perform data communications on the local network 102).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Hopprich into the invention of McNeill-Chillappa for the purpose of providing significantly enhanced network security (Hopprich, col. 4, ll. 23-25).

Claim 3, McNeill-Chillappa-Hopprich combination discloses The method of claim 2, wherein the guest devices in the guest subnet are blocked from accessing other subnets of the local network and are allowed to access an external network to block potential malicious activity by the guest devices. (Hopprich, e.g. col. 6, ll. 38-42).  Same motivation would apply.

Claim 13, McNeill-Chillappa combination discloses The non-transitory computer program product of claim 12, (see above) and does not explicitly disclose but Hopprich discloses wherein the subnets comprise a guest subnet and a non-guest subnet, (e.g. abstract, fig.3, col. 13, ll. 35-39: sets of address 122 associated with the domain of the local network 102 are divided into guest addresses 124 and local addresses 126) wherein guest devices are connected temporarily to the guest subnet, (e.g. abstract, fig. 3, col. 16, ll. 30-37: the guest computer system is allowed to use an assigned guest address for a limited amount of time such as for the duration of a single data communication session) wherein non-guest devices are connected to the non-guest subnet, wherein the guest and non-guest devices are automatically separated, (e.g. abstract, fig. 3, col. 13, ll. 51-67: If the address server 120 assigns either a guest or local address to the requesting computer system (it may deny access and assign no address), the address server 120 then provides the assigned guest or local address to the requesting computer system to allow the computer system to perform data communications on the local network 102) wherein the guest devices in the guest subnet are blocked from accessing other subnets of the local network and are allowed to access an external network to block potential malicious activity by the guest devices. (e.g. col. 6, ll. 38-42: guest devices may have no access to any components within the local network but may be allowed access to the Internet).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Hopprich into the invention of McNeill-Chillappa for the purpose of providing significantly enhanced network security (Hopprich, col. 4, ll. 23-25).

Claim 17, is rejected for similar reasons as in claim 13.

Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over McNeill (US 6167052) in view of Chillappa (US 20160381030) and further in view of Mundy (US 6317792).

Claim 9, McNeill-Chillappa combination discloses The method of claim 1, wherein the determining of the usage profile comprises: determining a fingerprint of the device; (Chillappa, e.g. ¶38-40).  Same motivation would apply.
 McNeill-Chillappa combination does not explicitly disclose but Mundy discloses obtaining an expected usage profile based on crowd-sourced data that corresponds to devices having similar fingerprints to the fingerprint of the device, wherein the automatic subnet selection is based on the crowd-sourced data. (e.g. col. 3, ll. 41-47: comparing the usage profiles of multiple client systems with the available POPs in a given geographic area. For instance, based on the usage profiles, the systems of the invention can predict that certain users are likely to access the Internet at certain hours, such as peak or non-peak hours. In response, the subscribers can be assigned POPs that are likely to be available during those hours).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Mundy into the invention of McNeill-Chillappa for the purpose of appropriately selecting cost-effective POPs for particular client systems (Mundy, col. 3, ll. 36-38).

Claims 20-21 are rejected under 35 U.S.C. 103 as being unpatentable over Mircescu (US 20160173450) in view of Hopprich (US 6792474).

Claim 20, Mircescu discloses An apparatus connectable to a local network that is connected to an external network, the apparatus comprising: a memory; and a hardware processor, operatively coupled to the memory, to: (e.g. fig. 1A or 1B, ¶35, 37-38) wherein the processor being configured to perform: 
shut down a Dynamic Host Configuration Protocol (DHCP) functionality of a networking device, wherein the networking device is a DHCP server of the local network; (e.g. ¶57, 62: Exemplary router configuration commands 63 may instruct router 19 to shut down, to restart, to expose a configuration interface, and to change a configuration setting, among others…In a step 338, network regulator 18 may transmit configuration commands 63 to router 19)
become the DHCP server of the local network instead of the networking device; (e.g. ¶63: To complete the takeover of DHCP services from router 19, regulator 18 may employ DHCP module 43 (FIG. 7) to broadcast its own DHCP lease offer to client systems 12a-f)
Mircescu does not explicitly disclose but Hopprich discloses
create at least two subnets for the local network; (e.g. abstract, col. 5, ll. 42-45 and col. 6, ll. 25-26: maintaining a plurality of sets of guest addresses and a set of local addresses for the local network)
select, for each device connected to the local network, a subnet based on a usage profile of the device and connecting the device thereto to divide the local network into two or more sub-networks; and (e.g. col. 4, ll. 58-66, col. 5, ll. 17-23, col. 12, ll. 26-36: providing an assigned guest address from the plurality of sets of guest addresses to a guest computer system to allow the guest computer system to perform data communications on the network and providing an assigned local address from the set of local addresses to a local computer system to allow the local computer system to perform data communications on the network based on identity of the requesting computer, a domain associated with the requesting computer system or another characteristic of the requesting computer system)
monitor communication traffic in the local network by applying a different set of security rules for different subnets. (e.g. col. 6, ll. 35-45, col. 12, ll. 44-46 and 53-55: enforcing one different level of access control within the network for one set of guest addresses such as allowing the guest computer system to only perform limited data communications within the local computer network and enforcing network access control within the network for the set of local addresses such as providing unrestricted data communications to the computer systems configured with a local address)
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Hopprich into the invention of Mircescu for the purpose of providing significantly enhanced network security (Hopprich, col. 4, ll. 23-25).

Claim 21, Mircescu-Hopprich combination discloses The apparatus of claim 20, wherein the communication traffic in the local network is at least one of a communication between two devices that are connected to the local network; (Hopprich, e.g. col. 6, ll. 37-42) and communication between a local device and an external device, wherein the local device is connected to the local network, (Hopprich, e.g. fig. 1, col. 17, ll. 29-36) wherein the external device is not connected to the local network and is connected to the external network, (Hopprich, e.g. fig. 1, col. 17, ll. 29-36) wherein the communication between the local device and the external device is routed via the external network. (Hopprich, e.g. fig. 1, col. 17, ll. 29-36).  Same motivation would apply.

Claim 22 is rejected under 35 U.S.C. 103 as being unpatentable over Mircescu (US 20160173450) in view of Hopprich (US 6792474) and further in view of Chillappa (US 20160381030).

Claim 22, Mircescu-Hopprich combination discloses The apparatus of claim 20, wherein to create the at least two subnets for the local network, the hardware processor to create a user device subnet; (Hopprich, abstract, col. 5, ll. 42-45 and col. 6, ll. 25-26) wherein the hardware processor is to select, for each device, a subnet based on a usage profile of the device; and wherein to connect the device, the hardware processor to: identify user devices and connecting the user devices to the user device subnet; wherein user devices are separated to be on different subnets in the local network, (Hopprich, e.g. col. 4, ll. 58-66, col. 5, ll. 17-23, col. 12, ll. 26-36)  and limiting communication between the different subnets. (Hopprich, e.g. col. 6, ll. 35-45, col. 12, ll. 44-46 and 53-55).
Mircescu-Hopprich combination does not explicitly disclose but Chillappa discloses creating an Internet of Things (IoT) subnet, identifying IoT devices and connecting the IoT devices to the IoT subnet, wherein user devices and IoT devices are separated to be on different subnets in the local network, and limiting communication between the different subnets (e.g. ¶8, 15, 30, 32, 39, 41: Enforcing a constraint profile can include, for example, creating a virtual local area network (VLAN) with restricted privileges on the local area network, and isolating the corresponding IoT device in the VLAN…a plurality of VLANs with varying levels of restricted privileges are created on a given local area network, and various IoT devices are isolated in specific ones of the VLANs…The illustrated local area network 107 comprises multiple computers 210 which are connected to a router 111, which is in turn connected the Internet 109 (or in other embodiments to a different wide area network). The computers 210 present in a local area network 107 can comprise any combination of desktop computers 115, mobile computing devices 113 and or IoT devices 123, acting in the capacity of clients 103 and/or servers 105 as desired…Constraint profiles can specify to enforce specific firewall rules, and/or to limit an IoT device's communication to specific domains and ports, and/or to specific content...the profile 301 could indicate to isolate the device 123 in restricted VLAN 309, not let the device 123 access any computers 210 on the local area network 107).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Chillappa into the invention of Mircescu-Hopprich for the purpose of minimizing possible threats to or from the IoT devices 123 themselves, as well other computing devices, services and data on the local area networks 107 (Chillappa, ¶30).


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: 

US 20160112452 discloses a system, method, and computer program product for controlling access of a client device to a data network using sub-network (“subnet”) addressing. In an illustrative or exemplary embodiment, a server device receives a client communication via a routing device and determines whether the client communication includes a request for a network address. If the server device determines that the client communication includes a request for a network address, the server device determines whether a client identifier included in the first client communication is included in a first group of client identifiers. If the server device determines that the client identifier is included in the first group of client identifiers, the server device transmits to the client device via the routing device a response providing a network address within a first subnet associated with a first policy. If the server device determines that the client identifier is not included in the first group of client identifiers, the server device transmits to the client device via the routing device a response providing a network address within a second subnet associated with a second policy.

US 20140244834 discloses mechanisms that may be used to automatically create configurable sub-divisions in an Internet of Things (IoT) network that includes various devices and/or other physical objects. For example, in various embodiments, the devices and/or other physical objects in the IoT network may include, among other things, one or more IoT devices having communication capabilities, non-IoT devices having communication capabilities, and/or other physical objects that do not have communication capabilities. In one embodiment, in response to detecting and registering the devices and/or other physical objects into the IoT network, a supervisor device may be configured to monitor interactions and usage associated therewith and create one or more groups associated with the IoT network. For example, the one or more groups may generally define one or more sub-networks within the IoT network that organize the registered devices and/or other physical objects into certain sub-networks. In one embodiment, the one or more groups associated with the IoT network may then be presented via a user interface (e.g., on the supervisor device), which may allow a user to provide one or more commands to control or otherwise configure the IoT network. For example, in one embodiment, the one or more commands may be used to customize the groups associated with the IoT network and control access to certain groups, subsets, or other sub-networks associated with the IoT network, among other things.

US 20030069954 discloses a method of pooling subnets within a network includes defining a number of subnets and a number of groups, each subnet is then assigned to one of the groups according to a predetermined assignment scheme and a method of assigning a host to a subnet includes determining a type for the host, and assigning the host to a pool based on the determined host type, the host is then assigned within the pool to an appropriate subnet of a group of subnets.

US 20160197956 discloses the network 100 can be configured to route some or all of the traffic into and out of the network 100 through the gateway 102. For example, the gateway 102 may inspect network traffic to enforce security policies, prevent malicious software from entering the network, etc. Additionally, the gateway 102 may provide directory services for the clients of the network 100 (e.g., ApacheDS, Active Directory), may apply group policies (e.g., security policies) to devices on the network 100, and may assign the client device 104 to a subnet. These group policies can include profiles that can be assigned to devices on the network 100 and that define and enforce the operating environment of the devices. These environment definitions can include, but are not limited to, permitted or denied operating systems, applications, user permissions, and/or network activity. In some configurations, some schemes for using group policies refer to group policies as “group policies.” In some other configurations, some schemes for using group policies refer to a similar concept by other terms such as Group Policy Objects (GPOs), or policy groups.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to TRONG NGUYEN whose telephone number is (571)270-7312.  The examiner can normally be reached on Monday through Thursday 9:00 AM - 5:00 PM EST.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, GELAGAY SHEWAYE can be reached on (571)272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/TRONG H NGUYEN/Primary Examiner, Art Unit 2436